last executing test programs:

3m49.71884202s ago: executing program 32 (id=501):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000040)={0x0, 0x80, 0x1, 'queue1\x00', 0x85})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan0\x00', <r1=>0x0})
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x85c72e34f0692c87}, 0xc, &(0x7f0000000600)={&(0x7f0000000700)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf251f0000000a0001007770616e3100000008000200", @ANYRES32=r1, @ANYBLOB="0a0001007770616e300000000a00010077be103d19084ddf4070616e30000000456ca3967770616e00000080000000007770616e31000000d3cd6b15876d6ae0c3777a4cd10851e9b524484647165a486f9c154b00f9a4064cc71a3ca2cf0ebe955589efc7e55ede9697326be2ffe578fb0ca4af"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0xfff, 0x9}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r6 = dup(r5)
write$P9_RLERRORu(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])

3m28.606747786s ago: executing program 5 (id=1488):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x400000, 0x90}, 0x18)
symlinkat(&(0x7f0000000680)='./file0\x00', r6, &(0x7f0000000740)='./file1\x00')
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
fdatasync(r7)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000200)=@security={'security\x00', 0xe, 0x4, 0x3e8, 0xffffffff, 0x1f8, 0x100, 0x1f8, 0xffffffff, 0xffffffff, 0x318, 0x318, 0x318, 0xffffffff, 0x4, &(0x7f0000000080), {[{{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d4], 0x100, 0x2, 0x3}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@icmp6={{0x28}, {0x10, "123f", 0x1}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x4, 0xfc}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00', [0xff, 0xff], [0xffffffff, 0x0, 0xff, 0xff000000], 'erspan0\x00', 'hsr0\x00', {0xff}, {}, 0x0, 0xff, 0x7, 0x40}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@mh={{0x28}, {'$B', 0x1}}, @common=@ipv6header={{0x28}, {0x80, 0x19, 0x1}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x448)

3m28.393371473s ago: executing program 5 (id=1490):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3m28.069329369s ago: executing program 5 (id=1495):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300090d"], 0x68}, 0x1, 0x7}, 0x4a79a644ae8bc70)

3m28.068675089s ago: executing program 33 (id=1495):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300090d"], 0x68}, 0x1, 0x7}, 0x4a79a644ae8bc70)

3m25.528866066s ago: executing program 3 (id=1544):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x17f79c79fbf0d39, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, 0x0, 0x44)
syz_emit_ethernet(0xd8, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x1, 0x0, 0x2}, {0x8100, 0x4, 0x0, 0x4}}, {@llc={0x4, {@llc={0xff, 0x2, "11", "b7e1ceb954c44e82bfb17495d2c8e33d7cdd01a2773367d62c8aa3b6f6bb4af8219df490b2749b712ff624ca516803ae7fd5a0302b56b41619d507c2cea50c892a7c75ec02460c5771ee852a9eeaa63697afa81682fd09bc11ffc57befe9ef6e45b18816547744be39c42a232c60efad80ec8a1f5a5cce79e804b423e7cfcdc5144849532970eb5ae83577d1b61d1d7bd652a09c873e0655cfb4ccc3990e631c85ac52df483ce77caf025629fa8ef1f8650900"/191}}}}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv4_newaddr={0x34, 0x14, 0x1, 0x0, 0x25dfdbfc, {0x2, 0x1f, 0x49, 0xcb, r1}, [@IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_LABEL={0x14}]}, 0x34}}, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000340))
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@private0}, &(0x7f00000000c0)=0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r4], 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
prlimit64(0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000000206011e0000000000000000000000000e0003006269746d61703a697000000005000400000000000900020073797a300000000020000780050003001c0000000c0001800800014008000000050014002000000005000500020000000500010006"], 0x68}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100))
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20040, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)

3m25.286920186s ago: executing program 3 (id=1547):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1e, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0xe, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
timer_create(0x2, &(0x7f0000000240)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
readv(r4, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/217, 0xd9}], 0x1)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r6 = semget(0x0, 0x3, 0x203)
semctl$IPC_RMID(r6, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}}, 0x0)

3m25.104135231s ago: executing program 34 (id=1550):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x400000, 0x90}, 0x18)
symlinkat(&(0x7f0000000680)='./file0\x00', r6, &(0x7f0000000740)='./file1\x00')
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
fdatasync(0xffffffffffffffff)

3m24.417881256s ago: executing program 3 (id=1561):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')

3m24.401233748s ago: executing program 3 (id=1562):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x400000, 0x90}, 0x18)
symlinkat(&(0x7f0000000680)='./file0\x00', r6, &(0x7f0000000740)='./file1\x00')
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)

3m24.346213382s ago: executing program 3 (id=1564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x1}}, 0x10, 0x0}, 0x0)

3m24.346067122s ago: executing program 35 (id=1563):
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x85c72e34f0692c87}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8000)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3m24.067545135s ago: executing program 3 (id=1569):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3m24.012627689s ago: executing program 36 (id=1569):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3m22.876738571s ago: executing program 0 (id=1578):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
splice(r3, 0x0, r2, 0x0, 0x7f, 0xe)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000734000/0x4000)=nil, 0x4000, 0x0, 0xbc32038f2d035af6, 0xffffffffffffffff, 0x2882c000)
r5 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r5, 0x2004, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x12, 0x1e}, [@ldst={0x6, 0x2}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x18)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
set_mempolicy_home_node(&(0x7f0000146000/0x1000)=nil, 0x1000, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0xc}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r8}, &(0x7f0000000000), &(0x7f0000000200)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000180)='kfree\x00'}, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)

3m22.312608827s ago: executing program 0 (id=1584):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x79}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xd, 0x0, &(0x7f0000000180)="5fb90c5c4426cc8fa8574be842", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m22.235421024s ago: executing program 0 (id=1587):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x17f79c79fbf0d39, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040080}, 0x44)
syz_emit_ethernet(0xd8, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x1, 0x0, 0x2}, {0x8100, 0x4, 0x0, 0x4}}, {@llc={0x4, {@llc={0xff, 0x2, "11", "b7e1ceb954c44e82bfb17495d2c8e33d7cdd01a2773367d62c8aa3b6f6bb4af8219df490b2749b712ff624ca516803ae7fd5a0302b56b41619d507c2cea50c892a7c75ec02460c5771ee852a9eeaa63697afa81682fd09bc11ffc57befe9ef6e45b18816547744be39c42a232c60efad80ec8a1f5a5cce79e804b423e7cfcdc5144849532970eb5ae83577d1b61d1d7bd652a09c873e0655cfb4ccc3990e631c85ac52df483ce77caf025629fa8ef1f8650900"/191}}}}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv4_newaddr={0x34, 0x14, 0x1, 0x0, 0x25dfdbfc, {0x2, 0x1f, 0x49, 0xcb, r1}, [@IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_LABEL={0x14}]}, 0x34}}, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000340))
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@private0}, &(0x7f00000000c0)=0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r4], 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
prlimit64(0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000000206011e0000000000000000000000000e0003006269746d61703a697000000005000400000000000900020073797a300000000020000780050003001c0000000c0001800800014008000000050014002000000005000500020000000500010006"], 0x68}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100))
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20040, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)

3m22.045899449s ago: executing program 0 (id=1588):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x400000, 0x90}, 0x18)
symlinkat(&(0x7f0000000680)='./file0\x00', r6, &(0x7f0000000740)='./file1\x00')
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)

3m21.703251137s ago: executing program 0 (id=1590):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f00000003c0)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000000000000000000070000000183"], 0x20}, 0x0) (fail_nth: 1)

3m21.242885464s ago: executing program 0 (id=1591):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0xfff, 0x9}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

3m21.242601675s ago: executing program 37 (id=1591):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0xfff, 0x9}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

3m20.922784421s ago: executing program 1 (id=1594):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x79}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xd, 0x0, &(0x7f0000000180)="5fb90c5c4426cc8fa8574be842", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m20.907693691s ago: executing program 1 (id=1595):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x17f79c79fbf0d39, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040080}, 0x44)
syz_emit_ethernet(0xd8, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x1, 0x0, 0x2}, {0x8100, 0x4, 0x0, 0x4}}, {@llc={0x4, {@llc={0xff, 0x2, "11", "b7e1ceb954c44e82bfb17495d2c8e33d7cdd01a2773367d62c8aa3b6f6bb4af8219df490b2749b712ff624ca516803ae7fd5a0302b56b41619d507c2cea50c892a7c75ec02460c5771ee852a9eeaa63697afa81682fd09bc11ffc57befe9ef6e45b18816547744be39c42a232c60efad80ec8a1f5a5cce79e804b423e7cfcdc5144849532970eb5ae83577d1b61d1d7bd652a09c873e0655cfb4ccc3990e631c85ac52df483ce77caf025629fa8ef1f8650900"/191}}}}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv4_newaddr={0x34, 0x14, 0x1, 0x0, 0x25dfdbfc, {0x2, 0x1f, 0x49, 0xcb, r1}, [@IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_LABEL={0x14}]}, 0x34}}, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000340))
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@private0}, &(0x7f00000000c0)=0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r4], 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
prlimit64(0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000000206011e0000000000000000000000000e0003006269746d61703a697000000005000400000000000900020073797a300000000020000780050003001c0000000c0001800800014008000000050014002000000005000500020000000500010006"], 0x68}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100))
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20040, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)

3m20.692820529s ago: executing program 1 (id=1596):
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000004cc0)={0x1, 0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0xbbd0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x7, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000d40)={'ip6tnl0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x18, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa}}]}}]}, 0x44}}, 0x24040084)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0)
write(r6, &(0x7f0000000240)="94", 0x1)
vmsplice(r9, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r5, r9, 0x8f5, 0x0)
write$binfmt_script(r9, 0x0, 0xd9)
write(r7, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
io_uring_setup(0x54a0, &(0x7f00000000c0)={0x0, 0x70e6, 0x200, 0x2, 0xf2, 0x0, r6})
gettid()
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
ptrace$cont(0x9, r10, 0x28, 0x9c4)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

3m20.395971443s ago: executing program 1 (id=1597):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x400000, 0x90}, 0x18)
symlinkat(&(0x7f0000000680)='./file0\x00', r6, &(0x7f0000000740)='./file1\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)

3m20.232587867s ago: executing program 1 (id=1598):
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000004cc0)={0x1, 0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0xbbd0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x7, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000d40)={'ip6tnl0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x18, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa}}]}}]}, 0x44}}, 0x24040084)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0)
write(r6, &(0x7f0000000240)="94", 0x1)
vmsplice(r9, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r5, r9, 0x8f5, 0x0)
write$binfmt_script(r9, 0x0, 0xd9)
write(r7, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
io_uring_setup(0x54a0, &(0x7f00000000c0)={0x0, 0x70e6, 0x200, 0x2, 0xf2, 0x0, r6})
r10 = gettid()
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
fcntl$lock(r12, 0x6, &(0x7f0000002000)={0x1})
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r9)

3m19.755763295s ago: executing program 1 (id=1604):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3m19.705843929s ago: executing program 38 (id=1604):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3m17.132577178s ago: executing program 9 (id=1635):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000005600)='sys_enter\x00', r1, 0x0, 0x2}, 0x18)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)

3m17.047063715s ago: executing program 9 (id=1637):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2$9p(0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10)
r5 = getpgrp(0xffffffffffffffff)
ptrace$setopts(0x4206, r5, 0x0, 0x20004f)
r6 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000680), 0x80c02, 0x0)
write$cgroup_int(r6, 0x0, 0x2)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x9)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000)
read(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r7, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2)

3m16.99363568s ago: executing program 9 (id=1638):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0xa31, <r1=>0x0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f00000001c0)=0x64)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000002200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='sys_enter\x00', r8}, 0x18)
lsm_list_modules(0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000200)=@assoc_value={r6, 0x8}, 0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={r6, 0x10000}, &(0x7f0000000280)=0x8)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='rxrpc_call\x00', r0, 0x0, 0x8000000000000003}, 0x18)
r10 = socket(0x2000000000000021, 0x2, 0x10000000000002)
perf_event_open$cgroup(&(0x7f0000001500)={0x5, 0x80, 0x5, 0x7, 0x7, 0x8, 0x0, 0x401, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x5c00000, 0x2, @perf_bp={&(0x7f00000014c0), 0x8}, 0xf5930c4d553c59c1, 0xa0f, 0x2, 0x2, 0x2, 0x3, 0x2, 0x0, 0x6, 0x0, 0x995}, 0xffffffffffffffff, 0x9, r9, 0x6)
connect$rxrpc(r10, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008800000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001580), 0x14dd81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r11, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x800000, 0x0, 'queue1\x00', 0x2})
writev(r11, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2)
sendmmsg(r10, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)

3m16.802830305s ago: executing program 9 (id=1641):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

3m16.525179258s ago: executing program 9 (id=1644):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
sendto$inet6(r0, &(0x7f0000000240), 0x0, 0x4000000, &(0x7f0000000380)={0xa, 0x4e24, 0x3, @dev={0xfe, 0x80, '\x00', 0x42}, 0x9}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfd)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r2, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0)

3m16.213498913s ago: executing program 9 (id=1649):
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000004cc0)={0x1, 0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0xbbd0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x7, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000d40)={'ip6tnl0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x18, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa}}]}}]}, 0x44}}, 0x24040084)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0)
write(r6, &(0x7f0000000240)="94", 0x1)
vmsplice(r9, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r5, r9, 0x8f5, 0x0)
write$binfmt_script(r9, 0x0, 0xd9)
write(r7, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
io_uring_setup(0x54a0, &(0x7f00000000c0)={0x0, 0x70e6, 0x200, 0x2, 0xf2, 0x0, r6})
r10 = gettid()
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

3m16.213301293s ago: executing program 39 (id=1649):
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000004cc0)={0x1, 0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0xbbd0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x7, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000d40)={'ip6tnl0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x18, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa}}]}}]}, 0x44}}, 0x24040084)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0)
write(r6, &(0x7f0000000240)="94", 0x1)
vmsplice(r9, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r5, r9, 0x8f5, 0x0)
write$binfmt_script(r9, 0x0, 0xd9)
write(r7, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
io_uring_setup(0x54a0, &(0x7f00000000c0)={0x0, 0x70e6, 0x200, 0x2, 0xf2, 0x0, r6})
r10 = gettid()
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

3m15.829456724s ago: executing program 5 (id=1605):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x400000, 0x90}, 0x18)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)

3m15.672506457s ago: executing program 5 (id=1666):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, 0x200}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r3, 0x0, 0x8}, 0x18)
setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0x8, 0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3f00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m14.025699371s ago: executing program 5 (id=1685):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x1}}, 0x10, 0x0}, 0x0)

3m13.947002207s ago: executing program 40 (id=1685):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x1}}, 0x10, 0x0}, 0x0)

2.070520652s ago: executing program 8 (id=6295):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8b}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x80000001}, 0x18)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000c00)={[{@noquota}, {@nodelalloc}, {@journal_dev={'journal_dev', 0x3d, 0x5}}, {@mb_optimize_scan}, {@dioread_lock}, {@usrquota}]}, 0x1, 0x789, &(0x7f0000001500)="$eJzs3ctrXNUfAPDvnWSaNu3vlwiCj1VA0EBpYmpsFVxUXIhgoaBr2zCZhppJpmQmpQkBLSK4EVRcCLrp2kfdufUBrux/4UIsVdNixYWM3MmdZtrM5NUkE5nPB27mnHvu5Jzv3Dvnnpl7uBNA1xpK/+QiHouID5KIgWx9EhH5eqo34tTKdneWlwrpkkSt9trvSX2b28tLhWh6Tupwlnk0Ir5/N+Jobm29lYXF6YlSqTiX5UerMxdHKwuLxy7MTEwVp4qzJ8bGx4+ffPbkiZ2L9c/ri0dufPjyU1+d+vudR669/0MSp+JIVrYaR8+O1TcUQ9lrkk9fwnu8tGO17A9JpxvAtuSyI7430j5gIHrqqVX5jrUMANgtb0VEDQDoMonzPwB0mcb3ALeXlwqNpbPfSOytmy9GxMGV+BvXN1dKerNrdgfr10D6byf3XBlJImJwB+ofiojPvnnji3SJ+66nAuymt69ExLnBobX9f7JmzsJWPb1O2YHscei+9fo/2DvfpuOf51qN/3J3xz/RYvzT1+K9ux0bvv8P7UAl60jHfy80zW270xR/ZrAny/2vPubLJ+cvlIpp3/b/iBiOfF+aH1unjuFb/9xqV9Y8/vvjozc/T+tPH1e3yP3a23fvcyYnqhMPEnOzm1ciHu9tFX9yd/8nbca/ZzZZxyvPv/dpu7I0/jTexrI2/shmJ+2O2tWIJ1vu/9UZbcm68xNH64fDaOOgaOHrnz/pb1d/8/5Pl7T+xmeBvZDu//714x9MmudrVrZex09XB75rU3T9xw3jb338H0her6cb44jLE9Xq3FjEgeTVteuPrz63kW9sn8Y//ETr9/+a479pHmv6mfDcJuPvvfHbl+3K9sP+n9zS/t964tqd6baTajeOP93/4/XUcLZmM/3fZhv4IK8dAAAAAAAAAAAAAAAAAAAAAAAAAGxWLiKORJIbuZvO5UZGVn7D++Hoz5XKlerR8+X52cmo/1b2YORzjVtdDjTdD3Usux9+I3/8vvwzEfFQRHzcdyhp3M1zssOxAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDD4Ta//5/6pa/TrQMAds3BTjcAANhzzv8A0H2c/wGg+zj/A0D3cf4HgO7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAuO3P6dLrU/lpeKqT5yUsL89PlS8cmi5XpkZn5wkihPHdxZKpcnioVRwrlmY3+X6lcvjges/OXR6vFSnW0srB4dqY8P1s9e2FmYqp4tpjfk6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGsqC4vTE6VScU5iG4na/mhG5xM92eG0X9qzp4lkfzRjm4laLaJV0YZdR37XOycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/4B/AwAA//+bfSSu")

1.993297198s ago: executing program 7 (id=6298):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x8000, 0x0, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x48)
ftruncate(r1, 0x2000009)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r2, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0a00090004000000080000010000007f000000003cfc863e886794d7da464b2d948776fe9199678a4aa5cd800785722df39187842463bbfd9283b8a9ddd4a9cabcbb471d72c011cbda8e3eb31f42b57d5f328630b9514af01052cdd69562949cf4faffc3b766b4102308058c3e310762059b2b05b81dcb2804e0e5d89d5da79c157f3763eba46728c7d4703b9953e53ae0434484b77c43439f81b9dd763f68b0992f332198ed28", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x25, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={0xffffffffffffffff, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
fspick(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x0, 0x9403, 0x0, 0x0, 0x2c0, 0x320, 0x3d8, 0x3d8, 0x320, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')

1.922462104s ago: executing program 8 (id=6299):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
syz_usbip_server_init(0x4)

