last executing test programs:

5m39.474784547s ago: executing program 0 (id=2923):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000980), 0x0, 0x2f, 0xe8034000, 0x0, 0x0, 0x0, 0x0, 0x5dc}, 0x50)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20408, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x8, 0xfffffffffff7bbfe, 0x4, 0xffff, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = timerfd_create(0x0, 0x800)
timerfd_settime(r3, 0x2, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001bc0)=@newtfilter={0x24, 0x11, 0x1, 0x691522ec, 0x0, {0x0, 0x0, 0x74, r6, {0x2, 0xf}, {}, {0x2, 0x7}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)

5m39.272491461s ago: executing program 0 (id=2931):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x6000050)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x38, 0x7, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4001}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040840}, 0x4004014)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000023c0), 0x0, 0x100, 0x2000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x80, 0x3, 0x4, 0x0, 0x0, 0x6, 0x20202, 0x4, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x100000001, 0x400}, 0x5010, 0x102, 0x9, 0x5, 0x8, 0x100, 0x9, 0x0, 0x200, 0x0, 0x7}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8946, &(0x7f0000000080))
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4800000010000104000000000400000000000000", @ANYRES32=r9, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r9, @ANYBLOB="0000000022030000"], 0x48}}, 0x0)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0)

5m39.211575622s ago: executing program 0 (id=2932):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{0x0, 0x114}, {&(0x7f00000009c0)=ANY=[@ANYBLOB="cc0200003100000425bd7000fddbdf25d2004b8090e985c10e41bc16c3afdfa48f5504b1be674defb8e523ca931fc47fca0761f089f12dee7390f97c1afc9919b1fe48e849ff8dfba904c78d93262ae3d33f0064ebf13671c70daa79cc0fe13e298fd364e11960d535c26097d135265e7942c4c5db720b1846c07b77ed5d954b166fd8b48c9e0f6ca471ddfcbb5f163f777786f7a3fbfa7733802ee8c4a951358fe78e1ef7f4dbe179e9502c3354b1cebef86cef6a5c32967a223845ba9396fced3f604240981e8f247067e1349e286bc6c8269ebede928867184559936b04001380000072f367e932248bbb5f84927c213d001b02bcf2d2bd5b90abb49e35b671d5cc9e8646e4ecaf6db0c14b26d2c061e2895d84e85ee2272e330857cf5816d5761dcdb9cbd0815823a9e2e08d59f3a8cac38f824e82d6a380359c14f0b327fd5004cfcb9ba79164d762baff997f2fd16507defa04591b820f92c60d5c85e8eab1cc5c87f6a6027e19ea6adec8a708b47f58365690e1f34b33cc001933f43099cbdb9dc2e741283e1400b300fc0000000000000000000000000000008b004180040037800c001496532832", @ANYRES32, @ANYBLOB="040094807a026c57d2654d115e528c1459241cdf02597f14d35c3655073c5f407b4160b64e80e167c709d80d9da587820eeb0f3c363a773f519c2717597d2217f73d756a1e5262327a0d6705cffb6119d2df818584899aaf8d7b874dbb99330a6d2593829a3125c105c65840af5555000d003f0026e4b56b1866ada1d6000000ae69a5084963450371edc84dc99933e5f3798214db2bbd9046f0ccf707e29850c523bbf617b1d7ef1a551fb4d16bc02c3b80b31afd787c9d7b26e5ddbb196f76b5ae845fa547821e75e7ce9e57909e40c4879551d2f2238d4b261e66380a5ae73b551539b77a6588ca710abc8bcf5659e97a7c436980198477bba636c008a123467d4ebde947f09e3e18471413aacf4976b500"], 0x2cc}], 0x2, 0x0, 0x0, 0x20000001}, 0x4010)

5m39.197480693s ago: executing program 0 (id=2933):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x150, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x7, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x6, 0x6}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x104, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xec, 0x1, [@m_simple={0xb0, 0x1e, 0x0, 0x0, {{0xb}, {0x54, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x6, 0x3, '-\x00'}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x8, 0x2, 0x20000000, 0x8, 0x13b}}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x1, 0x6, 0x2, 0xd}}]}, {0x32, 0x6, "b83be43ce3f0453fdb55a3fbb55ce131cff5300b92efaf853271bbac333e650817fc6029bf8265bde8d86f1542fc"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x38, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x4}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x150}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000b80)=ANY=[@ANYRESOCT, @ANYRES32, @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYRES8=r2, @ANYRES32=r4, @ANYRES32=r2, @ANYBLOB="0500000001000000020000000300"/28], 0x50)
fcntl$setsig(r2, 0xa, 0x13)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000711876000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x288000, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0bea514e532f00000c00265050e6032ca602ef398cfea8341aeaee2d9a24e2f83dd1db50e0343a95ee1201e7a355aeb2e24018aa22d23552427cc6b89d72a98b032d749e0fee05ceae7130767ecd24c6abd1aa439e361e65de58ad3d2c9a1c7517e4a82aae0cbe21bc74118f18a34081ff61"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x3}, 0x18)
r7 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r7, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x4e24, 0x101, @empty}, {0xa, 0x4e22, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x899, 0x1]}}, 0x5c)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
fcntl$setlease(r2, 0x400, 0x2)
r8 = socket(0x10, 0x803, 0x0)
sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_GET(r8, &(0x7f0000000940)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000900)={&(0x7f0000002500)=ANY=[@ANYBLOB="1c050000", @ANYRES16=r4, @ANYBLOB="20007000ffdbdf2502000000080001000000", @ANYRES32=r4, @ANYBLOB="600202803c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYRES8=r0, @ANYRES32=r10, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000800000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r4, @ANYBLOB="0800070000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000100008008000600", @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r4, @ANYBLOB="08000700000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400be09000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000500000008000100", @ANYRES32=r4, @ANYBLOB="500002804c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=r4, @ANYBLOB="080102803800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r4, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b0000000800040008000000c5fd0600", @ANYRES8, @ANYRES32=r4, @ANYBLOB="080007000000000008000100", @ANYRESDEC, @ANYBLOB="300102803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000500030003000000080004000000000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000600000008000600", @ANYRES32=r4, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB], 0x51c}, 0x1, 0x0, 0x0, 0x4040800}, 0x40000)

5m39.043867005s ago: executing program 0 (id=2935):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x50)
pipe(&(0x7f0000000480)={<r1=>0xffffffffffffffff})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x2d40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'ip6tnl0\x00', &(0x7f0000000200)={'syztnl2\x00', <r2=>0x0, 0x0, 0x99, 0x0, 0x200, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', 0x8000, 0x40, 0x6, 0x6}})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xf, 0x6, 0xfffffffd, 0x8, 0x2040, r1, 0x2, '\x00', r2, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket(0xa, 0x3, 0x3a)
socket(0x2, 0x80805, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
unshare(0x28040600)
flock(0xffffffffffffffff, 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendto(r4, &(0x7f0000000040)="4edb00eaa446073e7aef9c4c9ee0947777e97696679bdf3d4db3a59be352b06129cac0f0b13bfc14abc478d8a4", 0x2d, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r5}, 0x38)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x3}, 0x18)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, 0x1403, 0x1, 0x70bd29, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bridge\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000010)
timerfd_create(0x5, 0x80000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0)
shutdown(r3, 0x1)

