last executing test programs:

4m14.464801714s ago: executing program 32 (id=447):
close(0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106)
recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)

3m56.738817395s ago: executing program 33 (id=659):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x800)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x2}, 0x18)
write$selinux_load(r2, &(0x7f0000000e80)={0xf97cff8c, 0x8}, 0x10)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0xe)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)

3m28.503329398s ago: executing program 34 (id=1073):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1}, 0x38)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$selinux_load(r1, &(0x7f0000000e80)={0xf97cff8c, 0x8}, 0x10)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xe)

2m56.796917429s ago: executing program 7 (id=1529):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x8800, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000e80)={0xf97cff8c, 0x8}, 0x10)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xe)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)

2m56.759456849s ago: executing program 7 (id=1530):
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioperm(0x5, 0xa, 0x100000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/kernel/rcu_stall_count', 0x42, 0x0)
timer_create(0x5, &(0x7f00000000c0)={0x0, 0x23, 0x1, @thr={0x0, &(0x7f0000000400)="423689521cedea96eb7a9d83c165eef3b7d18e00000000"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280), 0x0)
close(0xffffffffffffffff)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = accept(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r1, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2m56.7143056s ago: executing program 7 (id=1531):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[], 0x1, 0x123a, &(0x7f00000005c0)="$eJzs3c9rHGUYB/AnTdLE1GSj1moL0he96GVscvDkJUgK0gWlbQqtIEzNRpfd7IbMEtgiNjev/h3i0Zsg4j0XL54FbwHxJD2II+7Etgkb7MrCavl8LnnJ837nx+67AzO87+7h219st7aKbCvvxZmpqZjZiUgPUqQ4E9NR2Y83bv340ys3bt+5tlavr19P6erazZW3UkpLl7/94NOvXv2ud+7W10vfzMXB8oeHv67+fHDh4OLhHzc/aRapWaROt5fydLfb7eV324202SxaWUrvtxt50UjNTtHYPVbfand3dvop72wuLuzsNooi5Z1+ajX6qddNvd1+yj/Om52UZVlaXAj+vbOx8eWDsiwjynI2zkZZluUzsRDn4tlYjKWoxXI8F8/HC3E+XowL8VK8HBcHvSZ95AAAAAAAAAAAAAAAAAAAAPB0sf4fAAAAAAAAAAAAAAAAAAAAJs/6fwAAAAAAAAAAAAAAAAAAAJg86/8BAAAAAAAAAAAAAAAAAABg8m7cvnNtrV5fv57SfMT253sbexvV36q+thXNaEcjrkQtfo/B6v9K1b76bn39ShpYjje37x/l7+9tTB/Prwy+TmBofqXKp+P5uVh4PL8atTg/PL86ND8fr7/2WD6LWvzwUXSjHZvxV/ZR/rOVlN55r34if2nQDwAAAJ4GWXpo6P17lqWpqarriXr1z9OfD5S1E88HTtxfz8SlmQmeOANF/14rb7cbu2NpzB9tdVwbnD6tdDQk414rv/zEG/x7uJ3eZ+7U0mxEjPGF+g82vn84Jp48NRtFf27kfR3tZn/ip/x/aewPLc2O8YM2pPGPl45fxnwpYgIevemTPhIAAAAAAAAAAABGMcLEwJlqvu3o0wmH7vg3PyIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVSUAAP//32bccw==")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000680), 0x101040, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x6, 0x0, 0x0, 0x100, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x43)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300), 0x8800, &(0x7f00000008c0)=ANY=[@ANYBLOB=',msize=0x0000000000000001,access=user,posixacl,seclabel'])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x24, 0x8, 0x4, 0x1ff, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0x0, [0x0, 0x2]}})
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000100), 0x12)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000000306050000000000000500000000000605000100"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r9, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0xfdfd, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r1, 0x5437, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000001840)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001800)={&(0x7f0000000540)={0x2c, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4850}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m56.22286201s ago: executing program 7 (id=1541):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000740)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r4, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
syz_clone(0x40b04000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002"], 0x44}}, 0x0)

2m55.787530148s ago: executing program 7 (id=1543):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001880)=ANY=[@ANYRES8=<r1=>0xffffffffffffffff, @ANYRES64=0x0], 0x48)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
flistxattr(r2, 0x0, 0x2)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000200)=0x2, 0x4)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000240)=0x3, 0x4)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000080)={'syztnl0\x00', <r3=>0x0, 0x40, 0x20, 0x7, 0x8, {{0x8, 0x4, 0x2, 0x2, 0x20, 0x65, 0x0, 0x9, 0x4, 0x0, @loopback, @multicast1, {[@ra={0x94, 0x4}, @generic={0x88, 0x3, '}'}, @end, @end]}}}}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x20000000000001bc, &(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r1, @ANYRESDEC=r3, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r3}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffa6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000100)=<r5=>0x0)
timer_getoverrun(r5)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
sendfile(r6, 0xffffffffffffffff, 0x0, 0x20000023892)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x121880, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r8}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

2m54.871910775s ago: executing program 7 (id=1559):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[], 0x1, 0x123a, &(0x7f00000005c0)="$eJzs3c9rHGUYB/AnTdLE1GSj1moL0he96GVscvDkJUgK0gWlbQqtIEzNRpfd7IbMEtgiNjev/h3i0Zsg4j0XL54FbwHxJD2II+7Etgkb7MrCavl8LnnJ837nx+67AzO87+7h219st7aKbCvvxZmpqZjZiUgPUqQ4E9NR2Y83bv340ys3bt+5tlavr19P6erazZW3UkpLl7/94NOvXv2ud+7W10vfzMXB8oeHv67+fHDh4OLhHzc/aRapWaROt5fydLfb7eV324202SxaWUrvtxt50UjNTtHYPVbfand3dvop72wuLuzsNooi5Z1+ajX6qddNvd1+yj/Om52UZVlaXAj+vbOx8eWDsiwjynI2zkZZluUzsRDn4tlYjKWoxXI8F8/HC3E+XowL8VK8HBcHvSZ95AAAAAAAAAAAAAAAAAAAAPB0sf4fAAAAAAAAAAAAAAAAAAAAJs/6fwAAAAAAAAAAAAAAAAAAAJg86/8BAAAAAAAAAAAAAAAAAABg8m7cvnNtrV5fv57SfMT253sbexvV36q+thXNaEcjrkQtfo/B6v9K1b76bn39ShpYjje37x/l7+9tTB/Prwy+TmBofqXKp+P5uVh4PL8atTg/PL86ND8fr7/2WD6LWvzwUXSjHZvxV/ZR/rOVlN55r34if2nQDwAAAJ4GWXpo6P17lqWpqarriXr1z9OfD5S1E88HTtxfz8SlmQmeOANF/14rb7cbu2NpzB9tdVwbnD6tdDQk414rv/zEG/x7uJ3eZ+7U0mxEjPGF+g82vn84Jp48NRtFf27kfR3tZn/ip/x/aewPLc2O8YM2pPGPl45fxnwpYgIevemTPhIAAAAAAAAAAABGMcLEwJlqvu3o0wmH7vg3PyIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVSUAAP//32bccw==")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000680), 0x101040, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x6, 0x0, 0x0, 0x100, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x43)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300), 0x8800, &(0x7f00000008c0)=ANY=[@ANYBLOB=',msize=0x0000000000000001,access=user,posixacl,seclabel'])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x24, 0x8, 0x4, 0x1ff, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0x0, [0x0, 0x2]}})
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000100), 0x12)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000000306050000000000000500000000000605000100"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r9, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0xfdfd, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r1, 0x5437, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000001840)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001800)={&(0x7f0000000540)={0x2c, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4850}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m54.871038226s ago: executing program 35 (id=1559):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[], 0x1, 0x123a, &(0x7f00000005c0)="$eJzs3c9rHGUYB/AnTdLE1GSj1moL0he96GVscvDkJUgK0gWlbQqtIEzNRpfd7IbMEtgiNjev/h3i0Zsg4j0XL54FbwHxJD2II+7Etgkb7MrCavl8LnnJ837nx+67AzO87+7h219st7aKbCvvxZmpqZjZiUgPUqQ4E9NR2Y83bv340ys3bt+5tlavr19P6erazZW3UkpLl7/94NOvXv2ud+7W10vfzMXB8oeHv67+fHDh4OLhHzc/aRapWaROt5fydLfb7eV324202SxaWUrvtxt50UjNTtHYPVbfand3dvop72wuLuzsNooi5Z1+ajX6qddNvd1+yj/Om52UZVlaXAj+vbOx8eWDsiwjynI2zkZZluUzsRDn4tlYjKWoxXI8F8/HC3E+XowL8VK8HBcHvSZ95AAAAAAAAAAAAAAAAAAAAPB0sf4fAAAAAAAAAAAAAAAAAAAAJs/6fwAAAAAAAAAAAAAAAAAAAJg86/8BAAAAAAAAAAAAAAAAAABg8m7cvnNtrV5fv57SfMT253sbexvV36q+thXNaEcjrkQtfo/B6v9K1b76bn39ShpYjje37x/l7+9tTB/Prwy+TmBofqXKp+P5uVh4PL8atTg/PL86ND8fr7/2WD6LWvzwUXSjHZvxV/ZR/rOVlN55r34if2nQDwAAAJ4GWXpo6P17lqWpqarriXr1z9OfD5S1E88HTtxfz8SlmQmeOANF/14rb7cbu2NpzB9tdVwbnD6tdDQk414rv/zEG/x7uJ3eZ+7U0mxEjPGF+g82vn84Jp48NRtFf27kfR3tZn/ip/x/aewPLc2O8YM2pPGPl45fxnwpYgIevemTPhIAAAAAAAAAAABGMcLEwJlqvu3o0wmH7vg3PyIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVSUAAP//32bccw==")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000680), 0x101040, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x6, 0x0, 0x0, 0x100, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x43)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300), 0x8800, &(0x7f00000008c0)=ANY=[@ANYBLOB=',msize=0x0000000000000001,access=user,posixacl,seclabel'])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x24, 0x8, 0x4, 0x1ff, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0x0, [0x0, 0x2]}})
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000100), 0x12)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000000306050000000000000500000000000605000100"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r9, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0xfdfd, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r1, 0x5437, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000001840)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001800)={&(0x7f0000000540)={0x2c, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4850}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m50.937822571s ago: executing program 6 (id=1610):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0xfffffffffffffff7}, 0x18)
r2 = socket$inet(0x2, 0x2, 0x1)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r2, &(0x7f0000001040)={&(0x7f0000000040)={0x2, 0xffff, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000400)='\b\x00', 0x2}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000024)

2m50.840101203s ago: executing program 6 (id=1613):
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000400850000008200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r1, 0x2285, 0x0)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x1)

2m50.397589232s ago: executing program 6 (id=1621):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000140)={0x3b, 0x0, 0x1, 0x7}, 0x8)

2m50.313597513s ago: executing program 6 (id=1624):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000740)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r4, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
syz_clone(0x40b04000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014"], 0x44}}, 0x0)

2m49.821497883s ago: executing program 6 (id=1628):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2m48.636014335s ago: executing program 6 (id=1640):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, r3, 0x301, 0x800000, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)

2m48.635781075s ago: executing program 36 (id=1640):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, r3, 0x301, 0x800000, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)

2m44.77209111s ago: executing program 8 (id=1680):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x8800, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
write$selinux_load(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x511a01, 0x80)

2m44.77176615s ago: executing program 8 (id=1681):
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioperm(0x5, 0xa, 0x100000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/kernel/rcu_stall_count', 0x42, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)

2m43.911746507s ago: executing program 8 (id=1692):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r0, 0x800, 0x7, 0xcd9, 0xfff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x20a}, 0x18)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c000000100003052cbd7000fedbdf2500000020", @ANYRES32=0x0, @ANYBLOB="0000000000080400240012800b0001006d6163736563000014000280050006000000000005000f000000000008000500", @ANYRES32=r5], 0x4c}}, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r7 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r9, 0x0, 0x4}, 0x18)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f0000000040)={0x78, 0x6}, 0x4)
setsockopt$packet_fanout_data(r10, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000002040)=[{0x4, 0x8, 0x8, 0x6}]}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x18)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wg2\x00', <r13=>0x0})
sendmsg$nl_route(r12, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c0000001900000142bd7000ffdbdf2580801407fe00ff000009000006001c004e21000008000300", @ANYRES32=r13, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x200ad}, 0x4010)
r14 = socket$kcm(0x29, 0x5, 0x0)
sendmsg(r14, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
close(r14)

2m43.780971989s ago: executing program 8 (id=1695):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000740)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r4, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
syz_clone(0x40b04000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014"], 0x44}}, 0x0)

2m43.423526246s ago: executing program 8 (id=1698):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000010000006500000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000012700000000000000000a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x100000000000000)

2m42.403732296s ago: executing program 8 (id=1712):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0a000000040000000800"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, r3, 0x301, 0x800000, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67200000000000140600000fff07006706000020000000350200000ee60000bf25000000000000bd350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000014000000000000009500000000000000db13d5d8b740f2cdaabc8383c8f56b8c2b84a800ea6553f3ef4392b3815dcf00c3eebc52267b042d19d6e31e25e589d5f2692c75a547d6f186641ae8c557ccff3878a93b51a0389749df734f49ed5078b10f1e7f2b37626a3ace1ea89f7d2c570720a86853e26168761f0a53358f7ee2baa0e6a67a98a0d57ac09f36cfefbbc7492bbe7cdf64971a57fd64efd46c26"], &(0x7f0000000380)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x10, 0x0, 0x57}, 0x48)

2m42.311680428s ago: executing program 37 (id=1712):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0a000000040000000800"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, r3, 0x301, 0x800000, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67200000000000140600000fff07006706000020000000350200000ee60000bf25000000000000bd350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000014000000000000009500000000000000db13d5d8b740f2cdaabc8383c8f56b8c2b84a800ea6553f3ef4392b3815dcf00c3eebc52267b042d19d6e31e25e589d5f2692c75a547d6f186641ae8c557ccff3878a93b51a0389749df734f49ed5078b10f1e7f2b37626a3ace1ea89f7d2c570720a86853e26168761f0a53358f7ee2baa0e6a67a98a0d57ac09f36cfefbbc7492bbe7cdf64971a57fd64efd46c26"], &(0x7f0000000380)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x10, 0x0, 0x57}, 0x48)

2m37.644002357s ago: executing program 4 (id=1766):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000740)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r4, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
syz_clone(0x40b04000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014"], 0x44}}, 0x0)

2m36.940623361s ago: executing program 4 (id=1778):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x91209a, &(0x7f0000000c80)=ANY=[], 0x1, 0x191, &(0x7f00000002c0)="$eJzs3c+qElEcB/Cff5qkletoMdCmlVRPYIWCNBAULmpVYG00gtxMrXyL3qBX6XXClTsv3hHlyly4F64O1/l8Nn7xq5xzZjFnNWc+P/k+nfyYf/v77090Oo1o96Mfq0Z0oxmtKCwCADgnq/U6/q8LN/j56xNMCQA4slvu/wDAGbD/A0D92P8BoH4+fPz09lWWDd6naSdiucjH+bj4LPrhKBs8Ty919/9a5vm4tetfFH16tX8Qj7b9y9I+iWdPi37TvXmXHfQPY1I24X7jzq8BAAAAAAAAAAAAAAAAAAAAAACcWi/dKT3fp9dLrumLNBwl2+8Oz/dpx+N2yYDJUZYBAAAAAAAAAAAAAAAAAAAA99r81+/pl9ns609BEIRdqPrOBAAAAAAAAAAAAAAAAAAA9bN/6LfqmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAdfbv/z9e2IzTrHqhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU2kUAAAD//1z+TP8=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2m36.801426823s ago: executing program 4 (id=1782):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000200000000000000000000000b7080000000000007b8af8ff00000000b7080000ddffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7040000080000008500000095000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x5}, 0x18)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
move_mount(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)

2m36.738547395s ago: executing program 4 (id=1783):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r0, @ANYBLOB="001a000000000000b72800000073a6a811cfd1ca7c000000bfa2000000000000070200ae80389d24596bd30008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000040)={[{@norecovery}, {@grpquota}, {@debug}, {@discard}]}, 0xee, 0x498, &(0x7f0000001b40)="$eJzs3E1sFFUcAPD/bL/5kIr4AYJW8YOotLR8yMGLRhMPmpjoAeOplkKQQg2tiZBG0QMeDYl349HEu4knvRj1YEy86t2QENML6GnMzM4s23a3n0sX3N8v2e17M7N97z9vXuf1vd0NoGMNZU9JxLaI+CMidlSzCw8Yqv64OT838c/83EQSafrm30l+3I35uYny0PJ1W6uZNI3oy5J9Dcq98k7E+NTU5IUiPzJ77v2RmYuXDp45N3568vTk+bHjx48c3td7bOxovj9dZ3yV4mcW1409H03v3f3q21dfnzhx9d2fv8nqu63YXx/HuqRLazhUPbuLPZo9Pbmhwu4ov2ZP2+s2JN3NDx7ehAqxel0RkTVXT55LoisGavt2xCuftrFqwG2Wpmna6P4cdfftFPifSvRv6FDlvT77/7d8bM7I485w/cWIOFhk5ucmbtbi767NHfQs+v+2lYYi4sTlf7/MHtGKeQgAgBV8n41/nms0/qvEA3XH3VOsoQxGxL0RsTMi7ouIXRFxf0R+7IMR5x5aY/mLV0iWjn8q19YV2Cpl478XirWtmwvGf+XoLwa7itz2PP6e5NSZqclDxTk5ED19WX50mTJ+ePn3z8t0/6J99eO/7JGVX44Fi3pc6140QXdyfHY8T6Rp+vHGwo/rn0Ts6W4UfxLlMk4SEbsjYs86yzjzzNd7m+1bOf5lLLPOtFrpVxFPV9v/8sLx/62mSurXJwciorY+Ofr8sbGjI/0xNXlopLwqlvrltytvNCt/Q/G3QNb+Wxpe/7VV4MGkP2Lm4qWz+XrtzNrLuPLnZ3V9esHqchZ/5duINV//vclbebq32Pbh+OzshdGI3uS1pdvHbr22zJfHZ/Ef2N+4/++sq/HDEZFdxPsi4pFiETdru8ci4vGI2L9M/D+99MR7zfY1b/9ms/Ktdb04Ucu2f9S3/9oTXWd//K5Z+UPFGmQU56Fx+x/JUweKLbW/f8tYbQXXddIAAADgLlPJ3wOfVIZr6UpleLj6Hv5dsaUyNT0z++yp6Q/On6y+V34weirlTNeOuvnQ0WJuuMyPLcofLuaNv+gayPPDE9NTJ9sdPHS4rU36f+avrnbXDrjtWrCOBtyl9H/oXPo/dC79HzqX/g+dq1H/3+gHC4C7g/s/dK68/z91ud3VANrA/R86l/4PHanpZ+MrG/rIf9NE0upf2DBRfnfCZpS1cqL8LopNL31g3S/vX/nURaW9Z7VjEt1L2iK6W1pEX8NdbfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EL/BQAA///5etKr")
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='veno', 0x25)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r2, 0x0, 0x0, 0xc9100120, 0x0, 0x0)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0, 0x20, 0x0, 0x0, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x18, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mq_notify(r5, &(0x7f0000000100)={0x0, 0x10})
close_range(r4, 0xffffffffffffffff, 0x0)
r6 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r9, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r10, 0x8, 0x0, 0x2, 0x0, {0xa, 0x1, 0xf9d, @local}}}, 0x32)
writev(r9, &(0x7f0000000180)=[{&(0x7f00000000c0)='v', 0x1}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r8}, 0x10)
syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0)