1.699273542s ago: executing program 2 (id=6300):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r1 = perf_event_open(&(0x7f0000000340)={0x3, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socket(0x10, 0x803, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
preadv(r5, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xdc}], 0x1, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f0000002480)={{r0}, "aa84e6e5e648333fd6d49977d709740108a98708b3954b66b5f6e6bd19abb22866a5c1668e43f055730daf38e9bbc0d9cbc95ea2a91a043c0b009e3a904413ad31e4c1da3933f0b126a809807ca8fa1e6d6ef8a3d2c190085900a8da75687a638af0b1b4065e69f08ec201e95cc7be36806b1ea5eb3033aeb558c42d1a7b2aada563848bf3f307d66b0b139e66853e40f1fdba6bb4d3a86d4dc5e66dc44d16ba4581967f6f5e43880b5245e81eab84f6bf9a53380188ca2de3e42a059e427ee95e3bd0fbdd28ed5077e454250b478c8ccbb9559835c319c80037fab900e8176b7a8465c5c10a84fbd128e9f6a355d9bac5f9c3fd24b12778241017fa9032d0ed9bcdee406ad5e654652a2893e400e39c13c1da05a30fb6e6b2d07ebfce7ae3071d8598717e9cbf2993c995937c24bb6e420a641afc09eb2bfa5dd6a1397ab3495f4ee8fbcf746c6dd471546a937d000ad303be884ac39a633310cb3316dbff26dda12f6ac54b8e9f59f91eee1e5cd881716dfa6a904e7706262177c08047cd072d4bd1a9bd13569455ad7b7923a0e6445481994ec090362e9da2a02d8c26a3c3a748a9fe5847b550a4ca832a65aad92c8f8ac9319790eb824a1bfd9cabae103f8369af65733058c4d480e64672afe8ee7e374beb5c87410a4709c142e4f1ca052f76275f8da61422c11c39688eeef708af26945552407f894441d6605325cb97b061f5e886c3361e6067b4a8378f5df42f2ca83c2ea61d354f81dc6e9f4d433627a64f15739045b11db2e43c849507dcecc2da4401b3c0c2ba6ab201e7b11a960d39e247b36b8e3d29b882f081ecf0680a4dff3dff6ac70e0c732083edc70fab8ebae8a4d07e027138cd87a23d8bdd08d065aae20011b2439540b73799d1843e2733d389ad81a4eb13d65a607b402198d08bee7bc3c2506194f3e80cbe374d1729155bd381b0415dd6a7231dd5864410319feb7cbfe94f0f514da5f893df0e631d403ed09000817a454c045a646ae591aba20f9b96a7df0e1d98ae00c19c5d8e5203c33edf645eac165ba728c82332bc03e9e1db33351362e8a88afeb6a5a93d8a45a604b496c98adb8a29f50cd81b8a320399f77051f019028b6c52eab578bc30ff2886641cf79419a3a6e8b52cda0ff07d3f85d88d5945e8186ce4249c00816151879c4f85af92eaa3605656c16ce090d13707f9dae3b24d41b3132251d98b36f88e6a13e5bf2d3934070584d163226c69c08cb38765b541b78c561d2092fa8d68d6287ec03a450d2ad3345c543fc6498b4dd09298ac9f48ea7794db2e8a80e7b987beef2f2f25d3e95e7c8abe41211ae79ea6971c14756da2da3af8d5ad21b1600ab1c74d88a9096f3cc3546b6180d117abcf1f0706a89bbc0c84a2317113dd7d4bccafec3b34bc9911d2a1a7e1b210ec5183cf1692fb4fb688344e6be6d904ade83a22e986b72c6cd3efa98fd238c753763d95a01814a5d926d5a31d189ff4e2680d27c915c59ae8d1de02d2a4f7f37ceb850da5273f9edae58bda8031098518ddcc2bedaf1a622280fad31ca4afa8f6a7dadcce0ff4d3c103b47b22581c4186b9bdcb2ff9441901e9eaa2804608b7df35bc11301a0eae15a2a752c7088bc8bc7f331cf938836826f310eb24fd7ebc67add7dc3f82f5afc02cbbe677eb4d002bd3003c20d5d558cadaf880cb9794cee7f78629b73e3b99f46c4c439969d0dc038b6e259a8d4c42f54517c5d5dd7d865c430ac279911deac0a7d594d9aa88b3a5a05851c4f31a7ef61d87c5c4ca419fcbf90f8f004ed028a4a5cf09eebf0ac76cbfd334107369a272d35ebb927b1778f029a72372f8d705d16566cfb7f3ef790623073d171a5e60a9338a3f88aec441037dfeb506d8325d49e9927b5f61f6fab6bbcae96c523d9a4603aeae0c3d35f367f410023f5098c3ec21369f7c5a2ef44efa5c70a558ea7efdb6108c97ad8b1fdb7d2a0ebb49fbcf8654d3a01b3c7607e0659ad908c534b155fd58d32cd6f808074157c1753e219bd40a18aceca65fd04403fc5d8cd26d981016827d52577c1e3733cddb1fd323160bdefd4a5957cd8d5c510a6ce8e4776fa0f9f01da6bbd6399c8f3ff58a4fcf04ce4b623858cf6be65d85c1cafdbf9e48bef4032ad3a0f314007533f1fe633b04f68af8b54f44b2fb2689e93fbe2522b986202f8d4a10d9f1651256ef4986e00c7dadcb3368b32d7882a1f0f5ac1b01464195b9d23038c50724d6420f44bfb61a6c2ed6bcb19b8b428dd02debf13b94cb6e1b8a395c1171e24c3a8ae17c67a1f3227a511995e541e2dba217f988f77c0496dccac671b522826b8b90fc89b9fec4a4d25a2da437a16d88e8a5f32381e4e4a06457a644122ff2f265733f0047630f97e0d7d805365c11e5d46d457190a1431bcedd34519c4e55781fe0ca6c80a62e9cc492a5d56f9902d7f4fefcd463ec2500f6807d90620eacc319623b87f6928d12484bb826318492b8d0ac382e0eb8f5f7df378636d68cd3933461014df26e5f7479da7b1620a01fe701b153c7d4bc06deef0bc44ce4139af2adb2a07dfabe1626d263c8f71aecdd7dd438f07c96c8d6519572a111e63a89bb8d636a86c906c2ed1729937cb8eb6aa87c2806025e3eac37f3f39a87f33b573b9c5f2d39c16438703d2479f866d9dda21f6f9b54e60a14c78036e495ad5d320b83c689f260fc4e69fcab81ba612e28a572c9a716e71aa8f82f12e2db6879a5ea869daccc55de2dcd32dfb6073b0de6aebd4edf923de1aa12458fe3153a2ac305f6d7ad9509538e64526e5a8f7f919c50d48f862357ffa3e5ac502a52608f74800102ba46d033727ad3969bb90769ee125df26b00bba8e88a6a1b788f1e3a8cd4109122774fa98c000f8b242c95a7d1d78f92eed3bb8b7f76f7f62dd2923fd853b4ddd127eaebc8e4db3a651b1a7270ebfd199b84f56a5f0f17f00a84ce53896dbdcac3404b9a9722b3cdca717ccc970f7d58612a2512c4b6f142fd3370ccece0db6e266a3d62353730a943df3aee61e124db1d525b7beb59a0cb6e8ad2583ff0f80fb82135f287c193b49e98c325e0d3fc7972a5f3a73de423cedbb97f6852ffe8820d67cc0286d6ceecc37e67aa067517718ee760214c49586c3cc8791d5921389ecb4733310425635f24c8571d05651cef5fa4120ee96a2f19e00fb101fd28e0d01940211ba3753fd9f561f4cd175d25f5263b2bb4d3d7d17adaade9fa5c54859df3b364cb40c8624320afeb301f60425502b21993c55bde44ddc07bea1ff0b75afe6f79e92843099ccc9d6c9416cc51b1b235130febbe6558cbc72ac7368a4e38a19117827ca75bcf163c09600c591af6f9d1f8419176593a03a1fd505fcc717ea6539985863d916c581ed390b4ee912f35fa2744412543f4f628f3d4e00e94c459181172a1bebc68c38876b0d51428e98c4ee90b441c3334c584d24de16e3767003cabb595550db64b94a5ea10cf27ef846ba679397aca6974b7b9bfe6a3d445ab504b99928a6dd165a3a256bf7990d3f3b15147f9855b47f4d1268929892ca6e2c0a16177e616b1d3413edaa770f188e6015ac914d38722b55edb99b89efad1c17c19598106b7888215bbd0a81aa3642f30950edd855746595bd9af351537f0eb0c06a7f818c938d45c51173bf3803e7d566e1ccfd49433ee2d2ce01418cf0bf882688689bf540012d23019d9937dba395d3aff0de7c3d45f357695351ceb3c6d497a8441a1027d679948cf27ef5e5f5261df18fb7d34bf3feb5dabe368cb63561fe5ef281c5fa80f109a64c0dd282f484e827181b9aec7ed91dc001e92deeb29d8e9812df8eafea542516a5c5fc69891254e6f6c87970beabc6192caeb3d4d5ac1cedcb169230d49afa51ba10a7ff29707cb37f23256dc5b38fbe147b88948f428a4d9098c39fae0b7f7075d26029e4cd568df459bb4f26a53aa90d990f2fef0b303e0a0e3c04ba01d09e20ed00f88b9219d66a2da73f350fb3314f1e1b96eac6362993441e57c0fb179df1552059795fd1af0112731aa48855e4e401bc4997e9f7212920eae8995e2fb443e3a0df54723363c5e5a392faefccd8d6d5f31706d9d287ac76f2be3834a6596f67872eeef86dc40df1fe6df3ee28368c0df4a5dcecc4b075c0419015cac7f7478351a7d986a2fd1ae8d752b6f3ad8d0ee0f16cac15fd1ff19dd88c503f7f2e9593888d8bd22197af78733ee9fa392b136cdde6cec2aabd4adfdf4f029be4c15805c1b724881060f01f45e1a353c83862a35ced90aa9796cf5ae9b1965d2e8d1f670a11597de33e9f63dc1fe7eb205d875948d02daf78bfd345352ff86103dba60007f766a972c3c5a6a4c35025adcef85e315bbd805ba2ff00fabd896f352f38e81b4ac20feaa5b1f8f89d94d363ba26841f9e758365e92d628d805ec865f06be31a4aa9ad86986e61a3063e7707cb4e2380bcf72607cb84315e3bb4469cc76a810c460a103ac05001fb5843f5dfa9bac2e685dfaf52ed558a957ba3c90fabe5c401dc7b33de91adcf038082e888d948d4840120001f0b990038e88fea053b1646bc94f27fb5edee7dcb2e8fb7a8c28054574f62137a75a1cfa059a87e873b9a0942c30cecc43a652e2bd33db876a307e4cbf71922e712f2c619c6e2bd0a04464526517278d1bfb26a47589aa41d20664d55ccbed805f61e1e13b6641d01c61373c2d1f282967f784cc5e3cbbe8a208a69e4dd9383974dea67e7895e4a8767df905d5adc2a43cad6246eb071092d59aab17caa9d4c5d8b4e758896991443d98c86be045bdc016a42d8a1a435996173896b030955e9db90969a665d180f0528b84f1c1c5f10fc61e92b60834b7787ebd57617f70c3039ce147e59bc536b83c0feeb1c6fd5b15e540fd89539f409bde3ada20da9c67264f7b288a7acdeb2acdcbcf9b3d8736363d4e14ca323d84cb2dc11095dc37ed5076264d12c03532611083a07833647dfe78867903d9447c0b513398eaf1fbfc19d39fab6ce319e05bfce26598c958dbc1ff1fbda28c0ba803a08e537b1d2677f88c34d9ae6979809c2a2c3fecad19ed07fb57e914cfdb0ad381522e15a91a4ad4fe15f579bc88fa08fd2264c111965b3e4976d20598add2682fa0b3c8dee0573c11315bfd6050daf963cb0a4d2c628808aecef1a857081b961db22d566eba3d48be4af77f8aa1549651773916279b2d8bda1474b6dc682c5ddfd86e9aac9acaac3fb72e3e8f9f27096b0c3f0b0e9f6e6e5fbc70d0bfe9fb715aa551e7991f34baa7bc68d68f40269fa19d6c7fcb7574d0ac359558ee613e68deaf03db6aafe8b2ee8064f78677a65041d6d1d4f67e3a9a5576460397ff932dfcbcb209d62e5aabd3d030d1be16d477caad74b6b2a438e633af8fe37512a26df0892aa6abca59cc7b90224b2a8aabfcb505fa1cca4422d6d774118b9664f30dc43072b3e3ce5094611851efaf57c47e8c22e65b4677e68d7a50f7b2ac970f64397b6e2333a3c4cc6d75d76e73c47d72ac94f218e0066d723737d5d1860a92ac00c7a066181ae2e86990b02d0f98d838f855ef5b7597e3a440431656bb4689f69ff81686f05fd4a1698192ec4cc010a2dbd9de43486f3e0759a2fe19459f31fca316240ab5e36446234614fa39502e380a2310312d56e04a5ed447831ae8d63dd8384e9c152a132ed916dcfa2a6f5290f363a1c4a05bbfafd181376c2b3eef250e98385145ba81d77b9d5be1c8ceb7cf3ceb6e7907314340ecd15a8471feb1b3b2a5ce4f5219ca87615b"})
socket(0xf, 0x3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0x6a, &(0x7f0000000240)=ANY=[], 0x0)

1.665880865s ago: executing program 2 (id=6301):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x31}}, {0x306, @broadcast}, 0x1c, {0x2, 0x4e21, @multicast2}, 'veth0\x00'})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r1, &(0x7f0000000380)=[{&(0x7f0000000180)=""/38, 0x26}], 0x1, 0xffff, 0xddd073cf)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="40000000480001ffffffe000000000000a00806e08000000e0000001140001800d2a79075827af5aa534d6815c2e93f10c0002"], 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004880)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x80400, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000280)=ANY=[@ANYRESHEX=r2], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000680)='kfree\x00', r4, 0x0, 0x10000000000000}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x18)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
r7 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r8 = inotify_init1(0x0)
r9 = inotify_add_watch(r8, &(0x7f0000000080)='./file0\x00', 0x40000022)
write$binfmt_elf32(r7, &(0x7f0000000000)=ANY=[@ANYRES64=r9], 0x69)
close(r7)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000380)={[{@nodioread_nolock}, {@noblock_validity}, {@data_err_ignore}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@nodiscard}, {@inlinecrypt}, {@i_version}]}, 0x6, 0x5fc, &(0x7f0000000600)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")

1.113256669s ago: executing program 8 (id=6306):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x84842, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
sendfile(r2, r1, 0x0, 0x7ffff000)

975.735681ms ago: executing program 7 (id=6307):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0xe7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)

854.685631ms ago: executing program 6 (id=6309):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300e1ffffff00850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5}, 0x18)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r6, @ANYBLOB="070000000000000000000500f500180001801400020073797a5f74756e000000000000000000cc00038004000380c4000380180001800400030008000100cb060000080001"], 0xf8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='percpu_free_percpu\x00', r2}, 0x18)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r7}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f00000001c0)="390000fa461ad7e48489bffa56020013001118680907071200000f0000ff3f21000000170a00170000000004001407100003000131d7b2d0370a00f302415af0083f52b3ac", 0x45}], 0x1)
r8 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
setreuid(0x0, 0xee00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r8, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r8])
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', <r11=>0x0})
r12 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r12, 0x107, 0x15, 0x0, &(0x7f0000000100))
sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{}, [@TCA_NETEM_LOSS={0x10, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x6, 0x5000}}]}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x70}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r11, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x806}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r13, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

797.305145ms ago: executing program 2 (id=6311):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000004c0)='kfree\x00', r0, 0x0, 0x6}, 0x18)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='GPL\x00', 0x4, 0xffffffffffffff87, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="440000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="0000000032040400240012800b000100697036746e6c0080000000000000120000002000f5ffffff4e2400001c4aaba52c1444a7ed0dd1e5fbcc880a80b000df168085935c6cfea75b7ef3f8c24e402f11abbf3af877e9af7bd99af6f24b5fb492bfbe9fac58eb090e062667ade972b4a0433c6e030fb258e8612326510c902cdab3cbc956a72aa15c677cdaecff34bc8e22e9f383e5d81ea42f2e3ff1d930d86aa040da19d9644c361234a374f863644ee0106a03c85fe356eb6deb0fa4d2bd9d4471db23be07870de872871d7126831e8e894bd125d060f1f3a85611f4f0c7fcdfe73dcd83708e890a77426e06f3cef795d6ad1aa4cffd04aa82a28ea6da"], 0x44}}, 0x0)
dup2(r2, r1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0xffffffffffffffff, 0x3e, 0x9, 0x2}, 0x1f)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x4000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040), 0xfe, 0x4f2, &(0x7f0000000b00)="$eJzs3d9rHFsdAPDvTHbvbdpcN1d9uF6wLbaSFO0maWwbfKgKok8Ftb7XmGxDyCZbkk3bhKIp/gGCiAq+6JMvgn+AIP0TRCjou6gooq0++FAd2d3ZmKa7+UE3u97s5wMnc8782O85GebsnJlhJ4ChdTEiJiMiy7LsSkSU8vlpnmKnlRrrvXj+eKGRksiyO39LIsnntT/r7Xx6Lt/sTER87csR30xej7uxtb0yX61W1vPyVH01eZll21eXV+eXKkuVtdnZmRtzN+euz033pJ3jEXHri3/6wXd/9qVbv/r0w9/f/cvkt1oNbNnbjl5qNb3Y/F+0FSJi/SSCDUih2cKW6wOuCwAAB2uc7384Ij4REVeiFCPNszkAAADgNMk+NxYvk9b9PwAAAOB0SiNiLJK0nD/vOxZpWi63nuH9aJxNq7WN+qey0u71gvEopveWq5Xp/NmB8SgmjfJM/oxtu3xtX3k2It6NiO+XRpvl8kKtujjQKx8AAAAwPM7tG///s9Qa/wMAAACnzPigKwAAAACcOON/AAAAOP2M/wEAAOBU+8rt242Utd9/vfhga3Ol9uDqYmVjpby6uVBeqK3fLy/VakvN3+xbPezzqrXa/c/E2uajqXploz61sbV9d7W2uVa/u/zKK7ABAACAPnr3wtPfJRGx89nRNCKyZM+yYkQ2snflQv/rB5yc9Dgr//Hk6gH038igKwAMjFN6GF7FQVcAGLjD+oGuD+/8uvd1AQAATsbEx3bv/zdTw1v5smSgNQNOWn7/P3Gsw/Bx/x+Gl/t/MLyKB50BGBTAqZce4VB/8/v/WXasSgEAAD031kxJWs7HAWORpuVyxDvN1wIUk3vL1cp0RHwoIn5bKr7dKM80t0xcHgAAAAAAAAAAAAAAAAAAAAAAAACAI8qyJLIuRnfXAQAAAD7IItI/J/n7vyZKl8f2Xx94K/lXqTmNiIc/vvPDR/P1+vpMY/7fd+fXf5TPv9bvqxcAAABAJ+1xenscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99OL544V26mfcv34hIsY7xS/Emeb0TBQj4uw/kijs2S6JiJEexN95EhHvdYqfNKoV43kt9sdPI2J0wPHP9SA+DLOnjf7n852OvzQuNqedj79Cnt5U9/4v3e3/Rrr0f+90+sD09VnvP/vFVNf4TyLeL3Tuf9rxky7xLx2xjd/4+vZ2t2XZTyMmOn7/JK/EmkoK96c2travLq/OL1WWKmuzszM35m7OXZ+bnrq3XK3kfzvG+N7Hf/mfg9p/tkv88UPaf/mI7f/3s0fPP9LKFvctKsZPsmzyUuf9/16X+O3vvk/mu7tRnmjnd1r5vc7//DfnLxzQ/sUu7T9s/08esf1XvvqdPxxxVQCgDza2tlfmq9XK+vEyScTOG2wuM1yZ0ehj0Pk4aJ32SWwf6vPtPNT/xS44dmZwfRIAAHAy/nfSP+iaAAAAAAAAAAAAAAAAAAAAwPA67GfAogc/J7Y/5s5gmgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKD/BgAA//+6ychX")
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x9}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0xfffffff7, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x3ff, 0x40000000}, {}, {0x0, 0x7, 0x0, 0x2, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfff00003}, {}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x2, 0x0, 0x4}, {0x0, 0x2e9c, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {0x1}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

735.63267ms ago: executing program 6 (id=6312):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0xc0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000380)={0x3, 0x1, 0x7, 0x2, 0x2})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pim6reg0\x00', 0x2})
ioctl$TUNSETTXFILTER(r2, 0x400454d1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
socket(0x400000000010, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

595.633552ms ago: executing program 7 (id=6315):
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')

562.355564ms ago: executing program 6 (id=6316):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f00000000c0)={'gretap0\x00', @random="ee5a7d37930e"})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]})
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet(0x2, 0x6, 0x0)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000180)={0x7f, {{0x2, 0x4e24, @local}}, 0x1, 0x3, [{{0x2, 0x4e23, @empty}}, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, 0x210)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x2, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)

561.903904ms ago: executing program 7 (id=6317):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

523.190117ms ago: executing program 2 (id=6318):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)

493.37595ms ago: executing program 7 (id=6319):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000004c0)='kfree\x00', r0, 0x0, 0x6}, 0x18)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x200000000000006}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="440000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="0000000032040400240012800b000100697036746e6c0080000000000000120000002000f5ffffff4e2400001c4aaba52c1444a7ed0dd1e5fbcc880a80b000df168085935c6cfea75b7ef3f8c24e402f11abbf3af877e9af7bd99af6f24b5fb492bfbe9fac58eb090e062667ade972b4a0433c6e030fb258e8612326510c902cdab3cbc956a72aa15c677cdaecff34bc8e22e9f383e5d81ea42f2e3ff1d930d86aa040da19d9644c361234a374f863644ee0106a03c85fe356eb6deb0fa4d2bd9d4471db23be07870de872871d7126831e8e894bd125d060f1f3a85611f4f0c7fcdfe73dcd83708e890a77426e06f3cef795d6ad1aa4cffd04aa82a28ea6da"], 0x44}}, 0x0)
dup2(r2, r1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0xffffffffffffffff, 0x3e, 0x9, 0x2}, 0x1f)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x4000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040), 0xfe, 0x4f2, &(0x7f0000000b00)="$eJzs3d9rHFsdAPDvTHbvbdpcN1d9uF6wLbaSFO0maWwbfKgKok8Ftb7XmGxDyCZbkk3bhKIp/gGCiAq+6JMvgn+AIP0TRCjou6gooq0++FAd2d3ZmKa7+UE3u97s5wMnc8782O85GebsnJlhJ4ChdTEiJiMiy7LsSkSU8vlpnmKnlRrrvXj+eKGRksiyO39LIsnntT/r7Xx6Lt/sTER87csR30xej7uxtb0yX61W1vPyVH01eZll21eXV+eXKkuVtdnZmRtzN+euz033pJ3jEXHri3/6wXd/9qVbv/r0w9/f/cvkt1oNbNnbjl5qNb3Y/F+0FSJi/SSCDUih2cKW6wOuCwAAB2uc7384Ij4REVeiFCPNszkAAADgNMk+NxYvk9b9PwAAAOB0SiNiLJK0nD/vOxZpWi63nuH9aJxNq7WN+qey0u71gvEopveWq5Xp/NmB8SgmjfJM/oxtu3xtX3k2It6NiO+XRpvl8kKtujjQKx8AAAAwPM7tG///s9Qa/wMAAACnzPigKwAAAACcOON/AAAAOP2M/wEAAOBU+8rt242Utd9/vfhga3Ol9uDqYmVjpby6uVBeqK3fLy/VakvN3+xbPezzqrXa/c/E2uajqXploz61sbV9d7W2uVa/u/zKK7ABAACAPnr3wtPfJRGx89nRNCKyZM+yYkQ2snflQv/rB5yc9Dgr//Hk6gH038igKwAMjFN6GF7FQVcAGLjD+oGuD+/8uvd1AQAATsbEx3bv/zdTw1v5smSgNQNOWn7/P3Gsw/Bx/x+Gl/t/MLyKB50BGBTAqZce4VB/8/v/WXasSgEAAD031kxJWs7HAWORpuVyxDvN1wIUk3vL1cp0RHwoIn5bKr7dKM80t0xcHgAAAAAAAAAAAAAAAAAAAAAAAACAI8qyJLIuRnfXAQAAAD7IItI/J/n7vyZKl8f2Xx94K/lXqTmNiIc/vvPDR/P1+vpMY/7fd+fXf5TPv9bvqxcAAABAJ+1xenscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99OL544V26mfcv34hIsY7xS/Emeb0TBQj4uw/kijs2S6JiJEexN95EhHvdYqfNKoV43kt9sdPI2J0wPHP9SA+DLOnjf7n852OvzQuNqedj79Cnt5U9/4v3e3/Rrr0f+90+sD09VnvP/vFVNf4TyLeL3Tuf9rxky7xLx2xjd/4+vZ2t2XZTyMmOn7/JK/EmkoK96c2travLq/OL1WWKmuzszM35m7OXZ+bnrq3XK3kfzvG+N7Hf/mfg9p/tkv88UPaf/mI7f/3s0fPP9LKFvctKsZPsmzyUuf9/16X+O3vvk/mu7tRnmjnd1r5vc7//DfnLxzQ/sUu7T9s/08esf1XvvqdPxxxVQCgDza2tlfmq9XK+vEyScTOG2wuM1yZ0ehj0Pk4aJ32SWwf6vPtPNT/xS44dmZwfRIAAHAy/nfSP+iaAAAAAAAAAAAAAAAAAAAAwPA67GfAogc/J7Y/5s5gmgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKD/BgAA//+6ychX")
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x9}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0xfffffff7, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x3ff, 0x40000000}, {}, {0x0, 0x7, 0x0, 0x2, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfff00003}, {}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x2, 0x0, 0x4}, {0x0, 0x2e9c, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {0x1}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