5m38.962894747s ago: executing program 0 (id=2938):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
mkdir(&(0x7f0000000400)='./file0\x00', 0x61)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800f0ffffa31686544ad504a1fd991448c4430000810aead3f5d41603f3d8d7ce9d", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000975fbe857a7c3b35a0c073224e3c84e26380f000b41640c8e456f5de666e7fa43509758b8575d0c6fa4cd3acbec2f720de8aeec2fd2e4b40f5bafa90dc484ed55d9255e742bf10437fb81d56a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10)
pipe2$9p(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="2c00b278632c466afd069a12beb4e7bcb9f86be1a7e688cf0632e98e061cdd45528f0f1346"])
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
mknod(&(0x7f0000000240)='./bus\x00', 0x8002, 0x3)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x64, 0x0, 0x7, 0x0, 0x0, 0x40, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000003, 0x2, @perf_config_ext={0x8, 0x4}, 0x8, 0x0, 0x800000, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80000000000bf}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r5, @ANYRES16=r4], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000007c0)=ANY=[@ANYBLOB="78b0eb820800b0c6b730fe936f07afd584e6203bd66ddbeff7849feb04db9a5b27891d2ee7c5387171659b9d47d1ce0a7f0bd5b0414ff60ddb0b6210c3d7edcd63f747c1b9b65c7c287ac35df0af1d5238cc603baa6e51a40d61735b4777c20cc7548ddc0a00000000000000d2158b857d937770e6aec115ef66d26248d7a6ef90cf1304b1ea48a8f643636ba3ad9892d5719997c8bf4987f61e19b52e30f2155ed65def8be04a3c3ceda09e6f8403afdecc5b7e95edc36bd06a43e25a4a70f03b2899f90ccd4f560056d2fe2791108dd077a9267a583259387718c320e4d3bf682a8d9547a3c78d6372d6228bc8968af7e8c4c763b3a34e1409f4f0c37b9650c1f9ce34438a330ae3fa39c58afa78c341017ac479181e3e6f26f39e375886ae12a13998ed63694050eba2f69d6152dc1b1b0ab1c620c96dced43ad74b3c3d36c179eedd94680a43ff0967a2ee012fcde784220318813eacee9fbf82472c5391b4f396d58c3b134ab8df3a01f7acc1066a4de9278200f17fb28e40ed5dd98ed36f47999131672b6e0ebb584b13ec008e6b093eba7c0940b857de674fd5cb7753896e9a7b8a237025cd9be135a6fe12c81011c0a1502def20637d6b05dd", @ANYRES16, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)

5m35.592199172s ago: executing program 3 (id=2999):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='fsi_master_aspeed_cfam_reset\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
io_setup(0x58, &(0x7f00000001c0)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r3}, 0x18)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x19, 0x8, &(0x7f0000001800)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00'}, 0x18)

5m35.442574395s ago: executing program 3 (id=3002):
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x17, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x4668, &(0x7f0000000040)={0x0, 0xc89f, 0xc002, 0x2, 0x20002f7})
read(r2, &(0x7f00000019c0)=""/4097, 0x1001)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x7, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', 0xffffffffffffffff, 0x0, 0x100}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01dfffffff9a2600000021"], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)

