last executing test programs:

3m11.490711508s ago: executing program 3 (id=346):
r0 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x24)

3m11.489717918s ago: executing program 3 (id=348):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f0000000540)=@ethtool_gstrings={0x1b, 0x9}})

3m11.420699449s ago: executing program 3 (id=349):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Lu1cUB/CbgIRCJSKCgx0Eg0ujQhx0SAYrMWQxIlYcnAUHHQQHB0mJzr78A4pvIC5iZ0cxgijESTKKc0FxyZTS+hTa2qUtpvTH57OEe8+59+TyfQL/a/HwU7PZjIUQmom/f/r7s/xEsXdqbHomhFiYDyHkv/n610os6vjt1otoXYrWxUSmdnA7/nrWcdf3UE0dxaP6ZTyEH0IIS0/HyX/7Nr5857nr5MbmSmFrLbf4WFh/Hl4YyPds55d3Rw6z5dnu7Fz0YV3GWzM/VRs9uW+WXvbaB9uqtUbmJupLxz5nPv+tP+e/31WpVxqT/aerQ+nO+lV5J8r9Tf4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAnO89dJzc2Vwpba7nFx8L68/DCQL5nO7+8O3KYLc92Z+fi732X8dbMT9VGT+6bpZe99sG2aq2RuYn60rEPR7/78XP+Ei30bfhj/vtdlXqlMdl/ujqU7qxflXei3N8+5g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8JfyE8XeqbHpmRBiYT6EMB7vOP5lv5l4r8eivovotxTtFxOZ2sHt+OtZx13fQzV1NJUIIfG7e5eejpNftfIh/CM/BwAA//8514ZQ")
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000800)=<r1=>0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000840)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000940)=0xe8)
getresgid(&(0x7f0000000980), &(0x7f00000009c0)=<r3=>0x0, &(0x7f0000000a00))
sendmsg$unix(r0, &(0x7f0000000a80)={&(0x7f0000000600)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000007c0), 0x0, &(0x7f0000000a40)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r3}}}], 0x20, 0x20000000}, 0x40040)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b0000e0b6000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1)
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x1f4)
r7 = dup2(r6, r6)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f0000000280)={0x23cb800000000, 0x200})
r8 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
writev(r8, &(0x7f00000005c0)=[{0x0, 0x42}, {&(0x7f0000000740)='\a', 0x1}], 0x2)

3m11.183396533s ago: executing program 3 (id=350):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000740)='./file1\x00', 0x183042, 0x15)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000700), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x6)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r4, &(0x7f00000003c0)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r7, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000800)='rpcgss_upcall_msg\x00', 0xffffffffffffffff, 0x0, 0xba3}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000780)='qnx4\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c)

3m10.816866798s ago: executing program 3 (id=351):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
add_key(&(0x7f0000000080)='trusted\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0x0)
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)=<r1=>0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0xa, 0x300)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
timer_delete(r1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010101, @local}, @time_exceeded={0x80, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback}}}}}}, 0x0)

3m8.959703127s ago: executing program 3 (id=373):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)={@void, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@val={0x88a8, 0x2, 0x1}, {0x8100, 0x7, 0x1, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0xbc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2}, {0xa000, 0x86da, 0x8}}}}}}, 0x32)

3m8.888104588s ago: executing program 32 (id=373):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)={@void, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@val={0x88a8, 0x2, 0x1}, {0x8100, 0x7, 0x1, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0xbc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2}, {0xa000, 0x86da, 0x8}}}}}}, 0x32)

2m21.535674778s ago: executing program 5 (id=1148):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f0000000540)=@ethtool_gstrings={0x1b, 0x9}})

2m21.533358808s ago: executing program 5 (id=1149):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rename(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0/../file0/file0\x00')

2m21.483638969s ago: executing program 5 (id=1150):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0xa000000, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)

2m21.39126846s ago: executing program 5 (id=1153):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB="0000000000000000b708000000000000798af8ff00000e00000000000000000007020000f8ffffffb703f0ff07000000b7040000000000ceaa0000000100000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b000000000001000000197953225dc814f87744f8d0f0d0f173b15ec5e8418355fbc29ab3d6a79fd8c0af9cb10496bf108952b3c3c0bd7c48950fcc2910159c87560139c82f8f4b2299d13aee70038251d84cfc5174cc83b90ead56fbef1965b04dbcf17195fb8ad7bc57b80d403e05cf22bc5c664fbce9be7d6d55f0f5b1e728cff026046f260ed03ea58f099ffe3ae8cd69fd37d236b945214e6100"/166, @ANYRES32, @ANYRES64=r1, @ANYRES32=0x0, @ANYRESOCT=r1, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000cc0)={[{@noblock_validity}, {@jqfmt_vfsold}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@mblk_io_submit}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r4 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x8)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d000000180100002069"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f00000003c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_ext_load_extent\x00', r3}, 0x18)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0x260, 0x260, 0xe8, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xa)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xd0060, &(0x7f0000000040)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB=', ode=00000000000000002,\x00\x00\x00\x00\x00\x00\x00'])
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00')
lseek(r8, 0x10001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x0, 0x10, &(0x7f0000000500)=ANY=[@ANYRES16=r4, @ANYRES16=0x0, @ANYRES32=r0, @ANYBLOB, @ANYRESDEC=r6], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="02000000040000000800000001000000800000002bbce539e9cd880db8514aa44034a486f9a8cddeaf5b8fb40eedc8406cf56bc2e79a75cd1824b2f22265ee1b1ca103b5e9375ddc7864624b64444f", @ANYRES32=0x0, @ANYBLOB="0000000000000000000100140000000000000000de88793301a4a2a34480f9e8dd3cea4a808ddf78f6e595ac6c9aa5af4b19c2e709b83fa3be76bc0e59cf21cb28c003a394efc99ecb4afe6c16f297c34a1c1b14a228b810a349b904665ead8c0a1e40e72a04d2745063d544aed0a327fcf7e244f0107e2267d9dd0b52bdd949bcab15bd25f19c0813dacefd7dbdf42c34ffdfbc0f68c70b2f420d60ea98eede755a5bd7bce91170efad83894e7e04ab93c425f451fcda5deb6120f4a5ba5a0dc9b5c08f9d78a00a105b5e9934efed71bf05dc470b841bc8dae243f87aa22b22bd54c2e601ce47e67ae80a88b4c6dd4a5323d57a80bd7f1a8329b989b65edd9f2d80bb47271adbcd3817e3534c", @ANYRES8=r7, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0xdde6, r9, 0x1000000}, 0x38)
r10 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
r11 = fsmount(r10, 0x0, 0x0)
fchdir(r11)

2m20.709414961s ago: executing program 5 (id=1166):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, @perf_bp={0x0, 0x8}, 0x4010, 0x0, 0x0, 0x0, 0x3, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

2m19.708395046s ago: executing program 5 (id=1178):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
unshare(0x8000600)

2m19.708233136s ago: executing program 33 (id=1178):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
unshare(0x8000600)

1m43.377343677s ago: executing program 4 (id=1790):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
r2 = eventfd2(0x0, 0x0)
flistxattr(r2, 0x0, 0x0)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB, @ANYRES64, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x9a3a0cbebb922516, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x1010040, &(0x7f00000003c0)={[{@noquota}, {@debug}, {@jqfmt_vfsv0}, {@noauto_da_alloc}, {@resgid}]}, 0x3, 0x4d7, &(0x7f0000001480)="$eJzs3d9rW9cdAPDvle3YSZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYOwX61Of+lLocymU/AmlEGjfSyktoU3Shz60VZF01aSO/AtbVmJ9PnB8z/2h+/0em3uso3PRDaBjnY2I8YjoiogLETGQbs+kJdbrpXrc40d3p6oliUrl5qdJJOm2xrmSdHk8fVlfRPzpDxF/TZ6PW1pdm58sFPLL6XquvLCUK62uXZxbmJzNz+YXx0dHroxdHbs8Nrxvbb32u4/+84/Xfn/t7V/e/mDik/N/q6bVn+57th07sb7D4+pN76n9Lhq6I2J5N8FeYF1pe3ranQgAADtSfY///Yj4aUQ8+X+7swEAAABaofKb/vgyiagAAAAAh1amdg9sksmm9wL0RyaTzdbv4f1hHMsUiqXyL2aKK4vT9XtlB6MnMzNXyA+n9woPRk9SXR+p1Z+uX9qwPhoRJyPiXwNHa+vZqWJhut0ffgAAAECHOL5h/P/5QH38DwAAABwyg+1OAAAAAGg5438AAAA4/DYd/yfdB5sIAAAA0Ap/vH69WiqN519P31pdmS/eujidL81nF1amslPF5aXsbLE4W/vOvoXtzlcoFpd+FYsrd3LlfKmcK62uTSwUVxbLE7Xnek/kPScaAAAADt7Jn9x/P4mI9V8frZWqI+m+HYzVx1ubHdBKmd0dnrQqD+DgdbU7AaBt3OALnct8PLDNwP7fG9Z3+bEBAADwIhj60Z7m/80HwkvMQB46l/l/6Fzm/6Fzmf+HDte7/SF9m+14Z59zAQAAWqa/VpJMNp0L7I9MJpuNOFF7LEBPMjNXyA9HxPci4r2Bnt7q+ki7kwYAAAAAAAAAAAAAAAAAAAAAAACAl0ylkkQFAAAAONQiMh8n6YP8hwbO9W/8fOBI8sVAbRkRt1+5+d87k+Xy8kh1+2ffbi//L91+qbEFAAAAaKfGOL0xjgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/fT40d2pRjnIuA9/GxGDzeJ3R19t2ffmQEQce5JE9zOvSyKiax/ir9+LiFPN4ifVtGIwzWJj/ExEHG1z/OP7EB862f1q/zNevf56Nlx/mThbWza//rrTslcPz27W/2Ua/V+tn2vW/53Y+tR9jcrpB2/kNo1/L+J0d/P+pxE/2WP/+5c/r61ttq/yasTQNv9/qrFy5YWlXGl17eLcwuRsfja/ODo6cmXs6tjlseHczFwhn/5sGuOfP37r663af6xp/Hr/u1X7zz1/ut5mMb56cOfRD7aIf/5nzf/+p7aIX/3d/zz9P1DdP9Sor9frzzrz+rtntmr/9Cbt3+7vf36zk25w4cbfP9zhoQDAASitrs1PFgr55ZejElF/V/6i5KOispdKV8tD3Egv9F2/vL39EgAAsP+evulvdyYAAAAAAAAAAAAAAAAAAADQuVr+PWe93/1mgb72NRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEvfBAAA///DTM7p")
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000780)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000a00)="b77831ba5991c21ae9214bc4bf82066a336c77587a2421f98c794dd7f4553a974218a0dc6f61165e7f086c730b688c82eaf04f18fb92751740bb2aa1514002ce8427d1b24fb57335e8a9949c9c97401b3c3b510fe9969f8adfc3cf572c1d131555041b984db2263c22e60e34f27a8c1bd6e660ce9b1ebe81c7283e042f1c308021f604", 0x83}], 0x1, &(0x7f0000000c00)=ANY=[@ANYBLOB="1000000000000000010000000100000000000000000007000100000001000000", @ANYRES32=r4, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r3, @ANYRES32, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32, @ANYRES32], 0x70, 0x40801}, 0x20008980)
statx(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x1000, 0x80, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000540), 0x100)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r7}, 0x10)
r8 = signalfd(r7, &(0x7f0000000000)={[0xfe53]}, 0x8)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000200))
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x13f}}, 0x20)
stat(&(0x7f0000001c40)='./file0\x00', &(0x7f0000001c80))
r9 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff000000000"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0)
fchownat(r8, &(0x7f0000000080)='./file0\x00', r6, 0x0, 0x800)

1m43.13928685s ago: executing program 4 (id=1796):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=ANY=[@ANYBLOB="14000000530401000000ea03010000000000000000000000000a"], 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000080)='./file2\x00', 0x88, &(0x7f00000005c0)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000d80)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r5 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0)
getdents(r5, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x4ffa1, 0x100000081})
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r9}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20)
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x8a, 0x3, 0x0, 0x3, 0x0, 0x10000000000, 0x8800, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_bp={0x0, 0x6}, 0x4108, 0x3, 0x0, 0x6, 0x7, 0xffffffff, 0x2, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
close(r11)
recvmsg$unix(r10, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r12=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r12, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96')
recvmsg$unix(r12, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000002a00)=""/4096, 0x1000}], 0x1}, 0x20)
recvmsg$unix(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0)
sendmsg$inet(r8, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x800048, 0x0)
mount(&(0x7f0000000000), &(0x7f00000006c0)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1m42.337087012s ago: executing program 4 (id=1808):
mremap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000082c000/0x1000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00'], 0x50)
close(0xffffffffffffffff)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18)
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x40047451, &(0x7f0000000180))
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x40047451, &(0x7f00000002c0))

1m42.143281736s ago: executing program 4 (id=1814):
prctl$PR_CAPBSET_DROP(0x18, 0x20)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
statx(0xffffffffffffffff, 0x0, 0x800, 0x10, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r2, 0x0, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000000)=@chain)
ptrace$setregs(0xd, r0, 0x8000000003e, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000080)={0x0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='cpu.stat\x00', 0x275a, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x174)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000140))
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x18)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m41.562359024s ago: executing program 4 (id=1819):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x3d, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x5, &(0x7f0000000080)=ANY=[@ANYRES16=r2], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xae, @void, @value}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0xf0}, 0x1, 0x0, 0x0, 0x80}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c00028008000140000000080800034000000110"], 0xc4}}, 0x20050890)
r10 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
r11 = socket$inet6(0xa, 0x3, 0x2f)
setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f0000000d80)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x32}, {}, {0x0, 0x4000400000, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in6=@empty, 0x0, 0x0, 0x2, 0x42, 0x2}}, 0xe8)
connect$inet6(r11, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r10, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7fff}]}, 0x1c}}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@map=r0, 0x34, 0x0, 0xfffffff0, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f00000000c0)=[0x0], &(0x7f0000000340)=[0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], <r12=>0x0}, 0x40)
r13 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@fallback=r4, r1, 0x18, 0x2008, 0x0, @value=r13, @void, @void, @void, r12}, 0x20)
mknod$loop(0x0, 0x100000000000600d, 0x1)
r14 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r14, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x34, 0x0, 0x8, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @fccp}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xf}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
r15 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$selinux_context(r15, &(0x7f0000000180)='system_u:object_r:pam_var_run_t:s0\x00', 0x23)

1m41.288018239s ago: executing program 4 (id=1823):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/crypto\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893) (fail_nth: 10)

1m41.287792779s ago: executing program 34 (id=1823):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/crypto\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893) (fail_nth: 10)

3.334505879s ago: executing program 6 (id=3230):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
socket$key(0xf, 0x3, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mq_open(&(0x7f0000000540)='@/$,^\x00', 0x2, 0x1, &(0x7f00000006c0)={0x605, 0x7fffffff, 0x0, 0x7fff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = getpid()
fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0, r2})
mount$9p_fd(0x0, &(0x7f0000000840)='./bus\x00', &(0x7f0000000980), 0x404, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x14000000}}, {@ignoreqv}, {@mmap}, {@access_uid}], [{@fowner_eq}, {@context={'context', 0x3d, 'root'}}, {@dont_hash}, {@fowner_eq}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_role={'subj_role', 0x3d, '!:!}!)(-/-\''}}]}})
recvmsg$qrtr(r1, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000100)=[{&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f0000000480)=""/140, 0x8c}], 0x3, &(0x7f0000000600)=[{0x90, 0x0, 0x0, ""/128}], 0x90, 0x2000}, 0x38, 0x40000040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r7)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x81, <r8=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYRESOCT=r7], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000580)={0x400, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
statfs(&(0x7f0000000200)='.\x00', 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x0)