427.993285ms ago: executing program 2 (id=6320):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
vmsplice(r2, 0x0, 0x0, 0xa)

400.101377ms ago: executing program 2 (id=6322):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000600"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000007c0)=""/259, 0x103}], 0x1}, 0x0)
close(r2)

395.924808ms ago: executing program 8 (id=6323):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r2, &(0x7f0000000180), 0x0, 0x0)

352.593231ms ago: executing program 4 (id=6324):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r1 = perf_event_open(&(0x7f0000000340)={0x3, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socket(0x10, 0x803, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
preadv(r5, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xdc}], 0x1, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f0000002480)={{r0}, "aa84e6e5e648333fd6d49977d709740108a98708b3954b66b5f6e6bd19abb22866a5c1668e43f055730daf38e9bbc0d9cbc95ea2a91a043c0b009e3a904413ad31e4c1da3933f0b126a809807ca8fa1e6d6ef8a3d2c190085900a8da75687a638af0b1b4065e69f08ec201e95cc7be36806b1ea5eb3033aeb558c42d1a7b2aada563848bf3f307d66b0b139e66853e40f1fdba6bb4d3a86d4dc5e66dc44d16ba4581967f6f5e43880b5245e81eab84f6bf9a53380188ca2de3e42a059e427ee95e3bd0fbdd28ed5077e454250b478c8ccbb9559835c319c80037fab900e8176b7a8465c5c10a84fbd128e9f6a355d9bac5f9c3fd24b12778241017fa9032d0ed9bcdee406ad5e654652a2893e400e39c13c1da05a30fb6e6b2d07ebfce7ae3071d8598717e9cbf2993c995937c24bb6e420a641afc09eb2bfa5dd6a1397ab3495f4ee8fbcf746c6dd471546a937d000ad303be884ac39a633310cb3316dbff26dda12f6ac54b8e9f59f91eee1e5cd881716dfa6a904e7706262177c08047cd072d4bd1a9bd13569455ad7b7923a0e6445481994ec090362e9da2a02d8c26a3c3a748a9fe5847b550a4ca832a65aad92c8f8ac9319790eb824a1bfd9cabae103f8369af65733058c4d480e64672afe8ee7e374beb5c87410a4709c142e4f1ca052f76275f8da61422c11c39688eeef708af26945552407f894441d6605325cb97b061f5e886c3361e6067b4a8378f5df42f2ca83c2ea61d354f81dc6e9f4d433627a64f15739045b11db2e43c849507dcecc2da4401b3c0c2ba6ab201e7b11a960d39e247b36b8e3d29b882f081ecf0680a4dff3dff6ac70e0c732083edc70fab8ebae8a4d07e027138cd87a23d8bdd08d065aae20011b2439540b73799d1843e2733d389ad81a4eb13d65a607b402198d08bee7bc3c2506194f3e80cbe374d1729155bd381b0415dd6a7231dd5864410319feb7cbfe94f0f514da5f893df0e631d403ed09000817a454c045a646ae591aba20f9b96a7df0e1d98ae00c19c5d8e5203c33edf645eac165ba728c82332bc03e9e1db33351362e8a88afeb6a5a93d8a45a604b496c98adb8a29f50cd81b8a320399f77051f019028b6c52eab578bc30ff2886641cf79419a3a6e8b52cda0ff07d3f85d88d5945e8186ce4249c00816151879c4f85af92eaa3605656c16ce090d13707f9dae3b24d41b3132251d98b36f88e6a13e5bf2d3934070584d163226c69c08cb38765b541b78c561d2092fa8d68d6287ec03a450d2ad3345c543fc6498b4dd09298ac9f48ea7794db2e8a80e7b987beef2f2f25d3e95e7c8abe41211ae79ea6971c14756da2da3af8d5ad21b1600ab1c74d88a9096f3cc3546b6180d117abcf1f0706a89bbc0c84a2317113dd7d4bccafec3b34bc9911d2a1a7e1b210ec5183cf1692fb4fb688344e6be6d904ade83a22e986b72c6cd3efa98fd238c753763d95a01814a5d926d5a31d189ff4e2680d27c915c59ae8d1de02d2a4f7f37ceb850da5273f9edae58bda8031098518ddcc2bedaf1a622280fad31ca4afa8f6a7dadcce0ff4d3c103b47b22581c4186b9bdcb2ff9441901e9eaa2804608b7df35bc11301a0eae15a2a752c7088bc8bc7f331cf938836826f310eb24fd7ebc67add7dc3f82f5afc02cbbe677eb4d002bd3003c20d5d558cadaf880cb9794cee7f78629b73e3b99f46c4c439969d0dc038b6e259a8d4c42f54517c5d5dd7d865c430ac279911deac0a7d594d9aa88b3a5a05851c4f31a7ef61d87c5c4ca419fcbf90f8f004ed028a4a5cf09eebf0ac76cbfd334107369a272d35ebb927b1778f029a72372f8d705d16566cfb7f3ef790623073d171a5e60a9338a3f88aec441037dfeb506d8325d49e9927b5f61f6fab6bbcae96c523d9a4603aeae0c3d35f367f410023f5098c3ec21369f7c5a2ef44efa5c70a558ea7efdb6108c97ad8b1fdb7d2a0ebb49fbcf8654d3a01b3c7607e0659ad908c534b155fd58d32cd6f808074157c1753e219bd40a18aceca65fd04403fc5d8cd26d981016827d52577c1e3733cddb1fd323160bdefd4a5957cd8d5c510a6ce8e4776fa0f9f01da6bbd6399c8f3ff58a4fcf04ce4b623858cf6be65d85c1cafdbf9e48bef4032ad3a0f314007533f1fe633b04f68af8b54f44b2fb2689e93fbe2522b986202f8d4a10d9f1651256ef4986e00c7dadcb3368b32d7882a1f0f5ac1b01464195b9d23038c50724d6420f44bfb61a6c2ed6bcb19b8b428dd02debf13b94cb6e1b8a395c1171e24c3a8ae17c67a1f3227a511995e541e2dba217f988f77c0496dccac671b522826b8b90fc89b9fec4a4d25a2da437a16d88e8a5f32381e4e4a06457a644122ff2f265733f0047630f97e0d7d805365c11e5d46d457190a1431bcedd34519c4e55781fe0ca6c80a62e9cc492a5d56f9902d7f4fefcd463ec2500f6807d90620eacc319623b87f6928d12484bb826318492b8d0ac382e0eb8f5f7df378636d68cd3933461014df26e5f7479da7b1620a01fe701b153c7d4bc06deef0bc44ce4139af2adb2a07dfabe1626d263c8f71aecdd7dd438f07c96c8d6519572a111e63a89bb8d636a86c906c2ed1729937cb8eb6aa87c2806025e3eac37f3f39a87f33b573b9c5f2d39c16438703d2479f866d9dda21f6f9b54e60a14c78036e495ad5d320b83c689f260fc4e69fcab81ba612e28a572c9a716e71aa8f82f12e2db6879a5ea869daccc55de2dcd32dfb6073b0de6aebd4edf923de1aa12458fe3153a2ac305f6d7ad9509538e64526e5a8f7f919c50d48f862357ffa3e5ac502a52608f74800102ba46d033727ad3969bb90769ee125df26b00bba8e88a6a1b788f1e3a8cd4109122774fa98c000f8b242c95a7d1d78f92eed3bb8b7f76f7f62dd2923fd853b4ddd127eaebc8e4db3a651b1a7270ebfd199b84f56a5f0f17f00a84ce53896dbdcac3404b9a9722b3cdca717ccc970f7d58612a2512c4b6f142fd3370ccece0db6e266a3d62353730a943df3aee61e124db1d525b7beb59a0cb6e8ad2583ff0f80fb82135f287c193b49e98c325e0d3fc7972a5f3a73de423cedbb97f6852ffe8820d67cc0286d6ceecc37e67aa067517718ee760214c49586c3cc8791d5921389ecb4733310425635f24c8571d05651cef5fa4120ee96a2f19e00fb101fd28e0d01940211ba3753fd9f561f4cd175d25f5263b2bb4d3d7d17adaade9fa5c54859df3b364cb40c8624320afeb301f60425502b21993c55bde44ddc07bea1ff0b75afe6f79e92843099ccc9d6c9416cc51b1b235130febbe6558cbc72ac7368a4e38a19117827ca75bcf163c09600c591af6f9d1f8419176593a03a1fd505fcc717ea6539985863d916c581ed390b4ee912f35fa2744412543f4f628f3d4e00e94c459181172a1bebc68c38876b0d51428e98c4ee90b441c3334c584d24de16e3767003cabb595550db64b94a5ea10cf27ef846ba679397aca6974b7b9bfe6a3d445ab504b99928a6dd165a3a256bf7990d3f3b15147f9855b47f4d1268929892ca6e2c0a16177e616b1d3413edaa770f188e6015ac914d38722b55edb99b89efad1c17c19598106b7888215bbd0a81aa3642f30950edd855746595bd9af351537f0eb0c06a7f818c938d45c51173bf3803e7d566e1ccfd49433ee2d2ce01418cf0bf882688689bf540012d23019d9937dba395d3aff0de7c3d45f357695351ceb3c6d497a8441a1027d679948cf27ef5e5f5261df18fb7d34bf3feb5dabe368cb63561fe5ef281c5fa80f109a64c0dd282f484e827181b9aec7ed91dc001e92deeb29d8e9812df8eafea542516a5c5fc69891254e6f6c87970beabc6192caeb3d4d5ac1cedcb169230d49afa51ba10a7ff29707cb37f23256dc5b38fbe147b88948f428a4d9098c39fae0b7f7075d26029e4cd568df459bb4f26a53aa90d990f2fef0b303e0a0e3c04ba01d09e20ed00f88b9219d66a2da73f350fb3314f1e1b96eac6362993441e57c0fb179df1552059795fd1af0112731aa48855e4e401bc4997e9f7212920eae8995e2fb443e3a0df54723363c5e5a392faefccd8d6d5f31706d9d287ac76f2be3834a6596f67872eeef86dc40df1fe6df3ee28368c0df4a5dcecc4b075c0419015cac7f7478351a7d986a2fd1ae8d752b6f3ad8d0ee0f16cac15fd1ff19dd88c503f7f2e9593888d8bd22197af78733ee9fa392b136cdde6cec2aabd4adfdf4f029be4c15805c1b724881060f01f45e1a353c83862a35ced90aa9796cf5ae9b1965d2e8d1f670a11597de33e9f63dc1fe7eb205d875948d02daf78bfd345352ff86103dba60007f766a972c3c5a6a4c35025adcef85e315bbd805ba2ff00fabd896f352f38e81b4ac20feaa5b1f8f89d94d363ba26841f9e758365e92d628d805ec865f06be31a4aa9ad86986e61a3063e7707cb4e2380bcf72607cb84315e3bb4469cc76a810c460a103ac05001fb5843f5dfa9bac2e685dfaf52ed558a957ba3c90fabe5c401dc7b33de91adcf038082e888d948d4840120001f0b990038e88fea053b1646bc94f27fb5edee7dcb2e8fb7a8c28054574f62137a75a1cfa059a87e873b9a0942c30cecc43a652e2bd33db876a307e4cbf71922e712f2c619c6e2bd0a04464526517278d1bfb26a47589aa41d20664d55ccbed805f61e1e13b6641d01c61373c2d1f282967f784cc5e3cbbe8a208a69e4dd9383974dea67e7895e4a8767df905d5adc2a43cad6246eb071092d59aab17caa9d4c5d8b4e758896991443d98c86be045bdc016a42d8a1a435996173896b030955e9db90969a665d180f0528b84f1c1c5f10fc61e92b60834b7787ebd57617f70c3039ce147e59bc536b83c0feeb1c6fd5b15e540fd89539f409bde3ada20da9c67264f7b288a7acdeb2acdcbcf9b3d8736363d4e14ca323d84cb2dc11095dc37ed5076264d12c03532611083a07833647dfe78867903d9447c0b513398eaf1fbfc19d39fab6ce319e05bfce26598c958dbc1ff1fbda28c0ba803a08e537b1d2677f88c34d9ae6979809c2a2c3fecad19ed07fb57e914cfdb0ad381522e15a91a4ad4fe15f579bc88fa08fd2264c111965b3e4976d20598add2682fa0b3c8dee0573c11315bfd6050daf963cb0a4d2c628808aecef1a857081b961db22d566eba3d48be4af77f8aa1549651773916279b2d8bda1474b6dc682c5ddfd86e9aac9acaac3fb72e3e8f9f27096b0c3f0b0e9f6e6e5fbc70d0bfe9fb715aa551e7991f34baa7bc68d68f40269fa19d6c7fcb7574d0ac359558ee613e68deaf03db6aafe8b2ee8064f78677a65041d6d1d4f67e3a9a5576460397ff932dfcbcb209d62e5aabd3d030d1be16d477caad74b6b2a438e633af8fe37512a26df0892aa6abca59cc7b90224b2a8aabfcb505fa1cca4422d6d774118b9664f30dc43072b3e3ce5094611851efaf57c47e8c22e65b4677e68d7a50f7b2ac970f64397b6e2333a3c4cc6d75d76e73c47d72ac94f218e0066d723737d5d1860a92ac00c7a066181ae2e86990b02d0f98d838f855ef5b7597e3a440431656bb4689f69ff81686f05fd4a1698192ec4cc010a2dbd9de43486f3e0759a2fe19459f31fca316240ab5e36446234614fa39502e380a2310312d56e04a5ed447831ae8d63dd8384e9c152a132ed916dcfa2a6f5290f363a1c4a05bbfafd181376c2b3eef250e98385145ba81d77b9d5be1c8ceb7cf3ceb6e7907314340ecd15a8471feb1b3b2a5ce4f5219ca87615b"})
socket(0xf, 0x3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0x6a, &(0x7f0000000240)=ANY=[], 0x0)

297.637826ms ago: executing program 4 (id=6325):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r2}, 0x10)
getitimer(0x0, &(0x7f000001a300))
r3 = dup(r0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000000)={0x1000, 0xfffffffb, 0x4, 0x554a, 0xff, "0074fff400041e200000f3e90a000100"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000440)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000e20000001801000020786c2500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4, 0x0, 0xa2bc0000000}, 0x18)
r5 = pidfd_getfd(0xffffffffffffffff, r4, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r5, 0xc4c03d09, &(0x7f0000000b00)={0x12})
set_robust_list(0x0, 0x0)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
r6 = gettid()
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f00000006c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0xffe0000, @remote, 0xeedc}}}, 0x30)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000003c0)={{0x77359400}, {0x0, 0x989680}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000002060102000000000000000007000008eb213b59e6c77c1a0eaac597480ccded7d87b1cb4e8f7103999b6b916c1008000000e376c33201b178e1571afdc8c7d460e26fc6af279b33d233ab08abbdf7d851d571dda0370b7286a07ae2aa249ffdf3b843d0f33abc58a978a9bfecc9c7880e9a0dac67094218ca61eae3f1e953"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x200000000000000)
sendmsg$inet_sctp(r3, &(0x7f0000000180)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0x100, @private1}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000040)="99", 0x1}], 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000008400000000000000000200fc0100dfff20000000000000008400000008000000fc000000000000000000000f0000000020000000000000008400000002000000050041"], 0x58, 0x4855}, 0x8850)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0x20, &(0x7f0000000080)={&(0x7f0000000300)=""/141, 0x8d, 0x0, &(0x7f00000004c0)=""/252, 0xfc}}, 0x10)

214.530742ms ago: executing program 8 (id=6326):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x2c, 0x0, 0x8, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8906}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmpv6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4040)

202.216804ms ago: executing program 8 (id=6327):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0xc0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000380)={0x3, 0x1, 0x7, 0x2, 0x2})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pim6reg0\x00', 0x2})
ioctl$TUNSETTXFILTER(r2, 0x400454d1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
socket(0x400000000010, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

158.290897ms ago: executing program 4 (id=6328):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000040)) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x4, &(0x7f00000000c0)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xb3}, [@call={0x85, 0x0, 0x0, 0x75}]}, &(0x7f0000000480)='GPL\x00'}, 0x94) (async)
r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9) (async)
r3 = socket(0x1f, 0x80000, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) (async)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) (async)
timer_create(0x2, &(0x7f00000001c0)={0x0, 0x40, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000240))
fchdir(r1)
fchdir(r1) (async)
unshare(0x2040400) (async)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f00000003c0), 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) (async)
r5 = socket$kcm(0x29, 0x2, 0x0) (async)
r6 = socket$inet6(0xa, 0x803, 0x6) (async)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) (async)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000000100))
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
r8 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, &(0x7f0000000140)=<r9=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) (async)
io_uring_enter(r8, 0x66a8, 0x4000, 0xc, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000180)={r6, r4})

126.63724ms ago: executing program 6 (id=6329):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

86.137733ms ago: executing program 4 (id=6330):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300e1ffffff00850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5}, 0x18)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r6, @ANYBLOB="070000000000000000000500f500180001801400020073797a5f74756e000000000000000000cc00038004000380c4000380180001800400030008000100cb060000080001"], 0xf8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='percpu_free_percpu\x00', r2}, 0x18)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r7}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f00000001c0)="390000fa461ad7e48489bffa56020013001118680907071200000f0000ff3f21000000170a00170000000004001407100003000131d7b2d0370a00f302415af0083f52b3ac", 0x45}], 0x1)
r8 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
setreuid(0x0, 0xee00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r8, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r8])
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', <r11=>0x0})
r12 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r12, 0x107, 0x15, 0x0, &(0x7f0000000100))
sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{}, [@TCA_NETEM_LOSS={0x10, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x6, 0x5000}}]}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x70}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r11, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x806}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r13, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

85.566513ms ago: executing program 6 (id=6331):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000007c0)=""/259, 0x103}], 0x1}, 0x0)
close(r1)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)

64.013795ms ago: executing program 4 (id=6332):
creat(&(0x7f00000000c0)='./file0\x00', 0xce)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='mpol=interleave,mpol=local'])

63.195315ms ago: executing program 7 (id=6333):
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')

38.429467ms ago: executing program 4 (id=6334):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000000800)=@framed={{}, [@alu={0x7, 0x1, 0x5, 0x6, 0xa, 0x10, 0xffffffffffffffff}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
openat$cgroup_procs(r0, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0xfff0)
r2 = socket(0x400000000010, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="05ba790700000000000000000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001a80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000600014002020c600e41b0000900ac000a0501000000160012000a00ff120048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x894)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='kfree_skb\x00', r5}, 0x18)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r6, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r7, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10400}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)={0x168, 0xa, 0x6, 0x301, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x6c, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x251f382f}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0xe94}, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x10}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x10001}, @IPSET_ATTR_COMMENT={0x11, 0x1a, 'cgroup.procs\x00'}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x9}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x9}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x4}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_ADT={0x28, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x800}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x2}}]}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x8, 0x1a, 'GPL\x00'}}]}, @IPSET_ATTR_ADT={0x2c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x7}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e24}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x2}}]}, @IPSET_ATTR_ADT={0x1c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x49}}]}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_ETHER={0xa}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x30}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x7}, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x2}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x401}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}]}, 0x168}, 0x1, 0x0, 0x0, 0x4000090}, 0x4000013)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {0x2}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x11}, {0xfffffecb, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000040)=0xb32, 0x4)
openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00')