2m36.375902302s ago: executing program 4 (id=1784):
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
close(0xffffffffffffffff)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fbffffff000000000000000085000000a0000000950d000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000140)={0x3b, 0x8, 0x1, 0x7, 0x0, [@loopback, @empty, @ipv4={'\x00', '\xff\xff', @local}, @private0={0xfc, 0x0, '\x00', 0x1}]}, 0x48)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x9, 0x0, 0x70bd2d, 0x25dfdbfe, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x2}}]}, 0x48}}, 0x4040014)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4040800)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
close(r4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000040), &(0x7f0000000180)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)

2m36.337320702s ago: executing program 5 (id=1787):
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/kernel/rcu_stall_count', 0x42, 0x0)
timer_create(0x5, &(0x7f00000000c0)={0x0, 0x23, 0x1, @thr={0x0, &(0x7f0000000400)="423689521cedea96eb7a9d83c165eef3b7d18e00000000"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2m36.074508567s ago: executing program 4 (id=1796):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x14, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x14, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5)
sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x1c, r6, 0xb29, 0x0, 0x0, {{}, {@val={0x5}, @void}}}, 0x1c}}, 0x2404c044)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)

2m36.074065847s ago: executing program 38 (id=1796):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x14, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x14, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5)
sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x1c, r6, 0xb29, 0x0, 0x0, {{}, {@val={0x5}, @void}}}, 0x1c}}, 0x2404c044)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)

2m35.465954999s ago: executing program 5 (id=1806):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x20000400)
r0 = syz_open_procfs(0x0, 0x0)
preadv(r0, 0x0, 0x0, 0x91, 0x300)
syz_io_uring_setup(0xa3d, 0x0, &(0x7f0000000200), &(0x7f0000000180))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = socket$kcm(0x2, 0x5, 0x84)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x15, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
setsockopt$sock_attach_bpf(r4, 0x84, 0x75, &(0x7f0000000400)=r3, 0x4)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000580)={'sit0\x00', &(0x7f0000000940)={'syztnl2\x00', <r6=>0x0, 0x7, 0x80, 0x8, 0xfffffff8, {{0x5, 0x4, 0x3, 0x3, 0x14, 0x64, 0x0, 0xb5, 0x4, 0x0, @broadcast, @multicast2}}}})
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000009c0)={@private0, 0xe, r6})
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3e}}, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0xfffffffffffffffe, 0x0, 0x9}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xb30, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

2m35.364566441s ago: executing program 5 (id=1807):
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r0)
io_setup(0x9, &(0x7f0000000080)=<r1=>0x0)
r2 = epoll_create1(0x0)
r3 = eventfd2(0xffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000b80)={0xa0001011})
io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x850e, r3, 0x0, 0x2e, 0x4000de, 0x0, 0x1, r3}])
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0x11, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r5}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r4, @ANYBLOB="1748000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r4], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

2m34.856044841s ago: executing program 5 (id=1811):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000740)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r4, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
syz_clone(0x40b04000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014"], 0x44}}, 0x0)

2m34.196327574s ago: executing program 5 (id=1816):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2m33.34404075s ago: executing program 5 (id=1827):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2m33.34353894s ago: executing program 39 (id=1827):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

4.970331655s ago: executing program 2 (id=3872):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
kexec_load(0x4, 0xa, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2400c09d}, 0x20)
socket(0x1d, 0x2, 0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xff73, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r7, 0xffffffffffffffff, 0x100000000000000)

4.113589771s ago: executing program 2 (id=3883):
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
close(0xffffffffffffffff)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fbffffff000000000000000085000000a0000000950d000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000140)={0x3b, 0x8, 0x1, 0x7, 0x0, [@loopback, @empty, @ipv4={'\x00', '\xff\xff', @local}, @private0={0xfc, 0x0, '\x00', 0x1}]}, 0x48)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x9, 0x0, 0x70bd2d, 0x25dfdbfe, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x2}}]}, 0x48}}, 0x4040014)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4040800)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
close(r4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000040), &(0x7f0000000180)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)

4.083194962s ago: executing program 9 (id=3884):
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000140)={0x3b, 0x8, 0x1, 0x7, 0x0, [@loopback, @empty, @ipv4={'\x00', '\xff\xff', @local}, @private0={0xfc, 0x0, '\x00', 0x1}]}, 0x48)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x9, 0x0, 0x70bd2d, 0x25dfdbfe, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x2}}]}, 0x48}}, 0x4040014)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4040800)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
close(r4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)

3.532486773s ago: executing program 3 (id=3892):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[], 0x1, 0x123a, &(0x7f00000005c0)="$eJzs3c9rHGUYB/AnTdLE1GSj1moL0he96GVscvDkJUgK0gWlbQqtIEzNRpfd7IbMEtgiNjev/h3i0Zsg4j0XL54FbwHxJD2II+7Etgkb7MrCavl8LnnJ837nx+67AzO87+7h219st7aKbCvvxZmpqZjZiUgPUqQ4E9NR2Y83bv340ys3bt+5tlavr19P6erazZW3UkpLl7/94NOvXv2ud+7W10vfzMXB8oeHv67+fHDh4OLhHzc/aRapWaROt5fydLfb7eV324202SxaWUrvtxt50UjNTtHYPVbfand3dvop72wuLuzsNooi5Z1+ajX6qddNvd1+yj/Om52UZVlaXAj+vbOx8eWDsiwjynI2zkZZluUzsRDn4tlYjKWoxXI8F8/HC3E+XowL8VK8HBcHvSZ95AAAAAAAAAAAAAAAAAAAAPB0sf4fAAAAAAAAAAAAAAAAAAAAJs/6fwAAAAAAAAAAAAAAAAAAAJg86/8BAAAAAAAAAAAAAAAAAABg8m7cvnNtrV5fv57SfMT253sbexvV36q+thXNaEcjrkQtfo/B6v9K1b76bn39ShpYjje37x/l7+9tTB/Prwy+TmBofqXKp+P5uVh4PL8atTg/PL86ND8fr7/2WD6LWvzwUXSjHZvxV/ZR/rOVlN55r34if2nQDwAAAJ4GWXpo6P17lqWpqarriXr1z9OfD5S1E88HTtxfz8SlmQmeOANF/14rb7cbu2NpzB9tdVwbnD6tdDQk414rv/zEG/x7uJ3eZ+7U0mxEjPGF+g82vn84Jp48NRtFf27kfR3tZn/ip/x/aewPLc2O8YM2pPGPl45fxnwpYgIevemTPhIAAAAAAAAAAABGMcLEwJlqvu3o0wmH7vg3PyIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVSUAAP//32bccw==")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000680), 0x101040, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x6, 0x0, 0x0, 0x100, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x43)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300), 0x8800, &(0x7f00000008c0)=ANY=[@ANYBLOB=',msize=0x0000000000000001,access=user,posixacl,seclabel'])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x24, 0x8, 0x4, 0x1ff, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0x0, [0x0, 0x2]}})
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, 0x0, 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000100), 0x12)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000000306050000000000000500000000000605000100"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r9, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0xfdfd, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r1, 0x5437, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000001840)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001800)={&(0x7f0000000540)={0x2c, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4850}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.184971079s ago: executing program 3 (id=3896):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x23083b0fbfd43c40, &(0x7f0000000080)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x1}, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x34}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r4}, 0x18)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xff, r3}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x9}}}, 0x24}}, 0x0)

3.114972431s ago: executing program 3 (id=3899):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2.810202657s ago: executing program 1 (id=3905):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2.311811426s ago: executing program 2 (id=3907):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==")
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x807, 0x510, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x44, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x10, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa, 0x1, "fefe807eb37b"}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc8}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2.212261528s ago: executing program 9 (id=3908):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0xf, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000005000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b700000000000000950000000000000031bfa24466e54bdb9a4906226b70cd7b8af34a0d2d83bbeeb4b2ac393f2172c8459e283d55c466dcd2aae04427667f82f49201defcb6a75b94b287c6fdd1c254a9c4f98a5d7705642be296cfd71db05b75d8365fbb929071b83c9b66f5d2e62e3c7b91dfd08d6fcceeb8e10ee1720856f2bcd4b8e9080683b27d5ef61aca78175eebbaa72edad9cf0cee3ad8b5e2be4a69a7b4cdb2543a9c1a32e20ddf777465bf8c506bfaeaed46d9e9c4eb17baead9094544739b8b40ea7a2ca0e753341f8673d4c73ca7f270b7255f21"], &(0x7f0000000680)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x1, 0x9, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000740)=[r0, r0], &(0x7f0000000780)=[{0x1, 0x5, 0x9, 0xb}, {0x1, 0x3, 0x4}, {0x0, 0x5, 0x10, 0x8}, {0x0, 0x3, 0xe, 0x4}, {0x1, 0x2, 0xf, 0x5}], 0x10, 0x32}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\a\x00\x00\x00\t\x00\x00\x00'], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x10000000000004}, 0x18)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), r4)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="605a25626707484aaaf8fb74a884e000f7200e77583fa3287dc51d13c15cdfe714cd73795b3790d8533d06098ffc864ce4a0bebe8e32ec7e8460cb72fc6d9785a023c123fce030140b9e98e87013cc2a848f9c1c678cba295b66ed45bcec751236c870e5ccdc3f54b54cb1cb6303cf32136fc7635605aa5e407d", @ANYRES16=r5, @ANYBLOB="1bb300000000ffffffff010000000c0006000100000001000000"], 0x20}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2208c08, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]})
umount2(&(0x7f0000000080)='./file0\x00', 0x4)
setxattr$trusted_overlay_origin(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, 0x0, 0x3)
r7 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001"], 0x114}, {&(0x7f00000009c0)=ANY=[], 0x2cc}], 0x2, 0x0, 0x0, 0x20000001}, 0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000300)={{{@in=@remote, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, 0x4e23, 0x0, 0x4e24, 0x0, 0x2, 0x80, 0x60, 0x11, 0x0, r9}, {0xe61, 0x0, 0x0, 0x8, 0xb, 0x800, 0xffd, 0xffffffffffffffff}, {0x7, 0x84, 0x7fffffffffffffff, 0x7}, 0x8000, 0x6e6bb3, 0x0, 0x0, 0x2, 0x3}, {{@in6=@private1, 0x4d3, 0x3c}, 0x2, @in=@private=0xa010102, 0x3500, 0x0, 0x0, 0x4, 0xc, 0xd0, 0x1}}, 0xe8)
sendmsg$BATADV_CMD_SET_HARDIF(r7, 0xfffffffffffffffe, 0xc0)
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000900, r9, &(0x7f0000000100))
lchown(&(0x7f0000000040)='./file0\x00', r9, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000380)=<r10=>0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300), 0x8800, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',msize=0x0000000000000001,access=user,posixacl,seclabel,fscontext=system_u,hash,fowner=', @ANYRESDEC=r9, @ANYBLOB="2c6f626a5f747970653d72616d6673002c0f2e8b7365636c6162656c2c686173682c61a37072616973652c75", @ANYRESDEC=r10, @ANYBLOB=',\x00'])

2.188834149s ago: executing program 3 (id=3909):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2.067335081s ago: executing program 2 (id=3911):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "2af3"}]}]}, {0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1.992904542s ago: executing program 0 (id=3913):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000020c0)={0x0, 0x1c, &(0x7f0000002140)=[@in6={0xa, 0x4e22, 0x3, @remote}]}, &(0x7f00000002c0)=0x10)

1.974006103s ago: executing program 2 (id=3914):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0f0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000c80)='ishtp_dump\x00'}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
getgid()
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9ce}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/28, 0x1c}], 0x1}}], 0x90}, 0x0)

1.910195434s ago: executing program 0 (id=3915):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000)

1.904852804s ago: executing program 1 (id=3916):
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r1, @ANYRES16=r1, @ANYRESOCT=r0], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x56, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe01}, r4, 0x0, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r8 = dup(r7)
write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r5)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r8, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, r9, 0x400, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x40, 0x48}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}]}, 0x30}, 0x1, 0x0, 0x0, 0x40811}, 0x8810)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r5, 0x4008240b, &(0x7f0000000040)={0x5, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x4, 0x7}, 0x0, 0x0, 0x0, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10})
semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x2, 0x800}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = memfd_secret(0x80000)
ioctl$SIOCGETSGCNT(r11, 0x89e1, &(0x7f0000000340)={@multicast1, @remote})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r10, 0x0, 0x1ffffffffffffffd}, 0x18)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x54, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r12, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000040)=[0x8], 0x0, 0x0, 0x1}}, 0x40)
recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000240)=""/7, 0x7}], 0x1}, 0x2000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, r2, 0x0)

1.876039765s ago: executing program 2 (id=3917):
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
close(0xffffffffffffffff)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fbffffff000000000000000085000000a0000000950d000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000140)={0x3b, 0x8, 0x1, 0x7, 0x0, [@loopback, @empty, @ipv4={'\x00', '\xff\xff', @local}, @private0={0xfc, 0x0, '\x00', 0x1}]}, 0x48)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x9, 0x0, 0x70bd2d, 0x25dfdbfe, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x2}}]}, 0x48}}, 0x4040014)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4040800)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
close(r4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000040), &(0x7f0000000180)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)

1.804756126s ago: executing program 0 (id=3918):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000090000000c"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r6}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r5}, 0x18)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff8000000000000008000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4c001}, 0x4004110)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x480d5}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r1}, &(0x7f0000000600), &(0x7f0000000b80)}, 0x20)
epoll_create(0x69610e32)
pivot_root(&(0x7f00000001c0)='./file0\x00', 0x0)
r10 = socket(0x1e, 0x805, 0x0)
connect$tipc(r10, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x2}}, 0x10)
connect$tipc(r10, &(0x7f0000000000)=@id, 0x10)
close(r10)

1.704094988s ago: executing program 0 (id=3919):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1.419433243s ago: executing program 9 (id=3920):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[], 0x1, 0x123a, &(0x7f00000005c0)="$eJzs3c9rHGUYB/AnTdLE1GSj1moL0he96GVscvDkJUgK0gWlbQqtIEzNRpfd7IbMEtgiNjev/h3i0Zsg4j0XL54FbwHxJD2II+7Etgkb7MrCavl8LnnJ837nx+67AzO87+7h219st7aKbCvvxZmpqZjZiUgPUqQ4E9NR2Y83bv340ys3bt+5tlavr19P6erazZW3UkpLl7/94NOvXv2ud+7W10vfzMXB8oeHv67+fHDh4OLhHzc/aRapWaROt5fydLfb7eV324202SxaWUrvtxt50UjNTtHYPVbfand3dvop72wuLuzsNooi5Z1+ajX6qddNvd1+yj/Om52UZVlaXAj+vbOx8eWDsiwjynI2zkZZluUzsRDn4tlYjKWoxXI8F8/HC3E+XowL8VK8HBcHvSZ95AAAAAAAAAAAAAAAAAAAAPB0sf4fAAAAAAAAAAAAAAAAAAAAJs/6fwAAAAAAAAAAAAAAAAAAAJg86/8BAAAAAAAAAAAAAAAAAABg8m7cvnNtrV5fv57SfMT253sbexvV36q+thXNaEcjrkQtfo/B6v9K1b76bn39ShpYjje37x/l7+9tTB/Prwy+TmBofqXKp+P5uVh4PL8atTg/PL86ND8fr7/2WD6LWvzwUXSjHZvxV/ZR/rOVlN55r34if2nQDwAAAJ4GWXpo6P17lqWpqarriXr1z9OfD5S1E88HTtxfz8SlmQmeOANF/14rb7cbu2NpzB9tdVwbnD6tdDQk414rv/zEG/x7uJ3eZ+7U0mxEjPGF+g82vn84Jp48NRtFf27kfR3tZn/ip/x/aewPLc2O8YM2pPGPl45fxnwpYgIevemTPhIAAAAAAAAAAABGMcLEwJlqvu3o0wmH7vg3PyIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVSUAAP//32bccw==")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000680), 0x101040, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x6, 0x0, 0x0, 0x100, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x43)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300), 0x8800, &(0x7f00000008c0)=ANY=[@ANYBLOB=',msize=0x0000000000000001,access=user,posixacl,seclabel'])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x24, 0x8, 0x4, 0x1ff, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0x0, [0x0, 0x2]}})
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, 0x0, 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000100), 0x12)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000000306050000000000000500000000000605000100"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r9, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0xfdfd, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r1, 0x5437, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000001840)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001800)={&(0x7f0000000540)={0x2c, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4850}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.184713118s ago: executing program 3 (id=3921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1.008111291s ago: executing program 9 (id=3922):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x23083b0fbfd43c40, &(0x7f0000000080)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x1}, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x34}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r4}, 0x18)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xff, r3}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x9}}}, 0x24}}, 0x0)