2.468857362s ago: executing program 6 (id=3243):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
io_uring_setup(0x7884, &(0x7f0000000a40)={0x0, 0x0, 0x2, 0xfffffffe, 0x3bd})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x39, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_config_ext={0x4, 0x100000000}, 0x3323, 0x4, 0x3, 0x0, 0x9, 0x2f43, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x51031, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000740)='\x00\a\a\x00\x00\x01\x00\x00\x00\x00\xcf\x80o\xdb\xc7q\x00\x00\x00!\x83\xf8\xad\x17\xcf\xa7\xd6R\x88\xf9\xed\xcdC\x8a\x8b\xf0\x7f\xf1<\x94\xdf\xe1\xaa\xb7j\\\xdf\x1eN\xab\xc9PA:\xdf\a\x0f\xf6\x13\xf2\x16\xf54U\x85C\xdb\x8bkQ\xfarw]\xbd\xf4\x10\x1aG\xc5\xbe\x17\xf0}gb\x8e\x02@a\xb8\xbc\xd4\xd2\xa2\xbc\xc9\x02\xb0\xf8\xc0\xcb\xe4\xfaE5!\xad\x90\xb2\xc7Dw\xf2X,j$6Aj1ho\x12\xc0v\xcd\x1e\x9f\xadA\x84\xc4\xf8\xb3%g\xac}\x86\x80\\/\xa1\xdf\xd4KM\t\xb0dK\x0e$\xf2\xad;E[\xf5\xc9 \xf9\t\x00\x00\x00\x00\x00\x00\x00\xbc\xa5I\xf6\xba7\xcb\xc7\x81\xc4Q\xcd\xa6&\xc5\xd8\x7fa4\x8b\xb9\x104\xfc+x\xaazY\xf0\xe2\xa8\x1b\x9b\xa2\xfdx\x00\xab&:\xa7\x17\x1d\x03.\xdb\xe5\xa9\xc6\x1ba\n\xe5Br\b\x8e:E\xb7\x18\xf2S\xc4\xc9\"T\x8c\f\xbf\xad\xe2\x89\xd1\xaf\xef\xd4\xac\xcf4\xab\xf3\xc5\xfb\xb2\xf1\x14`I\xb1\xd7\xd1\xb0B\x12')
sysinfo(&(0x7f00000004c0)=""/112)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
sendmmsg$inet_sctp(r1, &(0x7f0000000640)=[{&(0x7f0000000440)=@in={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000540)="a01b643658c171527423a2a8b6127937573e5b541a2571faa4207a4d6a9c8105f269c0440ed678417aa321696140d2fd2ed06c211638e63a0f729c8e3d508af4f05d2eefde13ce793cb4788e", 0x4c}, {&(0x7f0000000880)="d5428685341c0ac14ebf1e84ed794cc238eee36b499283e669164697e000635f2e86d91abb1cbbdc3d6b1f59771fdc3d76a490275ee5914a73c47586bd8a361c02cad9af5162eefde67cc600859d0dd5be43102763582d5bb902e75453568f15999322c8edf68a2d3255d2a0259ed8b03ee80515f93c6881bab76d9e7490d92ca118d80a405db7efb8c765e60b0000b74b9c329ce50901656e7c4b83fbcf775cc434450c7bc9f93270", 0xa9}, {&(0x7f0000000940)="37a56e01ad0976368e72de8ff1b771c10e020524137f4bce1d65b9f812c6b86034c5a1a5dd21dab19608e81e8322cfa27d74ed1987d12ea0e0ffdd9dde33688a8fd4102cdf0f49bba83e2e0e0708aca7085cd059d8e70352f0ae83b8e9d24ddc10870c706653175d7656af5900931e6f82544975de46d10cb44c16bef96c34e196", 0x81}], 0x3, &(0x7f00000005c0)=[@authinfo={0x18, 0x84, 0x6, {0x1}}], 0x18, 0x8000}], 0x1, 0x40042)
r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = io_uring_setup(0x1f69, &(0x7f00000002c0)={0x0, 0xc89c, 0x800, 0x2, 0x323, 0x0, r2})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x4, @perf_bp={0x0, 0xa}, 0x0, 0x10000, 0xfffffffc, 0x3, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={r2, 0x20, &(0x7f0000000380)={&(0x7f0000000340)=""/9, 0x9, 0x0, &(0x7f0000000ac0)=""/4096, 0x1000}}, 0x10)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000080)=@get={0x1, 0x0, 0x1ff})
fsopen(&(0x7f0000000400)='bfs\x00', 0x1)
r5 = syz_io_uring_setup(0x7b20, &(0x7f00000000c0)={0x0, 0xe252, 0x4, 0x0, 0x3c1}, &(0x7f0000000140), &(0x7f0000000180))
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r3, 0x21, &(0x7f00000001c0)={0x0, 0xcabe, 0x8000, 0x2, 0xd2, 0x0, r5}, 0x1)

2.275983215s ago: executing program 6 (id=3246):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
socket$key(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
mq_open(&(0x7f0000000540)='@/$,^\x00', 0x2, 0x1, &(0x7f00000006c0)={0x605, 0x7fffffff, 0x0, 0x7fff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = getpid()
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0, r2})
mount$9p_fd(0x0, &(0x7f0000000840)='./bus\x00', &(0x7f0000000980), 0x404, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x14000000}}, {@ignoreqv}, {@mmap}, {@access_uid}], [{@fowner_eq}, {@context={'context', 0x3d, 'root'}}, {@dont_hash}, {@fowner_eq}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_role={'subj_role', 0x3d, '!:!}!)(-/-\''}}]}})
recvmsg$qrtr(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000100)=[{&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f0000000480)=""/140, 0x8c}], 0x3, &(0x7f0000000600)=[{0x90, 0x0, 0x0, ""/128}], 0x90, 0x2000}, 0x38, 0x40000040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r7)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x81, <r8=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYRESOCT=r7], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000580)={0x400, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
statfs(&(0x7f0000000200)='.\x00', 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x0)

1.756433733s ago: executing program 1 (id=3251):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x86)

1.734490464s ago: executing program 1 (id=3252):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000070a010100000000000000000200000608000940000000010900010073797a31"], 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x86)

1.702799474s ago: executing program 1 (id=3253):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
socket$key(0xf, 0x3, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mq_open(&(0x7f0000000540)='@/$,^\x00', 0x2, 0x1, &(0x7f00000006c0)={0x605, 0x7fffffff, 0x0, 0x7fff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = getpid()
fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0, r2})
mount$9p_fd(0x0, &(0x7f0000000840)='./bus\x00', &(0x7f0000000980), 0x404, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x14000000}}, {@ignoreqv}, {@mmap}, {@access_uid}], [{@fowner_eq}, {@context={'context', 0x3d, 'root'}}, {@dont_hash}, {@fowner_eq}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_role={'subj_role', 0x3d, '!:!}!)(-/-\''}}]}})
recvmsg$qrtr(r1, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000100)=[{&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f0000000480)=""/140, 0x8c}], 0x3, &(0x7f0000000600)=[{0x90, 0x0, 0x0, ""/128}], 0x90, 0x2000}, 0x38, 0x40000040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r7)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x81, <r8=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYRESOCT=r7], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000580)={0x400, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
statfs(&(0x7f0000000200)='.\x00', 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x0)

1.33166326s ago: executing program 6 (id=3258):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4820)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x428, 0xffffffff, 0x260, 0x260, 0xe8, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x488)

1.28759125s ago: executing program 7 (id=3261):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mq_open(&(0x7f0000000540)='@/$,^\x00', 0x2, 0x1, &(0x7f00000006c0)={0x605, 0x7fffffff, 0x0, 0x7fff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = getpid()
fcntl$lock(r2, 0x24, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0, r3})
mount$9p_fd(0x0, &(0x7f0000000840)='./bus\x00', &(0x7f0000000980), 0x404, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x14000000}}, {@ignoreqv}, {@mmap}, {@access_uid}], [{@fowner_eq}, {@context={'context', 0x3d, 'root'}}, {@dont_hash}, {@fowner_eq}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_role={'subj_role', 0x3d, '!:!}!)(-/-\''}}]}})
recvmsg$qrtr(r2, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000100)=[{&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f0000000480)=""/140, 0x8c}], 0x3, &(0x7f0000000600)=[{0x90, 0x0, 0x0, ""/128}], 0x90, 0x2000}, 0x38, 0x40000040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r7, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r7, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x81, <r9=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYRESOCT=r8], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000580)={0x400, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
statfs(&(0x7f0000000200)='.\x00', 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r10, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x0)

1.228508901s ago: executing program 6 (id=3262):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
socket$key(0xf, 0x3, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mq_open(&(0x7f0000000540)='@/$,^\x00', 0x2, 0x1, &(0x7f00000006c0)={0x605, 0x7fffffff, 0x0, 0x7fff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = getpid()
fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0, r2})
mount$9p_fd(0x0, &(0x7f0000000840)='./bus\x00', &(0x7f0000000980), 0x404, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x14000000}}, {@ignoreqv}, {@mmap}, {@access_uid}], [{@fowner_eq}, {@context={'context', 0x3d, 'root'}}, {@dont_hash}, {@fowner_eq}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_role={'subj_role', 0x3d, '!:!}!)(-/-\''}}]}})
recvmsg$qrtr(r1, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000100)=[{&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f0000000480)=""/140, 0x8c}], 0x3, &(0x7f0000000600)=[{0x90, 0x0, 0x0, ""/128}], 0x90, 0x2000}, 0x38, 0x40000040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r7)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x81, <r8=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYRESOCT=r7], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000580)={0x400, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
statfs(&(0x7f0000000200)='.\x00', 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x0)

1.120125393s ago: executing program 0 (id=3263):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000)

1.048708044s ago: executing program 0 (id=3264):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x800000000000, 0x0, 0x0, 0x751, 0x7, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000200000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000340)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000000000000000000000001fb195d574202b200000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)

1.015674535s ago: executing program 0 (id=3265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x86)

979.473115ms ago: executing program 0 (id=3266):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x81e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xb}]})
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

821.271148ms ago: executing program 1 (id=3267):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x4011, &(0x7f0000000040)={[{@data_err_abort}, {@dioread_lock}, {@journal_checksum}, {@noblock_validity}, {@bh}, {@dioread_nolock}]}, 0x0, 0x64a, &(0x7f0000002380)="$eJzs3c9vFG8ZAPBnZrfd/kC3EKPiQRqNgURpaQFDjAn04okQ/HHzVGkhyEIJrdEiiW2CFxPjxYOJJw/if6EkXj158+DFkyEhxnAQQ77sN7M7W7a73Xa77Xbp9vNJls7Muzvvs2SffWfefd+ZAE6s6eyfNOJsRDxOIspNZcXIC6frz3vz32d3skcS1er3/5PEs18kG837SvK/k/mLPynXt5wptNe7uv70wWKlsvwkX59de/h4dnX96cX7DxfvLd9bfjT/zflrV69cvTZ36UDvL4tgJF+++fzHPy3/6tYP//j7d8ncn/55K4kb8T6PLXtfra8tHajm7P9sOqp1b7cVpBHXDrjvj8X/yo3PSU0p+0AkxUFGxH6kEXE9z5EvRDkK8SFZy/HL7w40OKCvqknU2qjpKnDyJNGx6P5Y/iXRbqyvMQFHoXEc0Di33+k8uF3az0MS4Ii8Xqj31dVzfyQiGvlfrPcNxlitb2DiTdLcz1PrVztYz1xdVsff/nrrefaIDv1wQH9sbDZ6uVvb/6SWm1NRPweYeJNuy/+F/CggzX8n+F7rjrvsPJ9uWZf/cHQ2NiPii3n7Pxpd53+a524j/3/UY/095v+pHqsDAAAAAACAofZyISK+sdP4v3Rr/M9ooX38z2RE3DiE+vf+/S99lS8kh1Ad0OT1QsS3dxz/uzXGd6qQr32mNh5gJLl7v7J8KSI+GxEXYqSUrc+17Ld5hPDFX5/5Xaf6m8f/ZY+s/sZYwHxPr4otY4mWFtcWD/q+gYjXmxFfqo3/PZdv2T7+J2v/k63xvx+G3WT5/bjLOs587cXtTmV75z/QL9U/RJzfsf3/cLid7H59jtna8cBs46ig3Zd//ps/d6pf/sPgZO3/xO75X0qar9ezur/9j0bE5fVitVN5r8f/o8kPCo39Z362uLb2ZC5iNLnZvn1+fzHDsGrkQyNfsvy/8NXd+/+2jv+b8nA8Ija6rPPz7yf/1alM+w+Dk+X/0u7tf3l7+7//hfkXU3/pVP/trtr/K7U2/UK+Rf8fNGu/Hke3CTqQcAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgmEsj4lQk6czWcprOzERMRsTnYiKtrKyuff3uyk8eLUXt7t9TMZI27vRbrq8njfv/TzWtz7esX46I0xHx28J4bX3mzkpladBvHgAAAAAAAAAAAAAAAAAAAD4Sk7U5/9VS6/z/zL8Lg44O6Lti/le+w8lT7PmV1dKhBgIcud7zHzjONveV/yN9jQU4ep3z/+27ak3L5u98pe8xAUej6/b/7073Ydj0eP7v5wIYAvr/4KTqsk9vrN9xAIOg/QcAAAAAgKFy+tzLfyQRsfGt8dojM5qXjQ80MqDf0j3KfQfA8DKGF06u4sqgIwAGxYR+INla+n/rZP+azqP/k/4EBAAAAAAAAAAAAAC0OX+28/x/cwNguO06/3+viwMAx9ou8/93mtjjcgEwRDrf+sO8Phh2zvGBvVp78/8BAAAAAAAAAAAA4CMw9vTBYqWy/GR1/fgtXO/pVYWIGGDwG4sH20+1NKjgx6JT0fv+VDoSEYP+jB3aQpZslcpytRqx95Mbl+AYYMx7f3WU+vzVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1H0aAAD///UvHMY=")
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)

726.512659ms ago: executing program 1 (id=3268):
r0 = socket(0x2, 0x80805, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0)

671.03276ms ago: executing program 1 (id=3269):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@loopback={0xfec0ffff00000000}, 0x8000000, 0x0, 0x2, 0x1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x81e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e20, 0x7fffffff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}}, 0x80, 0x0}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xb}]})
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

410.484444ms ago: executing program 7 (id=3270):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001e00)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xf, 0x9}, {}, {0xb, 0xe}}, [@filter_kind_options=@f_route={{0xa}, {0x20, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x14}, @TCA_ROUTE4_IIF={0x8, 0x4, r1}, @TCA_ROUTE4_ACT={0x4}, @TCA_ROUTE4_FROM={0x6, 0x3, 0x47}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x20000040)

354.528395ms ago: executing program 7 (id=3271):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="6583000000000008000001000002080001007400000008002a017aac7583ce4fea9d28fa9d38a20fdc7b33ba062e41ae740e78043aaa16cb85030bd79da69eff005134375fb529b9003e47394883729c83b678990b5c14ed469fd0d0b06bdd7cb89740a730571af1769b9b381d4ffbc8101b7c88a0d66f69feab74399bd7a14de1503db1efb703e49833253fde6cc82e6083f8ba500dc6ee1c3924a2f82ed95c765ec3fbfee683b9fffb801792e916da99c3803ab72eb8", @ANYRES32=r0, @ANYBLOB], 0x24}}, 0x0)

267.480796ms ago: executing program 2 (id=3273):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x2, 0x4e25, @local}, 0x10, 0x0, 0x0, &(0x7f0000000740)=[@cswp={0x58, 0x114, 0x7, {{0x81, 0x9}, &(0x7f0000000400), 0x0, 0x8000000000000041, 0x1, 0x5f3, 0x8, 0x26, 0x8}}], 0x58, 0x8004}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, &(0x7f0000000480)=0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000880), 0x3, 0x2)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000000)="d287d95f02b28f453b33320e8ec0328acf4a2405fd0852307400", 0x1a}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB], 0x48)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r4, 0x5)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r7 = gettid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x500, 0x0, 0x2000040}, 0xc, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000ffdbdf2514000000080001000100000008000300", @ANYRES32=0x0, @ANYBLOB="08001c00", @ANYRES32=r7], 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200010}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r6, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
dup3(0xffffffffffffffff, r4, 0x0)
setrlimit(0xf, &(0x7f0000000000)={0x0, 0xfffffffbffffffff})
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000000)={[{@usrquota}, {@acl}]}, 0xff, 0x257, &(0x7f0000000500)="$eJzs3U9oFFccB/DfzO42TbKUtL0USv9AKaUNhPRW6CW9tBAoIZRSaAsppfSiJEJM8JZ48uJBj6KSk5cg3oweJZfgRRE8Rc0hXgQNHgweVFjZnQTyTxOzmx1xPh+YzEzy5v3eMPN9ExaGDaCweiJiICJKEdEbEZWISDY2+DJbetZ2ZzoXRiJqtd8eJ4122X5m/bjuiJiOiB8iYj5N4lA5YnLur+Wni798c3Ki8vWFuT8723qSa1aWl35dPT904vLg95M3bz8cSmIgqpvOq/WSHX5XTiI+Oohib4mknPcI2IvhY5fu1HP/cUR81ch/JdLILt6p8ffmK/HduVcde/rRrU/bOVag9Wq1Sv0ZOF0DCieNiGokaV9EZNtp2teX/Q9/t9SVHh4bP9r7/9jE6H95z1RAq1Qjln6+2nGle0v+H5Sy/APvqOxDqaXfh2fv1TdWS3kPCGiLz7JV/fnf+8/UtyH/UDjyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzyD8Ul/1Bc+87/mRcHNyigLTbmHwAollrHvt4abv2LyEDb5T3/AAAAAAAAAAAAAAAAAAAA2810LoysL63psbxri+tnI1Z+yppur19qfB9xxPuNn11Pkk09Jnuq8Hp/f9FkB026mPPb1x/cz7f+jc/zrT81GjF9PCL6y+Xt91+ydv/t34e7/L3yb5MF3lCyZf/HP9pbf6vns/nWH1yMuFaff/p3mn/S+KSx3nn+qdavX5P1jzxrsgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa5mUAAAD//7FLbdg=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
set_mempolicy(0x8000, &(0x7f0000000780)=0x10080007, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