5m34.590519891s ago: executing program 3 (id=3013):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
writev(r0, &(0x7f0000000480)=[{&(0x7f0000000240)="76f8d9e331bc8dff5fe08dfb428d6b529f1f44bdf6c455d1", 0x18}, {&(0x7f0000000200)="9041b1f1f2e1ca8fef6379b61d9d7375838ebe609b253b64961a75bf87e2023beb728e41686fc040d065b22fb776f667235c03edd14019745177fc5bb4", 0x3d}, {&(0x7f0000000300)="b44ab856ce1e967579f5200e2cd790afb34fd56f3e1f055e0dbd3293bda0a274cd5b064cc9fe077e06a993d966afddd4185cbbadc5502ecffd5cc149e2b9d1fd05c86a289e186ce9eea99100a89ddba9d29cfdbc37ff03d6198ae3b0eb9e0a37646d06a329e2ab58", 0x68}, {0x0}, {&(0x7f0000000400)="6b641dde1c909c73d5be30dc7ada4403efa8de12638e8d38df3777ad6131c7327002f04dfd363cbf286ee9076611362d07b4722c79458fe39eb1cae2e8aa1d4e30a066e0", 0x44}, {&(0x7f0000003700)="6dce1ae9cb11d9f275b5afec0120926f70bbaa8fad78238a162a2a7fc646a7631bd2db0a3c9d38c785e2001184f805f44504133524749b9dc8c46acf5cf315bf0688dca60bbf8da20e412a89d9c5a81f51aece173b6bc5319447e469107ccd0398a872726b5758689e1b16ab32f8b6fd1dad4e8a5ebfc794f145ad0fd98a32b74e77df071dd6bc252ea3dc4ea595b98a0787c2ea2b716754e84f900b9bb121c339eaad69ab948d97c9d982b3f94deb243dae732bcf05e73d8bf696d7b3d4983d680a848b995102648318d0053da7b05af0d2a5f856eaacb45cce16ab58792b2fde841f55915673b76f7e559d7766a989ffdd65553a3251fda39d0301b2aa8758c7e0ab088e11f58a973c070ac648a268f6eff29956633abfb6d75194e8ce6ccee64bf40aa1f33a6b6cd1772e1067c54ec9d5472631aa7b75f9a335de1bf9222cce3b786b9122a04cb832d51d8a1fb22135e6be2ef64ccaa18acc14b554eb12c6c454c26a01d65c7bc9bc7c2bb09db7d11361d1a7b386d6415ea0578a66578a803a0d5b80208683af8eda27e2f684500f0d42b36e7b82f1c3fce67cbdcb48e1821bff255785938bcd754940146c0193ef655fb578a20ee7d912c350801b0381e214f0f7b88dd4903073bddf63ffb02de52d3f67d65227424b0672f70cfda63db3e0d903caaf2a360d9b7b6cf9cf4d9cd5b3e68153d6b5f28de7877b266a80e923bf337226e43f9e2be45a08e01a415e2a7f22de2c7e8ec33af6fc5ae52757e5163eb420cf1430a73eae5eb563f8765ba4ad1dc3a26bd2ba6cdb6fc2c52b46a3847738bf4e8c43e0a97dae156258618806ca80065b543b40ef7c5999b52879e51ff050d08a3fd03e3f5739b915d6e75a82816ee470e2246173a6f43b43725801d3a4ef6c0d45ec4d5b245fb1db836c4bcf844e437ff5bb244c74f8aa84d50b435797e9e9be2d0824ff04276f558273683330e91761c34bc41f155ab250903a052c97d8d220cffb7686f4286e8278d2009e8f627b55785468827621ccb9ed32687c5c0c4785ac0f4d70efe2c19da1b730443ba3c42e3c177f1f5c2b8708aaf011d6c061502ce8644cbc67693b747356a526d1335f422bcb7c29227b31bcb5b27ec63404ad787d81f34753c601978cd7b2d6e8e3ac77b9c0e4030cc40a0edd23a63a29cc7254f9df8a2aeb300c3a2bd5d0a262dc8ef981de40834680b0c80ce0b950e77689956d4ac6d82c846360fecbe2db0ee2e926ed7a8ff517a8cea1e443b540ce767985641d90ce451d224caa37a7cba9eb159db7c06147fe593ecdd5a6991a0bfdbad4a19608dd7f491634a3872d793e5618df0bf7aaaecc18ddc34195392c88f354193820c78edc918563ee480b188d697f85a7a53cd5264cb3d5da02523baceae39bdbfb04f65c9d03c33d3e4175be0f7ac2079ed34a566b9f8ce683394c4460fa4ac2c7e4f5689c40f40a3edf773676d9f23bd03e5e7fb7e95777f538ba17c8ecec16bbfcf0e602df316de298ac069cda00a0bfcdf9b94ad3ff3dca8a92b0ecae5ba1f0cd7f7f79bed95c7af95a21ab204909ec6d71b1675676bb15f890d5d50272391f0a25dd4f61ca096b0a3972c5a208233184bcd4866a8ab7e4e1208f2eb1fe5795b93d54cd0cc61840e8635e9118e5581e8a6c3d07e34e924dbc1e04683aa2e19769def514bb962f5dad639b11580e10e285853619ff3fad89a71dc90ee058b04a3701e7852eb4ab9c17bb9b6c63363d99936d8318d4f7bcef1cb007f976c471f5016035d827374225d2d789ef6ad857004878ef0622d9cf8196d85fa7cea8cb2b9ed871c6c122004eb66a355bc2bd9587e7f94f1bedd12e106b774f0897a9eeb1563387ee3a62297894c81c931d64417e3d7211b3bbcc63d55ff5b94d218710ed2fbcdb7be775b66e0fc535741bea72210f29ab078269c96e50babb71d808ae56a8d4dbecdbcacd603cc9c334172e3eb6492ca10f0b167d88313f3d203e20891778d783d61df76269baca043ca56bbe3c98c6025edce9e9bf7a1130d1e612c4e248769c4a410e2362f01ffb9262bb81211baf5fa6dcc877e9ad94da24a6c658d6bab1099a79fd0a8f64b5ffb335ced33f3f4eaab52712f760dde63214f2c754ce68d98aa5647f2f63bbc69b1d972d84d33cffba73a6fddddb40ddd443c40c6e60ddc8c2053bc660fcfad42f7787daa075d96af14f8a03b73a7b3f5e8974fade5d16c38bd57edc1a3928f8e0cf8e3e4e2a877d7f3ac315657bb440b3ff2ff96046759a101576f90ba44b1d05340f2925e43886287b08cdf8f0ba532630beddb2571678c6ebfb8ca8a9e68730956413d8ecb4278cc54453c0051a5492af212ee93aa6302e804078f9163437db1821dedf5610312257d55bc1ecfc6ab7b298475b8cbc183fc0373863e3199cbc501aeffe3154faddf3c0fd231cf2c6f5fd059cdb8b47f9ffc070e6338122205a7c2ccaf7dd938f37732531e2ecb0f4e4b1b18c648c7d931cb67c3f52dfc33b784bf94ae6de3aa6e16ef4f7ccec81bf2ed5bf78c5edb23214750ad55a8a3fdbef2d52d5eef4e514e1c144e84f0819c4e310d03824d777c1f01f03359fcff516abc2c0b29471ca99dc5fcd3bcb36e930f256940033508bbc55a771063b37533e301dd886f9a8bf64a132ee467ba17daac5d3dcda55c3bcaa4ce99d081caf5bf0afe8ee54649a516693b4bc299d1321368fc73e52c42f1f3b16c7276dcc54ce37e7af1363ac27adb8e3ea4da34e580bed85fd9f31cc0f12ecad09cc8cc9d0b232ded29d0a686bb6671fc22a01a7b49dd50e9459c945a6062fe7b9be8e5d60e5b6fb0c2c445224b8e8080ad7ee6e65c06040989cb6e26fb41665556a879b9cb7b430891c6fc8fd5280f2f8a066ffcdf1f40c5e5dbd2d2f55d7f0237c1859bd0b7c519191419ae09d11d8f13d81be081e19ff95f3ababa8a5efae5abf4f78b3bd197718dfa377632621771732fb957cb5282b9d8a1581fc4b553e40defd9e87fc854e8a8418d3704f462ffca44fe27b152782f52946e6d770816adcf84f427676ac214dae7c502f2eadf9d6ed554298eeb97a24e2ccb17a5edc3c1290d663c60c02061e068d7d4bac9f76dadc8de98095813616a973a921c1bdcd5ae45848997610219426c51504953a67b5d7c57d84", 0x8be}], 0x6)
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x38000c6, &(0x7f00000000c0), 0x2, 0x588, &(0x7f0000000f80)="$eJzs3d1rk9cfAPDvk774+vu1gsgcYxS8mMOZ2nYvDnbhLscmE7Z7V9JYpKmRJhXbCdOLebObIYMxJozdb/deyv6B/RXCFGRI2WC76XjSJzW2SdvUNqnm84HIOTlPc873Oc85nicnIQH0rJH0n1zE8Yj4NokYiogkK+uPrHBk5bilJzcK6SOJ5eXP/kxqx6X5+mvV/+5QlnklIn77OuJUbn29lYXFmclSqTiX5Uers1dHKwuLpy/PTk4Xp4tXxicmzr4zMf7+e+/uWKxvXvj7h0/vf3T2mxNL3//66MidJM7F4aysMY5N7W9ZcrMxMxIj2TkZiHNrDhxrp+EvgGTzQ/Z1oh20p682zle65ngMRV826oGX31cRsQz0qMT4hx5VXwfU7+3bug9+CTz+cOWNjvXx96+8NxL7YyAiDi4lz9wZpfe7wztQf1rHvYd376SPaPd9CIDncPNWRJzp71+Z+wYb5r8km/+278wWjllbh/kPOud+uv55q9n6J7e6/okm659DTcbudmw+/nOPdqCaltL13wdN17+rm1bDfVnuf7U130By6XKpmM5t/4+IkzGwL81vtJ9zdunBcquyxvXfvfRUP7lRqK8Fs3Y86l+zczI1WZ18npgbPb4V8WrT9W+y2v9Jk/5Pz8eFLdZxrHj39VZlz8T/8O6dpXXx767lnyPeaNr/T3e0ko33J0dr18No/apY76/bx35vVX+340/7/+DG8Q8njfu1lfbr+Gn/v8VWZc/EH83ib379Dyaf19KD2XPXJ6vVubGIweST9c+PP/3ber5+fBr/yRMbz3/Nrv8DEfHFFuO/ffSX17YUf5f6f6qt/m8/8eDjL39sVf/m8af9/3YtdTJ7Jpv/hjaKa6sNfN7zBwAAAAAAAHtJLiIOR5LLr6ZzuXx+5fMdR+NgrlSuVE9dKs9fmYrad2WHYyBX3+keavg8xFj2edh6fnxNfiIijkTEd30Havl8oVya6nbwAAAAAAAAAAAAAAAAAAAAsEccavH9/9Qffd1uHbDr/OQ39K5Nx/9O/NITsCf5/x96l/EPvWv74//mjrYD6LxtjP99u9EOoPOs/6F3Gf/Qu4x/6F3GPwAAAAAAAAAAAAAAAAAAAAAAAAAAAOyoC+fPp4/lpSc3Cml+6trC/Ez52umpYmUmPztfyBfKc1fz0+XydKmYL5RnN3u9Url8dWw85q+PVouV6mhlYfHibHn+SvXi5dnJ6eLF4kBHogIAAAAAAAAAAAAAAAAAAIAXS2VhcWayVCrO7VYi2f0qJLqZ6N8bzeh04p/unfDoSF3dnpkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Kn/AgAA//+EMzO2")
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r5 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf252001000000000000000000000000000020010000000000000000000000000001000000004e210002000000006c000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000000000000000001000000000000000000000000000000000000002cbd7000003500000a000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r3], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2000)