996.857742ms ago: executing program 1 (id=3923):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
socket$kcm(0x2, 0x3, 0x84)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write$P9_RREAD(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a000000075020095000000e34a888bad6c22dcb43a375185af1585651f6bf8b50adacd3af1844943de54cd643c0c39c6d9bc2cc024e7099e09acff7bcd803a6887c09ac5aaadf5a75c5b20161ae4a7a129844322662fc865be98b6891a5b3e2127ef1bc89e84525d27378effffffe5985a81b78ae27296557ec6f206c958fa6b76f9e943987e5962ad9a6509"], 0xa0)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7fffeffd)

890.616704ms ago: executing program 9 (id=3924):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x20b, @empty, 0x2}, 0x1c)
syz_emit_ethernet(0x32, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000000000800450000240000000000119078ac1414bbe000000100004e20001090782240000000000000"], 0x0)
truncate(0x0, 0x7)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xdb11, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1, 0x0, 0x6}, 0x18)
ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f00000009c0)=0xffff)
r2 = perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x8, 0x505b8, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8008586e, 0x2, @perf_config_ext={0x88, 0x100000001}, 0x4c58, 0x5, 0x0, 0x1, 0x2, 0x20005, 0x10, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r2, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@debug}]}, 0x1, 0x514, &(0x7f0000000300)="$eJzs3c9vI1cdAPDvTOJtdjfFLiBUKlEqWpStYO2koW2EEJQLnCoB5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgf+AFSpElwQBwQIhGAXDkjADrI9ZrOOnYTdxM7Gn4/04vdmxvN9byy/+eGXmQAm1nMR8VpETEXEixFRzKeneYqDbmovd/fOWyvtlESWvfHXJJJ8Wm9d7fJ0RFzP3zYTEV/7csQ3k6Nxm3v7m8u1WnUnL1da9e1Kc2//5kZ9eb26Xt1aXFx4ZenVpZeX5rPcI7Wz1Mv85Euff+fT3/rdrT/f+Ha7Wp/7SBSirx1nqdv0Qmdb9LS30c55BBuDqbw9hXFXBACAU2kf438wIj7ROf4vxlTnaK7P1DhqBgAAAJyV7AtJ/DuJyAAAAIBLK42I2UjScj4WYDbS9Ep+beDDcS2tNZqtT601drdW2/MiSlFI1zZq1fl8rHApCkm7vJCPse2VX+orL0bEUxHx/eLVTrm80qitjvnaBwAAAEyK633n//8opp38yQb8nwAAAABwcZWGFgAAAIDLwik/AAAAXH795//vjKkeAAAAwLn4yuuvt1PWe/716pt7u5uNN2+uVpub5fruSnmlsbNdXm801jv37KuftL5ao7H9mdjavV1pVZutSnNv/1a9sbvVurXxwCOwAQAAgBF66uPv/jqJiIPPXu2kyO8DCPCAP4y7AsBZmhp3BYCxefi7eBfOtB7A6PkWA8kJ8w3eAQCAx9/cR4/+/t97/r9rA3C5GesDAJPHU7xhchWMAISJlkbEB7rZJ4YtM/T3/1+eNkqWRbxXPDzF9UUAABit2U5K0nJ+HjAbaVouRzwZkZaikKxt1Krz+fnBr4qFJ9rlhc47kxPHDAMAAAAAAAAAAAAAAAAAAAAAAAAAXVmWRAYAAABcahHpn5LO3fwj5oovzPZfH7iS/LMYf8wLP3rjB7eXW62dhfb0v3We5XUlIlo/zKe/NPTxYQAAAMBZSw6Gzuqep+evCyOtFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT4O6dt1Z6aZRx//LFiCgNij8dM53XmShExLW/JzF96H1JREydQfyDtyPi6UHxk7iXZVkpr0V//DQirp5z/FJn0wyPf/0M4sMke7fd/7w26PuXxnOd18Hfv+k8Parh/V+aR366088N6v+ePLK2+sAYz7z/s8rQ+G9HPDM9uP/p9b/JkPjPH1nbv7IsOxrjG1/f3x8WP/txxNzA/U/yQKxKq75dae7t39yoL69X16tbi4sLryy9uvTy0nxlbaNWzf8OjPG9j/383nHtvzYg/m9/0+1/j2v/C8NW2uc/79++86FutjAo/o3nB+5/Z2JI/DTf930yz7fnz/XyB938Yc/+9L1nj2v/6pDtf9Lnf+OU7X/xq9/9/SkXBQBGoLm3v7lcq1V3jsnMnGKZxzHzi5kLUY3/M5N9p/vJXZT6PGymfbR6f0qvVRegYocy2chiTcUFafL/MmPtlgAAgHNw/6B/3DUBAAAAAAAAAAAAAAAAAACAyTWK24n1xzwYT1MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI713wAAAP//fG7gBw==")
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000880)=ANY=[@ANYRES8=r3, @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000000000008500004c098645ac49e70c64f16b5d74a50b0082cc23782190501b000000b700"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r4, 0x0, 0x7}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r5)
mincore(&(0x7f0000b2f000/0x2000)=nil, 0x2000, &(0x7f0000000000)=""/36)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r3, &(0x7f0000000200)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x3c, r6, 0x200, 0x70bd28, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}]}, 0x3c}}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x10, 0x3}]}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000a00)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000840)={&(0x7f0000000900)=@deltfilter={0xfffffffffffffd7a, 0x2d, 0x1, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x7, 0xffe0}, {0xfff3, 0xffff}, {0xb, 0xf}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x5c, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TOS_MASK={0x5, 0x51, 0x4}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x6}, @TCA_FLOWER_KEY_SCTP_SRC={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @TCA_FLOWER_KEY_FLAGS={0x8, 0x2f, 0x8000}, @TCA_FLOWER_KEY_VLAN_ETH_TYPE={0x6}, @TCA_FLOWER_KEY_ETH_SRC_MASK={0xa, 0x7, [0xff, 0xff]}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8, 0x46, 0x8}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x4}}, @TCA_RATE={0x6, 0x5, {0xb3, 0xc4}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x80c0}, 0x4c014)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r5)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002dbd7000fedbdf2531000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)

608.135849ms ago: executing program 0 (id=3925):
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x511, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x3c0c, &(0x7f0000000400)={0x0, 0xc890, 0x4002, 0x4}, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r4, &(0x7f00000001c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000007c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)

489.941471ms ago: executing program 9 (id=3926):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

372.160233ms ago: executing program 0 (id=3927):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r0, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fccbdf250900000005000700000000000800010001000000050008"], 0x2c}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000002140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000340)='cachefiles_unlink\x00', r5, 0x0, 0x1}, 0xfffffdf8)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r6, &(0x7f0000000780)=[{{&(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804)
sendmsg$NFT_MSG_GETTABLE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000010a03fb0000000000000000050000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x20040800)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e20, 0x0, @loopback, 0x7}}, 0x0, 0x0, 0x47, 0x0, "09be2271b78506e6dd938d324c415acd403a4480fd1afa34432bcdfa64d957e93efafd27ad06a6f589bb643f167cf0fcd370239aaa93f6ded3c5032c96ead0cdc68474d402ab73e482db7ec1e0a57489"}, 0xd8)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000)
r7 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r7, &(0x7f0000000040), 0x10)
listen(r7, 0x5)
r8 = socket(0x28, 0x5, 0x0)
sendmmsg(r8, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000380)="cd5a7a06d4a4759cefdfde20d47eb20b4028e06c51079da55de651bc6757cae10d97cd5a09286ac4dd2f1acebd18eda0c088b13407ac9b77a538beadfaf6d8745d756c49d4dd64af5dde5a240e215e19706b405aa78b5b753c9305bd09dcfcd3644d1efe6f4c6d2501feb09e39e7ae0d5d24fd016fbbb5b38e318d4ae197805f351269554e4cd96304faf62f7dff4f7d25c7153e006d9b3d3bed7c964ee20be6d5a5b8f59a231115eb7c1c93e7f475cd03d87c227d48bd08e5808b60885080cf2efc202adb00190168f50ce2cfedc2dc", 0xffffffc3}], 0x1}}], 0x1, 0x24008094)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @empty, 0x5}, 0x1c)

214.766777ms ago: executing program 3 (id=3928):
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000"], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x6c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x64, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/consoles\x00', 0x0, 0x0)
r2 = syz_io_uring_setup(0x49d, &(0x7f00000003c0)={0x0, 0x9f4b, 0x800, 0x1, 0x144}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r1, 0x7, &(0x7f00000000c0)=""/207, 0xcf, 0x10, 0x1})
io_uring_enter(r2, 0xfd0, 0x4c0, 0x43, 0x0, 0xf5)
io_setup(0x5, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406a05d0000000f600010300010009210101000122050009058103ff030c0008"], 0x0)

103.967829ms ago: executing program 1 (id=3929):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000180)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet(0x2, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x911f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x2}, 0x18)
socket(0x2, 0x80805, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@o_path={0x0, 0x0, 0x4018}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, 0x0, 0x0)

348.901µs ago: executing program 1 (id=3930):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000090000000c"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r6}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r5}, 0x18)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff8000000000000008000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4c001}, 0x4004110)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x480d5}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r1}, &(0x7f0000000600), &(0x7f0000000b80)}, 0x20)
epoll_create(0x69610e32)
pivot_root(&(0x7f00000001c0)='./file0\x00', 0x0)
r10 = socket(0x1e, 0x805, 0x0)
connect$tipc(r10, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x2}}, 0x10)
close(r10)

0s ago: executing program 1 (id=3931):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
socket$kcm(0x2, 0x3, 0x84)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write$P9_RREAD(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a000000075020095000000e34a888bad6c22dcb43a375185af1585651f6bf8b50adacd3af1844943de54cd643c0c39c6d9bc2cc024e7099e09acff7bcd803a6887c09ac5aaadf5a75c5b20161ae4a7a129844322662fc865be98b6891a5b3e2127ef1bc89e84525d27378effffffe5985a81b78ae2729655"], 0xa0)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7fffeffd)

kernel console output (not intermixed with test programs):