0s ago: executing program 6 (id=6335):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r1 = perf_event_open(&(0x7f0000000340)={0x3, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socket(0x10, 0x803, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
preadv(r5, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xdc}], 0x1, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f0000002480)={{r0}, "aa84e6e5e648333fd6d49977d709740108a98708b3954b66b5f6e6bd19abb22866a5c1668e43f055730daf38e9bbc0d9cbc95ea2a91a043c0b009e3a904413ad31e4c1da3933f0b126a809807ca8fa1e6d6ef8a3d2c190085900a8da75687a638af0b1b4065e69f08ec201e95cc7be36806b1ea5eb3033aeb558c42d1a7b2aada563848bf3f307d66b0b139e66853e40f1fdba6bb4d3a86d4dc5e66dc44d16ba4581967f6f5e43880b5245e81eab84f6bf9a53380188ca2de3e42a059e427ee95e3bd0fbdd28ed5077e454250b478c8ccbb9559835c319c80037fab900e8176b7a8465c5c10a84fbd128e9f6a355d9bac5f9c3fd24b12778241017fa9032d0ed9bcdee406ad5e654652a2893e400e39c13c1da05a30fb6e6b2d07ebfce7ae3071d8598717e9cbf2993c995937c24bb6e420a641afc09eb2bfa5dd6a1397ab3495f4ee8fbcf746c6dd471546a937d000ad303be884ac39a633310cb3316dbff26dda12f6ac54b8e9f59f91eee1e5cd881716dfa6a904e7706262177c08047cd072d4bd1a9bd13569455ad7b7923a0e6445481994ec090362e9da2a02d8c26a3c3a748a9fe5847b550a4ca832a65aad92c8f8ac9319790eb824a1bfd9cabae103f8369af65733058c4d480e64672afe8ee7e374beb5c87410a4709c142e4f1ca052f76275f8da61422c11c39688eeef708af26945552407f894441d6605325cb97b061f5e886c3361e6067b4a8378f5df42f2ca83c2ea61d354f81dc6e9f4d433627a64f15739045b11db2e43c849507dcecc2da4401b3c0c2ba6ab201e7b11a960d39e247b36b8e3d29b882f081ecf0680a4dff3dff6ac70e0c732083edc70fab8ebae8a4d07e027138cd87a23d8bdd08d065aae20011b2439540b73799d1843e2733d389ad81a4eb13d65a607b402198d08bee7bc3c2506194f3e80cbe374d1729155bd381b0415dd6a7231dd5864410319feb7cbfe94f0f514da5f893df0e631d403ed09000817a454c045a646ae591aba20f9b96a7df0e1d98ae00c19c5d8e5203c33edf645eac165ba728c82332bc03e9e1db33351362e8a88afeb6a5a93d8a45a604b496c98adb8a29f50cd81b8a320399f77051f019028b6c52eab578bc30ff2886641cf79419a3a6e8b52cda0ff07d3f85d88d5945e8186ce4249c00816151879c4f85af92eaa3605656c16ce090d13707f9dae3b24d41b3132251d98b36f88e6a13e5bf2d3934070584d163226c69c08cb38765b541b78c561d2092fa8d68d6287ec03a450d2ad3345c543fc6498b4dd09298ac9f48ea7794db2e8a80e7b987beef2f2f25d3e95e7c8abe41211ae79ea6971c14756da2da3af8d5ad21b1600ab1c74d88a9096f3cc3546b6180d117abcf1f0706a89bbc0c84a2317113dd7d4bccafec3b34bc9911d2a1a7e1b210ec5183cf1692fb4fb688344e6be6d904ade83a22e986b72c6cd3efa98fd238c753763d95a01814a5d926d5a31d189ff4e2680d27c915c59ae8d1de02d2a4f7f37ceb850da5273f9edae58bda8031098518ddcc2bedaf1a622280fad31ca4afa8f6a7dadcce0ff4d3c103b47b22581c4186b9bdcb2ff9441901e9eaa2804608b7df35bc11301a0eae15a2a752c7088bc8bc7f331cf938836826f310eb24fd7ebc67add7dc3f82f5afc02cbbe677eb4d002bd3003c20d5d558cadaf880cb9794cee7f78629b73e3b99f46c4c439969d0dc038b6e259a8d4c42f54517c5d5dd7d865c430ac279911deac0a7d594d9aa88b3a5a05851c4f31a7ef61d87c5c4ca419fcbf90f8f004ed028a4a5cf09eebf0ac76cbfd334107369a272d35ebb927b1778f029a72372f8d705d16566cfb7f3ef790623073d171a5e60a9338a3f88aec441037dfeb506d8325d49e9927b5f61f6fab6bbcae96c523d9a4603aeae0c3d35f367f410023f5098c3ec21369f7c5a2ef44efa5c70a558ea7efdb6108c97ad8b1fdb7d2a0ebb49fbcf8654d3a01b3c7607e0659ad908c534b155fd58d32cd6f808074157c1753e219bd40a18aceca65fd04403fc5d8cd26d981016827d52577c1e3733cddb1fd323160bdefd4a5957cd8d5c510a6ce8e4776fa0f9f01da6bbd6399c8f3ff58a4fcf04ce4b623858cf6be65d85c1cafdbf9e48bef4032ad3a0f314007533f1fe633b04f68af8b54f44b2fb2689e93fbe2522b986202f8d4a10d9f1651256ef4986e00c7dadcb3368b32d7882a1f0f5ac1b01464195b9d23038c50724d6420f44bfb61a6c2ed6bcb19b8b428dd02debf13b94cb6e1b8a395c1171e24c3a8ae17c67a1f3227a511995e541e2dba217f988f77c0496dccac671b522826b8b90fc89b9fec4a4d25a2da437a16d88e8a5f32381e4e4a06457a644122ff2f265733f0047630f97e0d7d805365c11e5d46d457190a1431bcedd34519c4e55781fe0ca6c80a62e9cc492a5d56f9902d7f4fefcd463ec2500f6807d90620eacc319623b87f6928d12484bb826318492b8d0ac382e0eb8f5f7df378636d68cd3933461014df26e5f7479da7b1620a01fe701b153c7d4bc06deef0bc44ce4139af2adb2a07dfabe1626d263c8f71aecdd7dd438f07c96c8d6519572a111e63a89bb8d636a86c906c2ed1729937cb8eb6aa87c2806025e3eac37f3f39a87f33b573b9c5f2d39c16438703d2479f866d9dda21f6f9b54e60a14c78036e495ad5d320b83c689f260fc4e69fcab81ba612e28a572c9a716e71aa8f82f12e2db6879a5ea869daccc55de2dcd32dfb6073b0de6aebd4edf923de1aa12458fe3153a2ac305f6d7ad9509538e64526e5a8f7f919c50d48f862357ffa3e5ac502a52608f74800102ba46d033727ad3969bb90769ee125df26b00bba8e88a6a1b788f1e3a8cd4109122774fa98c000f8b242c95a7d1d78f92eed3bb8b7f76f7f62dd2923fd853b4ddd127eaebc8e4db3a651b1a7270ebfd199b84f56a5f0f17f00a84ce53896dbdcac3404b9a9722b3cdca717ccc970f7d58612a2512c4b6f142fd3370ccece0db6e266a3d62353730a943df3aee61e124db1d525b7beb59a0cb6e8ad2583ff0f80fb82135f287c193b49e98c325e0d3fc7972a5f3a73de423cedbb97f6852ffe8820d67cc0286d6ceecc37e67aa067517718ee760214c49586c3cc8791d5921389ecb4733310425635f24c8571d05651cef5fa4120ee96a2f19e00fb101fd28e0d01940211ba3753fd9f561f4cd175d25f5263b2bb4d3d7d17adaade9fa5c54859df3b364cb40c8624320afeb301f60425502b21993c55bde44ddc07bea1ff0b75afe6f79e92843099ccc9d6c9416cc51b1b235130febbe6558cbc72ac7368a4e38a19117827ca75bcf163c09600c591af6f9d1f8419176593a03a1fd505fcc717ea6539985863d916c581ed390b4ee912f35fa2744412543f4f628f3d4e00e94c459181172a1bebc68c38876b0d51428e98c4ee90b441c3334c584d24de16e3767003cabb595550db64b94a5ea10cf27ef846ba679397aca6974b7b9bfe6a3d445ab504b99928a6dd165a3a256bf7990d3f3b15147f9855b47f4d1268929892ca6e2c0a16177e616b1d3413edaa770f188e6015ac914d38722b55edb99b89efad1c17c19598106b7888215bbd0a81aa3642f30950edd855746595bd9af351537f0eb0c06a7f818c938d45c51173bf3803e7d566e1ccfd49433ee2d2ce01418cf0bf882688689bf540012d23019d9937dba395d3aff0de7c3d45f357695351ceb3c6d497a8441a1027d679948cf27ef5e5f5261df18fb7d34bf3feb5dabe368cb63561fe5ef281c5fa80f109a64c0dd282f484e827181b9aec7ed91dc001e92deeb29d8e9812df8eafea542516a5c5fc69891254e6f6c87970beabc6192caeb3d4d5ac1cedcb169230d49afa51ba10a7ff29707cb37f23256dc5b38fbe147b88948f428a4d9098c39fae0b7f7075d26029e4cd568df459bb4f26a53aa90d990f2fef0b303e0a0e3c04ba01d09e20ed00f88b9219d66a2da73f350fb3314f1e1b96eac6362993441e57c0fb179df1552059795fd1af0112731aa48855e4e401bc4997e9f7212920eae8995e2fb443e3a0df54723363c5e5a392faefccd8d6d5f31706d9d287ac76f2be3834a6596f67872eeef86dc40df1fe6df3ee28368c0df4a5dcecc4b075c0419015cac7f7478351a7d986a2fd1ae8d752b6f3ad8d0ee0f16cac15fd1ff19dd88c503f7f2e9593888d8bd22197af78733ee9fa392b136cdde6cec2aabd4adfdf4f029be4c15805c1b724881060f01f45e1a353c83862a35ced90aa9796cf5ae9b1965d2e8d1f670a11597de33e9f63dc1fe7eb205d875948d02daf78bfd345352ff86103dba60007f766a972c3c5a6a4c35025adcef85e315bbd805ba2ff00fabd896f352f38e81b4ac20feaa5b1f8f89d94d363ba26841f9e758365e92d628d805ec865f06be31a4aa9ad86986e61a3063e7707cb4e2380bcf72607cb84315e3bb4469cc76a810c460a103ac05001fb5843f5dfa9bac2e685dfaf52ed558a957ba3c90fabe5c401dc7b33de91adcf038082e888d948d4840120001f0b990038e88fea053b1646bc94f27fb5edee7dcb2e8fb7a8c28054574f62137a75a1cfa059a87e873b9a0942c30cecc43a652e2bd33db876a307e4cbf71922e712f2c619c6e2bd0a04464526517278d1bfb26a47589aa41d20664d55ccbed805f61e1e13b6641d01c61373c2d1f282967f784cc5e3cbbe8a208a69e4dd9383974dea67e7895e4a8767df905d5adc2a43cad6246eb071092d59aab17caa9d4c5d8b4e758896991443d98c86be045bdc016a42d8a1a435996173896b030955e9db90969a665d180f0528b84f1c1c5f10fc61e92b60834b7787ebd57617f70c3039ce147e59bc536b83c0feeb1c6fd5b15e540fd89539f409bde3ada20da9c67264f7b288a7acdeb2acdcbcf9b3d8736363d4e14ca323d84cb2dc11095dc37ed5076264d12c03532611083a07833647dfe78867903d9447c0b513398eaf1fbfc19d39fab6ce319e05bfce26598c958dbc1ff1fbda28c0ba803a08e537b1d2677f88c34d9ae6979809c2a2c3fecad19ed07fb57e914cfdb0ad381522e15a91a4ad4fe15f579bc88fa08fd2264c111965b3e4976d20598add2682fa0b3c8dee0573c11315bfd6050daf963cb0a4d2c628808aecef1a857081b961db22d566eba3d48be4af77f8aa1549651773916279b2d8bda1474b6dc682c5ddfd86e9aac9acaac3fb72e3e8f9f27096b0c3f0b0e9f6e6e5fbc70d0bfe9fb715aa551e7991f34baa7bc68d68f40269fa19d6c7fcb7574d0ac359558ee613e68deaf03db6aafe8b2ee8064f78677a65041d6d1d4f67e3a9a5576460397ff932dfcbcb209d62e5aabd3d030d1be16d477caad74b6b2a438e633af8fe37512a26df0892aa6abca59cc7b90224b2a8aabfcb505fa1cca4422d6d774118b9664f30dc43072b3e3ce5094611851efaf57c47e8c22e65b4677e68d7a50f7b2ac970f64397b6e2333a3c4cc6d75d76e73c47d72ac94f218e0066d723737d5d1860a92ac00c7a066181ae2e86990b02d0f98d838f855ef5b7597e3a440431656bb4689f69ff81686f05fd4a1698192ec4cc010a2dbd9de43486f3e0759a2fe19459f31fca316240ab5e36446234614fa39502e380a2310312d56e04a5ed447831ae8d63dd8384e9c152a132ed916dcfa2a6f5290f363a1c4a05bbfafd181376c2b3eef250e98385145ba81d77b9d5be1c8ceb7cf3ceb6e7907314340ecd15a8471feb1b3b2a5ce4f5219ca87615b"})
socket(0xf, 0x3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0x6a, &(0x7f0000000240)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