5m34.313565846s ago: executing program 3 (id=3017):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x42, &(0x7f00000003c0)={[{@nodots}, {@fat=@errors_continue}, {@fat=@umask={'umask', 0x3d, 0x2}}, {@fat=@dos1xfloppy}, {@nodots}, {@fat=@flush}, {@dots}, {@fat=@discard}, {@fat=@nfs_stale_rw}, {@dots}]}, 0x1, 0x25f, &(0x7f0000000140)="$eJzs3cFqE0EYB/AvTZqsBbVn8bDgxZOobxCkghAQqrkbaL20Imwv0VMeQ/ANfByPPkZPvUXaXVy7LSIl6WS7vx+E/dj/DjuTQCaHmeyHx5+ODj6ffFz++hZZlscgYhFnEbuxFf0o9arj1kU9jGHUFgEAtM3+/mycug+sUO/qqaIYz7YjYnQlm/64pV4BAAAAAAAAAACwYjdZ//836/8BoH2s/7/7imI826l+v11m/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQztly+XD5j1fq/gEAq2f+B4DuMf8DQPeY/wGge949qIo8zyJOF/PpfFoey9Ov30z2nucXdutWp/P5dLuqJ3svyjxv5jtV+5fX5sN4+qTMz7NXbyeNfBQH6xw4AAAAAAAAAAAAAAAAAAAAbJBn+R+N/f39Mj+/YBTX5FnE90v/D9DYvz+IR4PbHAkAAAAAAAAAAAAAAAAAAAC018mXr0ez4+PDorPFz35EsrtHr/wYUr8JjeJe3KBVtmmjaFHRj4jDUQxivfd6f///L079zQQAAAAAAAAAAAAAAAAAAN1Tb/pN3RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKd+/v/6itRjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhdwAAAP//UhGHcQ==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r4, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r4, 0x2, &(0x7f0000000740)={0x0})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095", @ANYBLOB="802c845b069601bf7d4df95339ae30b9d572"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r5}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x2000c8c5}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8, 0x0, 0xffffffffffffff54}, 0x18)
r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0xa, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r9, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0x1c}, 0x6d)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@getchain={0x2c, 0x66, 0x300, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0x10, 0x6}, {0x0, 0xc}, {0x10, 0xd}}, [{0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x50)
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

5m34.194940999s ago: executing program 3 (id=3020):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5319)