66]  should_fail_alloc_page+0xf2/0x100
[  276.259457][T21166]  __alloc_frozen_pages_noprof+0xff/0x360
[  276.259498][T21166]  alloc_pages_mpol+0xb3/0x250
[  276.259591][T21166]  folio_alloc_mpol_noprof+0x39/0x80
[  276.259626][T21166]  shmem_get_folio_gfp+0x3cf/0xd60
[  276.259727][T21166]  shmem_write_begin+0xa8/0x190
[  276.259749][T21166]  generic_perform_write+0x184/0x490
[  276.259780][T21166]  shmem_file_write_iter+0xc5/0xf0
[  276.259806][T21166]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  276.259854][T21166]  vfs_write+0x527/0x960
[  276.259884][T21166]  __x64_sys_pwrite64+0xfd/0x150
[  276.259911][T21166]  x64_sys_call+0xc4d/0x2ff0
[  276.259953][T21166]  do_syscall_64+0xd2/0x200
[  276.259989][T21166]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  276.260022][T21166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.260044][T21166] RIP: 0033:0x7f5bdc1feec9
[  276.260125][T21166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.260143][T21166] RSP: 002b:00007f5bdac5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  276.260162][T21166] RAX: ffffffffffffffda RBX: 00007f5bdc455fa0 RCX: 00007f5bdc1feec9
[  276.260175][T21166] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 000000000000000b
[  276.260187][T21166] RBP: 00007f5bdac5f090 R08: 0000000000000000 R09: 0000000000000000
[  276.260207][T21166] R10: 000000000000fecc R11: 0000000000000246 R12: 0000000000000001
[  276.260279][T21166] R13: 00007f5bdc456038 R14: 00007f5bdc455fa0 R15: 00007ffccfa14fe8
[  276.260300][T21166]  </TASK>
[  276.489886][T21179] 9pnet_fd: Insufficient options for proto=fd
[  276.498058][T21179] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3405'.
[  276.528547][T21179] 8021q: adding VLAN 0 to HW filter on device bond2
[  276.546870][T21179] vlan2: entered allmulticast mode
[  276.552100][T21179] bond2: entered allmulticast mode
[  277.336925][T21236] loop2: detected capacity change from 0 to 8192
[  277.430071][T21241] loop1: detected capacity change from 0 to 512
[  277.437500][T21239] loop3: detected capacity change from 0 to 8192
[  277.465621][T21241] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  277.473844][T21241] System zones: 0-2, 18-18, 34-34
[  277.481029][T21241] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  277.508772][T21241] EXT4-fs (loop1): Remounting filesystem read-only
[  277.515763][T21241] EXT4-fs (loop1): 1 truncate cleaned up
[  277.522038][T21241] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  277.536192][T10420] __quota_error: 123 callbacks suppressed
[  277.536209][T10420] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  277.536249][T21241] ext4 filesystem being mounted at /292/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.542043][T10420] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  277.575607][T10420] Quota error (device loop1): write_blk: dquota write failed
[  277.583014][T10420] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  277.593104][T10420] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  277.603666][T10420] Quota error (device loop1): write_blk: dquota write failed
[  277.611088][T10420] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  277.646157][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.656908][T10420] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  277.667212][T10420] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  277.677655][T10420] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  277.690081][T10420] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  277.724922][   T29] audit: type=1326 audit(1758609210.140:4384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21258 comm="syz.9.3418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f915c77eec9 code=0x7ffc0000
[  277.758936][   T29] audit: type=1326 audit(1758609210.170:4385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21258 comm="syz.9.3418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f915c77eec9 code=0x7ffc0000
[  277.774327][T21263] batman_adv: batadv0: Adding interface: dummy0
[  277.788755][T21263] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.817461][T21263] batman_adv: batadv0: Interface activated: dummy0
[  277.827776][T21266] net_ratelimit: 1430 callbacks suppressed
[  277.827796][T21266] batadv0: mtu less than device minimum
[  277.839764][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.850468][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.861288][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.872193][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.882959][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.893758][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.904615][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.915551][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  277.926464][T21266] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  278.313900][T21278] netdevsim netdevsim1: Direct firmware load for x failed with error -2
[  278.930264][T21343] SELinux: failed to load policy
[  278.961427][T21355] loop9: detected capacity change from 0 to 512
[  278.977865][T21355] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  278.987758][T21355] System zones: 0-2, 18-18, 34-34
[  278.995733][T21355] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  279.016510][T21355] EXT4-fs (loop9): Remounting filesystem read-only
[  279.033519][T21355] EXT4-fs (loop9): 1 truncate cleaned up
[  279.042553][T21355] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.055414][T10420] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  279.066050][T10420] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  279.078560][T21355] ext4 filesystem being mounted at /356/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  279.089243][T10420] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started
[  279.133870][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.158293][T21263] loop2: detected capacity change from 0 to 256
[  279.293298][T21389] loop2: detected capacity change from 0 to 1024
[  279.317814][T21389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.361938][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.409031][T21402] loop2: detected capacity change from 0 to 1024
[  279.436480][T21402] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.452193][T21402] FAULT_INJECTION: forcing a failure.
[  279.452193][T21402] name failslab, interval 1, probability 0, space 0, times 0
[  279.464901][T21402] CPU: 0 UID: 0 PID: 21402 Comm: syz.2.3433 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  279.464932][T21402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  279.464943][T21402] Call Trace:
[  279.465026][T21402]  <TASK>
[  279.465035][T21402]  __dump_stack+0x1d/0x30
[  279.465061][T21402]  dump_stack_lvl+0xe8/0x140
[  279.465085][T21402]  dump_stack+0x15/0x1b
[  279.465104][T21402]  should_fail_ex+0x265/0x280
[  279.465135][T21402]  should_failslab+0x8c/0xb0
[  279.465174][T21402]  kmem_cache_alloc_noprof+0x50/0x310
[  279.465206][T21402]  ? security_inode_alloc+0x37/0x100
[  279.465241][T21402]  security_inode_alloc+0x37/0x100
[  279.465314][T21402]  inode_init_always_gfp+0x4b7/0x500
[  279.465359][T21402]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  279.465465][T21402]  alloc_inode+0x58/0x170
[  279.465509][T21402]  new_inode+0x1d/0xe0
[  279.465540][T21402]  shmem_get_inode+0x244/0x750
[  279.465566][T21402]  __shmem_file_setup+0x113/0x210
[  279.465675][T21402]  shmem_file_setup+0x3b/0x50
[  279.465698][T21402]  __se_sys_memfd_create+0x2c3/0x590
[  279.465728][T21402]  __x64_sys_memfd_create+0x31/0x40
[  279.465753][T21402]  x64_sys_call+0x2abe/0x2ff0
[  279.465779][T21402]  do_syscall_64+0xd2/0x200
[  279.465829][T21402]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  279.465901][T21402]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  279.465961][T21402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.466049][T21402] RIP: 0033:0x7fc0cf28eec9
[  279.466119][T21402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.466136][T21402] RSP: 002b:00007fc0cdceee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  279.466155][T21402] RAX: ffffffffffffffda RBX: 00000000000005fc RCX: 00007fc0cf28eec9
[  279.466178][T21402] RDX: 00007fc0cdceeef0 RSI: 0000000000000000 RDI: 00007fc0cf312960
[  279.466193][T21402] RBP: 0000200000000c00 R08: 00007fc0cdceebb7 R09: 00007fc0cdceee40
[  279.466209][T21402] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040
[  279.466224][T21402] R13: 00007fc0cdceeef0 R14: 00007fc0cdceeeb0 R15: 0000200000000080
[  279.466256][T21402]  </TASK>
[  279.690545][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.750658][T21419] FAULT_INJECTION: forcing a failure.
[  279.750658][T21419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.763888][T21419] CPU: 0 UID: 0 PID: 21419 Comm: syz.0.3436 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  279.763918][T21419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  279.763932][T21419] Call Trace:
[  279.763937][T21419]  <TASK>
[  279.763944][T21419]  __dump_stack+0x1d/0x30
[  279.763964][T21419]  dump_stack_lvl+0xe8/0x140
[  279.763984][T21419]  dump_stack+0x15/0x1b
[  279.764003][T21419]  should_fail_ex+0x265/0x280
[  279.764030][T21419]  should_fail+0xb/0x20
[  279.764103][T21419]  should_fail_usercopy+0x1a/0x20
[  279.764190][T21419]  _copy_from_user+0x1c/0xb0
[  279.764229][T21419]  ___sys_sendmsg+0xc1/0x1d0
[  279.764279][T21419]  __x64_sys_sendmsg+0xd4/0x160
[  279.764321][T21419]  x64_sys_call+0x191e/0x2ff0
[  279.764360][T21419]  do_syscall_64+0xd2/0x200
[  279.764396][T21419]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  279.764427][T21419]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  279.764491][T21419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.764517][T21419] RIP: 0033:0x7f5bdc1feec9
[  279.764535][T21419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.764556][T21419] RSP: 002b:00007f5bdac5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  279.764579][T21419] RAX: ffffffffffffffda RBX: 00007f5bdc455fa0 RCX: 00007f5bdc1feec9
[  279.764633][T21419] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  279.764645][T21419] RBP: 00007f5bdac5f090 R08: 0000000000000000 R09: 0000000000000000
[  279.764730][T21419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.764744][T21419] R13: 00007f5bdc456038 R14: 00007f5bdc455fa0 R15: 00007ffccfa14fe8
[  279.764768][T21419]  </TASK>
[  280.622965][T21456] loop9: detected capacity change from 0 to 2048
[  280.634747][T21456] EXT4-fs: Ignoring removed mblk_io_submit option
[  280.654177][T21456] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  280.687562][T21459] loop1: detected capacity change from 0 to 8192
[  280.723662][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.896565][T21471] loop9: detected capacity change from 0 to 512
[  280.903245][T21471] EXT4-fs: Ignoring removed mblk_io_submit option
[  280.910077][T21471] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  280.920880][T21471] EXT4-fs (loop9): 1 truncate cleaned up
[  280.927185][T21471] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  281.077399][T21476] FAULT_INJECTION: forcing a failure.
[  281.077399][T21476] name failslab, interval 1, probability 0, space 0, times 0
[  281.090105][T21476] CPU: 0 UID: 0 PID: 21476 Comm: syz.1.3451 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  281.090149][T21476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  281.090165][T21476] Call Trace:
[  281.090174][T21476]  <TASK>
[  281.090184][T21476]  __dump_stack+0x1d/0x30
[  281.090260][T21476]  dump_stack_lvl+0xe8/0x140
[  281.090282][T21476]  dump_stack+0x15/0x1b
[  281.090303][T21476]  should_fail_ex+0x265/0x280
[  281.090332][T21476]  ? __tcf_chain_get+0x91/0x280
[  281.090351][T21476]  should_failslab+0x8c/0xb0
[  281.090451][T21476]  __kmalloc_cache_noprof+0x4c/0x320
[  281.090494][T21476]  __tcf_chain_get+0x91/0x280
[  281.090519][T21476]  ? __tcf_block_find+0x11a/0x1a0
[  281.090551][T21476]  tc_new_tfilter+0x5ac/0x10a0
[  281.090651][T21476]  ? __rcu_read_unlock+0x4f/0x70
[  281.090677][T21476]  ? avc_has_perm_noaudit+0x1b1/0x200
[  281.090713][T21476]  ? ns_capable+0x7d/0xb0
[  281.090734][T21476]  ? __pfx_tc_new_tfilter+0x10/0x10
[  281.090833][T21476]  rtnetlink_rcv_msg+0x5fb/0x6d0
[  281.090870][T21476]  netlink_rcv_skb+0x120/0x220
[  281.090897][T21476]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  281.090946][T21476]  rtnetlink_rcv+0x1c/0x30
[  281.091077][T21476]  netlink_unicast+0x5c0/0x690
[  281.091108][T21476]  netlink_sendmsg+0x58b/0x6b0
[  281.091146][T21476]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.091180][T21476]  __sock_sendmsg+0x145/0x180
[  281.091248][T21476]  ____sys_sendmsg+0x31e/0x4e0
[  281.091279][T21476]  ___sys_sendmsg+0x17b/0x1d0
[  281.091332][T21476]  __x64_sys_sendmsg+0xd4/0x160
[  281.091381][T21476]  x64_sys_call+0x191e/0x2ff0
[  281.091403][T21476]  do_syscall_64+0xd2/0x200
[  281.091437][T21476]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  281.091503][T21476]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  281.091535][T21476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.091563][T21476] RIP: 0033:0x7f80124aeec9
[  281.091636][T21476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.091660][T21476] RSP: 002b:00007f8010f0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.091684][T21476] RAX: ffffffffffffffda RBX: 00007f8012705fa0 RCX: 00007f80124aeec9
[  281.091700][T21476] RDX: 0000000000000080 RSI: 0000200000000000 RDI: 0000000000000004
[  281.091715][T21476] RBP: 00007f8010f0f090 R08: 0000000000000000 R09: 0000000000000000
[  281.091730][T21476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.091745][T21476] R13: 00007f8012706038 R14: 00007f8012705fa0 R15: 00007ffe3aae9e88
[  281.091776][T21476]  </TASK>
[  281.407929][T21480] loop1: detected capacity change from 0 to 512
[  281.462321][T21482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3453'.
[  281.475483][T21482] bond_slave_0: entered promiscuous mode
[  281.481162][T21482] bond_slave_1: entered promiscuous mode
[  281.488361][T21482] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  281.497607][T21482] bond_slave_0: left promiscuous mode
[  281.503091][T21482] bond_slave_1: left promiscuous mode
[  281.509510][T21480] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  281.517746][T21480] System zones: 0-2, 18-18, 34-34
[  281.530047][T21485] loop2: detected capacity change from 0 to 128
[  281.530150][T21480] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  281.552539][T21480] EXT4-fs (loop1): Remounting filesystem read-only
[  281.554961][T21485] cgroup2: Unknown parameter 'pids_localevenës'
[  281.565890][T21480] EXT4-fs (loop1): 1 truncate cleaned up
[  281.572489][T21480] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.588919][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  281.599520][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  281.633049][T21480] ext4 filesystem being mounted at /297/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  281.646344][   T12] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  281.688022][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.743773][T21495] netdevsim netdevsim2: Direct firmware load for x failed with error -2
[  281.779310][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.833895][T21504] loop9: detected capacity change from 0 to 512
[  281.851431][T21504] EXT4-fs (loop9): revision level too high, forcing read-only mode
[  281.861351][T21504] EXT4-fs (loop9): orphan cleanup on readonly fs
[  281.873372][T21504] EXT4-fs error (device loop9): ext4_acquire_dquot:6937: comm syz.9.3457: Failed to acquire dquot type 1
[  281.887687][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3458'.
[  281.897625][T21504] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm syz.9.3457: bg 0: block 40: padding at end of block bitmap is not set
[  281.918725][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3458'.
[  281.948170][T21504] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  281.965896][T21504] EXT4-fs (loop9): 1 truncate cleaned up
[  281.975166][T21504] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  281.989289][T21519] SELinux: failed to load policy
[  282.030787][T21504] EXT4-fs error (device loop9): ext4_xattr_block_get:593: inode #16: comm syz.9.3457: corrupted xattr block 31: invalid header
[  282.044276][T21504] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=16
[  282.067024][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.565871][T21614] SELinux:  Context /usr/sbin/cups-browsed is not valid (left unmapped).
[  282.575060][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  282.575132][   T29] audit: type=1400 audit(1758609214.980:4493): avc:  denied  { relabelfrom } for  pid=21613 comm="syz.3.3463" name="NETLINK" dev="sockfs" ino=46230 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  282.605644][   T29] audit: type=1400 audit(1758609214.980:4494): avc:  denied  { mac_admin } for  pid=21613 comm="syz.3.3463" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  282.626892][   T29] audit: type=1400 audit(1758609214.990:4495): avc:  denied  { relabelto } for  pid=21613 comm="syz.3.3463" name="NETLINK" dev="sockfs" ino=46230 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_generic_socket permissive=1 trawcon="/usr/sbin/cups-browsed"
[  282.687342][   T29] audit: type=1400 audit(1758609215.100:4496): avc:  denied  { setopt } for  pid=21627 comm="syz.9.3464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  282.718736][   T29] audit: type=1326 audit(1758609215.120:4497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21626 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80124aeec9 code=0x7ffc0000
[  282.719002][T21625] loop3: detected capacity change from 0 to 512
[  282.742392][   T29] audit: type=1326 audit(1758609215.120:4498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21626 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80124aeec9 code=0x7ffc0000
[  282.772255][   T29] audit: type=1326 audit(1758609215.120:4499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21626 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f80124aeec9 code=0x7ffc0000
[  282.795880][   T29] audit: type=1326 audit(1758609215.130:4500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21626 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80124aeec9 code=0x7ffc0000
[  282.819418][   T29] audit: type=1326 audit(1758609215.130:4501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21626 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80124aeec9 code=0x7ffc0000
[  282.843026][   T29] audit: type=1326 audit(1758609215.130:4502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21626 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80124aeec9 code=0x7ffc0000
[  282.845051][T21633] loop1: detected capacity change from 0 to 512
[  282.883678][T21625] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  282.893661][T21625] System zones: 0-2, 18-18, 34-34
[  282.901537][T21633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  282.915686][T21625] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  282.916893][T21633] ext4 filesystem being mounted at /299/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  282.943917][T21625] EXT4-fs (loop3): Remounting filesystem read-only
[  282.951325][T21625] EXT4-fs (loop3): 1 truncate cleaned up
[  282.957557][T21625] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  282.970451][T10402] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  282.973171][T21625] ext4 filesystem being mounted at /339/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  282.981192][T10402] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  283.011842][T10402] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  283.022871][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.079188][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.099066][T21654] SELinux: failed to load policy
[  283.114067][T21660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3471'.
[  283.124792][T21660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3471'.
[  283.408877][T21669] 9pnet_fd: Insufficient options for proto=fd
[  283.766872][T21673] loop3: detected capacity change from 0 to 512
[  283.793267][T21675] netdevsim netdevsim0: Direct firmware load for ..€ failed with error -2
[  283.814998][T21671] loop2: detected capacity change from 0 to 8192
[  283.905358][T21673] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  283.916799][T21673] EXT4-fs (loop3): orphan cleanup on readonly fs
[  283.950130][T21673] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.3477: corrupted inode contents
[  283.991030][T21673] EXT4-fs (loop3): Remounting filesystem read-only
[  284.014916][T21673] EXT4-fs (loop3): 1 truncate cleaned up
[  284.034439][   T12] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  284.045067][   T12] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  284.098299][   T12] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  284.109296][T21673] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  284.160129][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.169934][T21694] SELinux: failed to load policy
[  284.265539][T21711] netdevsim netdevsim1: Direct firmware load for x failed with error -2
[  284.319048][T21709] loop9: detected capacity change from 0 to 512
[  284.326796][T21705] loop3: detected capacity change from 0 to 8192