g max 2352 ests per chain, 117600 per kthread
[  272.086234][   T29] audit: type=1326 audit(1756203828.147:11400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21403 comm="syz.4.5366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5d764bd61f code=0x7ffc0000
[  272.116868][   T29] audit: type=1326 audit(1756203828.147:11401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21403 comm="syz.4.5366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5d764bd7ca code=0x7ffc0000
[  272.140477][   T29] audit: type=1326 audit(1756203828.147:11402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21403 comm="syz.4.5366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d764beb69 code=0x7ffc0000
[  272.164221][   T29] audit: type=1326 audit(1756203828.147:11403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21403 comm="syz.4.5366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d764beb69 code=0x7ffc0000
[  272.312280][   T29] audit: type=1326 audit(1756203828.377:11404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21411 comm="syz.2.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  272.336494][   T29] audit: type=1326 audit(1756203828.377:11405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21411 comm="syz.2.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  272.360228][   T29] audit: type=1326 audit(1756203828.377:11406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21411 comm="syz.2.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  272.383897][   T29] audit: type=1326 audit(1756203828.377:11407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21411 comm="syz.2.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  272.407650][   T29] audit: type=1326 audit(1756203828.377:11408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21411 comm="syz.2.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  272.477523][T21421] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5375'.
[  272.514673][T21421] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(10)
[  272.521318][T21421] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  272.528960][T21421] vhci_hcd vhci_hcd.0: Device attached
[  272.542995][T21426] vhci_hcd: connection closed
[  272.543797][ T3446] vhci_hcd: stop threads
[  272.552851][ T3446] vhci_hcd: release socket
[  272.557349][ T3446] vhci_hcd: disconnect device
[  272.693263][T21431] veth0_vlan: left promiscuous mode
[  272.805858][T21435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5378'.
[  272.814829][T21435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5378'.
[  272.867682][T21436] loop2: detected capacity change from 0 to 512
[  272.890107][T21438] netlink: 'syz.7.5379': attribute type 12 has an invalid length.
[  272.915795][T21436] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  272.938238][T21436] EXT4-fs (loop2): orphan cleanup on readonly fs
[  272.991827][T21436] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  273.060040][T21436] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  273.079129][T21444] program syz.7.5381 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  273.107184][T21436] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.5378: bg 0: block 40: padding at end of block bitmap is not set
[  273.124660][T21436] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  273.145148][T21436] EXT4-fs (loop2): 1 truncate cleaned up
[  273.151136][T21436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  273.210102][T21451] loop6: detected capacity change from 0 to 128
[  273.249959][T21455] loop8: detected capacity change from 0 to 128
[  273.274276][T21455] /dev/loop8: Can't open blockdev
[  273.274295][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.290930][T21456] netlink: 'syz.8.5385': attribute type 1 has an invalid length.
[  273.299143][T21457] netlink: 'syz.8.5385': attribute type 1 has an invalid length.
[  273.356047][T21459] netlink: 'syz.4.5388': attribute type 3 has an invalid length.
[  273.375703][T21467] netlink: 'syz.6.5390': attribute type 1 has an invalid length.
[  273.469613][T21484] loop8: detected capacity change from 0 to 1024
[  273.478096][T21484] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  273.490039][T21484] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:483: comm syz.8.5396: Invalid block bitmap block 0 in block_group 0
[  273.504569][T21484] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.5396: Failed to acquire dquot type 0
[  273.518388][T21484] EXT4-fs error (device loop8): ext4_free_blocks:6696: comm syz.8.5396: Freeing blocks not in datazone - block = 0, count = 4096
[  273.557342][T21484] EXT4-fs error (device loop8): ext4_read_inode_bitmap:139: comm syz.8.5396: Invalid inode bitmap blk 0 in block_group 0
[  273.571032][T21494] loop4: detected capacity change from 0 to 128
[  273.573724][ T2570] EXT4-fs error (device loop8): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[  273.579160][T21484] EXT4-fs error (device loop8) in ext4_free_inode:361: Corrupt filesystem
[  273.602237][T21484] EXT4-fs (loop8): 1 orphan inode deleted
[  273.608491][T21484] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.654405][T17042] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.748452][T21506] loop8: detected capacity change from 0 to 764
[  273.764424][T21506] rock: directory entry would overflow storage
[  273.770645][T21506] rock: sig=0x4654, size=5, remaining=4
[  273.888431][T21518] hub 6-0:1.0: USB hub found
[  273.913835][T21518] hub 6-0:1.0: 8 ports detected
[  274.051131][T21527] loop4: detected capacity change from 0 to 1024
[  274.065090][T21527] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  274.076045][T21531] loop2: detected capacity change from 0 to 128
[  274.084421][T21531] vfat: Unknown parameter '00000000000000000000pU	*ó1I|Üt[@ê1)³åÏ}Ø™�µtY\ä´Œ‰0ôx?ÏÞäÎb'Õ¨t\»9‡ð¿;i"ÑÕ¢ì?¼™�Î�cèíÍôtF/+Ã%Ï’+ÅŒÜ1ju&vsú¶#¬ªÙ¹Ê´œ„3>±d+ŸD´G"·'
[  274.170151][T18283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  274.249020][T21549] loop7: detected capacity change from 0 to 128
[  274.279215][T21551] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5422'.
[  274.290082][T21549] vfat: Unknown parameter '00000000000000000000pU	*ó1I|Üt[@ê1)³åÏ}Ø™�µtY\ä´Œ‰0ôx?ÏÞäÎb'Õ¨t\»9‡ð¿;i"ÑÕ¢ì?¼™�Î�cèíÍôtF/+Ã%Ï’+ÅŒÜ1ju&vsú¶#¬ªÙ¹Ê´œ„3>±d+ŸD´G"·'
[  274.340546][T21559] netlink: 'syz.8.5426': attribute type 12 has an invalid length.
[  274.449061][T21566] loop6: detected capacity change from 0 to 128
[  274.468051][T21571] hub 6-0:1.0: USB hub found
[  274.475570][T21579] syz_tun: entered promiscuous mode
[  274.476417][T21571] hub 6-0:1.0: 8 ports detected
[  274.484109][T21579] syz_tun: left promiscuous mode
[  274.529491][T21584] loop4: detected capacity change from 0 to 128
[  274.624909][T21589] loop7: detected capacity change from 0 to 1024
[  274.635632][T21589] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  274.646754][T21589] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  274.665018][T21589] JBD2: no valid journal superblock found
[  274.670808][T21589] EXT4-fs (loop7): Could not load journal inode
[  274.691951][T21592] loop2: detected capacity change from 0 to 1024
[  274.707084][T21592] EXT4-fs: Ignoring removed orlov option
[  274.731865][T21592] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.738674][T21598] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5443'.
[  274.816142][T21603] tipc: Started in network mode
[  274.821192][T21603] tipc: Node identity 3e6ac6cfa4a, cluster identity 4711
[  274.828322][T21603] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  274.872446][T21610] loop8: detected capacity change from 0 to 128
[  274.937617][T21603] tipc: Disabling bearer <eth:syzkaller0>
[  274.944134][T21610] FAT-fs (loop8): error, invalid FAT chain (i_pos 548, last_block 8)
[  274.952723][T21610] FAT-fs (loop8): Filesystem has been set read-only
[  274.961711][T21610] FAT-fs (loop8): error, corrupted file size (i_pos 548, 522)
[  275.010907][T21620] loop8: detected capacity change from 0 to 128
[  275.070399][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.113885][T21622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5453'.
[  275.171776][T21624] FAULT_INJECTION: forcing a failure.
[  275.171776][T21624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.185084][T21624] CPU: 1 UID: 0 PID: 21624 Comm: syz.7.5454 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  275.185130][T21624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  275.185147][T21624] Call Trace:
[  275.185154][T21624]  <TASK>
[  275.185161][T21624]  __dump_stack+0x1d/0x30
[  275.185183][T21624]  dump_stack_lvl+0xe8/0x140
[  275.185201][T21624]  dump_stack+0x15/0x1b
[  275.185300][T21624]  should_fail_ex+0x265/0x280
[  275.185338][T21624]  should_fail+0xb/0x20
[  275.185375][T21624]  should_fail_usercopy+0x1a/0x20
[  275.185400][T21624]  copy_fpstate_to_sigframe+0x628/0x7d0
[  275.185465][T21624]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  275.185509][T21624]  ? x86_task_fpu+0x36/0x60
[  275.185622][T21624]  get_sigframe+0x34d/0x490
[  275.185716][T21624]  ? get_signal+0xdc8/0xf70
[  275.185764][T21624]  x64_setup_rt_frame+0xa8/0x580
[  275.185845][T21624]  arch_do_signal_or_restart+0x27c/0x480
[  275.185877][T21624]  exit_to_user_mode_loop+0x7a/0x100
[  275.185906][T21624]  do_syscall_64+0x1d6/0x200
[  275.185936][T21624]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  275.185968][T21624]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  275.186045][T21624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.186067][T21624] RIP: 0033:0x7f83be29eb67
[  275.186085][T21624] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  275.186108][T21624] RSP: 002b:00007f83bc8ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  275.186182][T21624] RAX: 000000000000002f RBX: 00007f83be4c5fa0 RCX: 00007f83be29eb69
[  275.186194][T21624] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000004
[  275.186206][T21624] RBP: 00007f83bc8ff090 R08: 0000000000000000 R09: 0000000000000000
[  275.186223][T21624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.186239][T21624] R13: 0000000000000000 R14: 00007f83be4c5fa0 R15: 00007ffdfa5cca58
[  275.186293][T21624]  </TASK>
[  275.439774][T21633] netlink: 'syz.6.5457': attribute type 12 has an invalid length.
[  275.560762][T21648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5464'.
[  275.569822][T21648] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5464'.
[  275.584069][T21648] loop2: detected capacity change from 0 to 512
[  275.603873][T21648] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  275.612281][T21648] EXT4-fs (loop2): orphan cleanup on readonly fs
[  275.619138][T21648] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  275.631304][T21653] program syz.7.5465 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  275.643755][T21648] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  275.665714][T21648] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.5464: bg 0: block 40: padding at end of block bitmap is not set
[  275.704799][T21648] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  275.720100][T21655] loop6: detected capacity change from 0 to 512
[  275.777370][T21648] EXT4-fs (loop2): 1 truncate cleaned up
[  275.803351][T21648] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  275.817383][T21655] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.842765][T21663] loop7: detected capacity change from 0 to 1024
[  275.861341][T21655] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.882283][T21663] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  275.920698][T21663] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.5467: Invalid block bitmap block 0 in block_group 0
[  275.949279][T21663] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.5467: Failed to acquire dquot type 0
[  275.962288][T21663] EXT4-fs error (device loop7): ext4_free_blocks:6696: comm syz.7.5467: Freeing blocks not in datazone - block = 0, count = 4096
[  275.976443][T21663] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.5467: Invalid inode bitmap blk 0 in block_group 0
[  275.989906][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.011420][T21669] loop6: detected capacity change from 0 to 1024
[  276.018400][   T37] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 0
[  276.030356][T21663] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  276.039379][T21663] EXT4-fs (loop7): 1 orphan inode deleted
[  276.045821][T21663] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.059289][T21669] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  276.080779][T21677] netlink: 'syz.8.5472': attribute type 12 has an invalid length.
[  276.090069][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.109916][T21669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.146539][T21646] usb usb1: check_ctrlrecip: process 21646 (syz.6.5462) requesting ep 01 but needs 81
[  276.156400][T21646] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[  276.240733][T21695] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5479'.
[  276.249704][T21695] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5479'.
[  276.272105][T21695] loop7: detected capacity change from 0 to 512
[  276.303514][T21695] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  276.311747][T21695] EXT4-fs (loop7): orphan cleanup on readonly fs
[  276.318371][T21704] loop6: detected capacity change from 0 to 1024
[  276.325440][T21704] EXT4-fs: Ignoring removed orlov option
[  276.331826][T21695] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  276.349200][T21695] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  276.349826][T21704] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.363927][T21695] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.5479: bg 0: block 40: padding at end of block bitmap is not set
[  276.400606][T21710] netlink: 'syz.8.5484': attribute type 12 has an invalid length.
[  276.427131][T21695] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  276.440411][T21712] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5485'.
[  276.457136][T21712] loop8: detected capacity change from 0 to 512
[  276.464657][T21695] EXT4-fs (loop7): 1 truncate cleaned up
[  276.470855][T21695] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  276.512197][T21712] EXT4-fs (loop8): revision level too high, forcing read-only mode
[  276.524558][T21712] EXT4-fs (loop8): orphan cleanup on readonly fs
[  276.531234][T21712] EXT4-fs warning (device loop8): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  276.546714][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.547297][T21712] EXT4-fs (loop8): Cannot turn on quotas: error -117
[  276.564962][T21712] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.5485: bg 0: block 40: padding at end of block bitmap is not set
[  276.585227][T21712] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  276.608770][T21712] EXT4-fs (loop8): 1 truncate cleaned up
[  276.616356][T21712] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  276.650372][T20303] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.708065][T17042] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.730073][T21729] loop7: detected capacity change from 0 to 1024
[  276.738228][T21729] EXT4-fs: Ignoring removed orlov option
[  276.747479][T21729] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.760581][T21733] loop8: detected capacity change from 0 to 128
[  276.949159][T21742] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=21742 comm=syz.6.5496
[  276.964965][T21742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  276.973692][T21742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.031905][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.070218][T21757] loop7: detected capacity change from 0 to 1024
[  277.077364][T21757] EXT4-fs: Ignoring removed orlov option
[  277.085392][T21757] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  277.126570][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.154934][T21765] netlink: 'syz.4.5505': attribute type 1 has an invalid length.
[  277.356654][T21787] loop2: detected capacity change from 0 to 1024
[  277.360225][T21789] netlink: 'syz.4.5515': attribute type 1 has an invalid length.
[  277.363450][T21787] EXT4-fs: Ignoring removed orlov option
[  277.381267][T21787] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  277.417756][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.559010][T21804] netlink: 'syz.6.5521': attribute type 12 has an invalid length.
[  277.676011][T21817] netlink: 'syz.6.5527': attribute type 1 has an invalid length.
[  277.696717][T21819] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  277.703269][T21819] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  277.703835][T21823] loop6: detected capacity change from 0 to 128
[  277.710861][T21819] vhci_hcd vhci_hcd.0: Device attached
[  277.723940][T21820] vhci_hcd: connection closed
[  277.724151][   T12] vhci_hcd: stop threads
[  277.733268][   T12] vhci_hcd: release socket
[  277.737684][   T12] vhci_hcd: disconnect device
[  277.815035][T21825] loop6: detected capacity change from 0 to 1024
[  277.823752][T21825] EXT4-fs: Ignoring removed orlov option
[  277.832090][T21825] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  277.861892][T20303] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.929028][T21832] netlink: 'syz.8.5533': attribute type 12 has an invalid length.
[  277.969160][   T29] kauditd_printk_skb: 350 callbacks suppressed
[  277.969180][   T29] audit: type=1326 audit(1048851.897:11749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  277.999087][   T29] audit: type=1326 audit(1048851.897:11750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.022584][   T29] audit: type=1326 audit(1048851.897:11751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.045956][   T29] audit: type=1326 audit(1048851.897:11752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.047556][T21837] loop8: detected capacity change from 0 to 128
[  278.069385][   T29] audit: type=1326 audit(1048851.897:11753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.099094][   T29] audit: type=1326 audit(1048851.897:11754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.125279][   T29] audit: type=1326 audit(1048851.944:11755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.148860][   T29] audit: type=1326 audit(1048851.944:11756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.172245][   T29] audit: type=1326 audit(1048851.944:11757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.195717][   T29] audit: type=1326 audit(1048851.944:11758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21836 comm="syz.8.5535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  278.219447][T21839] loop6: detected capacity change from 0 to 512
[  278.249299][T21844] FAULT_INJECTION: forcing a failure.
[  278.249299][T21844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.262521][T21844] CPU: 0 UID: 0 PID: 21844 Comm: syz.8.5537 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  278.262553][T21844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  278.262597][T21844] Call Trace:
[  278.262605][T21844]  <TASK>
[  278.262643][T21844]  __dump_stack+0x1d/0x30
[  278.262664][T21844]  dump_stack_lvl+0xe8/0x140
[  278.262687][T21844]  dump_stack+0x15/0x1b
[  278.262709][T21844]  should_fail_ex+0x265/0x280
[  278.262758][T21844]  should_fail+0xb/0x20
[  278.262797][T21844]  should_fail_usercopy+0x1a/0x20
[  278.262824][T21844]  strncpy_from_user+0x25/0x230
[  278.262934][T21844]  ? kmem_cache_alloc_noprof+0x186/0x310
[  278.262971][T21844]  ? getname_flags+0x80/0x3b0
[  278.263011][T21844]  getname_flags+0xae/0x3b0
[  278.263074][T21844]  do_sys_openat2+0x60/0x110
[  278.263107][T21844]  __x64_sys_openat+0xf2/0x120
[  278.263148][T21844]  x64_sys_call+0x2e9c/0x2ff0
[  278.263178][T21844]  do_syscall_64+0xd2/0x200
[  278.263302][T21844]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  278.263334][T21844]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  278.263371][T21844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.263401][T21844] RIP: 0033:0x7f228c80eb69
[  278.263421][T21844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.263446][T21844] RSP: 002b:00007f228ae77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  278.263547][T21844] RAX: ffffffffffffffda RBX: 00007f228ca35fa0 RCX: 00007f228c80eb69
[  278.263564][T21844] RDX: 0000000000105040 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  278.263696][T21844] RBP: 00007f228ae77090 R08: 0000000000000000 R09: 0000000000000000
[  278.263714][T21844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.263731][T21844] R13: 0000000000000000 R14: 00007f228ca35fa0 R15: 00007fff294c6608
[  278.263757][T21844]  </TASK>
[  278.474342][T21852] loop2: detected capacity change from 0 to 128
[  278.481036][T21852] vfat: Unknown parameter 'aliowK@x%#bú%000000000000000000[Ëd>îŸ'
[  278.502264][T21830] loop6: detected capacity change from 0 to 1024
[  278.545742][T21830] usb usb1: check_ctrlrecip: process 21830 (+}[@) requesting ep 01 but needs 81
[  278.555047][T21830] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[  278.577238][T21859] loop8: detected capacity change from 0 to 512
[  278.589413][T21867] __nla_validate_parse: 3 callbacks suppressed
[  278.589431][T21867] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5543'.
[  278.604607][T21867] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5543'.
[  278.633694][T21869] loop2: detected capacity change from 0 to 1024
[  278.643309][T21867] loop6: detected capacity change from 0 to 512
[  278.660261][T21869] EXT4-fs: Ignoring removed orlov option
[  278.682549][T21867] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  278.698463][T21867] EXT4-fs (loop6): orphan cleanup on readonly fs
[  278.715757][T21867] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  278.725840][T21884] netlink: 'syz.8.5541': attribute type 64 has an invalid length.
[  278.738219][T21867] EXT4-fs (loop6): Cannot turn on quotas: error -117
[  278.748069][T21867] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.5543: bg 0: block 40: padding at end of block bitmap is not set
[  278.765144][T21867] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  278.787014][T21867] EXT4-fs (loop6): 1 truncate cleaned up
[  278.975030][T21898] FAULT_INJECTION: forcing a failure.
[  278.975030][T21898] name failslab, interval 1, probability 0, space 0, times 0
[  278.987854][T21898] CPU: 0 UID: 0 PID: 21898 Comm: syz.6.5549 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  278.987888][T21898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  278.987904][T21898] Call Trace:
[  278.987913][T21898]  <TASK>
[  278.987922][T21898]  __dump_stack+0x1d/0x30
[  278.987947][T21898]  dump_stack_lvl+0xe8/0x140
[  278.987970][T21898]  dump_stack+0x15/0x1b
[  278.987991][T21898]  should_fail_ex+0x265/0x280
[  278.988034][T21898]  should_failslab+0x8c/0xb0
[  278.988066][T21898]  kmem_cache_alloc_noprof+0x50/0x310
[  278.988101][T21898]  ? mas_alloc_nodes+0x265/0x520
[  278.988135][T21898]  mas_alloc_nodes+0x265/0x520
[  278.988169][T21898]  mas_preallocate+0x33e/0x520
[  278.988203][T21898]  __split_vma+0x240/0x650
[  278.988234][T21898]  ? mntput+0x4b/0x80
[  278.988268][T21898]  ? terminate_walk+0x27f/0x2a0
[  278.988304][T21898]  vms_gather_munmap_vmas+0x172/0x7a0
[  278.988332][T21898]  ? _parse_integer_limit+0x170/0x190
[  278.988375][T21898]  ? _parse_integer+0x27/0x40
[  278.988416][T21898]  do_vmi_align_munmap+0x1a4/0x3d0
[  278.988459][T21898]  do_vmi_munmap+0x1db/0x220
[  278.988489][T21898]  __vm_munmap+0x1a1/0x280
[  278.988527][T21898]  __x64_sys_munmap+0x36/0x50
[  278.988569][T21898]  x64_sys_call+0x9c0/0x2ff0
[  278.988591][T21898]  do_syscall_64+0xd2/0x200
[  278.988614][T21898]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  278.988639][T21898]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  278.988661][T21898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.988683][T21898] RIP: 0033:0x7fba0f90eb69
[  278.988698][T21898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.988717][T21898] RSP: 002b:00007fba0df77038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  278.988737][T21898] RAX: ffffffffffffffda RBX: 00007fba0fb35fa0 RCX: 00007fba0f90eb69
[  278.988751][T21898] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 00002000003fe000
[  278.988763][T21898] RBP: 00007fba0df77090 R08: 0000000000000000 R09: 0000000000000000
[  278.988790][T21898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.988803][T21898] R13: 0000000000000000 R14: 00007fba0fb35fa0 R15: 00007ffe52ffcd38
[  278.988823][T21898]  </TASK>
[  279.643795][T21921] loop8: detected capacity change from 0 to 1024
[  279.650638][T21921] EXT4-fs: Ignoring removed orlov option
[  279.871944][T21945] loop6: detected capacity change from 0 to 2048
[  279.903275][T21945]  loop6: p1 < > p3
[  279.908590][T21945] loop6: p3 size 134217728 extends beyond EOD, truncated
[  279.953162][T21948] netlink: 96 bytes leftover after parsing attributes in process `syz.7.5567'.
[  279.963285][T21951] program syz.6.5568 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  279.998956][T21955] program syz.8.5570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  280.042565][T21958] loop8: detected capacity change from 0 to 128
[  280.063133][T21962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5573'.
[  280.127321][T21970] wg2: entered promiscuous mode
[  280.132332][T21970] wg2: entered allmulticast mode
[  280.349781][T21985] FAULT_INJECTION: forcing a failure.
[  280.349781][T21985] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.363053][T21985] CPU: 1 UID: 0 PID: 21985 Comm: syz.4.5582 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  280.363090][T21985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  280.363106][T21985] Call Trace:
[  280.363115][T21985]  <TASK>
[  280.363124][T21985]  __dump_stack+0x1d/0x30
[  280.363147][T21985]  dump_stack_lvl+0xe8/0x140
[  280.363169][T21985]  dump_stack+0x15/0x1b
[  280.363260][T21985]  should_fail_ex+0x265/0x280
[  280.363364][T21985]  should_fail+0xb/0x20
[  280.363405][T21985]  should_fail_usercopy+0x1a/0x20
[  280.363478][T21985]  strncpy_from_user+0x25/0x230
[  280.363552][T21985]  ? kmem_cache_alloc_noprof+0x186/0x310
[  280.363581][T21985]  ? getname_flags+0x80/0x3b0
[  280.363672][T21985]  getname_flags+0xae/0x3b0
[  280.363700][T21985]  __x64_sys_linkat+0x66/0xa0
[  280.363725][T21985]  x64_sys_call+0x28fb/0x2ff0
[  280.363805][T21985]  do_syscall_64+0xd2/0x200
[  280.363829][T21985]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  280.363853][T21985]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  280.363875][T21985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.363953][T21985] RIP: 0033:0x7f5d764beb69
[  280.363969][T21985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.363988][T21985] RSP: 002b:00007f5d74b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000109
[  280.364045][T21985] RAX: ffffffffffffffda RBX: 00007f5d766e5fa0 RCX: 00007f5d764beb69
[  280.364059][T21985] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffffffffffffff
[  280.364071][T21985] RBP: 00007f5d74b1f090 R08: 0000000000001000 R09: 0000000000000000
[  280.364084][T21985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.364118][T21985] R13: 0000000000000000 R14: 00007f5d766e5fa0 R15: 00007fff499621b8
[  280.364139][T21985]  </TASK>
[  280.365759][T21983] program syz.8.5581 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  280.470666][T21988] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5581'.
[  280.729727][T21999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5589'.
[  280.768813][T22007] loop2: detected capacity change from 0 to 2048
[  280.838632][T22007] syzkaller0: entered promiscuous mode
[  280.844264][T22007] syzkaller0: entered allmulticast mode
[  280.874627][T22017] loop8: detected capacity change from 0 to 128
[  280.961995][T22028] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5602'.
[  281.041901][T22039] netlink: 'syz.6.5607': attribute type 12 has an invalid length.
[  281.121357][T22049] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5610'.
[  281.173523][T22049] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(7)
[  281.180144][T22049] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  281.187614][T22049] vhci_hcd vhci_hcd.0: Device attached
[  281.219567][T22053] vhci_hcd: connection closed
[  281.219692][ T3446] vhci_hcd: stop threads
[  281.228733][ T3446] vhci_hcd: release socket
[  281.233158][ T3446] vhci_hcd: disconnect device
[  281.424159][T22070] netlink: 'syz.4.5619': attribute type 12 has an invalid length.
[  281.525513][T22074] loop4: detected capacity change from 0 to 1024
[  281.707824][T22087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5625'.
[  281.900149][T22105] program syz.6.5633 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  281.950517][T22112] program syz.8.5636 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  282.062419][T22120] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5638'.
[  282.078737][T22118] loop7: detected capacity change from 0 to 2048
[  282.085391][T22118] EXT4-fs: Ignoring removed nobh option
[  282.091286][T22120] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(7)
[  282.097945][T22120] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  282.105433][T22120] vhci_hcd vhci_hcd.0: Device attached
[  282.132433][T22121] vhci_hcd: connection closed
[  282.132729][ T2570] vhci_hcd: stop threads
[  282.141817][ T2570] vhci_hcd: release socket
[  282.150574][ T2570] vhci_hcd: disconnect device
[  282.270280][T22139] program syz.4.5646 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  282.370756][T22142] hub 6-0:1.0: USB hub found
[  282.375531][T22142] hub 6-0:1.0: 8 ports detected
[  282.435124][T22102] netlink: 'syz.2.5628': attribute type 11 has an invalid length.
[  282.466528][T22153] loop4: detected capacity change from 0 to 128
[  282.712229][T22181] loop2: detected capacity change from 0 to 128
[  282.753203][T22181] FAT-fs (loop2): error, invalid FAT chain (i_pos 548, last_block 8)
[  282.764409][T22181] FAT-fs (loop2): Filesystem has been set read-only
[  282.779216][T22181] FAT-fs (loop2): error, corrupted file size (i_pos 548, 522)
[  282.834339][T22191] loop2: detected capacity change from 0 to 4096
[  282.841056][T22191] EXT4-fs: Ignoring removed nomblk_io_submit option
[  282.904764][T22196] FAULT_INJECTION: forcing a failure.
[  282.904764][T22196] name failslab, interval 1, probability 0, space 0, times 0
[  282.917480][T22196] CPU: 1 UID: 0 PID: 22196 Comm: syz.4.5670 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  282.917512][T22196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  282.917528][T22196] Call Trace:
[  282.917608][T22196]  <TASK>
[  282.917616][T22196]  __dump_stack+0x1d/0x30
[  282.917671][T22196]  dump_stack_lvl+0xe8/0x140
[  282.917697][T22196]  dump_stack+0x15/0x1b
[  282.917736][T22196]  should_fail_ex+0x265/0x280
[  282.917843][T22196]  should_failslab+0x8c/0xb0
[  282.917872][T22196]  kmem_cache_alloc_node_noprof+0x57/0x320
[  282.917939][T22196]  ? __alloc_skb+0x101/0x320
[  282.917977][T22196]  __alloc_skb+0x101/0x320
[  282.918012][T22196]  ? audit_log_start+0x365/0x6c0
[  282.918100][T22196]  audit_log_start+0x380/0x6c0
[  282.918144][T22196]  audit_seccomp+0x48/0x100
[  282.918177][T22196]  ? __seccomp_filter+0x68c/0x10d0
[  282.918345][T22196]  __seccomp_filter+0x69d/0x10d0
[  282.918367][T22196]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  282.918397][T22196]  ? vfs_write+0x75e/0x8e0
[  282.918465][T22196]  __secure_computing+0x82/0x150
[  282.918492][T22196]  syscall_trace_enter+0xcf/0x1e0
[  282.918516][T22196]  do_syscall_64+0xac/0x200
[  282.918546][T22196]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  282.918617][T22196]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  282.918719][T22196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.918815][T22196] RIP: 0033:0x7f5d764beb69
[  282.918830][T22196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.918932][T22196] RSP: 002b:00007f5d74b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000109
[  282.919002][T22196] RAX: ffffffffffffffda RBX: 00007f5d766e5fa0 RCX: 00007f5d764beb69
[  282.919019][T22196] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffffffffffffff
[  282.919036][T22196] RBP: 00007f5d74b1f090 R08: 0000000000001000 R09: 0000000000000000
[  282.919053][T22196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.919069][T22196] R13: 0000000000000000 R14: 00007f5d766e5fa0 R15: 00007fff499621b8
[  282.919093][T22196]  </TASK>
[  283.157756][T22202] tipc: Can't bind to reserved service type 2
[  283.375182][   T29] kauditd_printk_skb: 526 callbacks suppressed
[  283.375197][   T29] audit: type=1326 audit(1048857.117:12282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.407526][T22226] bridge0: port 3(gretap0) entered blocking state
[  283.414004][T22226] bridge0: port 3(gretap0) entered disabled state
[  283.420694][   T29] audit: type=1326 audit(1048857.147:12283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.444104][   T29] audit: type=1326 audit(1048857.147:12284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.467460][   T29] audit: type=1326 audit(1048857.147:12285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.482299][T22232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.490842][   T29] audit: type=1326 audit(1048857.147:12286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.522595][   T29] audit: type=1326 audit(1048857.147:12287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.534651][T22232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.546406][   T29] audit: type=1326 audit(1048857.147:12288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.577036][   T29] audit: type=1326 audit(1048857.147:12289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.600500][   T29] audit: type=1326 audit(1048857.147:12290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.623937][   T29] audit: type=1326 audit(1048857.147:12291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22227 comm="syz.6.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  283.650239][T22234] loop8: detected capacity change from 0 to 512
[  283.656674][T22226] gretap0: entered allmulticast mode
[  283.694998][T22226] gretap0: entered promiscuous mode
[  283.708866][T22226] bridge0: port 3(gretap0) entered blocking state
[  283.715374][T22226] bridge0: port 3(gretap0) entered forwarding state
[  283.741704][T22234] EXT4-fs (loop8): corrupt root inode, run e2fsck
[  283.759009][T22234] EXT4-fs (loop8): mount failed
[  283.767248][T22248] netlink: 'syz.2.5690': attribute type 12 has an invalid length.
[  284.399718][T22297] 9p: Unknown Cache mode or invalid value non
[  284.406479][T22295] netlink: 'syz.2.5702': attribute type 12 has an invalid length.
[  284.471853][T22303] netlink: 'syz.6.5705': attribute type 12 has an invalid length.
[  284.493979][T22305] loop2: detected capacity change from 0 to 1024
[  284.507391][T22307] __nla_validate_parse: 2 callbacks suppressed
[  284.507410][T22307] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5707'.
[  284.524923][T22305] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  284.538893][T22307] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  284.539387][T22305] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.5706: Invalid block bitmap block 0 in block_group 0
[  284.545450][T22307] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  284.545620][T22307] vhci_hcd vhci_hcd.0: Device attached
[  284.560638][T22305] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.5706: Failed to acquire dquot type 0
[  284.601609][T22305] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.5706: Freeing blocks not in datazone - block = 0, count = 4096
[  284.618038][T22309] vhci_hcd: connection closed
[  284.618324][  T579] vhci_hcd: stop threads
[  284.627469][  T579] vhci_hcd: release socket
[  284.631910][  T579] vhci_hcd: disconnect device
[  284.713843][T22305] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.5706: Invalid inode bitmap blk 0 in block_group 0
[  284.719940][T22319] loop8: detected capacity change from 0 to 1024
[  284.733671][ T3446] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  284.743287][T22319] EXT4-fs: Ignoring removed orlov option
[  284.764157][T22305] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  284.822071][T22305] EXT4-fs (loop2): 1 orphan inode deleted
[  284.959627][T22329] netlink: 'syz.2.5715': attribute type 12 has an invalid length.
[  285.079218][T22335] hub 6-0:1.0: USB hub found
[  285.088372][T22335] hub 6-0:1.0: 8 ports detected
[  285.107322][T22341] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5720'.
[  285.188645][T22341] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(7)
[  285.195201][T22341] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  285.202706][T22341] vhci_hcd vhci_hcd.0: Device attached
[  285.223751][T22346] loop4: detected capacity change from 0 to 128
[  285.248004][T22343] vhci_hcd: connection closed
[  285.248506][   T51] vhci_hcd: stop threads
[  285.257636][   T51] vhci_hcd: release socket
[  285.262141][   T51] vhci_hcd: disconnect device
[  285.277901][T22352] 9p: Unknown Cache mode or invalid value non
[  285.303481][T22346] FAT-fs (loop4): error, invalid FAT chain (i_pos 548, last_block 8)
[  285.315099][T22346] FAT-fs (loop4): Filesystem has been set read-only
[  285.323265][T22354] hub 6-0:1.0: USB hub found
[  285.360703][T22354] hub 6-0:1.0: 8 ports detected
[  285.366195][T22346] FAT-fs (loop4): error, corrupted file size (i_pos 548, 522)
[  285.379640][T22360] netlink: 'syz.2.5728': attribute type 12 has an invalid length.
[  285.452189][T22364] loop8: detected capacity change from 0 to 1024
[  285.473423][T22369] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5732'.
[  285.497626][T22364] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  285.498236][T22369] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  285.514419][T22369] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  285.521913][T22369] vhci_hcd vhci_hcd.0: Device attached
[  285.562625][T22372] vhci_hcd: connection closed
[  285.562848][   T51] vhci_hcd: stop threads
[  285.572065][   T51] vhci_hcd: release socket
[  285.576501][   T51] vhci_hcd: disconnect device
[  285.590630][T22364] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:483: comm syz.8.5730: Invalid block bitmap block 0 in block_group 0
[  285.611615][T22364] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.5730: Failed to acquire dquot type 0
[  285.638417][T22364] EXT4-fs error (device loop8): ext4_free_blocks:6696: comm syz.8.5730: Freeing blocks not in datazone - block = 0, count = 4096
[  285.678518][T22381] program syz.2.5736 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  285.709782][T22364] EXT4-fs error (device loop8): ext4_read_inode_bitmap:139: comm syz.8.5730: Invalid inode bitmap blk 0 in block_group 0
[  285.724211][   T51] EXT4-fs error (device loop8): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0
[  285.773166][T22388] loop2: detected capacity change from 0 to 1024
[  285.784473][T22364] EXT4-fs error (device loop8) in ext4_free_inode:361: Corrupt filesystem
[  285.793286][T22388] EXT4-fs: Ignoring removed orlov option
[  285.794697][T22364] EXT4-fs (loop8): 1 orphan inode deleted
[  285.816580][T22390] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5740'.
[  285.825621][T22390] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5740'.
[  285.847934][T22390] loop6: detected capacity change from 0 to 512
[  285.866463][T22393] netlink: 'syz.2.5741': attribute type 12 has an invalid length.
[  285.905403][T22390] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  285.916542][T22398] loop2: detected capacity change from 0 to 128
[  285.929380][T22399] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5743'.
[  285.938441][T22399] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5743'.
[  285.950111][T22401] loop8: detected capacity change from 0 to 128
[  285.957814][T22390] EXT4-fs (loop6): orphan cleanup on readonly fs
[  285.975295][T22401] FAT-fs (loop8): error, invalid FAT chain (i_pos 548, last_block 8)
[  285.983769][T22401] FAT-fs (loop8): Filesystem has been set read-only
[  285.994256][T22390] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  286.015797][T22401] FAT-fs (loop8): error, corrupted file size (i_pos 548, 522)
[  286.037839][T22398] FAT-fs (loop2): error, invalid FAT chain (i_pos 548, last_block 8)
[  286.046347][T22398] FAT-fs (loop2): Filesystem has been set read-only
[  286.055756][T22390] EXT4-fs (loop6): Cannot turn on quotas: error -117
[  286.062974][T22390] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.5740: bg 0: block 40: padding at end of block bitmap is not set
[  286.075670][T22398] FAT-fs (loop2): error, corrupted file size (i_pos 548, 522)
[  286.090046][T22399] loop7: detected capacity change from 0 to 512
[  286.096747][T22390] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  286.140489][T22390] EXT4-fs (loop6): 1 truncate cleaned up
[  286.161409][T22399] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  286.174053][T22399] EXT4-fs (loop7): orphan cleanup on readonly fs
[  286.187178][T22399] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  286.272794][T22399] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  286.326909][T22399] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.5743: bg 0: block 40: padding at end of block bitmap is not set
[  286.376377][T22399] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  286.395248][T22399] EXT4-fs (loop7): 1 truncate cleaned up
[  286.426753][T22433] hub 6-0:1.0: USB hub found
[  286.431524][T22436] 9pnet_fd: Insufficient options for proto=fd
[  286.431630][T22433] hub 6-0:1.0: 8 ports detected
[  286.470828][T22423] hub 6-0:1.0: USB hub found
[  286.493118][T22438] program syz.6.5758 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  286.496318][T22423] hub 6-0:1.0: 8 ports detected
[  286.736828][T22466] netlink: 'syz.7.5764': attribute type 12 has an invalid length.
[  286.866496][T22480] loop7: detected capacity change from 0 to 1024
[  286.879610][T22480] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  286.894818][T22480] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.5769: Invalid block bitmap block 0 in block_group 0
[  286.921490][T22485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5771'.
[  286.930488][T22485] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5771'.
[  286.931971][T22480] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.5769: Failed to acquire dquot type 0
[  286.953601][T22480] EXT4-fs error (device loop7): ext4_free_blocks:6696: comm syz.7.5769: Freeing blocks not in datazone - block = 0, count = 4096
[  286.967219][T22480] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.5769: Invalid inode bitmap blk 0 in block_group 0
[  286.981735][ T2570] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[  286.993634][T22480] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  287.004201][T22480] EXT4-fs (loop7): 1 orphan inode deleted
[  287.005688][T22485] loop4: detected capacity change from 0 to 512
[  287.031276][T22485] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  287.040266][T22490] netlink: 96 bytes leftover after parsing attributes in process `syz.6.5773'.
[  287.051439][T22485] EXT4-fs (loop4): orphan cleanup on readonly fs
[  287.076989][T22485] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  287.102955][T22485] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  287.110758][T22485] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5771: bg 0: block 40: padding at end of block bitmap is not set
[  287.137953][T22485] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  287.161526][T22485] EXT4-fs (loop4): 1 truncate cleaned up
[  287.173740][T22508] 9p: Unknown Cache mode or invalid value non
[  287.439487][T22519] loop6: detected capacity change from 0 to 1024
[  287.446817][T22519] EXT4-fs: Ignoring removed orlov option
[  287.508582][T22525] loop6: detected capacity change from 0 to 1024
[  287.527132][T22525] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  287.544516][T22525] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.5786: Invalid block bitmap block 0 in block_group 0
[  287.584732][T22525] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.5786: Failed to acquire dquot type 0
[  287.600432][T22532] program syz.4.5789 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.624789][T22525] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.5786: Freeing blocks not in datazone - block = 0, count = 4096
[  287.651324][T22525] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.5786: Invalid inode bitmap blk 0 in block_group 0
[  287.665588][ T3446] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  287.679505][T22525] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  287.723788][T22525] EXT4-fs (loop6): 1 orphan inode deleted
[  287.742935][T22544] netlink: 'syz.4.5795': attribute type 12 has an invalid length.
[  287.999253][T22558] hub 6-0:1.0: USB hub found
[  288.004045][T22558] hub 6-0:1.0: 8 ports detected
[  288.285393][T22592] program syz.2.5812 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  288.577610][T22616] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  288.584238][T22616] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  288.591699][T22616] vhci_hcd vhci_hcd.0: Device attached
[  288.601976][T22619] 9pnet_fd: Insufficient options for proto=fd
[  288.631615][T22617] vhci_hcd: connection closed
[  288.637020][T22624] program syz.8.5820 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  288.652983][   T51] vhci_hcd: stop threads
[  288.657344][   T51] vhci_hcd: release socket
[  288.661805][   T51] vhci_hcd: disconnect device
[  288.751775][T22632] 9p: Unknown Cache mode or invalid value non
[  288.853233][   T29] kauditd_printk_skb: 431 callbacks suppressed
[  288.853251][   T29] audit: type=1326 audit(1048862.556:12708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  288.916242][   T29] audit: type=1326 audit(1048862.586:12709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  288.939569][   T29] audit: type=1326 audit(1048862.586:12710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  288.963006][   T29] audit: type=1326 audit(1048862.586:12711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  288.986404][   T29] audit: type=1326 audit(1048862.586:12712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  289.009792][   T29] audit: type=1326 audit(1048862.586:12713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  289.033320][   T29] audit: type=1326 audit(1048862.586:12714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  289.056670][   T29] audit: type=1326 audit(1048862.586:12715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  289.079995][   T29] audit: type=1326 audit(1048862.586:12716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  289.103401][   T29] audit: type=1326 audit(1048862.586:12717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22635 comm="syz.8.5826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  289.283014][T22663] loop4: detected capacity change from 0 to 128
[  289.418224][T22680] netlink: 'syz.4.5836': attribute type 3 has an invalid length.
[  289.469911][T22682] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(7)
[  289.476458][T22682] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  289.484020][T22682] vhci_hcd vhci_hcd.0: Device attached
[  289.579590][T22689] bridge0: port 3(gretap0) entered blocking state
[  289.586194][T22689] bridge0: port 3(gretap0) entered disabled state
[  289.803091][T22683] vhci_hcd: connection closed
[  289.891932][T22689] gretap0: entered allmulticast mode
[  289.946646][T22689] gretap0: entered promiscuous mode
[  289.969745][   T51] vhci_hcd: stop threads
[  289.974206][   T51] vhci_hcd: release socket
[  289.978676][   T51] vhci_hcd: disconnect device
[  289.991942][ T3391] vhci_hcd: vhci_device speed not set
[  290.164762][T22710] __nla_validate_parse: 8 callbacks suppressed
[  290.164780][T22710] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5849'.
[  290.179937][T22710] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5849'.
[  290.211483][T22715] loop4: detected capacity change from 0 to 512
[  290.229747][T22710] loop7: detected capacity change from 0 to 512
[  290.253673][T22710] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  290.266503][T22715] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  290.272147][T22710] EXT4-fs (loop7): orphan cleanup on readonly fs
[  290.279535][T22710] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  290.292779][T22715] EXT4-fs (loop4): mount failed
[  290.296150][T22710] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  290.332866][T22710] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.5849: bg 0: block 40: padding at end of block bitmap is not set
[  290.371276][T22710] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  290.390545][T22710] EXT4-fs (loop7): 1 truncate cleaned up
[  290.402373][T22710] EXT4-fs mount: 40 callbacks suppressed
[  290.402410][T22710] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  290.493724][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.594703][T22732] loop2: detected capacity change from 0 to 128
[  290.699326][T22746] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5861'.
[  290.708324][T22746] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5861'.
[  290.789871][T22749] bridge0: port 3(gretap0) entered blocking state
[  290.796458][T22749] bridge0: port 3(gretap0) entered disabled state
[  290.819713][T22749] gretap0: entered allmulticast mode
[  290.836047][T22749] gretap0: entered promiscuous mode
[  290.862511][T22749] loop4: detected capacity change from 0 to 512
[  290.886408][T22749] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  290.899371][T22749] EXT4-fs (loop4): mount failed
[  291.051472][T22770] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5870'.
[  291.177514][T22779] loop4: detected capacity change from 0 to 128
[  291.325851][T22795] loop7: detected capacity change from 0 to 128
[  291.332726][T22794] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5880'.
[  291.377091][T22798] 9pnet_fd: Insufficient options for proto=fd
[  291.411193][T22800] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5883'.
[  291.450437][T22802] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5884'.
[  291.553271][T22810] program syz.2.5888 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  291.809493][T22819] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5892'.
[  291.818639][T22819] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5892'.
[  291.845190][T22819] loop4: detected capacity change from 0 to 512
[  291.886359][T22819] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  291.894444][T22819] EXT4-fs (loop4): orphan cleanup on readonly fs
[  291.906395][T22819] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  291.994790][T22833] loop8: detected capacity change from 0 to 512
[  292.020043][T22819] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  292.048332][T22819] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5892: bg 0: block 40: padding at end of block bitmap is not set
[  292.099828][T22819] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  292.125794][T22833] EXT4-fs (loop8): corrupt root inode, run e2fsck
[  292.133771][T22819] EXT4-fs (loop4): 1 truncate cleaned up
[  292.136467][T22833] EXT4-fs (loop8): mount failed
[  292.143851][T22819] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  292.255804][T18283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.298456][T22848] netlink: 'syz.2.5903': attribute type 12 has an invalid length.
[  292.355220][T22856] program syz.2.5906 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  292.583890][T22876] netlink: 'syz.2.5915': attribute type 12 has an invalid length.
[  292.695948][T22881] netlink: 'syz.2.5917': attribute type 12 has an invalid length.
[  292.786194][T22883] loop2: detected capacity change from 0 to 512
[  292.793724][T22883] EXT4-fs: Mount option(s) incompatible with ext2
[  292.894472][T22895] loop8: detected capacity change from 0 to 1024
[  292.901915][T22895] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  292.915245][T22895] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:483: comm syz.8.5925: Invalid block bitmap block 0 in block_group 0
[  292.945953][T22895] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.5925: Failed to acquire dquot type 0
[  292.961815][T22895] EXT4-fs error (device loop8): ext4_free_blocks:6696: comm syz.8.5925: Freeing blocks not in datazone - block = 0, count = 4096
[  292.979483][T22907] loop7: detected capacity change from 0 to 512
[  292.985478][T22895] EXT4-fs error (device loop8): ext4_read_inode_bitmap:139: comm syz.8.5925: Invalid inode bitmap blk 0 in block_group 0
[  292.998866][T22895] EXT4-fs error (device loop8) in ext4_free_inode:361: Corrupt filesystem
[  293.000391][ T2570] EXT4-fs error (device loop8): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[  293.007538][T22895] EXT4-fs (loop8): 1 orphan inode deleted
[  293.027429][T22895] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.051146][T22893] loop2: detected capacity change from 0 to 128
[  293.058654][T22907] EXT4-fs (loop7): corrupt root inode, run e2fsck
[  293.065162][T22907] EXT4-fs (loop7): mount failed
[  293.090461][T17042] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.141231][T22912] hub 6-0:1.0: USB hub found
[  293.145987][T22912] hub 6-0:1.0: 8 ports detected
[  293.320747][T22932] loop6: detected capacity change from 0 to 1024
[  293.327853][T22932] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  293.347585][T22932] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.5938: Invalid block bitmap block 0 in block_group 0
[  293.363255][T22932] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.5938: Failed to acquire dquot type 0
[  293.374960][T22932] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.5938: Freeing blocks not in datazone - block = 0, count = 4096
[  293.390946][T22932] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.5938: Invalid inode bitmap blk 0 in block_group 0