5m34.009149563s ago: executing program 3 (id=3021):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}], 0x20}, 0x4008804)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0e000000040000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'gre0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x7, 0x8, 0x9, 0x2, {{0x18, 0x4, 0x1, 0x7, 0x60, 0x65, 0x0, 0xf7, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0xc, 0x4b, 0x1, 0x3, [{@broadcast, 0x9}]}, @end, @cipso={0x86, 0x38, 0x2, [{0x6, 0x5, "5ca40c"}, {0x7, 0x2}, {0x0, 0xd, "c6076d02d4bf26ed0d85ab"}, {0x5, 0x8, "9ccc47e53ea0"}, {0x5, 0x7, "a7a0285c26"}, {0x7, 0xf, "bf61df80c4273ea03e2ebb1bc0"}]}]}}}}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000004c0)='kmem_cache_free\x00', r2}, 0x18)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000180)=[{&(0x7f0000002800)="3282db78e0ea55c52d87bc2a166b9e46818f5faca0b3a411e056b7928ccacd30019d925e47ecd2f92675d1d80000000000000004007d002ae359e2b5d768e71db355cf220bb96b7a64e1d2629c3e21c5decd0e2e6f107e35a8081587d3dc42a0bc0d0c5e85c355c9cbadd6e8f8014acb52d24b961a3989d5102d540829ad660fdca299e7e74a71ed264d75a3e1dfb8331f1b441972bc5941fa418cfee6139c15eda91b1ecf8887e108b15c4c7505c31efe205c875a7c854aa65bcc2e04ea6739f968547df4ae455ecd6b0566ef52705630df27d81e2a544ecc09f8c73cec559d206644acdc56c717e19f04613456b8d7a386c0a700c032d0165c3b3f5716aa7f24e6fca522f91350793d13ba7f887e7b48cd3e6e41139d0deb8de9aeac59bf750ce0000000000000000000000000f18d233cdc36efdead60d008963851bc819e1b4551b3f13bbf6c18ea0165c66f5261c9ec61f0914c6ffb8506596b61392aa5d906994608b36096a2f5c0f3fef95bf6ddb78c8d07eee5e815c9a2a3d21a054e6fd032be118e9a3f4d016db35b5048e20f1859680e5571822934769e6f9361babb4766dc073d1dabfb220daa1cf4e7206b2b8aa7b55d1396273690ec7a8d36ffbfe2a68a9547758d3ece744be07d320147c0e92e0b63f9b86ec19670ea43b7f596b347d8b9116506356d0279d21f6a0cab3056c27dec074e8dac12c1d99afcd84f82a47a0cb5093c7a221f7fb624e2f6e9eeca4e5050fc3be50bbdc62d41333b4243336a5590e49658a10b5c8624eb2410d68e64f230fdcf4689495c0bf62403c2eaad20d1d8fb185ebefac64aa0eb1d36ccacf61ec28b4ec24dba53b21ed5c5f727cccb0d614884908957138d2c30560e88f128af21ccc9fd64d229f35b2f76d0ee9e25f9e4390a55a8600449774ca116e3ba523c9c5d39abcf09a36127c17fc6194711f20307ead0d5bbbe2aa3f677156b8856411a8045159df771ac3e3d5828e359c24a59d65e92f4112fb6825536751f82e9d55e89853a03c693d418c4d2cccb61c6f60ad304a68d15fc20edaec9af4725f47c8e1724cffbd1716a7873716d278ee6f150", 0x306}, {&(0x7f0000002b40)="da752f575198baaac222d34e85893d37a6bd281687872ed9151c56f415698f3fecf56eebf5edb42ed5d54e0419b2a13128d3ad19b6eed6b450aad46baaa57203e0d4f567d8d79fe07e7b3142de43e55cf69c65db2469175cf60c82f49d0f9dc4c4dde733a14d57f4117ed2f46aea5950ff0176d73349c2808eee62ce1c7d846ffdf65211f3192dabe5b3ac1516ad90e618d0ca9e4ac2778acabeac244f2f90af2616647e5cf8ab5e2ac404ebf2a866c8a73f68ae2cc4523e63e3a1aa5ab60a23e4c47534bda546042120c5333d91fefc68226bc9149d282937797a2fe036a58c9ecd19e54bcfb85d3f75ec7c74d86be94ef6b9191e0fa86d2a9330af3f592e24bc30b84632e5121bf04abc0e12f4073f6678ad97b786cc73b8175e35eda542e3631d283a3ca6fef91607ec7dee1b4a62bae169cc8fb64e8bdef95474f0b3c526f69ce55281e18016a4785875ba99e313fd63f66cfd36234bcc6048f25bce8cce39cf709eb10e1ea88497ff7401aae0d4a7e07f14691b6c4b75dc16e2586744317ffbb9966d8bfb16efcdf6ab308426e5c1aec6a6636122ffaca89af3b03834612b93989d0bbb251a42c1b48b86ac7162ad8d5cbf3d6cfccdc590724ff6caa85320f9d5beea2370b8c0533c19422c9097a7164651ad9d8f9cca4ea7815e53fd9c42eab1cb76b451cd3b18cf31c16d01731efd1506b844f52d2f173c825a7f8814ada5f6361a48f20250df6b98965d0c85f3df3b72b2ac49f3ed52e6fa30d7d3d54d95e8bd13ec2ed4883feb3b778d624ff0c1a3ec900671acd0ff00edc7b96d1cad51fba25565c67ce0e62302dbff8f68c0de8330c44704b2f019a7afc753538ed61f3744f286735af18a8f5e7ae3fd66e4562565b31a9e5d947a06ea69ee5f0ea97d2e832e1bbc9e74498a2f99473ef8822ad0254013fefff6c4c35d84072307633de00985a6477ff6480e75171a", 0x2ae}], 0x2}, 0x8400)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}, 0x0)

5m33.959659334s ago: executing program 32 (id=3021):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}], 0x20}, 0x4008804)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0e000000040000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'gre0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x7, 0x8, 0x9, 0x2, {{0x18, 0x4, 0x1, 0x7, 0x60, 0x65, 0x0, 0xf7, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0xc, 0x4b, 0x1, 0x3, [{@broadcast, 0x9}]}, @end, @cipso={0x86, 0x38, 0x2, [{0x6, 0x5, "5ca40c"}, {0x7, 0x2}, {0x0, 0xd, "c6076d02d4bf26ed0d85ab"}, {0x5, 0x8, "9ccc47e53ea0"}, {0x5, 0x7, "a7a0285c26"}, {0x7, 0xf, "bf61df80c4273ea03e2ebb1bc0"}]}]}}}}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000004c0)='kmem_cache_free\x00', r2}, 0x18)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000180)=[{&(0x7f0000002800)="3282db78e0ea55c52d87bc2a166b9e46818f5faca0b3a411e056b7928ccacd30019d925e47ecd2f92675d1d80000000000000004007d002ae359e2b5d768e71db355cf220bb96b7a64e1d2629c3e21c5decd0e2e6f107e35a8081587d3dc42a0bc0d0c5e85c355c9cbadd6e8f8014acb52d24b961a3989d5102d540829ad660fdca299e7e74a71ed264d75a3e1dfb8331f1b441972bc5941fa418cfee6139c15eda91b1ecf8887e108b15c4c7505c31efe205c875a7c854aa65bcc2e04ea6739f968547df4ae455ecd6b0566ef52705630df27d81e2a544ecc09f8c73cec559d206644acdc56c717e19f04613456b8d7a386c0a700c032d0165c3b3f5716aa7f24e6fca522f91350793d13ba7f887e7b48cd3e6e41139d0deb8de9aeac59bf750ce0000000000000000000000000f18d233cdc36efdead60d008963851bc819e1b4551b3f13bbf6c18ea0165c66f5261c9ec61f0914c6ffb8506596b61392aa5d906994608b36096a2f5c0f3fef95bf6ddb78c8d07eee5e815c9a2a3d21a054e6fd032be118e9a3f4d016db35b5048e20f1859680e5571822934769e6f9361babb4766dc073d1dabfb220daa1cf4e7206b2b8aa7b55d1396273690ec7a8d36ffbfe2a68a9547758d3ece744be07d320147c0e92e0b63f9b86ec19670ea43b7f596b347d8b9116506356d0279d21f6a0cab3056c27dec074e8dac12c1d99afcd84f82a47a0cb5093c7a221f7fb624e2f6e9eeca4e5050fc3be50bbdc62d41333b4243336a5590e49658a10b5c8624eb2410d68e64f230fdcf4689495c0bf62403c2eaad20d1d8fb185ebefac64aa0eb1d36ccacf61ec28b4ec24dba53b21ed5c5f727cccb0d614884908957138d2c30560e88f128af21ccc9fd64d229f35b2f76d0ee9e25f9e4390a55a8600449774ca116e3ba523c9c5d39abcf09a36127c17fc6194711f20307ead0d5bbbe2aa3f677156b8856411a8045159df771ac3e3d5828e359c24a59d65e92f4112fb6825536751f82e9d55e89853a03c693d418c4d2cccb61c6f60ad304a68d15fc20edaec9af4725f47c8e1724cffbd1716a7873716d278ee6f150", 0x306}, {&(0x7f0000002b40)="da752f575198baaac222d34e85893d37a6bd281687872ed9151c56f415698f3fecf56eebf5edb42ed5d54e0419b2a13128d3ad19b6eed6b450aad46baaa57203e0d4f567d8d79fe07e7b3142de43e55cf69c65db2469175cf60c82f49d0f9dc4c4dde733a14d57f4117ed2f46aea5950ff0176d73349c2808eee62ce1c7d846ffdf65211f3192dabe5b3ac1516ad90e618d0ca9e4ac2778acabeac244f2f90af2616647e5cf8ab5e2ac404ebf2a866c8a73f68ae2cc4523e63e3a1aa5ab60a23e4c47534bda546042120c5333d91fefc68226bc9149d282937797a2fe036a58c9ecd19e54bcfb85d3f75ec7c74d86be94ef6b9191e0fa86d2a9330af3f592e24bc30b84632e5121bf04abc0e12f4073f6678ad97b786cc73b8175e35eda542e3631d283a3ca6fef91607ec7dee1b4a62bae169cc8fb64e8bdef95474f0b3c526f69ce55281e18016a4785875ba99e313fd63f66cfd36234bcc6048f25bce8cce39cf709eb10e1ea88497ff7401aae0d4a7e07f14691b6c4b75dc16e2586744317ffbb9966d8bfb16efcdf6ab308426e5c1aec6a6636122ffaca89af3b03834612b93989d0bbb251a42c1b48b86ac7162ad8d5cbf3d6cfccdc590724ff6caa85320f9d5beea2370b8c0533c19422c9097a7164651ad9d8f9cca4ea7815e53fd9c42eab1cb76b451cd3b18cf31c16d01731efd1506b844f52d2f173c825a7f8814ada5f6361a48f20250df6b98965d0c85f3df3b72b2ac49f3ed52e6fa30d7d3d54d95e8bd13ec2ed4883feb3b778d624ff0c1a3ec900671acd0ff00edc7b96d1cad51fba25565c67ce0e62302dbff8f68c0de8330c44704b2f019a7afc753538ed61f3744f286735af18a8f5e7ae3fd66e4562565b31a9e5d947a06ea69ee5f0ea97d2e832e1bbc9e74498a2f99473ef8822ad0254013fefff6c4c35d84072307633de00985a6477ff6480e75171a", 0x2ae}], 0x2}, 0x8400)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}, 0x0)