[  284.348285][T21709] EXT4-fs (loop9): too many log groups per flexible block group
[  284.356131][T21709] EXT4-fs (loop9): failed to initialize mballoc (-12)
[  284.364814][T21709] EXT4-fs (loop9): mount failed
[  284.419239][T21728] tipc: Started in network mode
[  284.424170][T21728] tipc: Node identity 0e89dfde3dcf, cluster identity 4711
[  284.431488][T21728] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  284.439563][T21728] syzkaller0: entered promiscuous mode
[  284.445272][T21728] syzkaller0: entered allmulticast mode
[  284.468439][T21728] loop9: detected capacity change from 0 to 512
[  284.482315][T21728] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  284.493331][T21728] EXT4-fs error (device loop9): ext4_get_branch:178: inode #11: block 4294967295: comm syz.9.3492: invalid block
[  284.507885][T21743] random: crng reseeded on system resumption
[  284.521575][T21728] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.3492: invalid indirect mapped block 4294967295 (level 1)
[  284.537363][T21728] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.3492: invalid indirect mapped block 4294967295 (level 1)
[  284.552283][T21728] EXT4-fs (loop9): 2 truncates cleaned up
[  284.559977][T21728] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.583525][T21728] tipc: Resetting bearer <eth:syzkaller0>
[  284.621918][T21758] ip6gretap0: entered promiscuous mode
[  284.653936][T21727] tipc: Resetting bearer <eth:syzkaller0>
[  284.662777][T21727] tipc: Disabling bearer <eth:syzkaller0>
[  284.674149][T21763] loop3: detected capacity change from 0 to 164
[  284.690952][T21763] syz.3.3495: attempt to access beyond end of device
[  284.690952][T21763] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  284.705895][T21763] syz.3.3495: attempt to access beyond end of device
[  284.705895][T21763] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  284.745877][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.762002][T21775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3495'.
[  284.779896][T21773] netdevsim netdevsim0: Direct firmware load for x failed with error -2
[  284.817922][T21782] loop9: detected capacity change from 0 to 512
[  284.826028][T21782] ext3: Unknown parameter 'grpid.subj_type'
[  284.853979][T21785] loop3: detected capacity change from 0 to 512
[  284.868481][T21785] EXT4-fs: Ignoring removed mblk_io_submit option
[  284.900434][T21785] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  284.924095][T21785] EXT4-fs (loop3): 1 truncate cleaned up
[  284.930370][T21785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.143237][T21821] FAULT_INJECTION: forcing a failure.
[  285.143237][T21821] name failslab, interval 1, probability 0, space 0, times 0
[  285.156051][T21821] CPU: 1 UID: 0 PID: 21821 Comm: syz.2.3503 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  285.156082][T21821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  285.156095][T21821] Call Trace:
[  285.156101][T21821]  <TASK>
[  285.156108][T21821]  __dump_stack+0x1d/0x30
[  285.156130][T21821]  dump_stack_lvl+0xe8/0x140
[  285.156148][T21821]  dump_stack+0x15/0x1b
[  285.156172][T21821]  should_fail_ex+0x265/0x280
[  285.156198][T21821]  should_failslab+0x8c/0xb0
[  285.156222][T21821]  kmem_cache_alloc_noprof+0x50/0x310
[  285.156253][T21821]  ? security_inode_alloc+0x37/0x100
[  285.156357][T21821]  security_inode_alloc+0x37/0x100
[  285.156392][T21821]  inode_init_always_gfp+0x4b7/0x500
[  285.156484][T21821]  ? __pfx_sock_alloc_inode+0x10/0x10
[  285.156526][T21821]  alloc_inode+0x58/0x170
[  285.156553][T21821]  do_accept+0xa0/0x3a0
[  285.156572][T21821]  ? vfs_write+0x7e8/0x960
[  285.156676][T21821]  __sys_accept4+0xbf/0x140
[  285.156782][T21821]  __x64_sys_accept+0x42/0x50
[  285.156811][T21821]  x64_sys_call+0x212c/0x2ff0
[  285.156837][T21821]  do_syscall_64+0xd2/0x200
[  285.156878][T21821]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  285.156907][T21821]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  285.157065][T21821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.157087][T21821] RIP: 0033:0x7fc0cf28eec9
[  285.157101][T21821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.157139][T21821] RSP: 002b:00007fc0cdcef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  285.157192][T21821] RAX: ffffffffffffffda RBX: 00007fc0cf4e5fa0 RCX: 00007fc0cf28eec9
[  285.157204][T21821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  285.157217][T21821] RBP: 00007fc0cdcef090 R08: 0000000000000000 R09: 0000000000000000
[  285.157231][T21821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.157245][T21821] R13: 00007fc0cf4e6038 R14: 00007fc0cf4e5fa0 R15: 00007ffcf6fb0bf8
[  285.157263][T21821]  </TASK>
[  285.748833][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.829471][T21870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3510'.
[  285.843896][T21861] SELinux: failed to load policy
[  285.854664][T21870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3510'.
[  285.873154][T21861] ALSA: seq fatal error: cannot create timer (-19)
[  285.890781][T21861] net_ratelimit: 10 callbacks suppressed
[  285.890800][T21861] netlink: zone id is out of range
[  285.901670][T21861] netlink: zone id is out of range
[  285.907860][T21861] netlink: zone id is out of range
[  285.913024][T21861] netlink: zone id is out of range
[  285.919564][T21861] netlink: zone id is out of range
[  285.924813][T21861] netlink: zone id is out of range
[  285.933202][T21861] netlink: zone id is out of range
[  285.938429][T21861] netlink: zone id is out of range
[  285.954966][T21861] netlink: zone id is out of range
[  285.960155][T21861] netlink: zone id is out of range
[  286.033490][T21890] SELinux: failed to load policy
[  286.095214][T21893] loop3: detected capacity change from 0 to 8192
[  286.173680][T21904] netdevsim netdevsim2: Direct firmware load for x failed with error -2
[  286.380858][T21928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3523'.
[  286.393190][T21928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3523'.
[  286.476816][T21934] SELinux: failed to load policy
[  286.661618][T21936] wg1 speed is unknown, defaulting to 1000
[  286.667998][T21936] lo speed is unknown, defaulting to 1000
[  286.761231][T21944] loop3: detected capacity change from 0 to 8192
[  286.768907][T21944] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  286.785410][T21950] loop9: detected capacity change from 0 to 512
[  286.793612][T21950] EXT4-fs: Ignoring removed mblk_io_submit option
[  286.803596][T21953] 9pnet_fd: Insufficient options for proto=fd
[  286.810232][T21950] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  286.823897][T21950] EXT4-fs (loop9): 1 truncate cleaned up
[  286.831013][T21950] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  286.862701][T21953] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3533'.
[  286.898300][T21953] 8021q: adding VLAN 0 to HW filter on device bond6
[  286.913498][T21953] vlan2: entered allmulticast mode
[  286.918874][T21953] bond6: entered allmulticast mode
[  286.943931][T21962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3535'.
[  286.960257][T21962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3535'.
[  287.089449][T21968] SELinux: failed to load policy
[  287.139627][T21978] ip6gretap0: entered promiscuous mode
[  287.284867][T21988] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3540'.
[  287.299303][T21996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3540'.
[  287.443046][T22011] netdevsim netdevsim2: Direct firmware load for x failed with error -2
[  287.756801][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.802971][   T29] kauditd_printk_skb: 256 callbacks suppressed
[  287.802988][   T29] audit: type=1400 audit(1758609476.216:4745): avc:  denied  { read } for  pid=22043 comm="syz.1.3545" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  287.819627][T22056] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3547'.
[  287.845071][T22056] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3547'.
[  287.905347][T22062] SELinux: failed to load policy
[  287.941083][T22071] loop9: detected capacity change from 0 to 512
[  287.950466][T22071] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  287.962358][T22071] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  287.977867][T22071] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  287.991188][T22071] EXT4-fs (loop9): 1 truncate cleaned up
[  287.998361][T22071] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.037554][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.078203][T22092] loop9: detected capacity change from 0 to 512
[  288.084982][T22092] EXT4-fs: Ignoring removed mblk_io_submit option
[  288.091725][T22092] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  288.103007][T22092] EXT4-fs (loop9): 1 truncate cleaned up
[  288.109509][T22092] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.480371][T22132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.489015][T22132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.546702][   T29] audit: type=1326 audit(1758609476.966:4746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.572229][   T29] audit: type=1326 audit(1758609476.966:4747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.596462][   T29] audit: type=1326 audit(1758609476.966:4748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.620051][   T29] audit: type=1326 audit(1758609476.966:4749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.643708][   T29] audit: type=1326 audit(1758609476.966:4750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.667313][   T29] audit: type=1326 audit(1758609476.966:4751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.690978][   T29] audit: type=1326 audit(1758609476.966:4752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.714506][   T29] audit: type=1326 audit(1758609476.966:4753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.738112][   T29] audit: type=1326 audit(1758609476.966:4754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22134 comm="syz.0.3553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  288.950315][T22150] SELinux: failed to load policy
[  288.967515][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.985005][T22153] batman_adv: batadv0: Adding interface: dummy0
[  288.991404][T22153] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.017320][T22153] batman_adv: batadv0: Interface activated: dummy0
[  289.261216][T22184] loop2: detected capacity change from 0 to 512
[  289.279213][T22184] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  289.302239][T22184] System zones: 0-2, 18-18, 34-34
[  289.320160][T22184] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  289.351187][T22184] EXT4-fs (loop2): Remounting filesystem read-only
[  289.366883][T22184] EXT4-fs (loop2): 1 truncate cleaned up
[  289.380686][T22184] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.393387][T10684] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  289.403980][T10684] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  289.465176][T22184] ext4 filesystem being mounted at /331/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  289.476486][T10684] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  289.530556][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.562637][T22217] SELinux: failed to load policy
[  289.712328][T22239] loop1: detected capacity change from 0 to 512
[  289.736963][T22239] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  289.757771][T22239] EXT4-fs (loop1): orphan cleanup on readonly fs
[  289.808903][T22239] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.3573: corrupted inode contents
[  289.828115][T22239] EXT4-fs (loop1): Remounting filesystem read-only
[  289.852566][T22239] EXT4-fs (loop1): 1 truncate cleaned up
[  289.859490][T10684] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  289.870078][T10684] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  289.905269][T10684] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  289.924616][T22239] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  290.023051][T22272] netlink: 'syz.3.3574': attribute type 4 has an invalid length.
[  290.130374][T22285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.144560][T22285] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.154873][T22287] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  290.434965][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.811128][T22383] netdevsim netdevsim9: Direct firmware load for x failed with error -2
[  291.162354][T22433] netlink: 'syz.9.3587': attribute type 4 has an invalid length.
[  291.208081][T22435] loop3: detected capacity change from 0 to 8192
[  291.313397][T22442] batman_adv: batadv0: Adding interface: dummy0
[  291.319824][T22442] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  291.347631][T22442] batman_adv: batadv0: Interface activated: dummy0
[  291.357372][T22442] net_ratelimit: 299 callbacks suppressed
[  291.357386][T22442] batadv0: mtu less than device minimum
[  291.358792][T22440] loop9: detected capacity change from 0 to 512
[  291.363543][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.385671][T22440] EXT4-fs (loop9): revision level too high, forcing read-only mode
[  291.385785][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.393795][T22440] EXT4-fs (loop9): orphan cleanup on readonly fs
[  291.404694][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.413493][T22440] EXT4-fs error (device loop9): ext4_do_update_inode:5653: inode #16: comm syz.9.3590: corrupted inode contents
[  291.421217][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.434575][T22440] EXT4-fs (loop9): Remounting filesystem read-only
[  291.443671][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.449695][T22440] EXT4-fs (loop9): 1 truncate cleaned up
[  291.460381][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.476347][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.487186][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.497991][T22442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.513418][T10676] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  291.524073][T10676] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  291.536437][T10676] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started
[  291.547516][T22440] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  291.583490][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.737630][T22453] SELinux: failed to load policy
[  291.746989][T22464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3598'.
[  291.787338][T22453] ALSA: seq fatal error: cannot create timer (-19)
[  291.794449][T22460] SELinux:  policydb magic number 0x18 does not match expected magic number 0xf97cff8c
[  291.804193][T22460] SELinux: failed to load policy
[  291.839670][T22475] loop2: detected capacity change from 0 to 1024
[  291.885551][T22475] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.933700][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.943863][T22491] netdevsim netdevsim9: Direct firmware load for x failed with error -2
[  292.481546][T22447] loop1: detected capacity change from 0 to 256
[  292.527555][T22566] loop1: detected capacity change from 0 to 1024
[  292.534276][T22566] EXT4-fs: Ignoring removed orlov option
[  292.542121][T22566] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  292.776797][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.938129][T22626] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  293.724489][T22750] SELinux: failed to load policy
[  293.746467][T22752] loop1: detected capacity change from 0 to 512
[  293.753199][T22752] EXT4-fs: Ignoring removed nomblk_io_submit option
[  293.761042][T22752] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  293.769091][T22752] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[  293.777289][T22752] EXT4-fs (loop1): orphan cleanup on readonly fs
[  293.783791][T22752] __quota_error: 241 callbacks suppressed
[  293.783808][T22752] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0
[  293.799054][T22752] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  293.813615][T22752] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  293.820644][T22752] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 40: padding at end of block bitmap is not set
[  293.834470][T22752] EXT4-fs (loop1): Remounting filesystem read-only
[  293.841002][T22752] EXT4-fs (loop1): 1 truncate cleaned up
[  293.847122][T22752] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  293.862756][   T29] audit: type=1400 audit(1758609482.276:4976): avc:  denied  { read } for  pid=22751 comm="+}[@" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  293.888034][   T29] audit: type=1400 audit(1758609482.306:4977): avc:  denied  { prog_load } for  pid=22751 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  293.908739][   T29] audit: type=1400 audit(1758609482.306:4978): avc:  denied  { bpf } for  pid=22751 comm="+}[@" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  293.928929][   T29] audit: type=1400 audit(1758609482.306:4979): avc:  denied  { perfmon } for  pid=22751 comm="+}[@" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  293.931365][T22752] infiniband syz!: set down
[  293.949507][   T29] audit: type=1400 audit(1758609482.306:4980): avc:  denied  { create } for  pid=22751 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  293.949541][   T29] audit: type=1400 audit(1758609482.306:4981): avc:  denied  { write } for  pid=22751 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  293.954054][T22752] infiniband syz!: added team_slave_0
[  294.006369][T22752] RDS/IB: syz!: added
[  294.010539][T22752] smc: adding ib device syz! with port count 1
[  294.018224][T22752] smc:    ib device syz! port 1 has pnetid 
[  294.024336][   T29] audit: type=1400 audit(1758609482.436:4982): avc:  denied  { create } for  pid=22756 comm="syz.0.3613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  294.208573][   T29] audit: type=1400 audit(1758609482.626:4983): avc:  denied  { read write } for  pid=11970 comm="syz-executor" name="loop9" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  294.232967][   T29] audit: type=1400 audit(1758609482.626:4984): avc:  denied  { open } for  pid=11970 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  294.272175][T22761] loop9: detected capacity change from 0 to 512
[  294.281058][T22761] EXT4-fs: Ignoring removed mblk_io_submit option
[  294.287854][T22761] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  294.308819][T22761] EXT4-fs (loop9): 1 truncate cleaned up
[  294.316384][T22761] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.333169][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.458582][T22767] syzkaller1: entered promiscuous mode
[  294.464144][T22767] syzkaller1: entered allmulticast mode
[  294.903291][T22777] SELinux: failed to load policy
[  294.968336][T22777] ALSA: seq fatal error: cannot create timer (-19)
[  295.078643][T22785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3624'.
[  295.265393][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.303924][T22801] loop1: detected capacity change from 0 to 8192
[  295.353099][T22811] loop2: detected capacity change from 0 to 512
[  295.366977][T22811] EXT4-fs: Ignoring removed mblk_io_submit option
[  295.378577][T22811] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  295.391255][T22811] EXT4-fs (loop2): 1 truncate cleaned up
[  295.408257][T22811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.452152][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.658452][T22850] FAULT_INJECTION: forcing a failure.
[  295.658452][T22850] name failslab, interval 1, probability 0, space 0, times 0
[  295.671275][T22850] CPU: 1 UID: 0 PID: 22850 Comm: syz.9.3632 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  295.671336][T22850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  295.671348][T22850] Call Trace:
[  295.671354][T22850]  <TASK>
[  295.671398][T22850]  __dump_stack+0x1d/0x30
[  295.671425][T22850]  dump_stack_lvl+0xe8/0x140
[  295.671451][T22850]  dump_stack+0x15/0x1b
[  295.671551][T22850]  should_fail_ex+0x265/0x280
[  295.671585][T22850]  should_failslab+0x8c/0xb0
[  295.671619][T22850]  __kmalloc_noprof+0xa5/0x3e0
[  295.671692][T22850]  ? security_sb_alloc+0x48/0x110
[  295.671721][T22850]  security_sb_alloc+0x48/0x110
[  295.671748][T22850]  alloc_super+0x105/0x570
[  295.671768][T22850]  sget_fc+0x24e/0x6e0
[  295.671825][T22850]  ? __pfx_set_anon_super_fc+0x10/0x10
[  295.671855][T22850]  ? __pfx_devpts_fill_super+0x10/0x10
[  295.671990][T22850]  get_tree_nodev+0x2a/0x100
[  295.672020][T22850]  devpts_get_tree+0x1c/0x30
[  295.672045][T22850]  vfs_get_tree+0x57/0x1d0
[  295.672076][T22850]  do_new_mount+0x207/0x5e0
[  295.672233][T22850]  ? security_capable+0x83/0x90
[  295.672268][T22850]  path_mount+0x4a4/0xb20
[  295.672297][T22850]  ? user_path_at+0x109/0x130
[  295.672370][T22850]  __se_sys_mount+0x28f/0x2e0
[  295.672476][T22850]  ? fput+0x8f/0xc0
[  295.672571][T22850]  __x64_sys_mount+0x67/0x80
[  295.672602][T22850]  x64_sys_call+0x2b4d/0x2ff0
[  295.672631][T22850]  do_syscall_64+0xd2/0x200
[  295.672672][T22850]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  295.672704][T22850]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  295.672766][T22850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.672810][T22850] RIP: 0033:0x7f915c77eec9