[  293.403875][T22932] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  293.413836][ T2570] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[  293.427544][T22932] EXT4-fs (loop6): 1 orphan inode deleted
[  293.434932][T22932] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.449012][T22928] loop7: detected capacity change from 0 to 128
[  293.476688][T20303] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.600022][T22942] bridge0: port 3(gretap0) entered blocking state
[  293.606550][T22942] bridge0: port 3(gretap0) entered disabled state
[  293.618638][T22942] gretap0: entered allmulticast mode
[  293.628586][T22942] gretap0: entered promiscuous mode
[  293.634072][T22942] bridge0: port 3(gretap0) entered blocking state
[  293.640545][T22942] bridge0: port 3(gretap0) entered forwarding state
[  293.751690][T22948] program syz.6.5944 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  293.924338][T22963] loop6: detected capacity change from 0 to 512
[  293.960677][T22963] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  293.990345][T22963] EXT4-fs (loop6): mount failed
[  294.040611][T22962] hub 6-0:1.0: USB hub found
[  294.055675][T22962] hub 6-0:1.0: 8 ports detected
[  294.078302][T22969] loop4: detected capacity change from 0 to 2048
[  294.093314][T22969] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.143950][T22979] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(5)
[  294.150522][T22979] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  294.158073][T22979] vhci_hcd vhci_hcd.0: Device attached
[  294.167247][T22980] vhci_hcd: connection closed
[  294.170718][ T3446] vhci_hcd: stop threads
[  294.179842][ T3446] vhci_hcd: release socket
[  294.181601][T22983] program syz.7.5957 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  294.184270][ T3446] vhci_hcd: disconnect device
[  294.280820][T18283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.406945][T23004] loop7: detected capacity change from 0 to 1024
[  294.418623][T23004] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  294.460772][T23004] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.5966: Invalid block bitmap block 0 in block_group 0
[  294.476640][T23004] __quota_error: 253 callbacks suppressed
[  294.476656][T23004] Quota error (device loop7): write_blk: dquota write failed
[  294.489849][T23004] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  294.509698][T23004] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.5966: Failed to acquire dquot type 0
[  294.531306][T23004] EXT4-fs error (device loop7): ext4_free_blocks:6696: comm syz.7.5966: Freeing blocks not in datazone - block = 0, count = 4096
[  294.546791][T23004] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.5966: Invalid inode bitmap blk 0 in block_group 0
[  294.571107][ T3446] Quota error (device loop7): do_check_range: Getting block 0 out of range 1-7
[  294.580122][ T3446] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  294.593351][T23004] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  294.611614][T23004] EXT4-fs (loop7): 1 orphan inode deleted
[  294.618167][T23004] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.664457][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.705893][T23009] FAULT_INJECTION: forcing a failure.
[  294.705893][T23009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  294.719009][T23009] CPU: 0 UID: 0 PID: 23009 Comm: syz.6.5967 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  294.719046][T23009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  294.719082][T23009] Call Trace:
[  294.719090][T23009]  <TASK>
[  294.719101][T23009]  __dump_stack+0x1d/0x30
[  294.719128][T23009]  dump_stack_lvl+0xe8/0x140
[  294.719152][T23009]  dump_stack+0x15/0x1b
[  294.719211][T23009]  should_fail_ex+0x265/0x280
[  294.719305][T23009]  should_fail+0xb/0x20
[  294.719344][T23009]  should_fail_usercopy+0x1a/0x20
[  294.719399][T23009]  _copy_to_user+0x20/0xa0
[  294.719430][T23009]  simple_read_from_buffer+0xb5/0x130
[  294.719459][T23009]  proc_fail_nth_read+0x10e/0x150
[  294.719658][T23009]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  294.719684][T23009]  vfs_read+0x1a0/0x6f0
[  294.719736][T23009]  ? __rcu_read_unlock+0x4f/0x70
[  294.719757][T23009]  ? __fget_files+0x184/0x1c0
[  294.719860][T23009]  ksys_read+0xda/0x1a0
[  294.719888][T23009]  __x64_sys_read+0x40/0x50
[  294.719914][T23009]  x64_sys_call+0x27bc/0x2ff0
[  294.720009][T23009]  do_syscall_64+0xd2/0x200
[  294.720038][T23009]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  294.720068][T23009]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  294.720111][T23009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.720155][T23009] RIP: 0033:0x7fba0f90d57c
[  294.720175][T23009] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  294.720197][T23009] RSP: 002b:00007fba0df77030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  294.720235][T23009] RAX: ffffffffffffffda RBX: 00007fba0fb35fa0 RCX: 00007fba0f90d57c
[  294.720252][T23009] RDX: 000000000000000f RSI: 00007fba0df770a0 RDI: 000000000000000a
[  294.720278][T23009] RBP: 00007fba0df77090 R08: 0000000000000000 R09: 0000000000000000
[  294.720289][T23009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.720301][T23009] R13: 0000000000000000 R14: 00007fba0fb35fa0 R15: 00007ffe52ffcd38
[  294.720321][T23009]  </TASK>
[  294.942757][T23019] program syz.8.5971 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  294.990596][T23021] macvlan0: entered allmulticast mode
[  294.996031][T23021] veth1_vlan: entered allmulticast mode
[  295.004155][T23021] veth1_vlan: left allmulticast mode
[  295.012145][T23021] macvlan0 (unregistering): left allmulticast mode
[  295.059528][T23025] 9pnet_fd: Insufficient options for proto=fd
[  295.073675][T23027] 9p: Unknown Cache mode or invalid value non
[  295.186986][T23040] loop7: detected capacity change from 0 to 512
[  295.202198][T23040] EXT4-fs (loop7): corrupt root inode, run e2fsck
[  295.237530][T23047] __nla_validate_parse: 4 callbacks suppressed
[  295.237550][T23047] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5983'.
[  295.240030][T23040] EXT4-fs (loop7): mount failed
[  295.268597][T23033] hub 6-0:1.0: USB hub found
[  295.277624][T23043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5982'.
[  295.286619][T23043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5982'.
[  295.306556][T23033] hub 6-0:1.0: 8 ports detected
[  295.320697][   T29] audit: type=1326 audit(1048869.004:12963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23053 comm="syz.7.5986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.344375][   T29] audit: type=1326 audit(1048869.004:12964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23053 comm="syz.7.5986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.367794][   T29] audit: type=1326 audit(1048869.004:12965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23053 comm="syz.7.5986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.391433][   T29] audit: type=1326 audit(1048869.004:12966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23053 comm="syz.7.5986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.414785][   T29] audit: type=1326 audit(1048869.004:12967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23053 comm="syz.7.5986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.439281][   T29] audit: type=1326 audit(1048869.014:12968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23056 comm="syz.7.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.462677][   T29] audit: type=1326 audit(1048869.034:12969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23056 comm="syz.7.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f83be29eb69 code=0x7ffc0000
[  295.465141][T23048] loop2: detected capacity change from 0 to 512
[  295.522282][T23048] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  295.534217][T23048] EXT4-fs (loop2): orphan cleanup on readonly fs
[  295.541612][T23048] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  295.558568][T23048] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  295.582878][T23048] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.5982: bg 0: block 40: padding at end of block bitmap is not set
[  295.599337][T23048] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  295.601572][T23065] 9p: Unknown Cache mode or invalid value non
[  295.608464][T23048] EXT4-fs (loop2): 1 truncate cleaned up
[  295.620473][T23048] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  295.680154][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.778158][T23067] loop8: detected capacity change from 0 to 128
[  295.806404][T23082] program syz.7.5997 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  295.861197][T23088] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  295.867807][T23088] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  295.875265][T23088] vhci_hcd vhci_hcd.0: Device attached
[  295.882188][T23089] vhci_hcd: connection closed
[  295.882368][  T350] vhci_hcd: stop threads
[  295.891356][  T350] vhci_hcd: release socket
[  295.895808][  T350] vhci_hcd: disconnect device
[  296.286515][T23139] FAULT_INJECTION: forcing a failure.
[  296.286515][T23139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.299657][T23139] CPU: 1 UID: 0 PID: 23139 Comm: syz.2.6020 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  296.299753][T23139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.299825][T23139] Call Trace:
[  296.299834][T23139]  <TASK>
[  296.299845][T23139]  __dump_stack+0x1d/0x30
[  296.299872][T23139]  dump_stack_lvl+0xe8/0x140
[  296.299896][T23139]  dump_stack+0x15/0x1b
[  296.299916][T23139]  should_fail_ex+0x265/0x280
[  296.299952][T23139]  should_fail+0xb/0x20
[  296.300054][T23139]  should_fail_usercopy+0x1a/0x20
[  296.300073][T23139]  strncpy_from_user+0x25/0x230
[  296.300171][T23139]  ? kmem_cache_alloc_noprof+0x186/0x310
[  296.300207][T23139]  ? getname_flags+0x80/0x3b0
[  296.300294][T23139]  getname_flags+0xae/0x3b0
[  296.300403][T23139]  __x64_sys_linkat+0x66/0xa0
[  296.300427][T23139]  x64_sys_call+0x28fb/0x2ff0
[  296.300464][T23139]  do_syscall_64+0xd2/0x200
[  296.300487][T23139]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  296.300514][T23139]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  296.300554][T23139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.300583][T23139] RIP: 0033:0x7fc253c5eb69
[  296.300602][T23139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.300622][T23139] RSP: 002b:00007fc2522bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000109
[  296.300766][T23139] RAX: ffffffffffffffda RBX: 00007fc253e85fa0 RCX: 00007fc253c5eb69
[  296.300779][T23139] RDX: ffffffffffffffff RSI: 0000200000000040 RDI: ffffffffffffffff
[  296.300791][T23139] RBP: 00007fc2522bf090 R08: 0000000000001000 R09: 0000000000000000
[  296.300803][T23139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.300815][T23139] R13: 0000000000000000 R14: 00007fc253e85fa0 R15: 00007ffed792a568
[  296.300891][T23139]  </TASK>
[  296.633176][T23148] loop2: detected capacity change from 0 to 1024
[  296.645299][T23148] ext4: Unknown parameter 'uid<00000000000000000000'
[  296.656953][T23164] loop7: detected capacity change from 0 to 512
[  296.700212][T23164] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.6031: casefold flag without casefold feature
[  296.713121][T23141] FAULT_INJECTION: forcing a failure.
[  296.713121][T23141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.726200][T23141] CPU: 0 UID: 0 PID: 23141 Comm: syz.8.6022 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  296.726271][T23141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.726286][T23141] Call Trace:
[  296.726294][T23141]  <TASK>
[  296.726304][T23141]  __dump_stack+0x1d/0x30
[  296.726354][T23141]  dump_stack_lvl+0xe8/0x140
[  296.726387][T23141]  dump_stack+0x15/0x1b
[  296.726482][T23141]  should_fail_ex+0x265/0x280
[  296.726561][T23141]  should_fail+0xb/0x20
[  296.726599][T23141]  should_fail_usercopy+0x1a/0x20
[  296.726742][T23141]  _copy_to_user+0x20/0xa0
[  296.726772][T23141]  simple_read_from_buffer+0xb5/0x130
[  296.726855][T23141]  proc_fail_nth_read+0x10e/0x150
[  296.726884][T23141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  296.726909][T23141]  vfs_read+0x1a0/0x6f0
[  296.726959][T23141]  ? __rcu_read_unlock+0x4f/0x70
[  296.726985][T23141]  ? __rcu_read_unlock+0x4f/0x70
[  296.727006][T23141]  ? __fget_files+0x184/0x1c0
[  296.727032][T23141]  ksys_read+0xda/0x1a0
[  296.727119][T23141]  __x64_sys_read+0x40/0x50
[  296.727140][T23141]  x64_sys_call+0x27bc/0x2ff0
[  296.727174][T23141]  do_syscall_64+0xd2/0x200
[  296.727204][T23141]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  296.727235][T23141]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  296.727263][T23141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.727299][T23141] RIP: 0033:0x7f228c80d57c
[  296.727314][T23141] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  296.727334][T23141] RSP: 002b:00007f228ae77030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  296.727352][T23141] RAX: ffffffffffffffda RBX: 00007f228ca35fa0 RCX: 00007f228c80d57c
[  296.727364][T23141] RDX: 000000000000000f RSI: 00007f228ae770a0 RDI: 0000000000000006
[  296.727376][T23141] RBP: 00007f228ae77090 R08: 0000000000000000 R09: 0000000000000000
[  296.727460][T23141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.727474][T23141] R13: 0000000000000000 R14: 00007f228ca35fa0 R15: 00007fff294c6608
[  296.727566][T23141]  </TASK>
[  296.952181][T23164] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.6031: couldn't read orphan inode 15 (err -117)
[  296.965618][T23164] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.158279][T23190] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6041'.
[  297.158467][T23179] SELinux:  policydb magic number 0x72666c65 does not match expected magic number 0xf97cff8c
[  297.167296][T23190] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6041'.
[  297.182104][T23179] SELinux: failed to load policy
[  297.216968][T23192] loop6: detected capacity change from 0 to 512
[  297.247740][T23192] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  297.301240][T23192] EXT4-fs (loop6): orphan cleanup on readonly fs
[  297.368826][T23192] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  297.415953][T23192] EXT4-fs (loop6): Cannot turn on quotas: error -117
[  297.444346][T23192] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.6041: bg 0: block 40: padding at end of block bitmap is not set
[  297.503807][T23192] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  297.523832][T23192] EXT4-fs (loop6): 1 truncate cleaned up
[  297.533450][T23206] netlink: 96 bytes leftover after parsing attributes in process `syz.4.6046'.
[  297.542980][T23192] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  297.678415][T20303] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.729453][T23212] cgroup2: Unknown parameter 'pids_levents'
[  297.768221][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.866543][T23226] hub 6-0:1.0: USB hub found
[  297.871441][T23226] hub 6-0:1.0: 8 ports detected
[  297.919719][T23233] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6058'.
[  297.932098][T23235] FAULT_INJECTION: forcing a failure.
[  297.932098][T23235] name failslab, interval 1, probability 0, space 0, times 0
[  297.944817][T23235] CPU: 1 UID: 0 PID: 23235 Comm: syz.8.6059 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  297.944852][T23235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  297.944867][T23235] Call Trace:
[  297.944874][T23235]  <TASK>
[  297.944884][T23235]  __dump_stack+0x1d/0x30
[  297.944909][T23235]  dump_stack_lvl+0xe8/0x140
[  297.945006][T23235]  dump_stack+0x15/0x1b
[  297.945025][T23235]  should_fail_ex+0x265/0x280
[  297.945062][T23235]  should_failslab+0x8c/0xb0
[  297.945086][T23235]  kmem_cache_alloc_noprof+0x50/0x310
[  297.945182][T23235]  ? prepare_creds+0x37/0x4c0
[  297.945206][T23235]  prepare_creds+0x37/0x4c0
[  297.945271][T23235]  copy_creds+0x8f/0x3f0
[  297.945313][T23235]  copy_process+0x658/0x2000
[  297.945342][T23235]  ? kstrtouint+0x76/0xc0
[  297.945378][T23235]  ? __rcu_read_unlock+0x4f/0x70
[  297.945406][T23235]  kernel_clone+0x16c/0x5c0
[  297.945461][T23235]  ? vfs_write+0x75e/0x8e0
[  297.945484][T23235]  __x64_sys_clone+0xe6/0x120
[  297.945525][T23235]  x64_sys_call+0x119c/0x2ff0
[  297.945556][T23235]  do_syscall_64+0xd2/0x200
[  297.945666][T23235]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  297.945697][T23235]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  297.945723][T23235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.945776][T23235] RIP: 0033:0x7f228c80eb69
[  297.945795][T23235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.945813][T23235] RSP: 002b:00007f228ae76fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  297.945833][T23235] RAX: ffffffffffffffda RBX: 00007f228ca35fa0 RCX: 00007f228c80eb69
[  297.945926][T23235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000042164000
[  297.945938][T23235] RBP: 00007f228ae77090 R08: 0000000000000000 R09: 0000000000000000
[  297.945950][T23235] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  297.945966][T23235] R13: 0000000000000000 R14: 00007f228ca35fa0 R15: 00007fff294c6608
[  297.945991][T23235]  </TASK>
[  298.257049][T23244] loop7: detected capacity change from 0 to 1024
[  298.275249][T23244] EXT4-fs: Ignoring removed orlov option
[  298.320717][T23244] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.367296][T23255] loop6: detected capacity change from 0 to 512
[  298.818184][T23265] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6069'.
[  299.029134][T23270] loop4: detected capacity change from 0 to 512
[  299.039745][T23255] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  299.064494][T23255] EXT4-fs (loop6): mount failed
[  299.185901][T23274] FAULT_INJECTION: forcing a failure.
[  299.185901][T23274] name failslab, interval 1, probability 0, space 0, times 0
[  299.198697][T23274] CPU: 1 UID: 0 PID: 23274 Comm: syz.6.6072 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  299.198728][T23274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  299.198745][T23274] Call Trace:
[  299.198754][T23274]  <TASK>
[  299.198764][T23274]  __dump_stack+0x1d/0x30
[  299.198790][T23274]  dump_stack_lvl+0xe8/0x140
[  299.198854][T23274]  dump_stack+0x15/0x1b
[  299.198875][T23274]  should_fail_ex+0x265/0x280
[  299.198970][T23274]  should_failslab+0x8c/0xb0
[  299.198998][T23274]  kmem_cache_alloc_noprof+0x50/0x310
[  299.199030][T23274]  ? skb_clone+0x151/0x1f0
[  299.199055][T23274]  skb_clone+0x151/0x1f0
[  299.199137][T23274]  __netlink_deliver_tap+0x2c9/0x500
[  299.199199][T23274]  netlink_unicast+0x66b/0x690
[  299.199238][T23274]  netlink_sendmsg+0x58b/0x6b0
[  299.199339][T23274]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.199370][T23274]  __sock_sendmsg+0x142/0x180
[  299.199498][T23274]  ____sys_sendmsg+0x31e/0x4e0
[  299.199594][T23274]  ___sys_sendmsg+0x17b/0x1d0
[  299.199638][T23274]  __x64_sys_sendmsg+0xd4/0x160
[  299.199683][T23274]  x64_sys_call+0x191e/0x2ff0
[  299.199748][T23274]  do_syscall_64+0xd2/0x200
[  299.199775][T23274]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  299.199798][T23274]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  299.199823][T23274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.199843][T23274] RIP: 0033:0x7fba0f90eb69
[  299.199858][T23274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.199916][T23274] RSP: 002b:00007fba0df77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  299.199934][T23274] RAX: ffffffffffffffda RBX: 00007fba0fb35fa0 RCX: 00007fba0f90eb69
[  299.199946][T23274] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  299.199958][T23274] RBP: 00007fba0df77090 R08: 0000000000000000 R09: 0000000000000000
[  299.199969][T23274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.199981][T23274] R13: 0000000000000000 R14: 00007fba0fb35fa0 R15: 00007ffe52ffcd38
[  299.200003][T23274]  </TASK>
[  299.413409][T23276] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6073'.
[  299.413677][T23270] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  299.448964][T23270] EXT4-fs (loop4): mount failed
[  299.477511][T23282] loop6: detected capacity change from 0 to 2048
[  299.485089][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.510607][T23282] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 not in group (block 21474836482)!
[  299.521739][T23282] EXT4-fs (loop6): group descriptors corrupted!
[  299.599902][T23294] FAULT_INJECTION: forcing a failure.
[  299.599902][T23294] name failslab, interval 1, probability 0, space 0, times 0
[  299.612742][T23294] CPU: 0 UID: 0 PID: 23294 Comm: syz.7.6076 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  299.612777][T23294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  299.612794][T23294] Call Trace:
[  299.612801][T23294]  <TASK>
[  299.612809][T23294]  __dump_stack+0x1d/0x30
[  299.612831][T23294]  dump_stack_lvl+0xe8/0x140
[  299.612912][T23294]  dump_stack+0x15/0x1b
[  299.612928][T23294]  should_fail_ex+0x265/0x280
[  299.612965][T23294]  ? futex_lock_pi+0x6ec/0x780
[  299.612997][T23294]  should_failslab+0x8c/0xb0
[  299.613057][T23294]  __kmalloc_cache_noprof+0x4c/0x320
[  299.613140][T23294]  futex_lock_pi+0x6ec/0x780
[  299.613169][T23294]  ? _parse_integer_limit+0x170/0x190
[  299.613283][T23294]  ? __pfx_futex_wake_mark+0x10/0x10
[  299.613322][T23294]  do_futex+0x21f/0x380
[  299.613424][T23294]  __se_sys_futex+0x2ed/0x360
[  299.613454][T23294]  __x64_sys_futex+0x78/0x90
[  299.613478][T23294]  x64_sys_call+0x2e39/0x2ff0
[  299.613507][T23294]  do_syscall_64+0xd2/0x200
[  299.613538][T23294]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  299.613620][T23294]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  299.613641][T23294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.613662][T23294] RIP: 0033:0x7f83be29eb69
[  299.613762][T23294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.613787][T23294] RSP: 002b:00007f83bc8de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  299.613811][T23294] RAX: ffffffffffffffda RBX: 00007f83be4c6080 RCX: 00007f83be29eb69
[  299.613828][T23294] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 000020000000cffc
[  299.613842][T23294] RBP: 00007f83bc8de090 R08: 0000000000000000 R09: 0000000000000003
[  299.613854][T23294] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.613866][T23294] R13: 0000000000000001 R14: 00007f83be4c6080 R15: 00007ffdfa5cca58
[  299.613898][T23294]  </TASK>
[  299.854916][T23296] program syz.8.6081 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  299.895924][T23303] netlink: 'syz.8.6084': attribute type 1 has an invalid length.
[  299.932598][T23304] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6084'.
[  299.974724][T23306] loop4: detected capacity change from 0 to 512
[  300.130883][T23306] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  300.200622][T23322] program syz.8.6090 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  300.241620][T23306] EXT4-fs (loop4): mount failed
[  300.321143][   T29] kauditd_printk_skb: 192 callbacks suppressed
[  300.321158][   T29] audit: type=1326 audit(1051452.001:13160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.350943][T23326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6092'.
[  300.371952][   T29] audit: type=1326 audit(1051452.061:13161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.395322][   T29] audit: type=1326 audit(1051452.061:13162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.418671][   T29] audit: type=1326 audit(1051452.061:13163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.471756][T23334] 9pnet_fd: Insufficient options for proto=fd
[  300.509575][T23331] loop6: detected capacity change from 0 to 512
[  300.574161][   T29] audit: type=1326 audit(1051452.141:13164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.597620][   T29] audit: type=1326 audit(1051452.141:13165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.620977][   T29] audit: type=1326 audit(1051452.141:13166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23328 comm="syz.8.6094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  300.649885][T23345] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6099'.
[  300.725890][T23345] loop8: detected capacity change from 0 to 512
[  300.752843][T23345] EXT4-fs (loop8): revision level too high, forcing read-only mode
[  300.760983][T23345] EXT4-fs (loop8): orphan cleanup on readonly fs
[  300.767558][T23340] netlink: 'syz.4.6097': attribute type 3 has an invalid length.
[  300.775317][T23340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6097'.
[  300.801370][   T29] audit: type=1326 audit(1051452.431:13167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23349 comm="syz.2.6101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  300.816983][T23345] Quota error (device loop8): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  300.824726][   T29] audit: type=1326 audit(1051452.431:13168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23349 comm="syz.2.6101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc253c5eb69 code=0x7ffc0000
[  300.862829][T23331] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  300.869336][T23331] EXT4-fs (loop6): mount failed
[  300.902662][T23345] EXT4-fs warning (device loop8): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  300.969019][T23345] EXT4-fs (loop8): Cannot turn on quotas: error -117
[  300.986492][T23345] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.6099: bg 0: block 40: padding at end of block bitmap is not set
[  301.035113][T23345] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  301.076229][T23345] EXT4-fs (loop8): 1 truncate cleaned up
[  301.095031][T23345] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  301.247320][T17042] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.256583][T23361] loop2: detected capacity change from 0 to 128
[  301.552489][T23380] loop7: detected capacity change from 0 to 512
[  301.586835][T23380] EXT4-fs (loop7): corrupt root inode, run e2fsck
[  301.603675][T23380] EXT4-fs (loop7): mount failed
[  301.689668][T23379] loop8: detected capacity change from 0 to 128
[  301.805006][T23386] loop7: detected capacity change from 0 to 2048
[  301.839706][T23386] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 not in group (block 21474836482)!
[  301.850828][T23386] EXT4-fs (loop7): group descriptors corrupted!
[  301.976492][T23397] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6116'.
[  302.006692][T23397] loop7: detected capacity change from 0 to 512
[  302.041848][T23397] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  302.064922][T23397] EXT4-fs (loop7): orphan cleanup on readonly fs
[  302.089840][T23397] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  302.148098][T23397] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  302.175754][T23397] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6116: bg 0: block 40: padding at end of block bitmap is not set