5m23.844038779s ago: executing program 33 (id=2938):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
mkdir(&(0x7f0000000400)='./file0\x00', 0x61)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800f0ffffa31686544ad504a1fd991448c4430000810aead3f5d41603f3d8d7ce9d", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000975fbe857a7c3b35a0c073224e3c84e26380f000b41640c8e456f5de666e7fa43509758b8575d0c6fa4cd3acbec2f720de8aeec2fd2e4b40f5bafa90dc484ed55d9255e742bf10437fb81d56a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10)
pipe2$9p(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="2c00b278632c466afd069a12beb4e7bcb9f86be1a7e688cf0632e98e061cdd45528f0f1346"])
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
mknod(&(0x7f0000000240)='./bus\x00', 0x8002, 0x3)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x64, 0x0, 0x7, 0x0, 0x0, 0x40, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000003, 0x2, @perf_config_ext={0x8, 0x4}, 0x8, 0x0, 0x800000, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80000000000bf}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r5, @ANYRES16=r4], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000007c0)=ANY=[@ANYBLOB="78b0eb820800b0c6b730fe936f07afd584e6203bd66ddbeff7849feb04db9a5b27891d2ee7c5387171659b9d47d1ce0a7f0bd5b0414ff60ddb0b6210c3d7edcd63f747c1b9b65c7c287ac35df0af1d5238cc603baa6e51a40d61735b4777c20cc7548ddc0a00000000000000d2158b857d937770e6aec115ef66d26248d7a6ef90cf1304b1ea48a8f643636ba3ad9892d5719997c8bf4987f61e19b52e30f2155ed65def8be04a3c3ceda09e6f8403afdecc5b7e95edc36bd06a43e25a4a70f03b2899f90ccd4f560056d2fe2791108dd077a9267a583259387718c320e4d3bf682a8d9547a3c78d6372d6228bc8968af7e8c4c763b3a34e1409f4f0c37b9650c1f9ce34438a330ae3fa39c58afa78c341017ac479181e3e6f26f39e375886ae12a13998ed63694050eba2f69d6152dc1b1b0ab1c620c96dced43ad74b3c3d36c179eedd94680a43ff0967a2ee012fcde784220318813eacee9fbf82472c5391b4f396d58c3b134ab8df3a01f7acc1066a4de9278200f17fb28e40ed5dd98ed36f47999131672b6e0ebb584b13ec008e6b093eba7c0940b857de674fd5cb7753896e9a7b8a237025cd9be135a6fe12c81011c0a1502def20637d6b05dd", @ANYRES16, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1m29.070244641s ago: executing program 5 (id=7160):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e24, @remote}, {0x2, 0x0, @multicast1}, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x200})
wait4(0x0, 0x0, 0x8, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@ipv4_delroute={0x24, 0x18, 0x901, 0x0, 0x25dfdbff, {0x2, 0x18, 0x0, 0x0, 0xff, 0x0, 0x0, 0x8}, [@RTA_DST={0x8, 0x1, @dev}]}, 0x24}}, 0x0)
r2 = getpid()
mount$bind(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
close_range(r3, r3, 0x0)
syz_usb_connect(0x3, 0xb, &(0x7f0000001440)=ANY=[], 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r7=>0x0)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001200)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_SET_TX_POWER(r5, &(0x7f00000012c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80400000}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x30, 0x0, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x30}, 0x1, 0x0, 0x0, 0x8}, 0x4084)
ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, &(0x7f00000010c0)={{0x2, 0x556eece7}, 0x100, './file0/file0\x00'})

1m26.056621619s ago: executing program 5 (id=7176):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20048094)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f00000000c0)='5', 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r2, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r4, 0x2285, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x24)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)={0xb2, 0x2, 0x2, "63c2611b9ccf5928aaa7e52be95aca5571df0353f53735e06784ab43e9922938c82817c76ee8086b67a9de51dae0854d5428787c03a9ceb4bb0dad28deb5cba181cb34cccef7a4dd46967ace3d93c3f835b54cffbf6376a00bc25c3e1e281e7140a7db3cadbfac47187df8b65ca2b72583b3ed4277e08773f1a123974384e1bf3b81ee6ec414e14979768d6854df8f215b27925f9b7ab2f8bbe78014c072a258216d40027b8c81f309f4f8b449d8a0d14d3d"})