[  295.672830][T22850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.672853][T22850] RSP: 002b:00007f915b1e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  295.672878][T22850] RAX: ffffffffffffffda RBX: 00007f915c9d5fa0 RCX: 00007f915c77eec9
[  295.672894][T22850] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[  295.672911][T22850] RBP: 00007f915b1e7090 R08: 0000000000000000 R09: 0000000000000000
[  295.672926][T22850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.672992][T22850] R13: 00007f915c9d6038 R14: 00007f915c9d5fa0 R15: 00007ffda9cd3868
[  295.673019][T22850]  </TASK>
[  295.979604][T22888] loop1: detected capacity change from 0 to 1024
[  296.011493][T22894] netlink: 388 bytes leftover after parsing attributes in process `syz.2.3636'.
[  296.031306][T22888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  296.064728][T22899] netlink: 388 bytes leftover after parsing attributes in process `syz.2.3636'.
[  296.103143][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.160958][T22920] SELinux: failed to load policy
[  296.181497][T22920] ALSA: seq fatal error: cannot create timer (-19)
[  296.234536][T22933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.247637][T22933] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.891515][T22977] loop2: detected capacity change from 0 to 8192
[  297.023289][T22988] loop3: detected capacity change from 0 to 1024
[  297.036391][T22988] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.085851][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.151692][T22993] SELinux: failed to load policy
[  297.180932][T22993] ALSA: seq fatal error: cannot create timer (-19)
[  297.188257][T22993] net_ratelimit: 875 callbacks suppressed
[  297.188277][T22993] netlink: zone id is out of range
[  297.197804][T23001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3655'.
[  297.199201][T22993] netlink: zone id is out of range
[  297.213220][T22993] netlink: zone id is out of range
[  297.218381][T22993] netlink: zone id is out of range
[  297.223516][T22993] netlink: zone id is out of range
[  297.228748][T22993] netlink: zone id is out of range
[  297.234086][T22993] netlink: zone id is out of range
[  297.239321][T22993] netlink: zone id is out of range
[  297.244503][T22993] netlink: zone id is out of range
[  297.249632][T22993] netlink: zone id is out of range
[  297.285448][T23009] netlink: 'syz.3.3657': attribute type 4 has an invalid length.
[  297.293513][T23009] netlink: 'syz.3.3657': attribute type 4 has an invalid length.
[  297.304635][    T9] lo speed is unknown, defaulting to 1000
[  297.310413][    T9] syz2: Port: 1 Link ACTIVE
[  297.368196][T23011] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3657'.
[  297.377298][T23011] netem: change failed
[  297.755376][T23027] netdevsim netdevsim9: Direct firmware load for x failed with error -2
[  297.886005][T23048] loop1: detected capacity change from 0 to 1024
[  297.897051][T23048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.928594][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.081367][T23072] loop1: detected capacity change from 0 to 8192
[  298.140141][T23089] loop3: detected capacity change from 0 to 512
[  298.156762][T23089] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  298.169091][T23089] System zones: 0-2, 18-18, 34-34
[  298.178317][T23089] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  298.192920][T23089] EXT4-fs (loop3): Remounting filesystem read-only
[  298.209349][T23089] EXT4-fs (loop3): 1 truncate cleaned up
[  298.215545][T23089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.228210][T10676] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  298.228428][T23089] ext4 filesystem being mounted at /369/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  298.238929][T10676] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  298.263589][T10676] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  298.285364][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.338724][T23111] SELinux: failed to load policy
[  298.354190][T23111] ALSA: seq fatal error: cannot create timer (-19)
[  298.431971][T23131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3670'.
[  298.449925][T23131] 8021q: adding VLAN 0 to HW filter on device bond7
[  298.483711][T23131] vlan2: entered allmulticast mode
[  298.488947][T23131] bond7: entered allmulticast mode
[  298.517792][T23141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.527821][T23141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.981571][   T29] kauditd_printk_skb: 309 callbacks suppressed
[  298.981589][   T29] audit: type=1400 audit(1758609487.396:5286): avc:  denied  { bind } for  pid=23188 comm="syz.0.3676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  299.007562][   T29] audit: type=1400 audit(1758609487.396:5287): avc:  denied  { name_bind } for  pid=23188 comm="syz.0.3676" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  299.028667][   T29] audit: type=1400 audit(1758609487.396:5288): avc:  denied  { node_bind } for  pid=23188 comm="syz.0.3676" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  299.050952][   T29] audit: type=1326 audit(1758609487.446:5289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.074816][   T29] audit: type=1326 audit(1758609487.446:5290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.098461][   T29] audit: type=1326 audit(1758609487.446:5291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.122114][   T29] audit: type=1326 audit(1758609487.446:5292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.145692][   T29] audit: type=1326 audit(1758609487.446:5293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.169287][   T29] audit: type=1326 audit(1758609487.446:5294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.192765][   T29] audit: type=1326 audit(1758609487.446:5295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23188 comm="syz.0.3676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  299.253190][T23192] loop2: detected capacity change from 0 to 512
[  299.265492][T23192] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  299.273679][T23192] System zones: 0-2, 18-18, 34-34
[  299.280489][T23192] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  299.295674][T23192] EXT4-fs (loop2): Remounting filesystem read-only
[  299.302514][T23192] EXT4-fs (loop2): 1 truncate cleaned up
[  299.308733][T23192] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.321364][T10719] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  299.321368][T23192] ext4 filesystem being mounted at /355/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.332051][T10719] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  299.363437][T10719] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  299.376724][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.396291][T23197] loop3: detected capacity change from 0 to 512
[  299.411306][T23197] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  299.420381][T23197] System zones: 0-2, 18-18, 34-34
[  299.423906][T23189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.436099][T23189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.445399][T23197] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  299.459762][T23199] loop9: detected capacity change from 0 to 8192
[  299.467218][T23197] EXT4-fs (loop3): Remounting filesystem read-only
[  299.474207][T23197] EXT4-fs (loop3): 1 truncate cleaned up
[  299.480512][T23197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.493117][T10676] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  299.493135][T23197] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.503752][T10676] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  299.505541][T10676] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  299.545540][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.584035][T23210] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3682'.
[  299.601960][T23210] 8021q: adding VLAN 0 to HW filter on device bond8
[  299.616665][T23210] vlan2: entered allmulticast mode
[  299.618606][T23213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.621845][T23210] bond8: entered allmulticast mode
[  299.630526][T23213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.712018][T23215] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3683'.
[  299.737516][T23215] 8021q: adding VLAN 0 to HW filter on device bond9
[  299.755650][T23215] vlan2: entered allmulticast mode
[  299.760828][T23215] bond9: entered allmulticast mode
[  300.120506][T23241] netdevsim netdevsim0: Direct firmware load for x failed with error -2
[  300.219099][T23228] netlink: 'syz.1.3689': attribute type 1 has an invalid length.
[  300.226944][T23228] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3689'.
[  300.292375][T23269] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3693'.
[  300.313274][T23269] 8021q: adding VLAN 0 to HW filter on device bond12
[  300.326763][T23269] vlan2: entered allmulticast mode
[  300.331931][T23269] bond12: entered allmulticast mode
[  300.399293][T23284] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3694'.
[  300.420436][T23284] bridge0: entered allmulticast mode
[  300.993110][T23356] loop9: detected capacity change from 0 to 512
[  301.094616][T23344] FAULT_INJECTION: forcing a failure.
[  301.094616][T23344] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  301.107728][T23344] CPU: 1 UID: 0 PID: 23344 Comm: syz.1.3698 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  301.107805][T23344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  301.107819][T23344] Call Trace:
[  301.107828][T23344]  <TASK>
[  301.107837][T23344]  __dump_stack+0x1d/0x30
[  301.107879][T23344]  dump_stack_lvl+0xe8/0x140
[  301.107983][T23344]  dump_stack+0x15/0x1b
[  301.108002][T23344]  should_fail_ex+0x265/0x280
[  301.108056][T23344]  should_fail+0xb/0x20
[  301.108077][T23344]  should_fail_usercopy+0x1a/0x20
[  301.108108][T23344]  _copy_to_user+0x20/0xa0
[  301.108287][T23344]  simple_read_from_buffer+0xb5/0x130
[  301.108324][T23344]  proc_fail_nth_read+0x10e/0x150
[  301.108379][T23344]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  301.108415][T23344]  vfs_read+0x1a5/0x770
[  301.108442][T23344]  ? __rcu_read_unlock+0x4f/0x70
[  301.108501][T23344]  ? __fget_files+0x184/0x1c0
[  301.108531][T23344]  ksys_read+0xda/0x1a0
[  301.108626][T23344]  __x64_sys_read+0x40/0x50
[  301.108657][T23344]  x64_sys_call+0x27bc/0x2ff0
[  301.108686][T23344]  do_syscall_64+0xd2/0x200
[  301.108728][T23344]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  301.108790][T23344]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  301.108831][T23344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.108903][T23344] RIP: 0033:0x7f80124ad8dc
[  301.108996][T23344] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  301.109015][T23344] RSP: 002b:00007f8010eee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  301.109064][T23344] RAX: ffffffffffffffda RBX: 00007f8012706090 RCX: 00007f80124ad8dc
[  301.109079][T23344] RDX: 000000000000000f RSI: 00007f8010eee0a0 RDI: 0000000000000006
[  301.109095][T23344] RBP: 00007f8010eee090 R08: 0000000000000000 R09: 0000000000000000
[  301.109111][T23344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.109126][T23344] R13: 00007f8012706128 R14: 00007f8012706090 R15: 00007ffe3aae9e88
[  301.109150][T23344]  </TASK>
[  301.340780][T23356] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  301.354380][T23356] System zones: 0-2, 18-18, 34-34
[  301.361104][T23356] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  301.406402][T23356] EXT4-fs (loop9): Remounting filesystem read-only
[  301.413763][T23356] EXT4-fs (loop9): 1 truncate cleaned up
[  301.417870][T23382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.419996][T23356] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.428667][T23382] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.441898][T23356] ext4 filesystem being mounted at /412/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.448106][T10676] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  301.469073][T10676] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  301.484866][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.497915][T10676] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started
[  301.576368][T23397] netdevsim netdevsim1: Direct firmware load for @ failed with error -2
[  301.597283][T23398] netdevsim netdevsim9: Direct firmware load for @ failed with error -2
[  301.821728][T23293] loop3: detected capacity change from 0 to 256
[  301.863570][T23437] 9pnet: Could not find request transport: fd0x0000000000000004
[  301.876944][T23437] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3704'.
[  301.894006][T23437] 8021q: adding VLAN 0 to HW filter on device bond13
[  301.908027][T23437] vlan2: entered allmulticast mode
[  301.913206][T23437] bond13: entered allmulticast mode
[  302.044571][T23457] SELinux:  policydb magic number 0x18 does not match expected magic number 0xf97cff8c
[  302.058991][T23457] SELinux: failed to load policy
[  302.212384][T23480] netlink: 'syz.2.3708': attribute type 4 has an invalid length.
[  302.292067][T23488] loop2: detected capacity change from 0 to 1024
[  302.316003][T23488] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.359641][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.812965][T23537] netlink: 'syz.0.3712': attribute type 4 has an invalid length.
[  302.879083][T23542] SELinux: failed to load policy
[  302.893579][T23542] ALSA: seq fatal error: cannot create timer (-19)
[  302.900818][T23542] net_ratelimit: 566 callbacks suppressed
[  302.900830][T23542] netlink: zone id is out of range
[  302.911966][T23542] netlink: zone id is out of range
[  302.917231][T23542] netlink: zone id is out of range
[  302.922366][T23542] netlink: zone id is out of range
[  302.927583][T23542] netlink: zone id is out of range
[  302.932705][T23542] netlink: zone id is out of range
[  302.937874][T23542] netlink: zone id is out of range
[  302.943011][T23542] netlink: zone id is out of range
[  302.948200][T23542] netlink: zone id is out of range
[  302.953325][T23542] netlink: zone id is out of range
[  302.968193][T23545] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3715'.
[  302.980750][T23545] loop3: detected capacity change from 0 to 512
[  302.989478][T23545] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  302.998939][T23545] EXT4-fs (loop3): invalid journal inode
[  303.004841][T23545] EXT4-fs (loop3): can't get journal size
[  303.011377][T23545] EXT4-fs (loop3): 1 truncate cleaned up
[  303.017442][T23545] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  303.046420][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.061113][T23552] 9pnet_virtio: no channels available for device 127.0.0.1
[  303.102444][T23554] SELinux: failed to load policy
[  303.118904][T23554] ALSA: seq fatal error: cannot create timer (-19)
[  303.177652][T23560] netlink: 'syz.0.3719': attribute type 4 has an invalid length.
[  303.221974][T23557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.230568][T23557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.303813][T23569] loop9: detected capacity change from 0 to 512
[  303.310767][T23569] EXT4-fs: Ignoring removed mblk_io_submit option
[  303.317533][T23569] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  303.328487][T23569] EXT4-fs (loop9): 1 truncate cleaned up
[  303.334603][T23569] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  303.677556][T23574] loop2: detected capacity change from 0 to 8192
[  303.890960][T23578] loop3: detected capacity change from 0 to 1024
[  303.902110][T23578] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.965148][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.986767][T23581] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3726'.
[  304.038410][T23581] cgroup: none used incorrectly
[  304.142586][T23589] SELinux: failed to load policy
[  304.163911][T23589] ALSA: seq fatal error: cannot create timer (-19)
[  304.174062][   T29] kauditd_printk_skb: 223 callbacks suppressed
[  304.174080][   T29] audit: type=1326 audit(1758609492.576:5495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.204104][   T29] audit: type=1326 audit(1758609492.576:5496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.227758][   T29] audit: type=1326 audit(1758609492.576:5497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.251297][   T29] audit: type=1326 audit(1758609492.576:5498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.274837][   T29] audit: type=1326 audit(1758609492.576:5499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.298569][   T29] audit: type=1326 audit(1758609492.576:5500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.322159][   T29] audit: type=1326 audit(1758609492.576:5501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.345816][   T29] audit: type=1326 audit(1758609492.576:5502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.369332][   T29] audit: type=1326 audit(1758609492.576:5503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.393203][   T29] audit: type=1326 audit(1758609492.576:5504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23590 comm="syz.3.3730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7fc881eec9 code=0x7ffc0000
[  304.425746][T23594] netlink: 'syz.0.3731': attribute type 4 has an invalid length.
[  304.449301][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.460822][T23596] loop1: detected capacity change from 0 to 1024
[  304.529105][T23596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.544902][T23614] netdevsim netdevsim9: Direct firmware load for @ failed with error -2
[  304.572576][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.578304][T23616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.599284][T23616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.656797][T23628] FAULT_INJECTION: forcing a failure.
[  304.656797][T23628] name failslab, interval 1, probability 0, space 0, times 0
[  304.669538][T23628] CPU: 0 UID: 0 PID: 23628 Comm: syz.1.3737 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  304.669575][T23628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  304.669648][T23628] Call Trace:
[  304.669658][T23628]  <TASK>
[  304.669668][T23628]  __dump_stack+0x1d/0x30
[  304.669690][T23628]  dump_stack_lvl+0xe8/0x140
[  304.669710][T23628]  dump_stack+0x15/0x1b
[  304.669726][T23628]  should_fail_ex+0x265/0x280
[  304.669802][T23628]  should_failslab+0x8c/0xb0
[  304.669849][T23628]  kmem_cache_alloc_noprof+0x50/0x310
[  304.669884][T23628]  ? getname_flags+0x80/0x3b0
[  304.669992][T23628]  getname_flags+0x80/0x3b0
[  304.670077][T23628]  user_path_at+0x28/0x130
[  304.670119][T23628]  __se_sys_mount+0x25b/0x2e0
[  304.670150][T23628]  ? fput+0x8f/0xc0
[  304.670227][T23628]  __x64_sys_mount+0x67/0x80
[  304.670258][T23628]  x64_sys_call+0x2b4d/0x2ff0
[  304.670287][T23628]  do_syscall_64+0xd2/0x200
[  304.670329][T23628]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  304.670385][T23628]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  304.670419][T23628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.670517][T23628] RIP: 0033:0x7f80124aeec9
[  304.670534][T23628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.670555][T23628] RSP: 002b:00007f8010f0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  304.670577][T23628] RAX: ffffffffffffffda RBX: 00007f8012705fa0 RCX: 00007f80124aeec9
[  304.670614][T23628] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[  304.670630][T23628] RBP: 00007f8010f0f090 R08: 0000200000000140 R09: 0000000000000000
[  304.670691][T23628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.670703][T23628] R13: 00007f8012706038 R14: 00007f8012705fa0 R15: 00007ffe3aae9e88
[  304.670727][T23628]  </TASK>
[  304.889259][T23654] loop2: detected capacity change from 0 to 512
[  304.909629][T23654] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.3738: iget: bad i_size value: 38620345925642
[  304.923607][T23654] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3738: couldn't read orphan inode 15 (err -117)
[  304.996093][T23654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  305.099536][T23680] loop1: detected capacity change from 0 to 1764
[  305.351816][T23709] SELinux: failed to load policy
[  305.368718][T23709] ALSA: seq fatal error: cannot create timer (-19)
[  305.413378][T23723] SELinux:  policydb magic number 0x18 does not match expected magic number 0xf97cff8c
[  305.428489][T23723] SELinux: failed to load policy
[  305.810560][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.023110][T23762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3746'.
[  306.035778][T23762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3746'.
[  306.362747][T23779] loop9: detected capacity change from 0 to 512
[  306.366984][T23780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  306.379515][T23779] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended
[  306.379538][T23779] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem
[  306.390558][T23779] EXT4-fs (loop9): warning: checktime reached, running e2fsck is recommended
[  306.391338][T23779] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  306.391368][T23779] System zones: 0-2, 18-18, 34-34
[  306.392063][T23779] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.3753: iget: bad i_size value: 360287970189639680