[  302.202835][T23397] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  302.213332][T23397] EXT4-fs (loop7): 1 truncate cleaned up
[  302.219504][T23397] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  302.302794][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.305322][T23407] loop6: detected capacity change from 0 to 8192
[  302.433604][T23417] loop2: detected capacity change from 0 to 512
[  302.523921][T23417] EXT4-fs (loop2): corrupt root inode, run e2fsck
[  302.691079][T23417] EXT4-fs (loop2): mount failed
[  302.765880][T23429] loop8: detected capacity change from 0 to 2048
[  302.799646][T23429] EXT4-fs (loop8): ext4_check_descriptors: Block bitmap for group 0 not in group (block 21474836482)!
[  302.810695][T23429] EXT4-fs (loop8): group descriptors corrupted!
[  302.970895][T23440] program syz.4.6131 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  303.040043][T23442] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6133'.
[  303.068405][T23442] loop7: detected capacity change from 0 to 512
[  303.116715][T23442] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  303.141531][T23442] EXT4-fs (loop7): orphan cleanup on readonly fs
[  303.158607][T23442] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  303.292406][T23442] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  303.311544][T23442] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6133: bg 0: block 40: padding at end of block bitmap is not set
[  303.359035][T23471] loop8: detected capacity change from 0 to 512
[  303.382074][T23474] program syz.6.6146 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  303.412248][T23442] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  303.438015][T23442] EXT4-fs (loop7): 1 truncate cleaned up
[  303.461663][T23479] loop4: detected capacity change from 0 to 2048
[  303.469212][T23442] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  303.481891][T23479] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 21474836482)!
[  303.492949][T23479] EXT4-fs (loop4): group descriptors corrupted!
[  303.518812][T23471] EXT4-fs (loop8): corrupt root inode, run e2fsck
[  303.586081][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.616541][T23471] EXT4-fs (loop8): mount failed
[  303.771301][T23502] program syz.6.6156 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  303.881282][T23512] netlink: 192 bytes leftover after parsing attributes in process `syz.8.6160'.
[  303.924742][T23512] 9pnet_fd: Insufficient options for proto=fd
[  303.956542][T23512] netlink: 'syz.8.6160': attribute type 3 has an invalid length.
[  303.969750][T23512] 9pnet_fd: Insufficient options for proto=fd
[  303.983116][T23521] loop7: detected capacity change from 0 to 128
[  304.031171][T23521] EXT4-fs: Ignoring removed nobh option
[  304.050842][T23530] program syz.8.6168 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  304.058709][T23521] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  304.127547][T16365] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  304.225156][T23540] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6171'.
[  304.277319][T23535] loop8: detected capacity change from 0 to 128
[  304.646438][T23558] loop7: detected capacity change from 0 to 1024
[  304.653340][T23558] EXT4-fs: Ignoring removed orlov option
[  304.663943][T23558] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  305.005502][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.085010][T23566] program syz.7.6180 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  305.104553][T23569] loop8: detected capacity change from 0 to 512
[  305.151653][T23569] EXT4-fs (loop8): corrupt root inode, run e2fsck
[  305.186441][T23569] EXT4-fs (loop8): mount failed
[  305.356202][T23588] loop4: detected capacity change from 0 to 1024
[  305.381405][T23588] EXT4-fs: Ignoring removed orlov option
[  305.411250][T23588] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  305.463909][T23599] program syz.6.6195 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  305.484101][T23596] loop7: detected capacity change from 0 to 512
[  305.560653][T23596] EXT4-fs (loop7): corrupt root inode, run e2fsck
[  305.573957][T23596] EXT4-fs (loop7): mount failed
[  305.606421][   T29] kauditd_printk_skb: 307 callbacks suppressed
[  305.606436][   T29] audit: type=1326 audit(1051457.292:13474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.644673][T23609] loop6: detected capacity change from 0 to 512
[  305.695452][   T29] audit: type=1326 audit(1051457.332:13475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.718896][   T29] audit: type=1326 audit(1051457.352:13476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.742239][   T29] audit: type=1326 audit(1051457.352:13477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.765607][   T29] audit: type=1326 audit(1051457.352:13478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.788945][   T29] audit: type=1326 audit(1051457.382:13479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.812330][   T29] audit: type=1326 audit(1051457.382:13480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.835723][   T29] audit: type=1326 audit(1051457.382:13481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.859057][   T29] audit: type=1326 audit(1051457.382:13482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f228c80eb69 code=0x7ffc0000
[  305.882489][   T29] audit: type=1326 audit(1051457.382:13483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23606 comm="syz.8.6197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f228c80d4d0 code=0x7ffc0000
[  305.908961][T18283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.941637][T23609] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  305.954950][T23609] EXT4-fs (loop6): mount failed
[  305.970674][T23619] bridge0: port 3(gretap0) entered blocking state
[  305.977291][T23619] bridge0: port 3(gretap0) entered disabled state
[  306.070634][T23619] gretap0: entered allmulticast mode
[  306.085065][T23619] gretap0: entered promiscuous mode
[  306.104678][T23619] bridge0: port 3(gretap0) entered blocking state
[  306.111226][T23619] bridge0: port 3(gretap0) entered forwarding state
[  306.136486][T23640] loop2: detected capacity change from 0 to 512
[  306.193216][T23640] EXT4-fs (loop2): corrupt root inode, run e2fsck
[  306.207361][T23640] EXT4-fs (loop2): mount failed
[  306.245719][T23650] program syz.7.6212 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  306.374697][T23657] loop7: detected capacity change from 0 to 2048
[  306.402869][T23657] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 not in group (block 21474836482)!
[  306.414086][T23657] EXT4-fs (loop7): group descriptors corrupted!
[  306.516433][T23670] loop2: detected capacity change from 0 to 128
[  306.530097][T23672] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6222'.
[  306.551048][T23670] EXT4-fs: Ignoring removed nobh option
[  306.591310][T23670] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  306.755394][T23670] syzkaller0: entered promiscuous mode
[  306.760954][T23670] syzkaller0: entered allmulticast mode
[  307.324525][T20862] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  307.382638][T23702] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6234'.
[  307.423434][T23703] loop7: detected capacity change from 0 to 512
[  307.480293][T23708] program syz.2.6233 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  307.517095][T23703] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  307.670811][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.961816][T23728] program syz.7.6243 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  308.051384][T23735] loop7: detected capacity change from 0 to 512
[  308.063374][T23735] EXT4-fs (loop7): corrupt root inode, run e2fsck
[  308.069888][T23735] EXT4-fs (loop7): mount failed
[  308.074997][T23724] loop6: detected capacity change from 0 to 128
[  308.427373][T23749] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6251'.
[  308.449390][T23749] loop8: detected capacity change from 0 to 1024
[  308.469843][T23749] EXT4-fs: inline encryption not supported
[  308.475757][T23749] EXT4-fs: Ignoring removed i_version option
[  308.484148][T23749] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  308.497679][T23749] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 2: comm syz.8.6251: lblock 2 mapped to illegal pblock 2 (length 1)
[  308.514297][T23749] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 48: comm syz.8.6251: lblock 0 mapped to illegal pblock 48 (length 1)
[  308.558310][T23749] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.6251: Failed to acquire dquot type 0
[  308.570181][T23749] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  308.592495][T23749] EXT4-fs error (device loop8): ext4_evict_inode:254: inode #11: comm syz.8.6251: mark_inode_dirty error
[  308.608963][T23762] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6256'.
[  308.616169][T23749] EXT4-fs warning (device loop8): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  308.618028][T23762] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6256'.
[  308.629587][T23749] EXT4-fs (loop8): 1 orphan inode deleted
[  308.643103][ T3446] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  308.651505][T23749] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  308.657449][ T3446] EXT4-fs error (device loop8): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  308.679913][T23764] loop7: detected capacity change from 0 to 512
[  308.689369][T23749] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.690683][T23765] loop2: detected capacity change from 0 to 1024
[  308.706473][T23765] EXT4-fs: Ignoring removed orlov option
[  308.707513][T23749] EXT4-fs error (device loop8): __ext4_get_inode_loc:4861: comm syz.8.6251: Invalid inode table block 1 in block_group 0
[  308.712924][T23764] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  308.727466][T23765] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.746005][T23749] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  308.746201][T23764] EXT4-fs (loop7): orphan cleanup on readonly fs
[  308.762038][T23749] EXT4-fs error (device loop8): ext4_quota_off:7217: inode #3: comm syz.8.6251: mark_inode_dirty error
[  308.774365][T23764] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  308.809136][T23749] netlink: 68 bytes leftover after parsing attributes in process `syz.8.6251'.
[  308.818903][T23764] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  308.840584][T23764] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6256: bg 0: block 40: padding at end of block bitmap is not set
[  308.867778][T23772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.886850][T23764] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  308.896773][T23772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.899892][T23764] EXT4-fs (loop7): 1 truncate cleaned up
[  308.920190][T23764] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  308.936163][T23772] loop4: detected capacity change from 0 to 512
[  308.963164][T23772] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  308.977911][T23780] FAULT_INJECTION: forcing a failure.
[  308.977911][T23780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  308.991151][T23780] CPU: 1 UID: 0 PID: 23780 Comm: syz.6.6263 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  308.991247][T23780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  308.991261][T23780] Call Trace:
[  308.991268][T23780]  <TASK>
[  308.991335][T23780]  __dump_stack+0x1d/0x30
[  308.991356][T23780]  dump_stack_lvl+0xe8/0x140
[  308.991375][T23780]  dump_stack+0x15/0x1b
[  308.991390][T23780]  should_fail_ex+0x265/0x280
[  308.991457][T23780]  should_fail+0xb/0x20
[  308.991492][T23780]  should_fail_usercopy+0x1a/0x20
[  308.991516][T23780]  _copy_from_user+0x1c/0xb0
[  308.991584][T23780]  ethtool_set_per_queue+0x4c/0x100
[  308.991635][T23780]  dev_ethtool+0x1547/0x1660
[  308.991659][T23780]  ? full_name_hash+0x92/0xe0
[  308.991701][T23780]  dev_ioctl+0x2e0/0x960
[  308.991780][T23780]  sock_do_ioctl+0x197/0x220
[  308.991814][T23780]  sock_ioctl+0x41b/0x610
[  308.991843][T23780]  ? __pfx_sock_ioctl+0x10/0x10
[  308.991921][T23780]  __se_sys_ioctl+0xcb/0x140
[  308.991991][T23780]  __x64_sys_ioctl+0x43/0x50
[  308.992039][T23780]  x64_sys_call+0x1816/0x2ff0
[  308.992064][T23780]  do_syscall_64+0xd2/0x200
[  308.992124][T23780]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  308.992152][T23780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.992208][T23780] RIP: 0033:0x7fba0f90eb69
[  308.992225][T23780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.992243][T23780] RSP: 002b:00007fba0df77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  308.992291][T23780] RAX: ffffffffffffffda RBX: 00007fba0fb35fa0 RCX: 00007fba0f90eb69
[  308.992307][T23780] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000038
[  308.992396][T23780] RBP: 00007fba0df77090 R08: 0000000000000000 R09: 0000000000000000
[  308.992411][T23780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.992427][T23780] R13: 0000000000000000 R14: 00007fba0fb35fa0 R15: 00007ffe52ffcd38
[  308.992451][T23780]  </TASK>
[  309.013601][T23772] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  309.204668][T23785] program syz.8.6265 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  309.224271][T23772] EXT4-fs (loop4): 1 truncate cleaned up
[  309.230448][T23772] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.248632][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.292950][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.410059][T23803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6274'.
[  309.439164][T23803] loop2: detected capacity change from 0 to 1024
[  309.445843][T23803] EXT4-fs: inline encryption not supported
[  309.451728][T23803] EXT4-fs: Ignoring removed i_version option
[  309.459630][T23803] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  309.473723][T23803] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.6274: lblock 2 mapped to illegal pblock 2 (length 1)
[  309.493699][T23808] loop8: detected capacity change from 0 to 2364
[  309.559038][T23803] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.6274: lblock 0 mapped to illegal pblock 48 (length 1)
[  309.609683][T23808] loop8: detected capacity change from 0 to 512
[  309.635285][T23803] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.6274: Failed to acquire dquot type 0
[  309.654909][T23808] EXT4-fs (loop8): Cannot turn on journaled quota: type 0: error -2
[  309.665743][T23813] hub 6-0:1.0: USB hub found
[  309.680046][T23813] hub 6-0:1.0: 8 ports detected
[  309.685094][T23808] EXT4-fs (loop8): Cannot turn on journaled quota: type 1: error -2
[  309.702121][T23803] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  309.724967][T23803] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.6274: mark_inode_dirty error
[  309.740845][T23808] EXT4-fs (loop8): 1 truncate cleaned up
[  309.762990][T23808] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.792289][T23803] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  309.830198][T23803] EXT4-fs (loop2): 1 orphan inode deleted
[  309.846350][T23803] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  309.872061][  T579] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  309.893817][  T579] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0
[  309.910318][T18283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.920351][T23803] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.934505][T23803] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz.2.6274: Invalid inode table block 1 in block_group 0
[  309.956951][T23808] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  309.965491][T23803] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  309.988041][T23803] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz.2.6274: mark_inode_dirty error
[  310.095569][T23836] loop6: detected capacity change from 0 to 512
[  310.135532][T23836] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  310.200878][T23836] EXT4-fs (loop6): mount failed
[  310.273397][T23843] hub 6-0:1.0: USB hub found
[  310.279799][T23843] hub 6-0:1.0: 8 ports detected
[  310.306036][T17042] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.371701][T23854] loop8: detected capacity change from 0 to 2048
[  310.391200][T23854] EXT4-fs (loop8): ext4_check_descriptors: Block bitmap for group 0 not in group (block 21474836482)!
[  310.402221][T23854] EXT4-fs (loop8): group descriptors corrupted!
[  310.411255][T23856] SELinux: ebitmap: map size 149 does not match my size 64 (high bit was 0)
[  310.421843][T23856] SELinux: failed to load policy
[  310.441596][T23856] netlink: '+}[@': attribute type 13 has an invalid length.
[  310.535266][T23860] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(3)
[  310.541827][T23860] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  310.549378][T23860] vhci_hcd vhci_hcd.0: Device attached
[  310.561641][T23858] loop7: detected capacity change from 0 to 8192
[  310.578901][T23861] vhci_hcd: connection closed
[  310.579075][   T12] vhci_hcd: stop threads
[  310.583925][   T12] vhci_hcd: release socket
[  310.592581][   T12] vhci_hcd: disconnect device
[  310.597681][T23856] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  310.731125][T23870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6301'.
[  310.759271][T23870] loop2: detected capacity change from 0 to 1024
[  310.780222][T23870] EXT4-fs: inline encryption not supported
[  310.786081][T23870] EXT4-fs: Ignoring removed i_version option
[  310.794471][T23870] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  310.816826][T23870] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.6301: lblock 2 mapped to illegal pblock 2 (length 1)
[  310.839946][T23870] __quota_error: 387 callbacks suppressed
[  310.839966][T23870] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  310.866980][   T29] audit: type=1326 audit(1051462.553:13864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  310.892084][T23870] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.6301: lblock 0 mapped to illegal pblock 48 (length 1)
[  310.906652][   T29] audit: type=1326 audit(1051462.583:13865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  310.930454][   T29] audit: type=1326 audit(1051462.583:13866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  310.953856][   T29] audit: type=1326 audit(1051462.583:13867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  310.959770][T23870] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  310.977382][   T29] audit: type=1326 audit(1051462.583:13868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  310.986555][T23870] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.6301: Failed to acquire dquot type 0
[  311.009854][   T29] audit: type=1326 audit(1051462.583:13869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  311.044367][   T29] audit: type=1326 audit(1051462.583:13870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  311.067981][   T29] audit: type=1326 audit(1051462.583:13871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23873 comm="syz.6.6302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0f90eb69 code=0x7ffc0000
[  311.160738][T23870] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  311.171369][T23880] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6305'.
[  311.180321][T23880] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6305'.
[  311.200053][T23870] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.6301: mark_inode_dirty error
[  311.216521][T23880] loop6: detected capacity change from 0 to 512
[  311.238652][T23870] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  311.275703][T23884] loop8: detected capacity change from 0 to 1024
[  311.282561][T23880] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  311.282568][T23870] EXT4-fs (loop2): 1 orphan inode deleted
[  311.283040][T23870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.290969][T23884] EXT4-fs: Ignoring removed orlov option
[  311.299866][ T2570] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1)
[  311.328517][T23880] EXT4-fs (loop6): orphan cleanup on readonly fs
[  311.336848][T23880] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  311.355618][ T2570] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[  311.362665][T23884] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.367570][T23880] EXT4-fs (loop6): Cannot turn on quotas: error -117
[  311.398878][T23880] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.6305: bg 0: block 40: padding at end of block bitmap is not set
[  311.401515][T23870] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.437961][T23870] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz.2.6301: Invalid inode table block 1 in block_group 0
[  311.450685][T23880] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  311.452773][T23880] EXT4-fs (loop6): 1 truncate cleaned up
[  311.465658][T23880] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  311.493433][T23870] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  311.521220][T23870] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz.2.6301: mark_inode_dirty error
[  311.532798][T20303] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.589424][T23894] program syz.6.6309 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  311.600330][T23895] 9p: Unknown Cache mode or invalid value non
[  311.607593][T23897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6311'.
[  311.616742][T23897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6311'.
[  311.630965][T23897] loop2: detected capacity change from 0 to 512
[  311.650630][T23897] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  311.664096][T23897] EXT4-fs (loop2): orphan cleanup on readonly fs
[  311.671313][T23897] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  311.686909][T23897] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  311.696187][T23897] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6311: bg 0: block 40: padding at end of block bitmap is not set
[  311.711681][T23897] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  311.720826][T23897] EXT4-fs (loop2): 1 truncate cleaned up
[  311.726992][T23897] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  311.831611][T23912] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6317'.
[  311.834447][T23907] loop4: detected capacity change from 0 to 512
[  311.853555][T20862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.871153][T23907] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  311.877658][T23907] EXT4-fs (loop4): mount failed
[  311.884958][T23909] gretap0: left allmulticast mode
[  311.890065][T23909] gretap0: left promiscuous mode
[  311.895241][T23909] bridge0: port 3(gretap0) entered disabled state
[  311.906243][T23919] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6319'.
[  311.915375][T23919] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6319'.
[  311.950766][T23909] bridge_slave_0: left allmulticast mode
[  311.956599][T23909] bridge_slave_0: left promiscuous mode
[  311.962421][T23909] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.974322][T23922] loop7: detected capacity change from 0 to 512
[  311.982383][T23909] bridge_slave_1: left allmulticast mode
[  311.982440][T17042] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.988063][T23909] bridge_slave_1: left promiscuous mode
[  312.002818][T23909] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.015448][T23909] bond0: (slave bond_slave_0): Releasing backup interface
[  312.026873][T23922] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  312.037014][T23909] bond0: (slave bond_slave_1): Releasing backup interface
[  312.053450][T23922] EXT4-fs (loop7): orphan cleanup on readonly fs
[  312.064126][T23922] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  312.081012][T23909] team0: Port device team_slave_0 removed
[  312.082357][T23922] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  312.095773][T23909] team0: Port device team_slave_1 removed
[  312.102891][T23909] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.110569][T23909] batman_adv: batadv0: Removing interface: batadv_slave_0
[  312.120009][T23909] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  312.122533][T23922] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6319: bg 0: block 40: padding at end of block bitmap is not set
[  312.127423][T23909] batman_adv: batadv0: Removing interface: batadv_slave_1
[  312.142553][T23922] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  312.172596][T23922] EXT4-fs (loop7): 1 truncate cleaned up
[  312.173124][T23922] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  312.268590][T23948] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6329'.
[  312.286274][T23950] program syz.4.6330 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  312.314645][T16365] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.325171][T16365] ==================================================================
[  312.333369][T16365] BUG: KCSAN: data-race in __lru_add_drain_all / folios_put_refs
[  312.341118][T16365] 
[  312.343462][T16365] write to 0xffff888237d25ea8 of 1 bytes by task 23953 on cpu 1:
[  312.348477][T23956] netlink: 'syz.4.6334': attribute type 6 has an invalid length.
[  312.351193][T16365]  folios_put_refs+0x285/0x2d0
[  312.351221][T16365]  folio_batch_move_lru+0x1fd/0x230
[  312.369001][T16365]  folio_add_lru+0x14a/0x1f0
[  312.373639][T16365]  folio_add_lru_vma+0x49/0x70
[  312.378434][T16365]  handle_mm_fault+0x281f/0x2c20
[  312.383406][T16365]  do_user_addr_fault+0x636/0x1090
[  312.388559][T16365]  exc_page_fault+0x62/0xa0
[  312.393081][T16365]  asm_exc_page_fault+0x26/0x30
[  312.397948][T16365] 
[  312.400278][T16365] read to 0xffff888237d25ea8 of 1 bytes by task 16365 on cpu 0:
[  312.407911][T16365]  __lru_add_drain_all+0x12b/0x3f0
[  312.413036][T16365]  lru_add_drain_all+0x10/0x20
[  312.417827][T16365]  invalidate_bdev+0x47/0x70
[  312.422438][T16365]  ext4_put_super+0x624/0x7d0
[  312.427142][T16365]  generic_shutdown_super+0xe3/0x210
[  312.432448][T16365]  kill_block_super+0x2a/0x70
[  312.437138][T16365]  ext4_kill_sb+0x42/0x80
[  312.441479][T16365]  deactivate_locked_super+0x75/0x1c0
[  312.446876][T16365]  deactivate_super+0x97/0xa0
[  312.451707][T16365]  cleanup_mnt+0x269/0x2e0
[  312.456154][T16365]  __cleanup_mnt+0x19/0x20
[  312.460592][T16365]  task_work_run+0x12e/0x1a0
[  312.465194][T16365]  exit_to_user_mode_loop+0xe4/0x100
[  312.470488][T16365]  do_syscall_64+0x1d6/0x200
[  312.475095][T16365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.481005][T16365] 
[  312.483326][T16365] value changed: 0x1f -> 0x00
[  312.487998][T16365] 
[  312.490321][T16365] Reported by Kernel Concurrency Sanitizer on:
[  312.496474][T16365] CPU: 0 UID: 0 PID: 16365 Comm: syz-executor Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[  312.508895][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  312.518964][T16365] ==================================================================