1m26.056205089s ago: executing program 5 (id=7177):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1f, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x10000000, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
io_uring_setup(0x1694, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
write$P9_RREAD(r1, &(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x100b)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000"], 0x48)
io_uring_setup(0x3382, &(0x7f0000000000)={0x0, 0xf6a9, 0xc2, 0x0, 0x4})
r2 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
pause()
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x2, &(0x7f0000000600)=ANY=[@ANYBLOB="95004000ddffffff051c000000000100"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fcntl$setsig(r3, 0xa, 0x12)
dup2(r3, r4)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)

1m23.041860097s ago: executing program 5 (id=7199):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getpgrp(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file2\x00', 0x80, &(0x7f0000000480), 0x1, 0x3f5, &(0x7f00000004c0)="$eJzs3N1qHFUcAPD/TDeJTasbtXqhhUaKGPzIR1PSBgsqeOmV9QVikpbotrFNBFtyYUHsA2gfQLxsH8EL8U4QvClee6cUiiS5lshsZpNJsps2H+tU5/eDgXPmg3P+M7N7zp5z2AAqazAivoyI3oj4JCLq+f4k3+Ld9S07b3V5aTrbklhbu/hX0jy+srw0HYVrMsfyzFAakX6VxMttyl24cfPTqUZj9nqeH1m88tnIwo2bb81dmbo8e3n26vjo5OTo+PmJyYlDi/WPuP37hfvv17/55fRvP3384URW3+P5sWIch2UwBjfuyXbDh11YyZ4qpJNaiRVhT9KIOBIRtebnvx5HYvPh1eOHeqmVAwC6Ym3tnW15AOD/L9HmA0DFtH73rywvTbe2MsYhyvLwvfXJq5V8bnN1I/7axkxIz7b5rcM0GBH37pw7lW2x6zxk2qUaAABV82PW/znfrv+XxsnCeUcjoj9f23U8Ip6OiGcK68X2a3Bbfmf/J31wwCJ2lfX/LhTWtq0W4s8NHMlzWcwD0ZNcmmvMjubxD0VPX5Yf26WMkxdf/LvTsWL/717t3Kms/FZfMK/Hg1rf1mtmphanDhJz0cNbES/V2sWfbPR/k2bcHdx6dBlvX7v7QqdjW+K/0y7+7lr7LuK1ts9/c+Vesvv6xJHm+zDSeit2uv36q9c6lV92/Nnz7989/oGkuF5zYe9l/Hx27tdOxx4df/v3vzf5qJnuzfd9MbW4eH0sojf5YOf+M5vXtvKt87P4h063//yfiM078WxEPBcRz0c093d8odt4s/H9K/uPv7uy+Gf29Pz3nuj/+u79TuW3jX/LT93s+Z9tpobyPY/z/fe4Fdz/nQMAAID/jrQ5npukwxvpNB0eXh/nPRH9aWN+YfGNS/OfX51ZH/cdiJ60NdJVL4yHjuVjhK38mW358XwM5du+o8388PR8Y6bs4AGgoo51aP8zf/aVXTsAoGu6tbgdAHhyaf8BoHq0/wBQPdp/AKge7T8AVI/2HwAq5SD/61eFRBpPRDUkJP7lRNnfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5fonAAD//2Wz014=")
r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000180)})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x9)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r7, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, r8, 0x4, 0xffffffff, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000091}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x1}, {{@in=@empty, 0x1, 0x32}, 0x2, @in=@empty, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
r9 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet(r9, &(0x7f0000000b80)=[{{&(0x7f0000000900)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="2c00000000000000000000000700000044181533"], 0x30}}], 0x1, 0x4040)
write$binfmt_register(r3, &(0x7f0000000340)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x9, 0x3a, '+\'', 0x3a, '', 0x3a, './file2', 0x3a, [0x46, 0x43]}, 0x2b)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200008, &(0x7f0000000380)={[{@nolazytime}, {@auto_da_alloc}, {@sysvgroups}, {@norecovery}, {@jqfmt_vfsv0}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")

1m22.664893184s ago: executing program 5 (id=7205):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x600, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x84d03, 0x0)
msgget$private(0x0, 0x100)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e28, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x100000}}, 0x40)
r5 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r5)
getdents64(0xffffffffffffffff, &(0x7f0000000a40)=""/39, 0x27)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000940)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x2, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r7}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00', <r8=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x1b, r8, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}}, 0x14)
bind$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0xf8, r8, 0x1, 0x9, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}}, 0x14)

1m22.179201174s ago: executing program 5 (id=7207):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b'], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r2, &(0x7f0000000180)=""/46, 0x2e)

1m22.139915014s ago: executing program 34 (id=7207):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b'], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r2, &(0x7f0000000180)=""/46, 0x2e)

2.810669825s ago: executing program 2 (id=8228):
r0 = epoll_create(0x3ff)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0000000})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
memfd_create(&(0x7f0000000cc0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\xd5\xfd\xa9\r\xac7V\xf2\x93A\x94k\xcd\t\x00\x90\xbe\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\agB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\x9f#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xd8\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x96!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2_\x16\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0V\\w\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x17fNo\xb3\x1d\xbb\xcaI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%UH\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\x02Y\x8e\xae\xf5m\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5\x04\x00\x00\x00\x00\x00\x00\x00\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9\xcfJ\t}\xd4:\xe4\xbe\x1c\x10\n\xc6hPO\xeagxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!D\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\xca\xc5kz\x8e9\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3d5V\x80\x1a\x90\x10\xe3\xdf%\xfdz\xf7\x9aE\xe6\x9b\x00'/993, 0x3)
r3 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000100)={<r4=>r3})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x11d, 0xf, 0x0, 0x0)
vmsplice(r3, &(0x7f0000000280)=[{&(0x7f0000000580)="a7c2b44ebde037bec2226e8a5429db1c18fca35f972bedede9bf4a145c13ce8dbbc0064a231cbede6286235c605e082659283f3eff7bdbce6cc19f596ed0e1a7dee1a8c8215ad7faf7cceec228180f6f45808b622fc65938ce245932228838a89c53876d8d6d55956670ccb639c75dba25d5bd0c6ac2f49660e2d9243116e12b33dcdeb9c5a43e9cf340cf0027c6bfa47a49a45cfae67e", 0x97}], 0x1, 0x4)
syz_io_uring_setup(0xeb, &(0x7f0000000480)={0x0, 0x7dbf, 0x8, 0x0, 0x1f0}, &(0x7f0000000500), &(0x7f0000000540))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
fchdir(r5)
fsmount(r5, 0x0, 0xfc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x850, 0xffffffffffffffff, 0xfffffffd}, 0x50)

2.681473298s ago: executing program 2 (id=8230):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000280)=0x14)
read(r0, &(0x7f00000019c0)=""/4097, 0x1001)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r8, r6, 0x25, 0x2, @void}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYRESHEX=r2, @ANYRESDEC=r3, @ANYRESDEC=r4], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xff8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf8c}, 0x94)
r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000640), 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r9, 0x20, &(0x7f0000000880)={&(0x7f00000007c0)=""/122, 0x7a, <r10=>0x0, &(0x7f0000000680)=""/41, 0x29}}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000680)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r6, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, r11, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r12, 0x0, 0x2}, 0x18)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0)