[  306.392990][T23779] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.3753: couldn't read orphan inode 15 (err -117)
[  306.394026][T23779] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  306.397550][T23780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  306.437394][T23783] loop3: detected capacity change from 0 to 512
[  306.473942][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.526829][T23783] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  306.541235][T23783] System zones: 0-2, 18-18, 34-34
[  306.547847][T23783] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  306.563607][T23783] EXT4-fs (loop3): Remounting filesystem read-only
[  306.570703][T23783] EXT4-fs (loop3): 1 truncate cleaned up
[  306.578142][T23783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  306.591023][   T12] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  306.601606][   T12] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  306.616533][T23783] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  306.630580][   T12] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  306.663326][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.717434][T23798] 
@0Ù: renamed from bond_slave_1
[  306.722843][T23800] loop3: detected capacity change from 0 to 512
[  306.730757][T23800] EXT4-fs: Ignoring removed mblk_io_submit option
[  306.737594][T23800] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  306.748882][T23800] EXT4-fs (loop3): 1 truncate cleaned up
[  306.755071][T23800] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  306.829148][T23807] SELinux:  policydb magic number 0x18 does not match expected magic number 0xf97cff8c
[  306.839035][T23807] SELinux: failed to load policy
[  306.853037][T23805] SELinux: failed to load policy
[  306.869996][T23805] ALSA: seq fatal error: cannot create timer (-19)
[  306.940114][T23818] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  307.203282][T23825] ªªªªªª: renamed from wg2
[  307.594903][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.993105][T23910] loop9: detected capacity change from 0 to 512
[  307.999965][T23910] EXT4-fs: Ignoring removed bh option
[  308.009045][T23910] EXT4-fs: Ignoring removed mblk_io_submit option
[  308.017519][T23910] EXT4-fs (loop9): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  308.039050][T23910] EXT4-fs (loop9): revision level too high, forcing read-only mode
[  308.047492][T23910] EXT4-fs (loop9): orphan cleanup on readonly fs
[  308.049573][T23904] loop3: detected capacity change from 0 to 8192
[  308.061028][T23910] EXT4-fs error (device loop9): ext4_acquire_dquot:6937: comm syz.9.3773: Failed to acquire dquot type 1
[  308.075942][T23910] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm syz.9.3773: Invalid block bitmap block 0 in block_group 0
[  308.091315][T23913] SELinux: failed to load policy
[  308.095258][T23910] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm syz.9.3773: Invalid block bitmap block 0 in block_group 0
[  308.112138][T23910] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm syz.9.3773: Invalid block bitmap block 0 in block_group 0
[  308.128823][T23910] EXT4-fs error (device loop9): ext4_acquire_dquot:6937: comm syz.9.3773: Failed to acquire dquot type 1
[  308.140336][T23913] ALSA: seq fatal error: cannot create timer (-19)
[  308.142285][T23910] EXT4-fs error (device loop9): ext4_acquire_dquot:6937: comm syz.9.3773: Failed to acquire dquot type 1
[  308.147372][T23913] net_ratelimit: 1430 callbacks suppressed
[  308.147433][T23913] netlink: zone id is out of range
[  308.169215][T23913] netlink: zone id is out of range
[  308.174449][T23913] netlink: zone id is out of range
[  308.176896][T23910] EXT4-fs (loop9): 1 orphan inode deleted
[  308.179650][T23913] netlink: zone id is out of range
[  308.179728][T23913] netlink: zone id is out of range
[  308.195769][T23913] netlink: zone id is out of range
[  308.201244][T23913] netlink: zone id is out of range
[  308.201570][T23910] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  308.206410][T23913] netlink: zone id is out of range
[  308.206435][T23913] netlink: zone id is out of range
[  308.206443][T23913] netlink: zone id is out of range
[  308.278090][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.353042][T23949] loop9: detected capacity change from 0 to 512
[  308.361966][T23953] netdevsim netdevsim1: Direct firmware load for x failed with error -2
[  308.373954][T23949] EXT4-fs: Ignoring removed mblk_io_submit option
[  308.381000][T23949] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  308.400927][T23949] EXT4-fs (loop9): 1 truncate cleaned up
[  308.407175][T23949] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  308.526140][T23962] FAULT_INJECTION: forcing a failure.
[  308.526140][T23962] name failslab, interval 1, probability 0, space 0, times 0
[  308.538932][T23962] CPU: 1 UID: 0 PID: 23962 Comm: syz.3.3781 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  308.538968][T23962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  308.538981][T23962] Call Trace:
[  308.538988][T23962]  <TASK>
[  308.539008][T23962]  __dump_stack+0x1d/0x30
[  308.539028][T23962]  dump_stack_lvl+0xe8/0x140
[  308.539095][T23962]  dump_stack+0x15/0x1b
[  308.539116][T23962]  should_fail_ex+0x265/0x280
[  308.539147][T23962]  ? pfifo_fast_change_tx_queue_len+0x86/0x5d0
[  308.539179][T23962]  should_failslab+0x8c/0xb0
[  308.539204][T23962]  __kmalloc_cache_noprof+0x4c/0x320
[  308.539335][T23962]  pfifo_fast_change_tx_queue_len+0x86/0x5d0
[  308.539394][T23962]  ? qdisc_reset+0x214/0x2f0
[  308.539491][T23962]  ? _raw_spin_unlock_bh+0x36/0x40
[  308.539521][T23962]  ? dev_reset_queue+0xb3/0xc0
[  308.539551][T23962]  ? _raw_spin_unlock_bh+0x36/0x40
[  308.539580][T23962]  ? dev_deactivate_many+0x701/0x730
[  308.539646][T23962]  ? __pfx_pfifo_fast_change_tx_queue_len+0x10/0x10
[  308.539682][T23962]  dev_qdisc_change_tx_queue_len+0x1c8/0x280
[  308.539722][T23962]  netif_change_tx_queue_len+0xf9/0x170
[  308.539755][T23962]  dev_change_tx_queue_len+0xc0/0x170
[  308.539859][T23962]  dev_ifsioc+0x1a1/0xaa0
[  308.539888][T23962]  ? __rcu_read_unlock+0x4f/0x70
[  308.539973][T23962]  dev_ioctl+0x70a/0x960
[  308.540006][T23962]  sock_do_ioctl+0x197/0x220
[  308.540046][T23962]  sock_ioctl+0x41b/0x610
[  308.540160][T23962]  ? __pfx_sock_ioctl+0x10/0x10
[  308.540200][T23962]  __se_sys_ioctl+0xce/0x140
[  308.540226][T23962]  __x64_sys_ioctl+0x43/0x50
[  308.540250][T23962]  x64_sys_call+0x1816/0x2ff0
[  308.540315][T23962]  do_syscall_64+0xd2/0x200
[  308.540392][T23962]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  308.540417][T23962]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  308.540456][T23962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.540481][T23962] RIP: 0033:0x7f7fc881eec9
[  308.540497][T23962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.540539][T23962] RSP: 002b:00007f7fc7287038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  308.540565][T23962] RAX: ffffffffffffffda RBX: 00007f7fc8a75fa0 RCX: 00007f7fc881eec9
[  308.540580][T23962] RDX: 0000200000002280 RSI: 0000000000008943 RDI: 0000000000000008
[  308.540607][T23962] RBP: 00007f7fc7287090 R08: 0000000000000000 R09: 0000000000000000
[  308.540636][T23962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.540647][T23962] R13: 00007f7fc8a76038 R14: 00007f7fc8a75fa0 R15: 00007fffd1e292b8
[  308.540669][T23962]  </TASK>
[  308.540795][T23962] syzkaller0: refused to change device tx_queue_len
[  308.957782][T23983] FAULT_INJECTION: forcing a failure.
[  308.957782][T23983] name failslab, interval 1, probability 0, space 0, times 0
[  308.970476][T23983] CPU: 1 UID: 0 PID: 23983 Comm: syz.3.3783 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  308.970581][T23983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  308.970598][T23983] Call Trace:
[  308.970674][T23983]  <TASK>
[  308.970741][T23983]  __dump_stack+0x1d/0x30
[  308.970768][T23983]  dump_stack_lvl+0xe8/0x140
[  308.970794][T23983]  dump_stack+0x15/0x1b
[  308.970816][T23983]  should_fail_ex+0x265/0x280
[  308.970848][T23983]  should_failslab+0x8c/0xb0
[  308.970894][T23983]  __kvmalloc_node_noprof+0x123/0x4e0
[  308.971006][T23983]  ? alloc_netdev_mqs+0xa0/0xa30
[  308.971036][T23983]  ? vsnprintf+0x829/0x890
[  308.971135][T23983]  ? __pfx_vlan_setup+0x10/0x10
[  308.971158][T23983]  alloc_netdev_mqs+0xa0/0xa30
[  308.971247][T23983]  rtnl_create_link+0x239/0x710
[  308.971276][T23983]  rtnl_newlink_create+0x14c/0x620
[  308.971298][T23983]  ? security_capable+0x83/0x90
[  308.971326][T23983]  ? netlink_ns_capable+0x86/0xa0
[  308.971379][T23983]  rtnl_newlink+0xf29/0x12d0
[  308.971411][T23983]  ? qdisc_graft+0xc59/0xcc0
[  308.971500][T23983]  ? xas_load+0x413/0x430
[  308.971529][T23983]  ? __rcu_read_unlock+0x4f/0x70
[  308.971551][T23983]  ? xa_load+0xb1/0xe0
[  308.971567][T23983]  ? __rcu_read_unlock+0x4f/0x70
[  308.971587][T23983]  ? avc_has_perm_noaudit+0x1b1/0x200
[  308.971620][T23983]  ? cred_has_capability+0x210/0x280
[  308.971662][T23983]  ? selinux_capable+0x31/0x40
[  308.971723][T23983]  ? security_capable+0x83/0x90
[  308.971746][T23983]  ? ns_capable+0x7d/0xb0
[  308.971766][T23983]  ? __pfx_rtnl_newlink+0x10/0x10
[  308.971873][T23983]  rtnetlink_rcv_msg+0x5fb/0x6d0
[  308.971905][T23983]  ? avc_has_perm_noaudit+0x1b1/0x200
[  308.971933][T23983]  netlink_rcv_skb+0x120/0x220
[  308.971957][T23983]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  308.972037][T23983]  rtnetlink_rcv+0x1c/0x30
[  308.972066][T23983]  netlink_unicast+0x5c0/0x690
[  308.972090][T23983]  netlink_sendmsg+0x58b/0x6b0
[  308.972174][T23983]  ? __pfx_netlink_sendmsg+0x10/0x10
[  308.972201][T23983]  __sock_sendmsg+0x145/0x180
[  308.972234][T23983]  ____sys_sendmsg+0x31e/0x4e0
[  308.972264][T23983]  ___sys_sendmsg+0x17b/0x1d0
[  308.972383][T23983]  __x64_sys_sendmsg+0xd4/0x160
[  308.972464][T23983]  x64_sys_call+0x191e/0x2ff0
[  308.972486][T23983]  do_syscall_64+0xd2/0x200
[  308.972518][T23983]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  308.972542][T23983]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  308.972653][T23983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.972675][T23983] RIP: 0033:0x7f7fc881eec9
[  308.972690][T23983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.972708][T23983] RSP: 002b:00007f7fc7287038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  308.972726][T23983] RAX: ffffffffffffffda RBX: 00007f7fc8a75fa0 RCX: 00007f7fc881eec9
[  308.972753][T23983] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000009
[  308.972765][T23983] RBP: 00007f7fc7287090 R08: 0000000000000000 R09: 0000000000000000
[  308.972777][T23983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.972789][T23983] R13: 00007f7fc8a76038 R14: 00007f7fc8a75fa0 R15: 00007fffd1e292b8
[  308.972836][T23983]  </TASK>
[  309.357191][T23991] netlink: 'syz.3.3785': attribute type 4 has an invalid length.
[  309.432202][ T3412] lo speed is unknown, defaulting to 1000
[  309.438103][ T3412] syz2: Port: 1 Link DOWN
[  309.512251][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.590585][T24013] netdevsim netdevsim9: Direct firmware load for x failed with error -2
[  309.617243][T24008] loop3: detected capacity change from 0 to 8192
[  310.019786][   T29] kauditd_printk_skb: 159 callbacks suppressed
[  310.019804][   T29] audit: type=1326 audit(1758609498.436:5650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.035462][T24069] loop1: detected capacity change from 0 to 1024
[  310.070135][   T29] audit: type=1326 audit(1758609498.486:5651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.093777][   T29] audit: type=1326 audit(1758609498.486:5652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.117412][   T29] audit: type=1326 audit(1758609498.486:5653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.216811][T24069] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.241816][T24081] SELinux: failed to load policy
[  310.248557][   T29] audit: type=1326 audit(1758609498.486:5654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.272101][   T29] audit: type=1326 audit(1758609498.486:5655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.295636][   T29] audit: type=1326 audit(1758609498.486:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.319184][   T29] audit: type=1326 audit(1758609498.486:5657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.342761][   T29] audit: type=1326 audit(1758609498.486:5658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.366440][   T29] audit: type=1326 audit(1758609498.486:5659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24066 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  310.386678][T24081] ALSA: seq fatal error: cannot create timer (-19)
[  310.437836][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.521190][T24097] loop2: detected capacity change from 0 to 1764
[  310.544903][T24097] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  310.551470][T24097] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  310.559234][T24097] vhci_hcd vhci_hcd.0: Device attached
[  310.587721][T24101] loop3: detected capacity change from 0 to 512
[  310.596138][T24101] EXT4-fs: Ignoring removed mblk_io_submit option
[  310.603001][T24101] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  310.617250][T24101] EXT4-fs (loop3): 1 truncate cleaned up
[  310.624112][T24101] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.834449][T13139] usb 6-1: SetAddress Request (2) to port 0
[  310.848245][T13139] usb 6-1: new SuperSpeed USB device number 2 using vhci_hcd
[  310.879804][T24108] syzkaller1: entered promiscuous mode
[  310.885423][T24108] syzkaller1: entered allmulticast mode
[  311.052604][T24098] vhci_hcd: connection reset by peer
[  311.058950][T10402] vhci_hcd: stop threads
[  311.063249][T10402] vhci_hcd: release socket
[  311.067730][T10402] vhci_hcd: disconnect device
[  311.379414][T24165] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  311.444555][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.649140][T24182] SELinux:  Context Ü is not valid (left unmapped).
[  311.657359][T24182] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3807'.
[  311.692325][T24182] SELinux: ebitmap: truncated map
[  311.698456][T24182] SELinux: failed to load policy
[  311.730023][T24185] loop3: detected capacity change from 0 to 1024
[  311.747725][T24185] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.800329][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.829452][T24189] loop3: detected capacity change from 0 to 512
[  311.836561][T24189] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  311.848112][T24189] EXT4-fs (loop3): 1 truncate cleaned up
[  311.854493][T24189] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.958496][T24193] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3810'.
[  311.967902][T24193] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  311.997288][T24193] 0ªî{X¹¦: entered allmulticast mode
[  312.086240][T24200] loop1: detected capacity change from 0 to 8192
[  312.105069][T24202] loop9: detected capacity change from 0 to 512
[  312.111823][T24202] EXT4-fs: Ignoring removed mblk_io_submit option
[  312.118796][T24202] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  312.130003][T24202] EXT4-fs (loop9): 1 truncate cleaned up
[  312.498496][T24209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.519180][T24209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.597008][T24211] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3816'.
[  312.862980][T24215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3818'.
[  312.960609][T24219] SELinux:  policydb version 0 does not match my version range 15-35
[  312.973805][T24219] SELinux: failed to load policy
[  313.053448][T24227] loop9: detected capacity change from 0 to 512
[  313.093056][T24227] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  313.104697][T24227] System zones: 0-2, 18-18, 34-34
[  313.111292][T24227] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  313.134780][T24227] EXT4-fs (loop9): Remounting filesystem read-only
[  313.141729][T24227] EXT4-fs (loop9): 1 truncate cleaned up
[  313.148902][T24227] ext4 filesystem being mounted at /427/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  313.159707][T10676] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  313.170481][T10676] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  313.218798][T10676] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started
[  313.247118][T24252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  313.256366][T24252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  313.300029][T24260] netdevsim netdevsim0: Direct firmware load for x failed with error -2
[  313.989618][T24335] loop1: detected capacity change from 0 to 1024
[  314.205337][T24367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.215055][T24367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.430836][T24398] loop9: detected capacity change from 0 to 512
[  314.452780][T24398] EXT4-fs: Ignoring removed i_version option
[  314.458930][T24398] EXT4-fs: Ignoring removed bh option
[  314.482564][T24398] ext4 filesystem being mounted at /432/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  314.499761][T24398] FAULT_INJECTION: forcing a failure.
[  314.499761][T24398] name failslab, interval 1, probability 0, space 0, times 0
[  314.512581][T24398] CPU: 0 UID: 0 PID: 24398 Comm: syz.9.3839 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  314.512633][T24398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  314.512709][T24398] Call Trace:
[  314.512717][T24398]  <TASK>
[  314.512726][T24398]  __dump_stack+0x1d/0x30
[  314.512747][T24398]  dump_stack_lvl+0xe8/0x140
[  314.512765][T24398]  dump_stack+0x15/0x1b
[  314.512783][T24398]  should_fail_ex+0x265/0x280
[  314.512875][T24398]  should_failslab+0x8c/0xb0
[  314.512900][T24398]  kmem_cache_alloc_noprof+0x50/0x310
[  314.512953][T24398]  ? __es_insert_extent+0x508/0xee0
[  314.512992][T24398]  __es_insert_extent+0x508/0xee0
[  314.513070][T24398]  ? ext4_get_group_desc+0x16b/0x190
[  314.513153][T24398]  ? from_kprojid+0x159/0x380
[  314.513179][T24398]  ? ext4_fc_track_inode+0x9f/0x530
[  314.513224][T24398]  ext4_es_insert_extent+0x435/0x1c10
[  314.513252][T24398]  ? ext4_find_extent+0x16b/0x7a0
[  314.513339][T24398]  ext4_ext_map_blocks+0x172b/0x38a0
[  314.513367][T24398]  ? __account_obj_stock+0x211/0x350
[  314.513397][T24398]  ? obj_cgroup_charge_account+0x122/0x1a0
[  314.513453][T24398]  ? __rcu_read_unlock+0x4f/0x70
[  314.513489][T24398]  ext4_map_query_blocks+0xa8/0x480
[  314.513564][T24398]  ext4_map_blocks+0x330/0xd00
[  314.513599][T24398]  ? __pfx_workingset_update_node+0x10/0x10
[  314.513688][T24398]  ? obj_cgroup_charge_account+0x122/0x1a0
[  314.513795][T24398]  _ext4_get_block+0x10a/0x350
[  314.513833][T24398]  ext4_get_block_unwritten+0x2a/0xb0
[  314.513869][T24398]  ext4_block_write_begin+0x5e5/0xc00
[  314.513973][T24398]  ? __pfx_ext4_get_block_unwritten+0x10/0x10
[  314.514049][T24398]  ? folio_mapping+0xb9/0x120
[  314.514086][T24398]  ext4_write_begin+0x647/0xeb0
[  314.514126][T24398]  ext4_da_write_begin+0x1fb/0x6e0
[  314.514187][T24398]  ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0
[  314.514226][T24398]  generic_perform_write+0x184/0x490
[  314.514262][T24398]  ext4_buffered_write_iter+0x1ee/0x3c0
[  314.514313][T24398]  ? ext4_file_write_iter+0xfe/0xf00
[  314.514363][T24398]  ext4_file_write_iter+0x383/0xf00
[  314.514395][T24398]  ? 0xffffffff81000000
[  314.514407][T24398]  ? __rcu_read_unlock+0x4f/0x70
[  314.514459][T24398]  ? avc_policy_seqno+0x15/0x30
[  314.514487][T24398]  ? selinux_file_permission+0x1e4/0x320
[  314.514519][T24398]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  314.514560][T24398]  vfs_write+0x527/0x960
[  314.514592][T24398]  __x64_sys_pwrite64+0xfd/0x150
[  314.514684][T24398]  x64_sys_call+0xc4d/0x2ff0
[  314.514704][T24398]  do_syscall_64+0xd2/0x200
[  314.514739][T24398]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  314.514768][T24398]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  314.514803][T24398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.514872][T24398] RIP: 0033:0x7f915c77eec9
[  314.514886][T24398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.514903][T24398] RSP: 002b:00007f915b1e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  314.514919][T24398] RAX: ffffffffffffffda RBX: 00007f915c9d5fa0 RCX: 00007f915c77eec9
[  314.514937][T24398] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000006
[  314.514950][T24398] RBP: 00007f915b1e7090 R08: 0000000000000000 R09: 0000000000000000
[  314.514981][T24398] R10: 000000000000fecc R11: 0000000000000246 R12: 0000000000000001
[  314.514997][T24398] R13: 00007f915c9d6038 R14: 00007f915c9d5fa0 R15: 00007ffda9cd3868
[  314.515028][T24398]  </TASK>
[  314.841268][T24406] SELinux: failed to load policy
[  314.886229][T24409] loop9: detected capacity change from 0 to 1024
[  314.920493][T24406] ALSA: seq fatal error: cannot create timer (-19)
[  314.929270][T24406] net_ratelimit: 567 callbacks suppressed
[  314.929340][T24406] netlink: zone id is out of range
[  314.940286][T24406] netlink: zone id is out of range
[  314.961947][T24406] netlink: zone id is out of range
[  314.967196][T24406] netlink: zone id is out of range
[  315.013521][T24406] netlink: zone id is out of range