266.906026ms ago: executing program 7 (id=3274):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x18)
msync(&(0x7f00002f0000/0x3000)=nil, 0x3000, 0x5)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000700)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x3000046, &(0x7f00000001c0)={[{@init_itable}, {@init_itable_val={'init_itable', 0x3d, 0x400}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2}}, {@dioread_lock}, {@norecovery}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@resgid}, {@grpquota}, {@minixdf}, {@nouser_xattr}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000000}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r2], 0x58}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x8, 0x3, 0x7ffffdbd}]})
r3 = semget$private(0x0, 0x5, 0x0)
semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000100)=[0x4])

250.961956ms ago: executing program 6 (id=3275):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
socket$key(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mq_open(&(0x7f0000000540)='@/$,^\x00', 0x2, 0x1, &(0x7f00000006c0)={0x605, 0x7fffffff, 0x0, 0x7fff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
fcntl$lock(r2, 0x24, &(0x7f0000000000)={0x1, 0x2})
mount$9p_fd(0x0, &(0x7f0000000840)='./bus\x00', &(0x7f0000000980), 0x404, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x14000000}}, {@ignoreqv}, {@mmap}, {@access_uid}], [{@fowner_eq}, {@context={'context', 0x3d, 'root'}}, {@dont_hash}, {@fowner_eq}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_role={'subj_role', 0x3d, '!:!}!)(-/-\''}}]}})
recvmsg$qrtr(r2, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000100)=[{&(0x7f0000003680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f0000000480)=""/140, 0x8c}], 0x3, &(0x7f0000000600)=[{0x90, 0x0, 0x0, ""/128}], 0x90, 0x2000}, 0x38, 0x40000040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r7)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x81, <r8=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYRESOCT=r7], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000580)={0x400, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
statfs(&(0x7f0000000200)='.\x00', 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x0)

243.905406ms ago: executing program 7 (id=3276):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa0000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
pread64(0xffffffffffffffff, 0x0, 0x0, 0x8)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000500)={0x9c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x0, 0x5, 0xd}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}]}, 0xff69}, 0x1, 0x0, 0x0, 0x880}, 0x44)

223.222717ms ago: executing program 7 (id=3277):
socket$kcm(0xa, 0x3, 0x87)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f00000001c0)=0x5, 0x4)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0x4}]}, 0x10)
syz_emit_ethernet(0x2c0, &(0x7f0000000800)={@local, @link_local, @val={@void, {0x8100, 0x1, 0x1, 0x1}}, {@ipv4={0x800, @gre={{0x6, 0x4, 0x0, 0x39, 0x2ae, 0x67, 0x0, 0x1, 0x2f, 0x0, @multicast2, @private=0xa010102, {[@noop]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0xc8, 0x1, [], "48b4e62f982f1575699d51a7227e738d3f133bdff94048f1fd93263b8daf6f6d936a04e95aee3915ec6b464adf7ae7e4518755c55e19434ea191d1c04d83214bd8b52c81d83d8a1dd4d418345aeebbe7f60bd1a287c5a8992dee25a5db5680e3a9a75b809f12a0c10fd2d9b57a925e150f8193eb4078f56d9bb15a34ab2d409d523eba2b15bd247268ad0b2ca46fb9cd3d3e846ec2a89aaeb8a81cf3b44ac6f70dbdc96196e862b22835dc996d451bcb3425cd943739d9b598c713437f399d6604b2fa2c3d88d22e"}, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800, [0x7, 0x1, 0xa], "f10d876ef3fe2687d274f768a96dc5a54e3495ae50be9603c877c887"}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x86dd, [0x7, 0x3ff], "b43e4ad81d963ac70685747852f1850013843ad78d8bfbbd047d722615cf07d5ce0968ce18c0f72016eebc262d20db7a4999573e32ec4e7e04957d8b96f00751322a1804f7100f77388ac89b68e41e0dc9f6e10775b15f60c9b94a91fc19902cbde4eed91872546d3caadf10bbc56daee0c1b818564e03732c75d9a6"}, {0x8, 0x88be, 0x0, {{0x8, 0x1, 0x2, 0x0, 0x0, 0x2, 0x2, 0xfb}, 0x1, {0x7}}}, {0x8, 0x22eb, 0x3, {{0x4, 0x2, 0x6, 0x2, 0x0, 0x1, 0x3, 0x3}, 0x2, {0xee1, 0x5a, 0x0, 0x7, 0x1, 0x1, 0x0, 0x1}}}, {0x8, 0x6558, 0x0, "47a62e1eb7d019d38bb046c12414b929600c0a5f265032ee671432c13bdc9ed8b5b1762cf31f2f7bcd641a199ce7d2a4c2fe8086d76202c3e7a2e724ad146394904566f8fe38580175cbb1042917548ca133fbca6264ea744c340095707701747e4439b43832b5a20ece7b9f5e3ee6b88796ed3af094d82148018d0d0146d8a5a45b6e543ffd95b8cec51e5479dc196ed4d3a88dbe3ce25d3860ea7fae86b1f5c69d2153aaf569bfb5a1816010732b7608627b2426458d0b6a10bc8e4d0365136b262c2bfdf9386df180c94b770440a17c9e1eb49ccf0b9036153893733d4355e3865324fcc61adf"}}}}}}, 0x0)
socket$netlink(0x10, 0x3, 0xe)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)=ANY=[])
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x3c, r4, 0x1, 0x0, 0x40000002, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x3c}}, 0x440a4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_RTHDR(r7, 0x29, 0x39, &(0x7f0000000300)={0x21, 0xc, 0x2, 0x3, 0x0, [@remote, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x39}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote]}, 0x68)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendto$inet(r2, &(0x7f0000000440)="5200785fb7fc98d6e9686e75c2c432b179c60ad0976f234876e2a641eb9d9b6f813cf8a7e7a519ed57bf8f139c1e0336804cabd72755cb3b3c7daf3d0153303677fe40b10ac5e1b74086be9476e52cb5f751a416a76c88a2a0cfca6885bbcf84285ae7251746c2fa9906d3a01b945c608df6284e7e88066a75407977a8b77ebbac62774322f8256d88b18ff19bad433f42b7481338601930bf4d28f83abe236416995ecedf58858613f5473d435e6091c1819f2366d99c22edb5080270f84df0183e96ce7478b37e5df83c4af6f569a5d6e16555ff625fe005402b5ea1ff17b9727100c23344afe01be1167193", 0xed, 0x800, &(0x7f0000000240)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x3c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r6)

206.552397ms ago: executing program 2 (id=3278):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x111, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r4, 0x7}}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

168.263467ms ago: executing program 2 (id=3279):
r0 = socket(0x2, 0x80805, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0)

125.340538ms ago: executing program 2 (id=3280):
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x1}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x33f}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

124.791308ms ago: executing program 0 (id=3281):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1b, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="5dfe244a", @ANYRESOCT=r0], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x6, &(0x7f0000000300)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x80000000}])
io_destroy(r3)

108.938059ms ago: executing program 2 (id=3282):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001e00)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xf, 0x9}, {}, {0xb, 0xe}}, [@filter_kind_options=@f_route={{0xa}, {0x20, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x14}, @TCA_ROUTE4_IIF={0x8, 0x4, r1}, @TCA_ROUTE4_ACT={0x4}, @TCA_ROUTE4_FROM={0x6, 0x3, 0x47}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x20000040)

56.035389ms ago: executing program 2 (id=3283):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x8}, 0x18)
r3 = mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedreceive(r3, &(0x7f000001d600)=""/102389, 0x18ff5, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0xa04c0, 0x0)
ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000080)={0x4e00, 0x0, 0x0, 0xbdff, 0x0, "fdffffffffffffff"})
r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400})

0s ago: executing program 0 (id=3284):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000140)=0x1)

kernel console output (not intermixed with test programs):