[  315.018735][T24406] netlink: zone id is out of range
[  315.024376][   T29] kauditd_printk_skb: 193 callbacks suppressed
[  315.024389][   T29] audit: type=1326 audit(1758609503.446:5845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.040387][T24406] netlink: zone id is out of range
[  315.059294][T24406] netlink: zone id is out of range
[  315.066412][T24420] loop9: detected capacity change from 0 to 1024
[  315.086609][   T29] audit: type=1326 audit(1758609503.476:5846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.094914][T24406] netlink: zone id is out of range
[  315.110269][   T29] audit: type=1326 audit(1758609503.486:5847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.115419][T24406] netlink: zone id is out of range
[  315.138822][   T29] audit: type=1326 audit(1758609503.486:5848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.167413][   T29] audit: type=1326 audit(1758609503.486:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.190929][   T29] audit: type=1326 audit(1758609503.486:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.214517][   T29] audit: type=1326 audit(1758609503.486:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.238088][   T29] audit: type=1326 audit(1758609503.486:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.261663][   T29] audit: type=1326 audit(1758609503.486:5853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.285125][   T29] audit: type=1326 audit(1758609503.486:5854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24417 comm="syz.0.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bdc1feec9 code=0x7ffc0000
[  315.369388][T24430] loop3: detected capacity change from 0 to 512
[  315.466155][T24433] netdevsim netdevsim1: Direct firmware load for x failed with error -2
[  315.500664][T24430] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  315.517155][T24430] System zones: 0-2, 18-18, 34-34
[  315.524027][T24430] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  315.542665][T24430] EXT4-fs (loop3): Remounting filesystem read-only
[  315.550347][T24430] EXT4-fs (loop3): 1 truncate cleaned up
[  315.566407][T10719] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  315.577060][T10719] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  315.603340][T24430] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.623582][T10719] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  315.921434][T24462] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3852'.
[  315.933024][T24465] netlink: 'syz.2.3853': attribute type 4 has an invalid length.
[  315.944891][T13139] usb 6-1: device descriptor read/8, error -110
[  316.055697][T13139] usb 6-1: new SuperSpeed USB device number 2 using vhci_hcd
[  316.085174][T13139] usb 6-1: enqueue for inactive port 0
[  316.092733][T24483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.103433][T13139] usb 6-1: enqueue for inactive port 0
[  316.103648][T24483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.111163][T13139] usb 6-1: enqueue for inactive port 0
[  316.125459][T24485] netdevsim netdevsim2: Direct firmware load for x failed with error -2
[  316.211109][T24490] SELinux: failed to load policy
[  316.230347][T24490] ALSA: seq fatal error: cannot create timer (-19)
[  316.413137][T24531] netdevsim netdevsim9: Direct firmware load for x failed with error -2
[  316.866595][T24598] netlink: 'syz.0.3865': attribute type 4 has an invalid length.
[  317.076911][T24609] ------------[ cut here ]------------
[  317.082431][T24609] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x0, 0x7800000000] s64=[0x0, 0xffffffffffffffff] u32=[0x80000000, 0x0] s32=[0x0, 0xffffffff] var_off=(0x0, 0x7800000000)(1)
[  317.102789][T24609] WARNING: CPU: 1 PID: 24609 at kernel/bpf/verifier.c:2728 reg_bounds_sanity_check+0x673/0x680
[  317.113434][T24609] Modules linked in:
[  317.117376][T24609] CPU: 1 UID: 0 PID: 24609 Comm: syz.0.3870 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  317.127233][T24609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  317.137421][T24609] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[  317.143724][T24609] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 c2 81 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[  317.163438][T24609] RSP: 0018:ffffc90009f97440 EFLAGS: 00010292
[  317.169584][T24609] RAX: 2191084baac5a400 RBX: ffff888119892840 RCX: 0000000000080000
[  317.171994][T13139] usb usb6-port1: attempt power cycle
[  317.177626][T24609] RDX: ffffc9000aafa000 RSI: 000000000001ad07 RDI: 000000000001ad08
[  317.191025][T24609] RBP: 0000000000000000 R08: 0001c90009f9727f R09: 0000000000000000
[  317.199117][T24609] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888119892800
[  317.207134][T24609] R13: ffff888116ba0000 R14: ffff888116ba0000 R15: ffff888119892838
[  317.215156][T24609] FS:  00007f5bdac5f6c0(0000) GS:ffff8882aef40000(0000) knlGS:0000000000000000
[  317.224110][T24609] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  317.230761][T24609] CR2: 00002000000054c0 CR3: 00000001395d4000 CR4: 00000000003506f0
[  317.238802][T24609] Call Trace:
[  317.239260][T24610] sctp: [Deprecated]: syz.0.3870 (pid 24610) Use of struct sctp_assoc_value in delayed_ack socket option.
[  317.239260][T24610] Use struct sctp_sack_info instead
[  317.242096][T24609]  <TASK>
[  317.242116][T24609]  reg_set_min_max+0x1eb/0x260
[  317.261347][T24610] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3870'.
[  317.261435][T24609]  check_cond_jmp_op+0x1080/0x16e0
[  317.266298][T24610] 0ªX¹¦D: renamed from gretap0 (while UP)
[  317.275136][T24609]  do_check+0x332a/0x7a10
[  317.290505][T24609]  do_check_common+0xc3a/0x12a0
[  317.295462][T24609]  bpf_check+0x942b/0xd9e0
[  317.299882][T24609]  ? __rcu_read_unlock+0x4f/0x70
[  317.304858][T24609]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  317.310988][T24609]  ? alloc_pages_bulk_noprof+0x4b8/0x540
[  317.312533][T24611] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24611 comm=syz.0.3870
[  317.316742][T24609]  ? __vmap_pages_range_noflush+0xbc4/0xcf0
[  317.335211][T24609]  ? try_charge_memcg+0x200/0x9e0
[  317.340262][T24609]  ? _find_next_zero_bit+0x64/0xa0
[  317.345432][T24609]  ? pcpu_block_update+0x377/0x3b0
[  317.350595][T24609]  ? pcpu_block_refresh_hint+0x10b/0x170
[  317.356302][T24609]  ? _find_next_zero_bit+0x64/0xa0
[  317.361437][T24609]  ? pcpu_block_refresh_hint+0x157/0x170
[  317.367133][T24609]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  317.373459][T24609]  ? css_rstat_updated+0xb7/0x240
[  317.378619][T24609]  ? __rcu_read_unlock+0x4f/0x70
[  317.383937][T24609]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[  317.389826][T24609]  ? should_fail_ex+0x30/0x280
[  317.394718][T24609]  ? selinux_bpf_prog_load+0x36/0xf0
[  317.400026][T24609]  ? should_failslab+0x8c/0xb0
[  317.404908][T24609]  ? __kmalloc_cache_noprof+0x189/0x320
[  317.410757][T24609]  ? selinux_bpf_prog_load+0xbf/0xf0
[  317.416124][T24609]  ? security_bpf_prog_load+0x2c/0xa0
[  317.421578][T24609]  bpf_prog_load+0xedd/0x1070
[  317.426331][T24609]  ? security_bpf+0x2b/0x90
[  317.430943][T24609]  __sys_bpf+0x462/0x7b0
[  317.432004][T24615] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3871'.
[  317.435307][T24609]  __x64_sys_bpf+0x41/0x50
[  317.448745][T24609]  x64_sys_call+0x2aea/0x2ff0
[  317.453498][T24609]  do_syscall_64+0xd2/0x200
[  317.456579][T24617] loop1: detected capacity change from 0 to 512
[  317.458114][T24609]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  317.470457][T24609]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  317.476311][T24609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.482223][T24609] RIP: 0033:0x7f5bdc1feec9
[  317.486740][T24617] EXT4-fs: Ignoring removed mblk_io_submit option
[  317.487053][T24617] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  317.493212][T24609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.522744][T24609] RSP: 002b:00007f5bdac5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  317.531267][T24609] RAX: ffffffffffffffda RBX: 00007f5bdc455fa0 RCX: 00007f5bdc1feec9
[  317.539293][T24609] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  317.547402][T24609] RBP: 00007f5bdc281f91 R08: 0000000000000000 R09: 0000000000000000
[  317.555611][T24609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  317.556214][T24617] EXT4-fs (loop1): 1 truncate cleaned up
[  317.563890][T24609] R13: 00007f5bdc456038 R14: 00007f5bdc455fa0 R15: 00007ffccfa14fe8
[  317.577342][T24609]  </TASK>
[  317.580463][T24609] ---[ end trace 0000000000000000 ]---
[  317.600383][T24610] 0ªX¹¦D: entered allmulticast mode
[  317.605772][T24624] loop3: detected capacity change from 0 to 512
[  317.619089][T24615] 8021q: adding VLAN 0 to HW filter on device bond10
[  317.648471][T24624] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  317.669182][T24619] vlan2: entered allmulticast mode
[  317.674412][T24619] bond10: entered allmulticast mode
[  317.734398][T24624] System zones: 0-2, 18-18, 34-34
[  317.749184][T24624] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  317.848674][T24624] EXT4-fs (loop3): Remounting filesystem read-only
[  317.872760][T24630] netlink: 'syz.9.3876': attribute type 4 has an invalid length.
[  317.882756][T24624] EXT4-fs (loop3): 1 truncate cleaned up
[  317.894549][T10402] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  317.905140][T10402] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  317.925048][T24624] EXT4-fs mount: 16 callbacks suppressed
[  317.925069][T24624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  317.959444][T10402] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  317.969951][T24624] ext4 filesystem being mounted at /426/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.013317][T24634] loop9: detected capacity change from 0 to 512
[  318.026898][T24634] EXT4-fs (loop9): revision level too high, forcing read-only mode
[  318.035115][T24634] EXT4-fs (loop9): orphan cleanup on readonly fs
[  318.043107][T24634] EXT4-fs error (device loop9): ext4_do_update_inode:5653: inode #16: comm syz.9.3879: corrupted inode contents
[  318.055486][T24634] EXT4-fs (loop9): Remounting filesystem read-only
[  318.062132][T24634] EXT4-fs (loop9): 1 truncate cleaned up
[  318.068259][T10402] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  318.078883][T10402] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  318.089554][T10402] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started
[  318.090320][T24634] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  318.101432][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.125205][T24639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.145591][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.146616][T24639] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.256324][T24649] can0: slcan on ttyS3.
[  318.293426][T24653] netdevsim netdevsim2: Direct firmware load for x failed with error -2
[  318.348737][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.365805][T24659] netdevsim netdevsim9: Direct firmware load for @ failed with error -2
[  318.499565][T24678] netlink: 'syz.1.3887': attribute type 4 has an invalid length.
[  318.605074][T24644] can0 (unregistered): slcan off ttyS3.
[  318.654543][T24704] loop3: detected capacity change from 0 to 512
[  318.666917][T24704] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  318.675305][T24704] System zones: 0-2, 18-18, 34-34
[  318.683564][T24704] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  318.699997][T24704] EXT4-fs (loop3): Remounting filesystem read-only
[  318.707643][T24704] EXT4-fs (loop3): 1 truncate cleaned up
[  318.714013][T24704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  318.728239][T24704] ext4 filesystem being mounted at /430/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.728302][T10695] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  318.749460][T10695] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  318.761230][T10695] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  318.775703][T12965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.858040][T24727] loop3: detected capacity change from 0 to 8192
[  319.054713][T13139] usb usb6-port1: unable to enumerate USB device
[  319.087167][T24773] loop1: detected capacity change from 0 to 1024
[  319.107878][T24773] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  319.149735][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  319.208669][T24792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3896'.
[  319.292651][T24809] loop1: detected capacity change from 0 to 512
[  319.318181][T24809] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  319.327172][T24809] System zones: 0-2, 18-18, 34-34
[  319.333806][T24809] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  319.349915][T24809] EXT4-fs (loop1): Remounting filesystem read-only
[  319.357198][T24809] EXT4-fs (loop1): 1 truncate cleaned up
[  319.363397][T24809] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  319.377738][T10695] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  319.388422][T10695] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  319.400808][T24809] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  319.411744][T10695] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  319.437908][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.066594][T24840] loop2: detected capacity change from 0 to 1024
[  320.080713][   T29] kauditd_printk_skb: 103 callbacks suppressed
[  320.080743][   T29] audit: type=1400 audit(1758609508.496:5920): avc:  denied  { mount } for  pid=24841 comm="syz.9.3908" name="/" dev="ramfs" ino=50485 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  320.109442][   T29] audit: type=1400 audit(1758609508.496:5921): avc:  denied  { mounton } for  pid=24841 comm="syz.9.3908" path="/443/file0" dev="ramfs" ino=50485 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  320.132026][   T29] audit: type=1326 audit(1758609508.496:5922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24841 comm="syz.9.3908" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f915c77eec9 code=0x0
[  320.177548][T24840] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  320.192909][T24847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3910'.
[  320.208055][T24849] netlink: 'syz.9.3908': attribute type 1 has an invalid length.
[  320.215956][T24849] netlink: 224 bytes leftover after parsing attributes in process `syz.9.3908'.
[  320.230975][T24849] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  320.234701][   T29] audit: type=1400 audit(1758609508.646:5923): avc:  denied  { mounton } for  pid=24841 comm="syz.9.3908" path="/443/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  320.277434][T12287] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.389543][   T29] audit: type=1326 audit(1758609508.806:5924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24857 comm="syz.2.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0cf28eec9 code=0x7ffc0000
[  320.413167][   T29] audit: type=1326 audit(1758609508.806:5925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24857 comm="syz.2.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0cf28eec9 code=0x7ffc0000
[  320.492198][   T29] audit: type=1326 audit(1758609508.806:5926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24857 comm="syz.2.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7fc0cf28eec9 code=0x7ffc0000
[  320.515797][   T29] audit: type=1326 audit(1758609508.806:5927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24857 comm="syz.2.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0cf28eec9 code=0x7ffc0000
[  320.534496][T24870] netdevsim netdevsim2: Direct firmware load for x failed with error -2
[  320.539517][   T29] audit: type=1326 audit(1758609508.806:5928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24857 comm="syz.2.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0cf28eec9 code=0x7ffc0000
[  320.571306][   T29] audit: type=1326 audit(1758609508.866:5929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24857 comm="syz.2.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0cf28eec9 code=0x7ffc0000
[  320.605234][T24872] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3918'.
[  321.008209][T24901] loop9: detected capacity change from 0 to 8192
[  321.378294][T24944] loop1: detected capacity change from 0 to 512
[  321.396807][T24946] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3922'.
[  321.408194][T24944] EXT4-fs: Ignoring removed mblk_io_submit option
[  321.418086][T24944] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  321.440090][T24944] EXT4-fs (loop1): 1 truncate cleaned up
[  321.454728][T24944] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.570603][T24955] loop9: detected capacity change from 0 to 512
[  321.591247][T24955] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  321.665556][T24955] System zones: 0-2, 18-18, 34-34
[  321.693998][T24955] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  321.724460][T24955] EXT4-fs (loop9): Remounting filesystem read-only
[  321.737927][T24955] EXT4-fs (loop9): 1 truncate cleaned up
[  321.747976][T24955] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  321.760868][T24955] ext4 filesystem being mounted at /446/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  321.781481][T24968] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3925'.
[  321.781516][   T12] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  321.801148][   T12] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  321.806467][T24968] 8021q: adding VLAN 0 to HW filter on device bond3
[  321.818471][   T12] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started
[  321.949918][T11970] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.230945][T24986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  322.241266][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.270494][T24986] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  322.311572][T24999] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3930'.
[  322.369293][T25007] loop1: detected capacity change from 0 to 512
[  322.391193][T25007] EXT4-fs: Ignoring removed mblk_io_submit option
[  322.405898][T25007] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  322.427587][T25007] EXT4-fs (loop1): 1 truncate cleaned up
[  322.434089][T25007] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  322.759758][T25023] ==================================================================
[  322.767896][T25023] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark
[  322.775816][T25023] 
[  322.778166][T25023] write to 0xffff88811a28bb04 of 4 bytes by task 25007 on cpu 1:
[  322.785879][T25023]  xas_set_mark+0x12b/0x140
[  322.790490][T25023]  tag_pages_for_writeback+0xc2/0x290
[  322.795870][T25023]  ext4_do_writepages+0x6b2/0x2750
[  322.800999][T25023]  ext4_writepages+0x176/0x300
[  322.805764][T25023]  do_writepages+0x1c3/0x310
[  322.810369][T25023]  file_write_and_wait_range+0x156/0x2c0
[  322.816099][T25023]  generic_buffers_fsync_noflush+0x45/0x120
[  322.822009][T25023]  ext4_sync_file+0x1ab/0x690
[  322.826684][T25023]  vfs_fsync_range+0x10a/0x130
[  322.831462][T25023]  ext4_buffered_write_iter+0x34f/0x3c0
[  322.837030][T25023]  ext4_file_write_iter+0xdbf/0xf00
[  322.842249][T25023]  iter_file_splice_write+0x666/0xa60
[  322.847643][T25023]  direct_splice_actor+0x156/0x2a0
[  322.852760][T25023]  splice_direct_to_actor+0x312/0x680
[  322.858131][T25023]  do_splice_direct+0xda/0x150
[  322.862897][T25023]  do_sendfile+0x380/0x650
[  322.867323][T25023]  __x64_sys_sendfile64+0x105/0x150
[  322.872535][T25023]  x64_sys_call+0x2bb0/0x2ff0
[  322.877217][T25023]  do_syscall_64+0xd2/0x200
[  322.881764][T25023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.887662][T25023] 
[  322.889988][T25023] read to 0xffff88811a28bb04 of 4 bytes by task 25023 on cpu 0:
[  322.897646][T25023]  __writeback_single_inode+0x1f9/0x7c0
[  322.903215][T25023]  writeback_single_inode+0x167/0x3e0
[  322.908603][T25023]  sync_inode_metadata+0x5b/0x90
[  322.913567][T25023]  generic_buffers_fsync_noflush+0xd9/0x120
[  322.919464][T25023]  ext4_sync_file+0x1ab/0x690
[  322.924140][T25023]  vfs_fsync_range+0x10a/0x130
[  322.928903][T25023]  ext4_buffered_write_iter+0x34f/0x3c0
[  322.934463][T25023]  ext4_file_write_iter+0xdbf/0xf00
[  322.939680][T25023]  iter_file_splice_write+0x666/0xa60
[  322.945067][T25023]  direct_splice_actor+0x156/0x2a0
[  322.950185][T25023]  splice_direct_to_actor+0x312/0x680
[  322.955568][T25023]  do_splice_direct+0xda/0x150
[  322.960369][T25023]  do_sendfile+0x380/0x650
[  322.964820][T25023]  __x64_sys_sendfile64+0x105/0x150
[  322.970054][T25023]  x64_sys_call+0x2bb0/0x2ff0
[  322.974741][T25023]  do_syscall_64+0xd2/0x200
[  322.979284][T25023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.985186][T25023] 
[  322.987516][T25023] value changed: 0x02000021 -> 0x04000021
[  322.993247][T25023] 
[  322.995565][T25023] Reported by Kernel Concurrency Sanitizer on:
[  323.001724][T25023] CPU: 0 UID: 0 PID: 25023 Comm: syz.1.3931 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  323.013096][T25023] Tainted: [W]=WARN
[  323.016896][T25023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  323.026960][T25023] ==================================================================
[  323.281809][T12821] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.