tr_block_get:593: inode #15: comm syz.7.2440: corrupted xattr block 33: e_value out of bounds
[  202.332545][T16556] loop6: detected capacity change from 0 to 128
[  202.342906][T16540] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  202.355331][   T37] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.367499][T16556] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  202.380435][T16554] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  202.381442][T16556] ext4 filesystem being mounted at /257/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  202.423004][   T37] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.437147][ T9430] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  202.451330][T12839] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.499697][   T37] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.511457][T16573] loop7: detected capacity change from 0 to 8192
[  202.562466][T16559] lo speed is unknown, defaulting to 1000
[  202.569909][T16559] lo speed is unknown, defaulting to 1000
[  202.576755][T16559] lo speed is unknown, defaulting to 1000
[  202.729224][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  202.741417][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  202.751858][   T37] bond0 (unregistering): Released all slaves
[  202.783220][T16621] loop1: detected capacity change from 0 to 512
[  202.819262][T16559] chnl_net:caif_netlink_parms(): no params data found
[  202.833185][T16621] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  202.834933][   T37] tipc: Left network mode
[  202.856927][T16621] EXT4-fs (loop1): mount failed
[  202.907805][T16732] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  202.929399][   T37] hsr_slave_0: left promiscuous mode
[  202.935472][   T37] hsr_slave_1: left promiscuous mode
[  202.941368][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.948871][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.957399][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.964968][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.976726][   T37] veth0_macvtap: left promiscuous mode
[  202.982383][   T37] veth1_vlan: left promiscuous mode
[  202.988071][   T37] veth0_vlan: left promiscuous mode
[  203.102876][   T37] team0 (unregistering): Port device team_slave_1 removed
[  203.114262][   T37] team0 (unregistering): Port device C removed
[  203.168975][   T37] team0 (unregistering): Port device dummy0 removed
[  203.214693][T16559] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.222006][T16559] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.229441][T16559] bridge_slave_0: entered allmulticast mode
[  203.239188][T16559] bridge_slave_0: entered promiscuous mode
[  203.246919][T16559] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.254022][T16559] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.261381][T16559] bridge_slave_1: entered allmulticast mode
[  203.268372][T16559] bridge_slave_1: entered promiscuous mode
[  203.288646][T16559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.299687][T16559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.328623][T16559] team0: Port device team_slave_0 added
[  203.335312][T16559] team0: Port device team_slave_1 added
[  203.380362][T16559] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.387479][T16559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.413594][T16559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.429316][T16559] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.436383][T16559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.437675][T16825] loop2: detected capacity change from 0 to 8192
[  203.462401][T16559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.512048][T16559] hsr_slave_0: entered promiscuous mode
[  203.518462][T16559] hsr_slave_1: entered promiscuous mode
[  203.524745][T16559] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  203.532608][T16559] Cannot create hsr debugfs directory
[  203.555017][   T37] IPVS: stop unused estimator thread 0...
[  203.731336][T16970] loop6: detected capacity change from 0 to 512
[  203.741359][T16970] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  203.754086][T16970] EXT4-fs (loop6): failed to initialize system zone (-117)
[  203.761538][T16970] EXT4-fs (loop6): mount failed
[  203.826939][T16559] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  203.841067][T16559] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  203.852210][T16559] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  203.871845][T16995] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  203.874274][T16559] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  203.899669][T16559] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.906960][T16559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.914303][T16559] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.921546][T16559] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.962715][T16559] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.983430][T11556] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.992169][T11556] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.008582][T16559] 8021q: adding VLAN 0 to HW filter on device team0
[  204.022940][T11556] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.030184][T11556] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.043518][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.050698][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.087780][T17008] loop6: detected capacity change from 0 to 8192
[  204.098795][T17010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2474'.
[  204.230908][T16559] 8021q: adding VLAN 0 to HW filter on device batadv0
[  204.320368][T17022] netlink: 'syz.1.2477': attribute type 39 has an invalid length.
[  204.429016][T16559] veth0_vlan: entered promiscuous mode
[  204.450020][T16559] veth1_vlan: entered promiscuous mode
[  204.473220][T17046] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  204.476229][T16559] veth0_macvtap: entered promiscuous mode
[  204.511694][T16559] veth1_macvtap: entered promiscuous mode
[  204.526614][T16559] batman_adv: batadv0: Interface activated: batadv_slave_0
[  204.541727][T16559] batman_adv: batadv0: Interface activated: batadv_slave_1
[  204.551128][T16559] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.560039][T16559] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.568904][T16559] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.579145][T16559] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  204.683157][T17059] loop0: detected capacity change from 0 to 1024
[  204.698053][T17059] ext4: Unknown parameter 'nouser_xattr'
[  204.727520][T17048] lo speed is unknown, defaulting to 1000
[  204.733902][T17048] lo speed is unknown, defaulting to 1000
[  204.740498][T17048] lo speed is unknown, defaulting to 1000
[  204.941677][T17098] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.2488' sets config #0
[  204.955283][T17105] FAULT_INJECTION: forcing a failure.
[  204.955283][T17105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  204.969782][T17105] CPU: 0 UID: 0 PID: 17105 Comm: syz.6.2489 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  204.969869][T17105] Tainted: [W]=WARN
[  204.969878][T17105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  204.969894][T17105] Call Trace:
[  204.969902][T17105]  <TASK>
[  204.969912][T17105]  __dump_stack+0x1d/0x30
[  204.969939][T17105]  dump_stack_lvl+0xe8/0x140
[  204.970012][T17105]  dump_stack+0x15/0x1b
[  204.970039][T17105]  should_fail_ex+0x265/0x280
[  204.970150][T17105]  should_fail+0xb/0x20
[  204.970236][T17105]  should_fail_usercopy+0x1a/0x20
[  204.970277][T17105]  _copy_to_user+0x20/0xa0
[  204.970336][T17105]  simple_read_from_buffer+0xb5/0x130
[  204.970378][T17105]  proc_fail_nth_read+0x100/0x140
[  204.970424][T17105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.970496][T17105]  vfs_read+0x1a0/0x6f0
[  204.970533][T17105]  ? inet_dgram_connect+0x122/0x1c0
[  204.970572][T17105]  ? __rcu_read_unlock+0x4f/0x70
[  204.970661][T17105]  ? __fget_files+0x184/0x1c0
[  204.970690][T17105]  ksys_read+0xda/0x1a0
[  204.970733][T17105]  __x64_sys_read+0x40/0x50
[  204.970873][T17105]  x64_sys_call+0x2d77/0x2fb0
[  204.970925][T17105]  do_syscall_64+0xd2/0x200
[  204.970970][T17105]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  204.971003][T17105]  ? clear_bhb_loop+0x40/0x90
[  204.971066][T17105]  ? clear_bhb_loop+0x40/0x90
[  204.971161][T17105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.971189][T17105] RIP: 0033:0x7f2c1de2d33c
[  204.971251][T17105] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  204.971315][T17105] RSP: 002b:00007f2c1c497030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  204.971339][T17105] RAX: ffffffffffffffda RBX: 00007f2c1e055fa0 RCX: 00007f2c1de2d33c
[  204.971366][T17105] RDX: 000000000000000f RSI: 00007f2c1c4970a0 RDI: 0000000000000004
[  204.971385][T17105] RBP: 00007f2c1c497090 R08: 0000000000000000 R09: 0000000000000000
[  204.971427][T17105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.971506][T17105] R13: 0000000000000000 R14: 00007f2c1e055fa0 R15: 00007ffdc60ec538
[  204.971537][T17105]  </TASK>
[  205.219257][T17107] netlink: 'syz.0.2490': attribute type 39 has an invalid length.
[  205.252570][   T29] kauditd_printk_skb: 246 callbacks suppressed
[  205.252588][   T29] audit: type=1326 audit(1750666515.378:13707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.306854][T17119] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  205.335415][   T29] audit: type=1326 audit(1750666515.378:13708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.359236][   T29] audit: type=1326 audit(1750666515.378:13709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.382939][   T29] audit: type=1326 audit(1750666515.378:13710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.406660][   T29] audit: type=1326 audit(1750666515.378:13711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.430644][   T29] audit: type=1326 audit(1750666515.378:13712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.454238][   T29] audit: type=1326 audit(1750666515.378:13713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.477975][   T29] audit: type=1326 audit(1750666515.378:13714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.501691][   T29] audit: type=1326 audit(1750666515.378:13715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.523852][T17121] loop7: detected capacity change from 0 to 8192
[  205.526079][   T29] audit: type=1326 audit(1750666515.378:13716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17114 comm="syz.6.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  205.637542][T17128] loop2: detected capacity change from 0 to 8192
[  205.709548][T17135] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  205.717379][T17135] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  205.747105][T17129] lo speed is unknown, defaulting to 1000
[  205.754730][T17129] lo speed is unknown, defaulting to 1000
[  205.774456][T17129] lo speed is unknown, defaulting to 1000
[  205.861709][T17142] loop1: detected capacity change from 0 to 8192
[  206.068578][T17163] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2501'.
[  206.353569][T17181] FAULT_INJECTION: forcing a failure.
[  206.353569][T17181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  206.366837][T17181] CPU: 1 UID: 0 PID: 17181 Comm: syz.7.2507 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  206.366881][T17181] Tainted: [W]=WARN
[  206.366940][T17181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  206.366957][T17181] Call Trace:
[  206.366965][T17181]  <TASK>
[  206.366973][T17181]  __dump_stack+0x1d/0x30
[  206.366996][T17181]  dump_stack_lvl+0xe8/0x140
[  206.367015][T17181]  dump_stack+0x15/0x1b
[  206.367031][T17181]  should_fail_ex+0x265/0x280
[  206.367086][T17181]  should_fail+0xb/0x20
[  206.367116][T17181]  should_fail_usercopy+0x1a/0x20
[  206.367230][T17181]  _copy_from_iter+0xcf/0xe40
[  206.367272][T17181]  ? __build_skb_around+0x1a0/0x200
[  206.367305][T17181]  ? __alloc_skb+0x223/0x320
[  206.367391][T17181]  netlink_sendmsg+0x471/0x6b0
[  206.367413][T17181]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.367435][T17181]  __sock_sendmsg+0x142/0x180
[  206.367468][T17181]  ____sys_sendmsg+0x31e/0x4e0
[  206.367652][T17181]  ___sys_sendmsg+0x17b/0x1d0
[  206.367714][T17181]  __x64_sys_sendmsg+0xd4/0x160
[  206.367804][T17181]  x64_sys_call+0x2999/0x2fb0
[  206.367831][T17181]  do_syscall_64+0xd2/0x200
[  206.367853][T17181]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  206.367898][T17181]  ? clear_bhb_loop+0x40/0x90
[  206.367993][T17181]  ? clear_bhb_loop+0x40/0x90
[  206.368015][T17181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.368112][T17181] RIP: 0033:0x7f864719e929
[  206.368127][T17181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.368149][T17181] RSP: 002b:00007f8645807038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.368205][T17181] RAX: ffffffffffffffda RBX: 00007f86473c5fa0 RCX: 00007f864719e929
[  206.368221][T17181] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006
[  206.368236][T17181] RBP: 00007f8645807090 R08: 0000000000000000 R09: 0000000000000000
[  206.368320][T17181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.368331][T17181] R13: 0000000000000000 R14: 00007f86473c5fa0 R15: 00007ffefe1b8c08
[  206.368350][T17181]  </TASK>
[  206.778996][T17200] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2513'.
[  206.798471][T17204] atomic_op ffff888104416d28 conn xmit_atomic 0000000000000000
[  206.806522][T17205] loop2: detected capacity change from 0 to 128
[  206.816010][T17204] loop7: detected capacity change from 0 to 128
[  206.846268][T17204] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  206.860386][T17204] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.892785][T12839] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  206.960859][T17226] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.982395][T17222] loop2: detected capacity change from 0 to 8192
[  207.029579][T17236] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  207.048285][T17226] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.127742][T17226] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.185393][T17250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2525'.
[  207.201669][T17226] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.242212][T17254] loop0: detected capacity change from 0 to 164
[  207.255983][T17217] SELinux: ebitmap: truncated map
[  207.262690][T17217] SELinux: failed to load policy
[  207.278236][T17254] iso9660: Unknown parameter '0x0000000000000000'
[  207.333734][T17226] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  207.334679][T17254] loop0: detected capacity change from 0 to 8192
[  207.363113][T17226] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  207.373977][T17268] atomic_op ffff888104414128 conn xmit_atomic 0000000000000000
[  207.392099][T17226] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  207.425328][T17268] loop1: detected capacity change from 0 to 128
[  207.435190][T17226] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  207.449663][T17268] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  207.468471][T17268] ext4 filesystem being mounted at /508/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.536066][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  207.723280][T17295] loop1: detected capacity change from 0 to 128
[  207.737679][T17297] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  207.897807][T17317] loop2: detected capacity change from 0 to 8192
[  207.913650][T17321] atomic_op ffff8881195a1d28 conn xmit_atomic 0000000000000000
[  207.925899][T17321] loop6: detected capacity change from 0 to 128
[  207.934757][T17321] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  207.948098][T17321] ext4 filesystem being mounted at /282/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.986193][ T9430] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  208.077716][T17332] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17332 comm=syz.6.2544
[  208.193772][T17344] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  208.269079][T17346] loop6: detected capacity change from 0 to 8192
[  208.348971][T17356] netlink: 71 bytes leftover after parsing attributes in process `syz.0.2552'.
[  208.358577][T17356] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2552'.
[  208.389972][T17359] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2553'.
[  208.499331][T17363] atomic_op ffff888119960928 conn xmit_atomic 0000000000000000
[  208.522776][T17363] loop7: detected capacity change from 0 to 128
[  208.535296][T17363] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  208.551594][T17363] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  208.637211][T12839] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  208.711543][T17375] loop7: detected capacity change from 0 to 8192
[  208.764213][T17381] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  208.980150][T17392] loop2: detected capacity change from 0 to 8192
[  209.283889][T17407] atomic_op ffff8881046e9d28 conn xmit_atomic 0000000000000000
[  209.295696][T17407] loop0: detected capacity change from 0 to 128
[  209.305322][T17407] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  209.320576][T17407] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.350326][T16559] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  209.577996][T17421] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2571'.
[  210.074362][T17454] netlink: 68 bytes leftover after parsing attributes in process `syz.7.2582'.
[  210.109591][T17458] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2583'.
[  210.213833][T17464] netlink: 'syz.7.2585': attribute type 1 has an invalid length.
[  210.435492][T17479] loop6: detected capacity change from 0 to 512
[  210.449578][T17479] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.462536][T17479] ext4 filesystem being mounted at /294/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  210.498125][   T29] kauditd_printk_skb: 479 callbacks suppressed
[  210.498144][   T29] audit: type=1326 audit(1750666520.628:14196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.532605][T17479] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #18: comm syz.6.2590: corrupted inode contents
[  210.533123][   T29] audit: type=1326 audit(1750666520.628:14197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.545125][T17479] EXT4-fs error (device loop6): ext4_dirty_inode:6459: inode #18: comm syz.6.2590: mark_inode_dirty error
[  210.568183][   T29] audit: type=1326 audit(1750666520.628:14198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.568237][   T29] audit: type=1326 audit(1750666520.628:14199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.568265][   T29] audit: type=1326 audit(1750666520.628:14200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.587632][T17479] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #18: comm syz.6.2590: corrupted inode contents
[  210.604041][   T29] audit: type=1326 audit(1750666520.628:14201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.633930][T17479] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2991: inode #18: comm syz.6.2590: mark_inode_dirty error
[  210.652715][   T29] audit: type=1326 audit(1750666520.628:14202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.666676][T17479] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2994: inode #18: comm syz.6.2590: mark inode dirty (error -117)
[  210.688120][   T29] audit: type=1326 audit(1750666520.628:14203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.702414][T17479] EXT4-fs warning (device loop6): ext4_evict_inode:274: xattr delete (err -117)
[  210.723872][   T29] audit: type=1326 audit(1750666520.628:14204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.793039][   T29] audit: type=1326 audit(1750666520.628:14205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17485 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  210.820110][ T9430] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.887525][T17503] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2594'.
[  210.953765][T17507] netlink: 'syz.6.2596': attribute type 39 has an invalid length.
[  210.967759][T17509] netlink: 'syz.2.2597': attribute type 39 has an invalid length.
[  211.071848][T17525] tipc: Started in network mode
[  211.076847][T17525] tipc: Node identity ac14140f, cluster identity 4711
[  211.084627][T17525] tipc: New replicast peer: 10.1.1.2
[  211.090048][T17525] tipc: Enabled bearer <udp:s>, priority 10
[  211.154966][T17527] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2605'.
[  211.199942][T17533] loop7: detected capacity change from 0 to 512
[  211.219158][T17533] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.228336][T17538] netlink: 'syz.0.2609': attribute type 39 has an invalid length.
[  211.232772][T17533] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  211.259390][T17533] EXT4-fs error (device loop7): ext4_lookup:1787: inode #12: comm syz.7.2608: iget: bad i_size value: 2533274857506816
[  211.273719][T17533] EXT4-fs error (device loop7): ext4_lookup:1787: inode #12: comm syz.7.2608: iget: bad i_size value: 2533274857506816
[  211.286642][T17543] netlink: 'syz.6.2610': attribute type 1 has an invalid length.
[  211.294709][T17541] lo speed is unknown, defaulting to 1000
[  211.301106][T17541] lo speed is unknown, defaulting to 1000
[  211.307478][T17541] lo speed is unknown, defaulting to 1000
[  211.317909][T17533] EXT4-fs error (device loop7): ext4_lookup:1787: inode #12: comm syz.7.2608: iget: bad i_size value: 2533274857506816
[  211.336613][T17533] EXT4-fs error (device loop7): ext4_lookup:1787: inode #12: comm syz.7.2608: iget: bad i_size value: 2533274857506816
[  211.365412][T12839] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.410850][T17574] FAULT_INJECTION: forcing a failure.
[  211.410850][T17574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.424240][T17574] CPU: 0 UID: 0 PID: 17574 Comm: syz.0.2612 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  211.424308][T17574] Tainted: [W]=WARN
[  211.424317][T17574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  211.424334][T17574] Call Trace:
[  211.424342][T17574]  <TASK>
[  211.424352][T17574]  __dump_stack+0x1d/0x30
[  211.424379][T17574]  dump_stack_lvl+0xe8/0x140
[  211.424405][T17574]  dump_stack+0x15/0x1b
[  211.424433][T17574]  should_fail_ex+0x265/0x280
[  211.424511][T17574]  should_fail+0xb/0x20
[  211.424546][T17574]  should_fail_usercopy+0x1a/0x20
[  211.424640][T17574]  _copy_from_user+0x1c/0xb0
[  211.424668][T17574]  memdup_user+0x5e/0xd0
[  211.424698][T17574]  sctp_getsockopt_connectx3+0x173/0x300
[  211.424732][T17574]  sctp_getsockopt+0x910/0xaa0
[  211.424834][T17574]  sock_common_getsockopt+0x60/0x70
[  211.424868][T17574]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  211.424902][T17574]  do_sock_getsockopt+0x200/0x240
[  211.424978][T17574]  __x64_sys_getsockopt+0x11e/0x1a0
[  211.425023][T17574]  x64_sys_call+0x12aa/0x2fb0
[  211.425050][T17574]  do_syscall_64+0xd2/0x200
[  211.425072][T17574]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  211.425255][T17574]  ? clear_bhb_loop+0x40/0x90
[  211.425338][T17574]  ? clear_bhb_loop+0x40/0x90
[  211.425366][T17574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.425393][T17574] RIP: 0033:0x7f8eef9de929
[  211.425452][T17574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.425476][T17574] RSP: 002b:00007f8eee047038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  211.425500][T17574] RAX: ffffffffffffffda RBX: 00007f8eefc05fa0 RCX: 00007f8eef9de929
[  211.425515][T17574] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003
[  211.425531][T17574] RBP: 00007f8eee047090 R08: 0000200000000180 R09: 0000000000000000
[  211.425546][T17574] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.425562][T17574] R13: 0000000000000000 R14: 00007f8eefc05fa0 R15: 00007fff6d8850d8
[  211.425640][T17574]  </TASK>
[  211.479896][T17581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2616'.
[  211.773254][T17601] loop9: detected capacity change from 0 to 7
[  211.779838][T17601] Buffer I/O error on dev loop9, logical block 0, async page read
[  211.788038][T17601] Buffer I/O error on dev loop9, logical block 0, async page read
[  211.796185][T17601]  loop9: unable to read partition table
[  211.802073][T17601] loop_reread_partitions: partition scan of loop9 (þ被üŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  211.802073][T17601] 
Uªÿÿÿÿÿÿ) failed (rc=-5)
[  211.972502][T17618] openvswitch: netlink: Message has 6 unknown bytes.
[  212.226532][T17624] loop1: detected capacity change from 0 to 256
[  212.240683][T17624] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  212.307079][T17624] FAT-fs (loop1): Directory bread(block 64) failed
[  212.314275][T17624] FAT-fs (loop1): Directory bread(block 65) failed
[  212.321140][T17624] FAT-fs (loop1): Directory bread(block 66) failed
[  212.344126][T17624] FAT-fs (loop1): Directory bread(block 67) failed
[  212.376984][T17624] FAT-fs (loop1): Directory bread(block 68) failed
[  212.378449][ T3584] tipc: Node number set to 2886997007
[  212.393687][T17633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.393763][T17624] FAT-fs (loop1): Directory bread(block 69) failed
[  212.408905][T17624] FAT-fs (loop1): Directory bread(block 70) failed
[  212.415472][T17624] FAT-fs (loop1): Directory bread(block 71) failed
[  212.419871][T17633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.422343][T17624] FAT-fs (loop1): Directory bread(block 72) failed
[  212.436447][T17624] FAT-fs (loop1): Directory bread(block 73) failed
[  212.449815][T17637] loop2: detected capacity change from 0 to 1024
[  212.457092][T17637] EXT4-fs: Ignoring removed bh option
[  212.462832][T17637] EXT4-fs (loop2): stripe (4) is not aligned with cluster size (16), stripe is disabled
[  212.478695][T17637] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.507859][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.590586][T17656] netlink: 'syz.1.2633': attribute type 39 has an invalid length.
[  212.737530][T17666] loop1: detected capacity change from 0 to 8192
[  213.505278][T17687] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  213.513035][T17687] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  213.583982][T17692] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  213.597484][T17692] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  214.084285][T17684] lo speed is unknown, defaulting to 1000
[  214.122930][T17684] lo speed is unknown, defaulting to 1000
[  214.147876][T17710] loop6: detected capacity change from 0 to 2048
[  214.164730][T17710] ext2: Unknown parameter 'func'
[  214.191692][T17684] lo speed is unknown, defaulting to 1000
[  214.203965][T17710] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  214.657363][T17783] loop7: detected capacity change from 0 to 1024
[  214.671798][T17783] EXT4-fs: Ignoring removed nobh option
[  214.688803][T17783] EXT4-fs: Ignoring removed nobh option
[  214.694673][T17783] ext4: Unknown parameter 'noacl'
[  214.799648][T17807] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2656'.
[  214.913405][T17814] loop7: detected capacity change from 0 to 8192
[  214.948260][T17823] FAULT_INJECTION: forcing a failure.
[  214.948260][T17823] name failslab, interval 1, probability 0, space 0, times 0
[  214.961987][T17823] CPU: 1 UID: 0 PID: 17823 Comm: syz.1.2659 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  214.962051][T17823] Tainted: [W]=WARN
[  214.962059][T17823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  214.962076][T17823] Call Trace:
[  214.962084][T17823]  <TASK>
[  214.962092][T17823]  __dump_stack+0x1d/0x30
[  214.962120][T17823]  dump_stack_lvl+0xe8/0x140
[  214.962151][T17823]  dump_stack+0x15/0x1b
[  214.962232][T17823]  should_fail_ex+0x265/0x280
[  214.962271][T17823]  should_failslab+0x8c/0xb0
[  214.962317][T17823]  __kmalloc_node_noprof+0xa9/0x410
[  214.962361][T17823]  ? x64_sys_call+0x2999/0x2fb0
[  214.962389][T17823]  ? qdisc_alloc+0x65/0x440
[  214.962430][T17823]  qdisc_alloc+0x65/0x440
[  214.962584][T17823]  qdisc_create_dflt+0x7f/0x2d0
[  214.962621][T17823]  taprio_init+0x286/0x5f0
[  214.962651][T17823]  ? __pfx_taprio_init+0x10/0x10
[  214.962748][T17823]  qdisc_create+0x591/0x9e0
[  214.962797][T17823]  tc_modify_qdisc+0xe2c/0x1380
[  214.962840][T17823]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  214.962910][T17823]  rtnetlink_rcv_msg+0x65a/0x6d0
[  214.962945][T17823]  netlink_rcv_skb+0x120/0x220
[  214.962985][T17823]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  214.963079][T17823]  rtnetlink_rcv+0x1c/0x30
[  214.963102][T17823]  netlink_unicast+0x59e/0x670
[  214.963184][T17823]  netlink_sendmsg+0x58b/0x6b0
[  214.963206][T17823]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.963348][T17823]  __sock_sendmsg+0x142/0x180
[  214.963378][T17823]  ____sys_sendmsg+0x31e/0x4e0
[  214.963422][T17823]  ___sys_sendmsg+0x17b/0x1d0
[  214.963550][T17823]  __x64_sys_sendmsg+0xd4/0x160
[  214.963656][T17823]  x64_sys_call+0x2999/0x2fb0
[  214.963683][T17823]  do_syscall_64+0xd2/0x200
[  214.963707][T17823]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  214.963826][T17823]  ? clear_bhb_loop+0x40/0x90
[  214.963853][T17823]  ? clear_bhb_loop+0x40/0x90
[  214.963942][T17823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.963970][T17823] RIP: 0033:0x7fcc2f41e929
[  214.963986][T17823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.964043][T17823] RSP: 002b:00007fcc2da87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  214.964065][T17823] RAX: ffffffffffffffda RBX: 00007fcc2f645fa0 RCX: 00007fcc2f41e929
[  214.964081][T17823] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000006
[  214.964097][T17823] RBP: 00007fcc2da87090 R08: 0000000000000000 R09: 0000000000000000
[  214.964113][T17823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  214.964136][T17823] R13: 0000000000000000 R14: 00007fcc2f645fa0 R15: 00007ffe1f2857c8
[  214.964167][T17823]  </TASK>
[  215.513134][T17860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2660'.
[  215.737086][T17686] lo speed is unknown, defaulting to 1000
[  215.769688][T17686] lo speed is unknown, defaulting to 1000
[  215.788544][T17686] lo speed is unknown, defaulting to 1000
[  216.530469][T17949] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2662'.
[  217.061044][T17981] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=17981 comm=syz.2.2666
[  217.179390][   T29] kauditd_printk_skb: 294 callbacks suppressed
[  217.179411][   T29] audit: type=1326 audit(1750666527.298:14500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.274291][   T29] audit: type=1326 audit(1750666527.348:14501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.298507][   T29] audit: type=1326 audit(1750666527.348:14502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03b6db58e7 code=0x7ffc0000
[  217.322243][   T29] audit: type=1326 audit(1750666527.348:14503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f03b6d5ab19 code=0x7ffc0000
[  217.345859][   T29] audit: type=1326 audit(1750666527.348:14504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.369618][   T29] audit: type=1326 audit(1750666527.348:14505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.393314][   T29] audit: type=1326 audit(1750666527.348:14506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.417543][   T29] audit: type=1326 audit(1750666527.348:14507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.441662][   T29] audit: type=1326 audit(1750666527.348:14508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.465419][   T29] audit: type=1326 audit(1750666527.348:14509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  217.501881][T17989] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2669'.
[  217.523436][T17986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2666'.
[  217.535309][T17995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2671'.
[  217.608355][T17997] loop6: detected capacity change from 0 to 8192
[  217.653665][T17991] lo speed is unknown, defaulting to 1000
[  217.663964][T17991] lo speed is unknown, defaulting to 1000
[  217.668276][T18007] netlink: 'syz.0.2675': attribute type 1 has an invalid length.
[  217.670790][T17991] lo speed is unknown, defaulting to 1000
[  217.858393][T18017] loop0: detected capacity change from 0 to 2048
[  217.877941][T18017] ext2: Unknown parameter 'func'
[  217.889191][T18017] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  218.017981][T18041] SELinux:  Context system_u:object_r:devtty_t:s0 is not valid (left unmapped).
[  218.161451][T18045] lo speed is unknown, defaulting to 1000
[  218.169426][T18045] lo speed is unknown, defaulting to 1000
[  218.178235][T18045] lo speed is unknown, defaulting to 1000
[  218.187871][T18051] loop7: detected capacity change from 0 to 8192
[  218.478372][T18093] netlink: 'syz.6.2686': attribute type 1 has an invalid length.
[  218.484015][T18094] loop1: detected capacity change from 0 to 512
[  218.496806][T18090] loop2: detected capacity change from 0 to 2048
[  218.503915][T18090] ext2: Unknown parameter 'func'
[  218.514038][T18094] EXT4-fs: dax option not supported
[  218.520474][T18090] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  218.658288][T18116] loop2: detected capacity change from 0 to 512
[  218.670135][T18116] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  218.683233][T18116] EXT4-fs (loop2): 1 truncate cleaned up
[  218.691792][T18116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.739188][T18122] netlink: 'syz.1.2694': attribute type 1 has an invalid length.
[  218.888906][T18124] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  218.909780][T18124] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  219.198556][T18141] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2695'.
[  219.535752][ T3306] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  219.546752][ T3306] CPU: 0 UID: 0 PID: 3306 Comm: syz-executor Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  219.546831][ T3306] Tainted: [W]=WARN
[  219.546839][ T3306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.546856][ T3306] Call Trace:
[  219.546864][ T3306]  <TASK>
[  219.546871][ T3306]  __dump_stack+0x1d/0x30
[  219.546897][ T3306]  dump_stack_lvl+0xe8/0x140
[  219.546921][ T3306]  dump_stack+0x15/0x1b
[  219.546941][ T3306]  dump_header+0x81/0x220
[  219.547004][ T3306]  oom_kill_process+0x334/0x3f0
[  219.547043][ T3306]  out_of_memory+0x979/0xb80
[  219.547166][ T3306]  try_charge_memcg+0x5e6/0x9e0
[  219.547202][ T3306]  charge_memcg+0x51/0xc0
[  219.547287][ T3306]  __mem_cgroup_charge+0x28/0xb0
[  219.547329][ T3306]  filemap_add_folio+0x4e/0x1b0
[  219.547389][ T3306]  __filemap_get_folio+0x31e/0x6b0
[  219.547421][ T3306]  filemap_fault+0x41d/0xb40
[  219.547471][ T3306]  __do_fault+0xbc/0x200
[  219.547499][ T3306]  handle_mm_fault+0xf78/0x2be0
[  219.547583][ T3306]  ? mas_walk+0xf2/0x120
[  219.547624][ T3306]  do_user_addr_fault+0x636/0x1090
[  219.547665][ T3306]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  219.547767][ T3306]  exc_page_fault+0x62/0xa0
[  219.547802][ T3306]  asm_exc_page_fault+0x26/0x30
[  219.547826][ T3306] RIP: 0033:0x7f03b6c95974
[  219.547845][ T3306] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 28 fe e7 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d 39 fd e7 00 48 01 d1
[  219.547866][ T3306] RSP: 002b:00007ffe12344880 EFLAGS: 00010206
[  219.547953][ T3306] RAX: 0000001b32020000 RBX: 0000000000000599 RCX: 0000000000035778
[  219.547968][ T3306] RDX: 0000000007f95df5 RSI: 00007ffe12344910 RDI: 0000000000000001
[  219.547983][ T3306] RBP: 00007ffe123448bc R08: 000000001e6b327d R09: 7fffffffffffffff
[  219.547998][ T3306] R10: 3fffffffffffffff R11: 0000000000000202 R12: 0000000000001388
[  219.548079][ T3306] R13: 00000000000927c0 R14: 00000000000356b4 R15: 00007ffe12344910
[  219.548133][ T3306]  </TASK>
[  219.548141][ T3306] memory: usage 307200kB, limit 307200kB, failcnt 288
[  219.714082][T18155] netlink: 'syz.1.2697': attribute type 1 has an invalid length.
[  219.719186][ T3306] memory+swap: usage 307808kB, limit 9007199254740988kB, failcnt 0
[  219.719240][ T3306] kmem: usage 307160kB, limit 9007199254740988kB, failcnt 0
[  219.776720][ T3306] Memory cgroup stats for /syz2:
[  219.779399][ T3306] cache 4096
[  219.787822][ T3306] rss 4096
[  219.790976][ T3306] shmem 0
[  219.793935][ T3306] mapped_file 0
[  219.797478][ T3306] dirty 0
[  219.800500][ T3306] writeback 0
[  219.803925][ T3306] workingset_refault_anon 45
[  219.808598][ T3306] workingset_refault_file 245
[  219.813835][ T3306] swap 622592
[  219.817247][ T3306] swapcached 24576
[  219.821007][ T3306] pgpgin 203123
[  219.824773][ T3306] pgpgout 203113
[  219.828540][ T3306] pgfault 199339
[  219.832120][ T3306] pgmajfault 59
[  219.835647][ T3306] inactive_anon 24576
[  219.839692][ T3306] active_anon 0
[  219.843189][ T3306] inactive_file 16384
[  219.847615][ T3306] active_file 0
[  219.851243][ T3306] unevictable 0
[  219.854731][ T3306] hierarchical_memory_limit 314572800
[  219.860213][ T3306] hierarchical_memsw_limit 9223372036854771712
[  219.866436][ T3306] total_cache 4096
[  219.870227][ T3306] total_rss 4096
[  219.873852][ T3306] total_shmem 0
[  219.877470][ T3306] total_mapped_file 0
[  219.881597][ T3306] total_dirty 0
[  219.885103][ T3306] total_writeback 0
[  219.889007][ T3306] total_workingset_refault_anon 45
[  219.894215][ T3306] total_workingset_refault_file 245
[  219.899457][ T3306] total_swap 622592
[  219.903345][ T3306] total_swapcached 24576
[  219.907669][ T3306] total_pgpgin 203123
[  219.911687][ T3306] total_pgpgout 203113
[  219.915976][ T3306] total_pgfault 199339
[  219.920147][ T3306] total_pgmajfault 59
[  219.924240][ T3306] total_inactive_anon 24576
[  219.928938][ T3306] total_active_anon 0
[  219.933075][ T3306] total_inactive_file 16384
[  219.937710][ T3306] total_active_file 0
[  219.941722][ T3306] total_unevictable 0
[  219.945911][ T3306] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2693,pid=18115,uid=0
[  219.960904][ T3306] Memory cgroup out of memory: Killed process 18115 (syz.2.2693) total-vm:93752kB, anon-rss:936kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  219.992566][T18161] loop1: detected capacity change from 0 to 2048
[  219.999394][T18161] ext2: Unknown parameter 'func'
[  220.009343][T18161] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  220.108669][T18113] lo speed is unknown, defaulting to 1000
[  220.125600][T18113] lo speed is unknown, defaulting to 1000
[  220.147526][T18113] lo speed is unknown, defaulting to 1000
[  220.164110][T18167] lo speed is unknown, defaulting to 1000
[  220.210402][T18167] lo speed is unknown, defaulting to 1000
[  220.234291][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.263541][T18167] lo speed is unknown, defaulting to 1000
[  220.282004][T18166] lo speed is unknown, defaulting to 1000
[  220.310601][T18166] lo speed is unknown, defaulting to 1000
[  220.331349][T18166] lo speed is unknown, defaulting to 1000
[  221.036918][T18281] lo speed is unknown, defaulting to 1000
[  221.059962][T18281] lo speed is unknown, defaulting to 1000
[  221.077409][T18281] lo speed is unknown, defaulting to 1000
[  221.117296][T18301] netlink: 316 bytes leftover after parsing attributes in process `syz.6.2712'.
[  221.252352][T18316] loop2: detected capacity change from 0 to 8192
[  221.274072][T18321] loop1: detected capacity change from 0 to 2048
[  221.289369][T18321] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.371351][T18333] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2718'.
[  221.743861][T18347] lo speed is unknown, defaulting to 1000
[  221.750066][T18347] lo speed is unknown, defaulting to 1000
[  221.756681][T18347] lo speed is unknown, defaulting to 1000
[  221.823051][T18347] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2722'.
[  221.832664][T18347] netlink: 'syz.6.2722': attribute type 4 has an invalid length.
[  221.870304][T18347] netlink: 'syz.6.2722': attribute type 1 has an invalid length.
[  221.904728][T18347] loop6: detected capacity change from 0 to 164
[  222.025734][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.067836][T18384] random: crng reseeded on system resumption
[  222.100490][T18384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2725'.
[  222.150385][T18384] team1: entered promiscuous mode
[  222.169393][T18384] team1: entered allmulticast mode
[  222.231586][T18430] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2729'.
[  222.292661][T18432] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2730'.
[  222.302138][T18428] loop2: detected capacity change from 0 to 8192
[  222.373400][T18437] loop1: detected capacity change from 0 to 8192
[  222.406170][   T29] kauditd_printk_skb: 260 callbacks suppressed
[  222.406189][   T29] audit: type=1326 audit(1750666532.508:14770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.436637][   T29] audit: type=1326 audit(1750666532.508:14771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.460787][   T29] audit: type=1326 audit(1750666532.508:14772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.484490][   T29] audit: type=1326 audit(1750666532.508:14773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.508171][   T29] audit: type=1326 audit(1750666532.508:14774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.531842][   T29] audit: type=1326 audit(1750666532.508:14775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.555451][   T29] audit: type=1326 audit(1750666532.508:14776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.579241][   T29] audit: type=1326 audit(1750666532.508:14777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.602928][   T29] audit: type=1326 audit(1750666532.508:14778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.626812][   T29] audit: type=1326 audit(1750666532.508:14779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18426 comm="syz.2.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  222.671191][T18448] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2733'.
[  222.765396][T18452] loop6: detected capacity change from 0 to 2048
[  222.800471][T18452] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.890519][T18452] EXT4-fs error (device loop6): ext4_lookup:1787: inode #12: comm syz.6.2735: iget: bogus i_mode (4355)
[  222.936083][ T9430] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.974284][T18461] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2736'.
[  222.986072][T18460] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2736'.
[  223.007097][T18460] loop7: detected capacity change from 0 to 2048
[  223.057805][T18460] Alternate GPT is invalid, using primary GPT.
[  223.064195][T18460]  loop7: p1 p2 p3
[  223.167577][T18493] loop0: detected capacity change from 0 to 256
[  223.341052][T18527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.350068][T18527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.378701][T18531] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  223.537605][T18536] loop0: detected capacity change from 0 to 8192
[  223.675580][T18542] netlink: 'syz.2.2751': attribute type 1 has an invalid length.
[  224.123236][T18569] loop1: detected capacity change from 0 to 8192
[  224.412695][T18578] netlink: 'syz.0.2763': attribute type 1 has an invalid length.
[  224.484536][T18580] lo speed is unknown, defaulting to 1000
[  224.490933][T18580] lo speed is unknown, defaulting to 1000
[  224.499225][T18580] lo speed is unknown, defaulting to 1000
[  224.788872][T18617] atomic_op ffff888123fd5128 conn xmit_atomic 0000000000000000
[  224.803047][T18617] loop0: detected capacity change from 0 to 128
[  224.817976][T18617] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  224.838624][T18617] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.878396][T16559] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  225.028974][T18645] loop0: detected capacity change from 0 to 1024
[  225.035733][T18645] EXT4-fs: Ignoring removed bh option
[  225.042430][T18645] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  225.053632][T18645] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  225.063534][T18645] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  225.073929][T18645] EXT4-fs (loop0): filesystem has both journal inode and journal device!
[  225.087398][T18640] loop7: detected capacity change from 0 to 8192
[  225.096730][T18645] loop0: detected capacity change from 0 to 2048
[  225.097667][T18652] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  225.108154][T18643] lo speed is unknown, defaulting to 1000
[  225.113355][T18652] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  225.125151][T18643] lo speed is unknown, defaulting to 1000
[  225.132692][T18643] lo speed is unknown, defaulting to 1000
[  225.141758][T18645] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.743841][T16559] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.767556][T18707] atomic_op ffff88813a6dd928 conn xmit_atomic 0000000000000000
[  225.778873][T18707] loop0: detected capacity change from 0 to 128
[  225.788241][T18707] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  225.801177][T18707] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.829080][T16559] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  225.987365][T18736] loop1: detected capacity change from 0 to 512
[  225.994263][T18736] EXT4-fs: Mount option(s) incompatible with ext2
[  226.037929][T18739] loop7: detected capacity change from 0 to 8192
[  226.112956][T18747] loop6: detected capacity change from 0 to 8192
[  226.217850][T18751] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  226.251413][T18751] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  226.544961][T18756] loop2: detected capacity change from 0 to 8192
[  226.758420][T18760] atomic_op ffff888123663928 conn xmit_atomic 0000000000000000
[  226.831309][T18760] loop0: detected capacity change from 0 to 128
[  226.848584][T18760] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  226.880881][T18760] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.966783][T16559] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  227.138356][T18780] netlink: 'syz.0.2798': attribute type 1 has an invalid length.
[  227.154513][T18744] lo speed is unknown, defaulting to 1000
[  227.201232][T18744] lo speed is unknown, defaulting to 1000
[  227.220901][T18744] lo speed is unknown, defaulting to 1000
[  227.252438][T18788] loop0: detected capacity change from 0 to 8192
[  227.324976][T18801] __nla_validate_parse: 4 callbacks suppressed
[  227.324994][T18801] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2800'.
[  227.460527][T18812] loop2: detected capacity change from 0 to 8192
[  227.541080][   T29] kauditd_printk_skb: 614 callbacks suppressed
[  227.541096][   T29] audit: type=1326 audit(1750666537.680:15394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.571170][   T29] audit: type=1326 audit(1750666537.680:15395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.637633][   T29] audit: type=1326 audit(1750666537.680:15396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.661367][   T29] audit: type=1326 audit(1750666537.680:15397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.684998][   T29] audit: type=1326 audit(1750666537.680:15398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.708871][   T29] audit: type=1326 audit(1750666537.740:15399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.732513][   T29] audit: type=1326 audit(1750666537.740:15400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.756132][   T29] audit: type=1326 audit(1750666537.740:15401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.779960][   T29] audit: type=1326 audit(1750666537.740:15402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  227.803593][   T29] audit: type=1326 audit(1750666537.740:15403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18811 comm="syz.2.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b6dbe929 code=0x7ffc0000
[  228.007566][T18839] atomic_op ffff888134c09d28 conn xmit_atomic 0000000000000000
[  228.018589][T18839] loop1: detected capacity change from 0 to 128
[  228.027543][T18839] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  228.040751][T18839] ext4 filesystem being mounted at /566/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.077933][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  228.124564][T18847] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2808'.
[  228.186060][T18853] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2810'.
[  228.251798][T18859] netlink: 'syz.0.2811': attribute type 1 has an invalid length.
[  228.306992][T18855] loop7: detected capacity change from 0 to 8192
[  228.307488][T18861] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2814'.
[  228.445242][T18864] SELinux: failed to load policy
[  228.482436][T18872] atomic_op ffff888134c0b928 conn xmit_atomic 0000000000000000
[  228.495663][T18872] loop2: detected capacity change from 0 to 128
[  228.509474][T18872] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  228.526920][T18872] ext4 filesystem being mounted at /588/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.562441][ T3306] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  228.726245][T18885] No such timeout policy "syz1"
[  228.796832][T18868] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  228.805114][T18868] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  228.851017][T18895] 9pnet_fd: Insufficient options for proto=fd
[  228.858251][T18876] netlink: 'syz.0.2819': attribute type 3 has an invalid length.
[  228.933280][T18883] lo speed is unknown, defaulting to 1000
[  228.943923][T18883] lo speed is unknown, defaulting to 1000
[  228.950353][T18883] lo speed is unknown, defaulting to 1000
[  229.083982][T18930] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2827'.
[  229.095317][T18932] netlink: 'syz.7.2825': attribute type 1 has an invalid length.
[  229.120754][T18937] atomic_op ffff8881046e8d28 conn xmit_atomic 0000000000000000
[  229.181003][T18937] loop0: detected capacity change from 0 to 128
[  229.197686][T18937] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  229.218895][T18937] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.262084][T16559] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  229.403662][T18953] loop1: detected capacity change from 0 to 8192
[  229.503857][T18969] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2840'.
[  229.598111][T18971] netlink: 'syz.0.2841': attribute type 1 has an invalid length.
[  229.602194][T18938] syz.7.2830 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  229.617341][T18938] CPU: 0 UID: 0 PID: 18938 Comm: syz.7.2830 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  229.617430][T18938] Tainted: [W]=WARN
[  229.617439][T18938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  229.617456][T18938] Call Trace:
[  229.617464][T18938]  <TASK>
[  229.617473][T18938]  __dump_stack+0x1d/0x30
[  229.617500][T18938]  dump_stack_lvl+0xe8/0x140
[  229.617525][T18938]  dump_stack+0x15/0x1b
[  229.617547][T18938]  dump_header+0x81/0x220
[  229.617656][T18938]  oom_kill_process+0x334/0x3f0
[  229.617694][T18938]  out_of_memory+0x979/0xb80
[  229.617758][T18938]  try_charge_memcg+0x5e6/0x9e0
[  229.617794][T18938]  charge_memcg+0x51/0xc0
[  229.617834][T18938]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  229.617951][T18938]  __read_swap_cache_async+0x1df/0x350
[  229.617999][T18938]  swap_cluster_readahead+0x277/0x3e0
[  229.618057][T18938]  swapin_readahead+0xde/0x6f0
[  229.618145][T18938]  ? __filemap_get_folio+0x4f7/0x6b0
[  229.618177][T18938]  ? bpf_prog_e95a4a16f042d2d7+0x2a/0x32
[  229.618197][T18938]  ? swap_cache_get_folio+0x77/0x200
[  229.618289][T18938]  do_swap_page+0x301/0x2430
[  229.618316][T18938]  ? finish_task_switch+0xad/0x2b0
[  229.618346][T18938]  ? __pfx_default_wake_function+0x10/0x10
[  229.618378][T18938]  handle_mm_fault+0x9a5/0x2be0
[  229.618454][T18938]  ? mas_walk+0xf2/0x120
[  229.618490][T18938]  do_user_addr_fault+0x636/0x1090
[  229.618520][T18938]  ? fpregs_restore_userregs+0xad/0x1d0
[  229.618634][T18938]  ? switch_fpu_return+0xe/0x20
[  229.618664][T18938]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  229.618780][T18938]  exc_page_fault+0x62/0xa0
[  229.618818][T18938]  asm_exc_page_fault+0x26/0x30
[  229.618914][T18938] RIP: 0033:0x7f864707538c
[  229.618929][T18938] Code: 66 0f 1f 44 00 00 69 3d 26 03 e8 00 e8 03 00 00 48 8d 1d 27 0c 35 00 e8 02 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00
[  229.618950][T18938] RSP: 002b:00007ffefe1b8d70 EFLAGS: 00010202
[  229.619076][T18938] RAX: 0000000000000000 RBX: 00007f86473c5fa0 RCX: 0000000000000000
[  229.619094][T18938] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555566341808
[  229.619109][T18938] RBP: 00007f86473c7ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  229.619124][T18938] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000003823f
[  229.619193][T18938] R13: 00007f86473c6080 R14: ffffffffffffffff R15: 00007ffefe1b8e80
[  229.619213][T18938]  </TASK>
[  229.619220][T18938] memory: usage 307200kB, limit 307200kB, failcnt 219
[  229.865957][T18938] memory+swap: usage 204336kB, limit 9007199254740988kB, failcnt 0
[  229.873910][T18938] kmem: usage 200044kB, limit 9007199254740988kB, failcnt 0
[  229.881257][T18938] Memory cgroup stats for /syz7:
[  229.971649][T18938] cache 0
[  229.979709][T18938] rss 8192
[  229.982881][T18938] shmem 0
[  229.985851][T18938] mapped_file 208896
[  229.989817][T18938] dirty 0
[  229.992773][T18938] writeback 12288
[  229.996461][T18938] workingset_refault_anon 38
[  230.001065][T18938] workingset_refault_file 0
[  230.005641][T18938] swap 364544
[  230.008982][T18938] swapcached 32768
[  230.012715][T18938] pgpgin 40120
[  230.016150][T18938] pgpgout 40111
[  230.019626][T18938] pgfault 49301
[  230.023136][T18938] pgmajfault 21
[  230.026643][T18938] inactive_anon 28672
[  230.030642][T18938] active_anon 8192
[  230.034377][T18938] inactive_file 0
[  230.038110][T18938] active_file 0
[  230.041676][T18938] unevictable 0
[  230.045151][T18938] hierarchical_memory_limit 314572800
[  230.050567][T18938] hierarchical_memsw_limit 9223372036854771712
[  230.056778][T18938] total_cache 0
[  230.060260][T18938] total_rss 8192
[  230.064038][T18938] total_shmem 0
[  230.067590][T18938] total_mapped_file 208896
[  230.072098][T18938] total_dirty 0
[  230.075627][T18938] total_writeback 12288
[  230.079849][T18938] total_workingset_refault_anon 38
[  230.085034][T18938] total_workingset_refault_file 0
[  230.090218][T18938] total_swap 364544
[  230.094062][T18938] total_swapcached 32768
[  230.098361][T18938] total_pgpgin 40120
[  230.102281][T18938] total_pgpgout 40111
[  230.106385][T18938] total_pgfault 49301
[  230.110388][T18938] total_pgmajfault 21
[  230.114537][T18938] total_inactive_anon 28672
[  230.119093][T18938] total_active_anon 8192
[  230.123422][T18938] total_inactive_file 0
[  230.127612][T18938] total_active_file 0
[  230.131701][T18938] total_unevictable 0
[  230.135744][T18938] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.2830,pid=18938,uid=0
[  230.150587][T18938] Memory cgroup out of memory: Killed process 18938 (syz.7.2830) total-vm:93956kB, anon-rss:936kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  230.195738][T18987] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2845'.
[  230.262649][T18995] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2848'.
[  230.320184][T19004] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2852'.
[  230.356212][T19007] netlink: 'syz.1.2853': attribute type 1 has an invalid length.
[  230.424600][T19018] loop1: detected capacity change from 0 to 1024
[  230.443019][T19018] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869)
[  230.472308][T19014] loop6: detected capacity change from 0 to 8192
[  230.474002][T19018] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002]
[  230.497456][T19013] lo speed is unknown, defaulting to 1000
[  230.503964][T19013] lo speed is unknown, defaulting to 1000
[  230.505863][T19018] System zones: 0-1, 3-36
[  230.514390][T19018] EXT4-fs (loop1): orphan cleanup on readonly fs
[  230.527676][T19018] EXT4-fs (loop1): 1 orphan inode deleted
[  230.537518][T19006] lo speed is unknown, defaulting to 1000
[  230.544298][T19006] lo speed is unknown, defaulting to 1000
[  230.546665][T19018] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  230.550452][T19013] lo speed is unknown, defaulting to 1000
[  230.582661][T19006] lo speed is unknown, defaulting to 1000
[  230.707915][  T263] bond0 (unregistering): Released all slaves
[  230.760001][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.780764][  T263] tipc: Disabling bearer <udp:syz2>
[  230.786392][  T263] tipc: Left network mode
[  230.823343][T19006] chnl_net:caif_netlink_parms(): no params data found
[  230.851126][T19166] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19166 comm=syz.1.2857
[  230.872623][T19177] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2859'.
[  230.889397][T19162] loop0: detected capacity change from 0 to 8192
[  230.909270][  T263] hsr_slave_0: left promiscuous mode
[  230.915411][  T263] hsr_slave_1: left promiscuous mode
[  231.121386][T19006] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.129413][T19006] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.139893][T19006] bridge_slave_0: entered allmulticast mode
[  231.147130][T19006] bridge_slave_0: entered promiscuous mode
[  231.154821][T19006] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.162671][T19006] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.170112][T19006] bridge_slave_1: entered allmulticast mode
[  231.176854][T19006] bridge_slave_1: entered promiscuous mode
[  231.223330][T19006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  231.246626][T19006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  231.334335][T19006] team0: Port device team_slave_0 added
[  231.349747][T19006] team0: Port device team_slave_1 added
[  231.404642][T19006] batman_adv: batadv0: Adding interface: batadv_slave_0
[  231.411849][T19006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.438098][T19006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  231.458767][T19006] batman_adv: batadv0: Adding interface: batadv_slave_1
[  231.465769][T19006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.492052][T19006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  231.621982][T19006] hsr_slave_0: entered promiscuous mode
[  231.628451][T19006] hsr_slave_1: entered promiscuous mode
[  231.642638][T19367] loop6: detected capacity change from 0 to 8192
[  231.666544][T19006] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  231.674510][T19006] Cannot create hsr debugfs directory
[  231.767712][T19403] FAULT_INJECTION: forcing a failure.
[  231.767712][T19403] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  231.781103][T19403] CPU: 1 UID: 0 PID: 19403 Comm: syz.0.2878 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  231.781146][T19403] Tainted: [W]=WARN
[  231.781156][T19403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  231.781194][T19403] Call Trace:
[  231.781201][T19403]  <TASK>
[  231.781209][T19403]  __dump_stack+0x1d/0x30
[  231.781232][T19403]  dump_stack_lvl+0xe8/0x140
[  231.781308][T19403]  dump_stack+0x15/0x1b
[  231.781329][T19403]  should_fail_ex+0x265/0x280
[  231.781430][T19403]  should_fail_alloc_page+0xf2/0x100
[  231.781458][T19403]  __alloc_frozen_pages_noprof+0xff/0x360
[  231.781530][T19403]  alloc_pages_mpol+0xb3/0x250
[  231.781573][T19403]  alloc_pages_noprof+0x90/0x130
[  231.781683][T19403]  pgd_alloc+0x51/0x2e0
[  231.781712][T19403]  mm_init+0x37c/0x850
[  231.781738][T19403]  ? kmem_cache_alloc_noprof+0x220/0x310
[  231.781766][T19403]  ? copy_mm+0xc6/0x370
[  231.781795][T19403]  copy_mm+0x101/0x370
[  231.781905][T19403]  copy_process+0xcf1/0x1fe0
[  231.781938][T19403]  kernel_clone+0x16c/0x5b0
[  231.782045][T19403]  ? vfs_write+0x75e/0x8e0
[  231.782085][T19403]  __x64_sys_clone+0xe6/0x120
[  231.782119][T19403]  x64_sys_call+0x2c59/0x2fb0
[  231.782141][T19403]  do_syscall_64+0xd2/0x200
[  231.782218][T19403]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  231.782307][T19403]  ? clear_bhb_loop+0x40/0x90
[  231.782333][T19403]  ? clear_bhb_loop+0x40/0x90
[  231.782357][T19403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.782383][T19403] RIP: 0033:0x7f8eef9de929
[  231.782424][T19403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.782445][T19403] RSP: 002b:00007f8eee046fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  231.782467][T19403] RAX: ffffffffffffffda RBX: 00007f8eefc05fa0 RCX: 00007f8eef9de929
[  231.782482][T19403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400
[  231.782551][T19403] RBP: 00007f8eee047090 R08: 0000000000000000 R09: 0000000000000000
[  231.782575][T19403] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  231.782626][T19403] R13: 0000000000000000 R14: 00007f8eefc05fa0 R15: 00007fff6d8850d8
[  231.782652][T19403]  </TASK>
[  232.021270][T19417] netlink: 'syz.7.2879': attribute type 1 has an invalid length.
[  232.164040][T19463] loop7: detected capacity change from 0 to 8192
[  232.311960][T19006] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  232.323605][T19006] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  232.342891][T19006] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  232.354687][T19006] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  232.425759][T19006] 8021q: adding VLAN 0 to HW filter on device bond0
[  232.449892][T19006] 8021q: adding VLAN 0 to HW filter on device team0
[  232.469605][ T3463] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.476761][ T3463] bridge0: port 1(bridge_slave_0) entered forwarding state
[  232.490170][T19497] __nla_validate_parse: 3 callbacks suppressed
[  232.490191][T19497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2885'.
[  232.499309][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.512967][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.578026][T19006] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  232.583053][T19499] loop1: detected capacity change from 0 to 8192
[  232.605103][   T29] kauditd_printk_skb: 454 callbacks suppressed
[  232.605123][   T29] audit: type=1326 audit(1750666542.740:15858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19502 comm="syz.6.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  232.636652][   T29] audit: type=1326 audit(1750666542.740:15859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19502 comm="syz.6.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  232.660316][   T29] audit: type=1326 audit(1750666542.740:15860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19502 comm="syz.6.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  232.684211][   T29] audit: type=1326 audit(1750666542.740:15861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19502 comm="syz.6.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  232.709452][   T29] audit: type=1326 audit(1750666542.740:15862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19502 comm="syz.6.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  232.736896][   T29] audit: type=1400 audit(1750666542.790:15863): avc:  denied  { append } for  pid=19504 comm="syz.6.2888" name="usbmon2" dev="devtmpfs" ino=148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  232.789912][   T29] audit: type=1326 audit(1750666542.910:15864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19498 comm="syz.1.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  232.813680][   T29] audit: type=1326 audit(1750666542.910:15865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19498 comm="syz.1.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  232.838038][   T29] audit: type=1326 audit(1750666542.910:15866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19498 comm="syz.1.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  232.858473][T19006] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.861701][   T29] audit: type=1326 audit(1750666542.910:15867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19498 comm="syz.1.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fcc2f41e929 code=0x7ffc0000
[  233.009633][T19523] netlink: 'syz.6.2892': attribute type 1 has an invalid length.
[  233.078093][T19529] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.115026][T19538] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2895'.
[  233.121013][T19006] veth0_vlan: entered promiscuous mode
[  233.131840][T19537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.143908][T19006] veth1_vlan: entered promiscuous mode
[  233.150114][T19537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.201506][T19529] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.266823][T19529] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.296318][T19552] netlink: 'syz.7.2899': attribute type 39 has an invalid length.
[  233.305765][T19006] veth0_macvtap: entered promiscuous mode
[  233.316784][T19006] veth1_macvtap: entered promiscuous mode
[  233.334856][T19006] batman_adv: batadv0: Interface activated: batadv_slave_0
[  233.355672][T19529] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.400155][T19006] batman_adv: batadv0: Interface activated: batadv_slave_1
[  233.409038][T19006] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.417984][T19006] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.426851][T19006] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  233.435836][T19006] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  233.450501][T19559] loop7: detected capacity change from 0 to 512
[  233.459138][T19559] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  233.487041][T19559] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  233.488794][T19529] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.511211][T19559] System zones: 0-2, 18-18, 34-34
[  233.514974][T19529] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.521459][T19559] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.530015][T19529] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  233.548016][T19574] atomic_op ffff888104416928 conn xmit_atomic 0000000000000000
[  233.550201][T19529] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  233.564130][T19559] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.587164][T12839] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.608861][T19574] loop1: detected capacity change from 0 to 128
[  233.628429][T19574] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  233.630398][T19590] netlink: 'syz.2.2904': attribute type 1 has an invalid length.
[  233.650891][T19574] ext4 filesystem being mounted at /590/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.680836][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  233.784897][T19596] loop1: detected capacity change from 0 to 2048
[  233.798715][T19596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.877288][T19605] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.2907'.
[  233.913400][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.954746][T19613] pim6reg1: entered promiscuous mode
[  233.960267][T19613] pim6reg1: entered allmulticast mode
[  233.999509][T19617] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2909'.
[  234.075831][T19623] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2911'.
[  234.138543][T19627] loop1: detected capacity change from 0 to 512
[  234.146696][T19627] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  234.164304][T19632] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2915'.
[  234.306556][T19639] netlink: 'syz.0.2918': attribute type 1 has an invalid length.
[  234.330776][T19627] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  234.355912][T19627] System zones: 0-2, 18-18, 34-34
[  234.377113][T19627] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.417496][T19627] ext4 filesystem being mounted at /595/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.540662][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.540805][T19645] loop0: detected capacity change from 0 to 8192
[  234.756794][T19660] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2925'.
[  234.979133][ T3341] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.037423][ T3341] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.070246][T19701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2931'.
[  235.093363][ T3341] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.104527][T19684] lo speed is unknown, defaulting to 1000
[  235.170432][T19684] lo speed is unknown, defaulting to 1000
[  235.177556][ T3341] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.244163][T19724] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2933'.
[  235.362979][ T3341] $Hÿ (unregistering): Released all slaves
[  235.407533][T19828] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2938'.
[  235.433137][T19684] chnl_net:caif_netlink_parms(): no params data found
[  235.452678][T19833] loop7: detected capacity change from 0 to 512
[  235.460501][ T3341] tipc: Left network mode
[  235.481549][T19833] EXT4-fs (loop7): too many log groups per flexible block group
[  235.489375][T19833] EXT4-fs (loop7): failed to initialize mballoc (-12)
[  235.501220][T19833] EXT4-fs (loop7): mount failed
[  235.547391][T19684] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.554533][T19684] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.570935][T19684] bridge_slave_0: entered allmulticast mode
[  235.577575][T19684] bridge_slave_0: entered promiscuous mode
[  235.591391][ T3341] hsr_slave_0: left promiscuous mode
[  235.597825][ T3341] hsr_slave_1: left promiscuous mode
[  235.607589][ T3341] veth1_macvtap: left promiscuous mode
[  235.613206][ T3341] veth0_macvtap: left promiscuous mode
[  235.621620][ T3341] veth1_vlan: left promiscuous mode
[  235.628528][ T3341] veth0_vlan: left promiscuous mode
[  235.738442][ T3463] smc: removing ib device syz!
[  235.781353][T19684] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.788578][T19684] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.797753][T19684] bridge_slave_1: entered allmulticast mode
[  235.804684][T19684] bridge_slave_1: entered promiscuous mode
[  235.811301][ T3380] lo speed is unknown, defaulting to 1000
[  235.817255][ T3380] infiniband s…z0: ib_query_port failed (-19)
[  235.843730][T19684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.865220][T19684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.939004][T19684] team0: Port device team_slave_0 added
[  235.952950][T19684] team0: Port device team_slave_1 added
[  235.991956][T19684] batman_adv: batadv0: Adding interface: batadv_slave_0
[  235.999074][T19684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.025288][T19684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.090238][T19684] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.097805][T19684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.123871][T19684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.181767][ T3341] IPVS: stop unused estimator thread 0...
[  236.232091][T19684] hsr_slave_0: entered promiscuous mode
[  236.247478][T19684] hsr_slave_1: entered promiscuous mode
[  236.255392][T20009] loop6: detected capacity change from 0 to 8192
[  236.541523][T19684] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  236.560360][T19684] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  236.567871][T20089] loop0: detected capacity change from 0 to 8192
[  236.576761][T19684] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  236.586182][T19684] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  236.643541][T19684] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.671931][T19684] 8021q: adding VLAN 0 to HW filter on device team0
[  236.692583][  T263] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.699752][  T263] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.713012][  T263] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.720268][  T263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.818495][T19684] 8021q: adding VLAN 0 to HW filter on device batadv0
[  236.991602][T19684] veth0_vlan: entered promiscuous mode
[  237.005753][T19684] veth1_vlan: entered promiscuous mode
[  237.029715][T19684] veth0_macvtap: entered promiscuous mode
[  237.037236][T19684] veth1_macvtap: entered promiscuous mode
[  237.061521][T19684] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.078385][T19684] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.090833][T19684] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.099709][T19684] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.108520][T19684] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.117379][T19684] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.197444][T20140] hub 9-0:1.0: USB hub found
[  237.204888][T20140] hub 9-0:1.0: 8 ports detected
[  237.468419][T20165] loop7: detected capacity change from 0 to 8192
[  237.607182][   T29] kauditd_printk_skb: 663 callbacks suppressed
[  237.607203][   T29] audit: type=1326 audit(1750666547.740:16531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f864713ab19 code=0x7ffc0000
[  237.637384][   T29] audit: type=1326 audit(1750666547.740:16532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86471958e7 code=0x7ffc0000
[  237.661113][   T29] audit: type=1326 audit(1750666547.750:16533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f864713ab19 code=0x7ffc0000
[  237.684945][   T29] audit: type=1326 audit(1750666547.750:16534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f864719e929 code=0x7ffc0000
[  237.710271][   T29] audit: type=1326 audit(1750666547.750:16535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86471958e7 code=0x7ffc0000
[  237.734132][   T29] audit: type=1326 audit(1750666547.750:16536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f864713ab19 code=0x7ffc0000
[  237.757673][   T29] audit: type=1326 audit(1750666547.750:16537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f864719e929 code=0x7ffc0000
[  237.781462][   T29] audit: type=1326 audit(1750666547.750:16538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86471958e7 code=0x7ffc0000
[  237.805227][   T29] audit: type=1326 audit(1750666547.750:16539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f864713ab19 code=0x7ffc0000
[  237.828963][   T29] audit: type=1326 audit(1750666547.750:16540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20164 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86471958e7 code=0x7ffc0000
[  238.002535][T20175] __nla_validate_parse: 3 callbacks suppressed
[  238.002550][T20175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2955'.
[  238.123552][T20179] loop6: detected capacity change from 0 to 8192
[  238.766913][T20197] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  238.801543][T20197] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  238.814134][T20192] lo speed is unknown, defaulting to 1000
[  239.007788][T20208] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  239.012912][T20210] FAULT_INJECTION: forcing a failure.
[  239.012912][T20210] name failslab, interval 1, probability 0, space 0, times 0
[  239.028059][T20210] CPU: 1 UID: 0 PID: 20210 Comm: syz.2.2962 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  239.028175][T20210] Tainted: [W]=WARN
[  239.028185][T20210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  239.028202][T20210] Call Trace:
[  239.028210][T20210]  <TASK>
[  239.028219][T20210]  __dump_stack+0x1d/0x30
[  239.028247][T20210]  dump_stack_lvl+0xe8/0x140
[  239.028273][T20210]  dump_stack+0x15/0x1b
[  239.028424][T20210]  should_fail_ex+0x265/0x280
[  239.028466][T20210]  should_failslab+0x8c/0xb0
[  239.028535][T20210]  __kmalloc_noprof+0xa5/0x3e0
[  239.028563][T20210]  ? sock_kmalloc+0x85/0xc0
[  239.028582][T20210]  ? iovec_from_user+0x179/0x210
[  239.028612][T20210]  sock_kmalloc+0x85/0xc0
[  239.028644][T20210]  ____sys_sendmsg+0xf8/0x4e0
[  239.028774][T20210]  ___sys_sendmsg+0x17b/0x1d0
[  239.028856][T20210]  __sys_sendmmsg+0x178/0x300
[  239.028935][T20210]  __x64_sys_sendmmsg+0x57/0x70
[  239.028959][T20210]  x64_sys_call+0x2f2f/0x2fb0
[  239.029060][T20210]  do_syscall_64+0xd2/0x200
[  239.029079][T20210]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  239.029113][T20210]  ? clear_bhb_loop+0x40/0x90
[  239.029141][T20210]  ? clear_bhb_loop+0x40/0x90
[  239.029194][T20210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.029219][T20210] RIP: 0033:0x7efdb159e929
[  239.029252][T20210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.029276][T20210] RSP: 002b:00007efdafc07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  239.029301][T20210] RAX: ffffffffffffffda RBX: 00007efdb17c5fa0 RCX: 00007efdb159e929
[  239.029318][T20210] RDX: 0000000000000001 RSI: 00002000000032c0 RDI: 0000000000000003
[  239.029335][T20210] RBP: 00007efdafc07090 R08: 0000000000000000 R09: 0000000000000000
[  239.029352][T20210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.029404][T20210] R13: 0000000000000000 R14: 00007efdb17c5fa0 R15: 00007ffea21e11e8
[  239.029424][T20210]  </TASK>
[  239.030729][T20208] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  239.534527][T20237] loop6: detected capacity change from 0 to 8192
[  239.566750][T20196] lo speed is unknown, defaulting to 1000
[  239.580910][T20245] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  239.612065][T20247] netlink: 'syz.0.2969': attribute type 1 has an invalid length.
[  239.711263][T20258] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2971'.
[  240.084183][T20282] lo speed is unknown, defaulting to 1000
[  240.196326][T20309] loop2: detected capacity change from 0 to 8192
[  240.383302][T20325] netlink: 'syz.7.2980': attribute type 1 has an invalid length.
[  240.401483][T20329] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2982'.
[  240.411198][T20329] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2982'.
[  240.461575][T20331] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2983'.
[  240.578186][T20337] loop6: detected capacity change from 0 to 8192
[  240.639165][T20341] loop7: detected capacity change from 0 to 8192
[  240.757238][T20353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2988'.
[  241.144661][T20365] lo speed is unknown, defaulting to 1000
[  241.391022][T20397] netlink: 'syz.2.2994': attribute type 1 has an invalid length.
[  241.511589][T20405] loop2: detected capacity change from 0 to 8192
[  241.661341][T20414] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  241.673356][T20414] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  241.699308][T20410] lo speed is unknown, defaulting to 1000
[  242.225955][T20452] netlink: 'syz.6.3006': attribute type 1 has an invalid length.
[  242.237600][T20448] netlink: 'syz.1.3004': attribute type 39 has an invalid length.
[  242.454475][T20472] loop1: detected capacity change from 0 to 128
[  242.567826][T20481] lo speed is unknown, defaulting to 1000
[  242.612609][T20506] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.624187][   T29] kauditd_printk_skb: 1454 callbacks suppressed
[  242.624205][   T29] audit: type=1326 audit(1750666552.770:17995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.655101][   T29] audit: type=1326 audit(1750666552.770:17996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.678872][   T29] audit: type=1326 audit(1750666552.770:17997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.702634][   T29] audit: type=1326 audit(1750666552.770:17998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.704665][T20471] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  242.726236][   T29] audit: type=1326 audit(1750666552.790:17999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.726327][   T29] audit: type=1326 audit(1750666552.790:18000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efdb159d290 code=0x7ffc0000
[  242.727580][   T29] audit: type=1326 audit(1750666552.840:18001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.738429][T20471] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  242.757794][   T29] audit: type=1326 audit(1750666552.840:18002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.836154][   T29] audit: type=1326 audit(1750666552.930:18003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.838062][T20506] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.859861][   T29] audit: type=1326 audit(1750666552.930:18004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20469 comm="syz.2.3012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  242.951789][T20506] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.013239][T20525] netlink: 'syz.7.3018': attribute type 1 has an invalid length.
[  243.061956][T20506] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.109550][T20532] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  243.124056][T20536] netlink: 'syz.7.3021': attribute type 39 has an invalid length.
[  243.127938][T20532] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  243.215130][T20506] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  243.225106][T20519] lo speed is unknown, defaulting to 1000
[  243.228675][T20506] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  243.249067][T20543] netlink: 'syz.6.3023': attribute type 39 has an invalid length.
[  243.270280][T20506] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  243.278959][T20539] loop7: detected capacity change from 0 to 8192
[  243.283143][T20506] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  243.537733][T20573] loop1: detected capacity change from 0 to 8192
[  243.759586][T20594] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3029'.
[  243.790401][T20596] netlink: 'syz.2.3030': attribute type 1 has an invalid length.
[  243.873826][T20602] netlink: 'syz.2.3032': attribute type 39 has an invalid length.
[  244.126005][T20612] lo speed is unknown, defaulting to 1000
[  244.299244][T20637] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  244.310351][T20637] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  244.374143][T20645] loop7: detected capacity change from 0 to 512
[  244.383141][T20645] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  244.395584][T20608] lo speed is unknown, defaulting to 1000
[  244.407057][T20645] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  244.416290][T20645] System zones: 0-2, 18-18, 34-34
[  244.437595][T20645] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.457796][T20645] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  244.503473][T12839] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.512813][T20665] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3041'.
[  244.612174][T20669] loop7: detected capacity change from 0 to 8192
[  244.626543][T20684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3038'.
[  244.640502][T20679] netlink: 'syz.0.3044': attribute type 39 has an invalid length.
[  244.746218][T20683] lo speed is unknown, defaulting to 1000
[  244.758650][T20700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3046'.
[  244.768109][T20700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3046'.
[  244.798230][T20706] netlink: 'syz.0.3047': attribute type 1 has an invalid length.
[  245.276684][T20768] netlink: 'syz.6.3053': attribute type 1 has an invalid length.
[  245.464570][T20778] loop7: detected capacity change from 0 to 2048
[  245.471840][T20778] ext2: Unknown parameter 'func'
[  245.485434][T20778] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  245.514702][T20786] netlink: 'syz.7.3058': attribute type 1 has an invalid length.
[  245.525202][T20788] netlink: 'syz.2.3059': attribute type 1 has an invalid length.
[  245.574453][T20792] lo speed is unknown, defaulting to 1000
[  245.576830][T20790] loop7: detected capacity change from 0 to 8192
[  245.849418][T20823] loop2: detected capacity change from 0 to 8192
[  245.897703][T20826] loop0: detected capacity change from 0 to 512
[  245.905716][T20826] EXT4-fs: dax option not supported
[  246.041967][T20834] loop0: detected capacity change from 0 to 512
[  246.050506][T20834] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  246.089810][T20834] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  246.098132][T20834] System zones: 0-2, 18-18, 34-34
[  246.106797][T20834] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  246.120332][T20834] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  246.145767][T16559] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.179963][T20837] loop6: detected capacity change from 0 to 8192
[  246.384483][T20851] loop0: detected capacity change from 0 to 8192
[  246.663517][T20858] lo speed is unknown, defaulting to 1000
[  246.812192][T20857] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  246.821623][T20857] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  246.880009][T20886] lo speed is unknown, defaulting to 1000
[  247.008228][T20917] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  247.017982][T20917] netlink: 'syz.6.3076': attribute type 13 has an invalid length.
[  247.018215][T20919] netlink: 'syz.7.3077': attribute type 1 has an invalid length.
[  247.167602][T20932] loop2: detected capacity change from 0 to 8192
[  247.238279][T20940] netlink: 'syz.7.3083': attribute type 39 has an invalid length.
[  247.352764][T20949] loop7: detected capacity change from 0 to 8192
[  247.429701][T20959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3089'.
[  247.898379][T20971] lo speed is unknown, defaulting to 1000
[  248.052933][T20998] loop2: detected capacity change from 0 to 8192
[  248.121225][   T29] kauditd_printk_skb: 636 callbacks suppressed
[  248.121242][   T29] audit: type=1326 audit(1750666558.260:18641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.151557][   T29] audit: type=1326 audit(1750666558.260:18642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.175406][   T29] audit: type=1326 audit(1750666558.260:18643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.199136][   T29] audit: type=1326 audit(1750666558.260:18644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.223249][   T29] audit: type=1326 audit(1750666558.260:18645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.246932][   T29] audit: type=1326 audit(1750666558.270:18646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.270634][   T29] audit: type=1326 audit(1750666558.270:18647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.294420][   T29] audit: type=1326 audit(1750666558.270:18648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.318179][   T29] audit: type=1326 audit(1750666558.270:18649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.341791][   T29] audit: type=1326 audit(1750666558.270:18650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20997 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efdb159e929 code=0x7ffc0000
[  248.461652][T21012] netlink: 'syz.1.3096': attribute type 39 has an invalid length.
[  248.719860][T21035] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3101'.
[  248.744850][T21033] loop1: detected capacity change from 0 to 8192
[  248.958353][T21039] netlink: 'syz.6.3104': attribute type 1 has an invalid length.
[  249.305048][T21056] loop0: detected capacity change from 0 to 8192
[  249.426818][T21067] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3113'.
[  249.547264][T21072] loop7: detected capacity change from 0 to 512
[  249.556543][T21070] loop2: detected capacity change from 0 to 8192
[  249.563203][T21072] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  249.589053][T21072] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  249.597430][T21072] System zones: 0-2, 18-18, 34-34
[  249.603863][T21072] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.617327][T21072] ext4 filesystem being mounted at /238/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  249.643650][T12839] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.032206][T21098] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3119'.
[  250.143354][T21100] loop6: detected capacity change from 0 to 8192
[  250.597982][T21115] ALSA: seq fatal error: cannot create timer (-22)
[  250.683249][T21118] loop1: detected capacity change from 0 to 128
[  250.794842][T21115] bio_check_eod: 2 callbacks suppressed
[  250.794859][T21115] syz.1.3123: attempt to access beyond end of device
[  250.794859][T21115] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[  250.817000][T21122] validate_nla: 1 callbacks suppressed
[  250.817039][T21122] netlink: 'syz.7.3125': attribute type 39 has an invalid length.
[  250.838027][T21124] netlink: 'syz.2.3126': attribute type 1 has an invalid length.
[  250.919933][T21115] syz.1.3123: attempt to access beyond end of device
[  250.919933][T21115] loop1: rw=2049, sector=169, nr_sectors = 16 limit=128
[  250.935476][T21115] syz.1.3123: attempt to access beyond end of device
[  250.935476][T21115] loop1: rw=2049, sector=193, nr_sectors = 8 limit=128
[  250.956421][T21115] syz.1.3123: attempt to access beyond end of device
[  250.956421][T21115] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128
[  250.972694][T21115] syz.1.3123: attempt to access beyond end of device
[  250.972694][T21115] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128
[  251.005934][T21115] syz.1.3123: attempt to access beyond end of device
[  251.005934][T21115] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128
[  251.024357][T21118] syz.1.3123: attempt to access beyond end of device
[  251.024357][T21118] loop1: rw=2049, sector=273, nr_sectors = 8 limit=128
[  251.041162][T21126] loop2: detected capacity change from 0 to 8192
[  251.048146][T21118] syz.1.3123: attempt to access beyond end of device
[  251.048146][T21118] loop1: rw=2049, sector=289, nr_sectors = 8 limit=128
[  251.067077][T21115] syz.1.3123: attempt to access beyond end of device
[  251.067077][T21115] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128
[  251.081155][T21115] syz.1.3123: attempt to access beyond end of device
[  251.081155][T21115] loop1: rw=2049, sector=297, nr_sectors = 1 limit=128
[  251.155176][T21145] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3132'.
[  251.187717][T21147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3131'.
[  251.333580][T21153] lo speed is unknown, defaulting to 1000
[  251.596423][T21188] loop7: detected capacity change from 0 to 8192
[  251.739615][T21192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3138'.
[  251.829575][T21194] loop0: detected capacity change from 0 to 8192
[  251.974702][T21202] netlink: 'syz.2.3140': attribute type 39 has an invalid length.
[  252.113714][T21208] loop2: detected capacity change from 0 to 8192
[  252.833675][T21256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3150'.
[  252.944804][T21263] loop2: detected capacity change from 0 to 2048
[  252.957648][T21263] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.134359][T21275] netlink: 'syz.1.3152': attribute type 39 has an invalid length.
[  253.374940][T21292] loop6: detected capacity change from 0 to 512
[  253.382310][T21292] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  253.397000][T21292] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  253.405157][T21292] System zones: 0-2, 18-18, 34-34
[  253.411325][T21292] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.423996][T21292] ext4 filesystem being mounted at /400/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.447711][ T9430] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.473437][T21301] loop6: detected capacity change from 0 to 512
[  253.481328][T21301] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  253.497388][T21301] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  253.505571][T21301] System zones: 0-2, 18-18, 34-34
[  253.512967][T21301] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.535805][T21301] ext4 filesystem being mounted at /401/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.564094][ T9430] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.584863][T19006] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.614824][   T29] kauditd_printk_skb: 440 callbacks suppressed
[  253.614842][   T29] audit: type=1400 audit(1750666563.750:19091): avc:  denied  { setopt } for  pid=21310 comm="syz.6.3159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  253.677846][   T29] audit: type=1326 audit(1750666563.820:19092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.729954][   T29] audit: type=1326 audit(1750666563.840:19093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.753591][   T29] audit: type=1326 audit(1750666563.840:19094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.777595][   T29] audit: type=1326 audit(1750666563.840:19095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.801215][   T29] audit: type=1326 audit(1750666563.840:19096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.825262][   T29] audit: type=1326 audit(1750666563.840:19097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.848812][   T29] audit: type=1326 audit(1750666563.840:19098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.872599][   T29] audit: type=1326 audit(1750666563.840:19099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.896180][   T29] audit: type=1326 audit(1750666563.840:19100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz.6.3161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  253.950246][T21344] netlink: 'syz.6.3165': attribute type 39 has an invalid length.
[  254.092966][T21357] lo speed is unknown, defaulting to 1000
[  254.180147][T21353] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  254.188479][T21353] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  254.307258][T21385] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3171'.
[  254.361809][T21389] loop6: detected capacity change from 0 to 512
[  254.369342][T21389] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  254.386853][T21389] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  254.395198][T21389] System zones: 0-2, 18-18, 34-34
[  254.401877][T21389] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.414658][T21389] ext4 filesystem being mounted at /409/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.433708][T21394] lo speed is unknown, defaulting to 1000
[  254.443348][ T9430] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.509920][T21384] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  254.539303][T21384] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  254.660941][T21429] netlink: 'syz.1.3178': attribute type 39 has an invalid length.
[  254.734018][T21427] netlink: 'syz.6.3177': attribute type 1 has an invalid length.
[  254.741921][T21427] netlink: 92 bytes leftover after parsing attributes in process `syz.6.3177'.
[  254.750988][T21427] NCSI netlink: No device for ifindex 65300
[  254.870802][T21447] loop7: detected capacity change from 0 to 512
[  254.879576][T21447] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  254.901259][T21446] loop2: detected capacity change from 0 to 8192
[  254.905853][T21447] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  254.916001][T21447] System zones: 0-2, 18-18, 34-34
[  254.921946][T21447] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.934808][T21447] ext4 filesystem being mounted at /254/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.960241][T12839] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.039591][T21459] loop7: detected capacity change from 0 to 8192
[  255.730735][T21463] loop1: detected capacity change from 0 to 8192
[  255.794298][T21486] netlink: 'syz.2.3190': attribute type 1 has an invalid length.
[  255.929563][T21497] loop6: detected capacity change from 0 to 8192
[  256.235437][T21505] netlink: 'syz.0.3193': attribute type 1 has an invalid length.
[  256.243277][T21505] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3193'.
[  256.252277][T21505] NCSI netlink: No device for ifindex 65300
[  256.386139][T21514] loop0: detected capacity change from 0 to 512
[  256.394216][T21514] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  256.407377][T21514] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  256.415856][T21514] System zones: 0-2, 18-18, 34-34
[  256.422849][T21514] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.435506][T21514] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.459335][T16559] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.781965][T21537] netlink: 'syz.2.3203': attribute type 1 has an invalid length.
[  256.821397][T21543] netlink: 14 bytes leftover after parsing attributes in process `syz.7.3205'.
[  256.834197][T21543] hsr_slave_0: left promiscuous mode
[  256.840024][T21543] hsr_slave_1: left promiscuous mode
[  256.845659][T21539] loop6: detected capacity change from 0 to 8192
[  256.963443][T21553] loop2: detected capacity change from 0 to 8192
[  257.361914][T21565] tipc: Started in network mode
[  257.366964][T21565] tipc: Node identity ac14140f, cluster identity 4711
[  257.374236][T21565] tipc: New replicast peer: 255.255.255.255
[  257.380337][T21565] tipc: Enabled bearer <udp:syz2>, priority 10
[  257.387520][T21565] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3209'.
[  257.397010][T21565] tipc: Disabling bearer <udp:syz2>
[  257.611095][T21575] lo speed is unknown, defaulting to 1000
[  257.713230][T21567] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  257.722808][T21567] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  257.772174][T21604] loop6: detected capacity change from 0 to 2048
[  257.826516][T21604]  loop6: p2 p3 p7
[  257.840192][T21613] netlink: 'syz.2.3215': attribute type 1 has an invalid length.
[  257.930170][T21621] loop2: detected capacity change from 0 to 8192
[  258.041373][T21629] No such timeout policy "syz1"
[  258.216626][T21632] syzkaller0: entered allmulticast mode
[  258.223992][T21631] syzkaller0: left allmulticast mode
[  258.304000][T21638] lo speed is unknown, defaulting to 1000
[  258.584443][T21675] lo speed is unknown, defaulting to 1000
[  258.631050][   T29] kauditd_printk_skb: 637 callbacks suppressed
[  258.631066][   T29] audit: type=1326 audit(1750666568.770:19738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21666 comm="syz.0.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eef9de929 code=0x7ffc0000
[  258.649659][T21667] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  258.661124][   T29] audit: type=1326 audit(1750666568.770:19739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21666 comm="syz.0.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eef9de929 code=0x7ffc0000
[  258.669104][   T29] audit: type=1326 audit(1750666568.790:19740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21666 comm="syz.0.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8eef9de929 code=0x7ffc0000
[  258.726551][T21667] vhci_hcd: default hub control req: 6001 v8001 i0001 l0
[  258.744829][   T29] audit: type=1326 audit(1750666568.870:19741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21666 comm="syz.0.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eef9de929 code=0x7ffc0000
[  258.744974][T21703] loop6: detected capacity change from 0 to 8192
[  258.768480][   T29] audit: type=1326 audit(1750666568.880:19742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21666 comm="syz.0.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eef9de929 code=0x7ffc0000
[  258.859925][T21711] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3232'.
[  258.870882][T21711] hsr_slave_0: left promiscuous mode
[  258.876762][T21711] hsr_slave_1: left promiscuous mode
[  258.897649][   T29] audit: type=1326 audit(1750666569.030:19743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21700 comm="syz.6.3230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  258.921473][   T29] audit: type=1326 audit(1750666569.030:19744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21700 comm="syz.6.3230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  258.945136][   T29] audit: type=1326 audit(1750666569.030:19745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21700 comm="syz.6.3230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  258.968907][   T29] audit: type=1326 audit(1750666569.040:19746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21700 comm="syz.6.3230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  258.992749][   T29] audit: type=1326 audit(1750666569.040:19747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21700 comm="syz.6.3230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1de2e929 code=0x7ffc0000
[  259.154816][T21721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3233'.
[  259.164883][T21725] syzkaller0: entered allmulticast mode
[  259.177339][T21724] syzkaller0: left allmulticast mode
[  259.291758][T21738] lo speed is unknown, defaulting to 1000
[  259.708350][T21785] loop6: detected capacity change from 0 to 8192
[  259.734433][T21789] loop2: detected capacity change from 0 to 8192
[  260.223896][T21811] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3252'.
[  260.265620][T21814] loop7: detected capacity change from 0 to 1024
[  260.272878][T21814] EXT4-fs: Ignoring removed bh option
[  260.279755][T21814] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  260.290875][T21814] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  260.301290][T21814] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  260.311572][T21814] EXT4-fs (loop7): filesystem has both journal inode and journal device!
[  260.376264][T21815] loop1: detected capacity change from 0 to 8192
[  260.712379][T21832] loop7: detected capacity change from 0 to 8192
[  260.771680][T21837] loop6: detected capacity change from 0 to 8192
[  260.844463][T21847] netlink: 'syz.0.3263': attribute type 1 has an invalid length.
[  261.151809][T21858] loop1: detected capacity change from 0 to 1024
[  261.158702][T21858] EXT4-fs: Ignoring removed bh option
[  261.164805][T21858] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  261.175860][T21858] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  261.185612][T21858] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  261.195873][T21858] EXT4-fs (loop1): filesystem has both journal inode and journal device!
[  261.643696][T21878] atomic_op ffff888119963928 conn xmit_atomic 0000000000000000
[  261.657263][T21878] loop2: detected capacity change from 0 to 128
[  261.659393][T21880] loop7: detected capacity change from 0 to 1024
[  261.671464][T21880] ext4: Unknown parameter 'nouser_xattr'
[  261.677867][T21878] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  261.695983][T21878] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  261.742859][T19006] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  261.773547][T21894] loop6: detected capacity change from 0 to 8192
[  261.917034][T21894] ==================================================================
[  261.925205][T21894] BUG: KCSAN: data-race in mark_buffer_dirty_inode / sync_mapping_buffers
[  261.933794][T21894] 
[  261.936135][T21894] write to 0xffff88812b4b7a80 of 8 bytes by task 21908 on cpu 1:
[  261.943867][T21894]  sync_mapping_buffers+0x163/0x7d0
[  261.949104][T21894]  fat_file_fsync+0xaa/0x100
[  261.953809][T21894]  vfs_fsync_range+0x10d/0x130
[  261.958606][T21894]  generic_file_write_iter+0x1b8/0x2f0
[  261.964084][T21894]  do_iter_readv_writev+0x421/0x4c0
[  261.969302][T21894]  vfs_writev+0x2df/0x8b0
[  261.973656][T21894]  __se_sys_pwritev2+0xfc/0x1c0
[  261.978529][T21894]  __x64_sys_pwritev2+0x67/0x80
[  261.983401][T21894]  x64_sys_call+0x1cea/0x2fb0
[  261.988098][T21894]  do_syscall_64+0xd2/0x200
[  261.992624][T21894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.998536][T21894] 
[  262.000871][T21894] read to 0xffff88812b4b7a80 of 8 bytes by task 21894 on cpu 0:
[  262.008518][T21894]  mark_buffer_dirty_inode+0x95/0x1c0
[  262.013922][T21894]  fat_mirror_bhs+0x234/0x320
[  262.018707][T21894]  fat_ent_write+0xd0/0xe0
[  262.023140][T21894]  fat_chain_add+0x15b/0x3f0
[  262.027769][T21894]  fat_get_block+0x46c/0x5e0
[  262.032391][T21894]  __block_write_begin_int+0x3fd/0xf90
[  262.038075][T21894]  cont_write_begin+0x5fc/0x970
[  262.043477][T21894]  fat_write_begin+0x4f/0xe0
[  262.048099][T21894]  generic_perform_write+0x181/0x490
[  262.053446][T21894]  __generic_file_write_iter+0x9e/0x120
[  262.059021][T21894]  generic_file_write_iter+0x8d/0x2f0
[  262.064416][T21894]  vfs_write+0x4a0/0x8e0
[  262.068694][T21894]  ksys_write+0xda/0x1a0
[  262.072966][T21894]  __x64_sys_write+0x40/0x50
[  262.077573][T21894]  x64_sys_call+0x2cdd/0x2fb0
[  262.082269][T21894]  do_syscall_64+0xd2/0x200
[  262.086795][T21894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.092726][T21894] 
[  262.095069][T21894] value changed: 0xffff88812b470208 -> 0x0000000000000000
[  262.102193][T21894] 
[  262.104533][T21894] Reported by Kernel Concurrency Sanitizer on:
[  262.110709][T21894] CPU: 0 UID: 0 PID: 21894 Comm: syz.6.3275 Tainted: G        W           6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(voluntary) 
[  262.124817][T21894] Tainted: [W]=WARN
[  262.128651][T21894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  262.138739][T21894] ==================================================================