2.462619332s ago: executing program 2 (id=8236):
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000002740)=""/4071, &(0x7f00000004c0)=0xfe7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2007, &(0x7f0000000980)=<r7=>0x0)
r8 = eventfd2(0x9, 0x0)
io_pgetevents(r7, 0x2, 0x0, 0x0, 0x0, 0x0)
io_submit(r7, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1, r8}])
io_destroy(r7)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.022054421s ago: executing program 6 (id=8247):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={0xffffffffffffffff, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000100000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@noquota}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x2, 0x4f3, &(0x7f0000000700)="$eJzs3c9vG1kdAPDvTOMmabM4CxyWlVgqWJSuoHayYXcjDkuQEJwqUcqFUwiJE0Vx4ih22iaqUCr+ACTEL8GJExckzggJ9U9ASJXgjhACVdCWAwfAaJwxDamTONs4buPPR3qdN/Nm5vteHT/7zRt5AhhYVyJiNiIuRMRbEVHMt6d5it29lO33+NHdhSwl0Ry++bckknxb+1xJvrycHzYSEV/7SsS3kmfj1rd3Vuer1cpmvl5urG2U69s711bW5pcry5X12empd2fem3lnZvLU2vr+l/78w+/+/Mvv/+azt/8499er386qNZaX7W9HN3a73G+v6YXW/0XbUERsniTYCyzN21Pod0UAAOhK9v3twxHxyYh48pN+1wYAAADoheYXxuJfSUQTAAAAOLfS1j2wSVrK7wUYizQtlfbu4f1oXEqrtXrjM0u1rfXFvXtlx6OQLq1UK5P5vcLjUUiy9alW/un62wfWpyPi1Yj4fnG0tV5aqFUX+33xAwAAAAbE5QPj/38U98b/AAAAwDkz3u8KAAAAAD1n/A8AAADn36Hj/2TobCsCAAAA9MJXr1/PUrP9/OvFW9tbq7Vb1xYr9dXS2tZCaaG2uVFartWWW7/Zt3bc+aq12sbnYn3rTrlRqTfK9e2dubXa1npjrvVc77lKs3gmzQIAAAD2efUT9/+QRMTu50dbKXMxLyscf/hsb2sH9FJ6st2TXtUDOHsX+l0BoG/c4AuDq4sxPnDOHTOw/8GB9RNeNgAAAF4EEx97rvl/84HwEjOQh8Fl/h8Gl/l/GFzm/2HADR+/y8hhBb895boAAAA9M9ZKSVrK5wLHIk1LpYhXWo8FKCRLK9XKZER8KCJ+XywMZ+tT/a40AAAAAAAAAAAAAAAAAAAAAAAAALxkms0kmgAAAMC5FpH+Jckf5D9RfHPs4PWBi8k/i61lRNz+6c0f3ZlvNDansu1//9/2xo/z7W+3t2S+ccZXMgAAAIC29ji9PY4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNP0+NHdhXY6y7gPvxgR453iD8VIaznyq2JEXHqSxNC+45KIuHAK8XfvRcRrneInWbViPK/FwfhpRIz2Of7lU4gPg+x+1v/MZu+/woH3XxpXWsvO77+hPD2vh1cO6//Sdv/X6uc69X+vHH3qkXbm9Qe/LD9TWszj34t4fahz/9OOn3SKf7H7Nn7z6zs7h5U1fxYxccznTxa/3FjbKNe3d66trM0vV5Yr69PTU+/OvDfzzsxkeWmlWsn/7Rjjex//9X8Oi5+1/1LH+Hv976Htj4g3u2z/vx/cefSRI+Jf/VTn1/+1I+JnfxOfzj8HsvKJdn53L7/fG7/43RtHtX/xkPYf+fpHxNUu2//Wje/8qctdAYAzUN/eWZ2vViubPcmM9uzMMlmmtn7cPtn3xA8conAmfyQyvczcyF/DEx/ex04JAADoiadf+g+WnGCCBwAAAAAAAAAAAAAAAAAAAHguPf8RsuH//2WBkf41FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSP8NAAD//121zbo=")

1.896699783s ago: executing program 1 (id=8248):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1f, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x10000000, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x0, 0x40})
r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$P9_RREAD(r0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], 0x100b)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000"], 0x48)
io_uring_setup(0x3382, &(0x7f0000000000)={0x0, 0xf6a9, 0xc2, 0x0, 0x4})
r1 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3)
pause()
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x2, &(0x7f0000000600)=ANY=[@ANYBLOB="95004000ddffffff051c000000000100"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3}], 0x2c, 0xffffffffffbffff8)
dup2(r2, r3)
fcntl$setown(r2, 0x8, r1)
tkill(r1, 0x13)

1.887370084s ago: executing program 6 (id=8249):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f0000000540), &(0x7f0000000600)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
mount_setattr(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x9900, &(0x7f0000000040)={0x0, 0x0, 0x40000}, 0x20)
r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000840)="aefdda9d240303005a90f57f14705309f0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072aea", 0x2b}], 0x1)

1.843696984s ago: executing program 6 (id=8250):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000480)={{r4, <r5=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000180)='%pK    \x00'}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
ioctl$BTRFS_IOC_INO_LOOKUP(r5, 0xd0009412, 0x0)
sched_setscheduler(r6, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f000077c000/0x3000)=nil, 0x3000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r10 = getgid()
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [{0x2, 0x1}], {0x4, 0xef256ec970fad851}, [{}, {0x8, 0x3}, {0x8, 0x7, r10}], {0x10, 0x4}}, 0x44, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r11}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="08000200e4d4c21e080008004c06"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x1000000, 0x0, {0x0, 0x0, 0x74, r3}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

1.810844465s ago: executing program 6 (id=8252):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000005c0)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@grpid}]}, 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})

1.729041287s ago: executing program 6 (id=8254):
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000002740)=""/4071, &(0x7f00000004c0)=0xfe7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2007, 0x0)
r7 = eventfd2(0x9, 0x0)
io_pgetevents(0x0, 0x2, 0x2, &(0x7f0000000080)=[{}, {}], 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1, r7}])
io_destroy(0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.616677048s ago: executing program 2 (id=8256):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
msgctl$IPC_RMID(0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

1.198280487s ago: executing program 4 (id=8257):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x5eab, 0x8, 0x8000, 0x400250}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000400)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd_index=0x1, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r2, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)

1.198102667s ago: executing program 4 (id=8258):
lsm_get_self_attr(0x67, 0x0, &(0x7f00000003c0), 0x0)

1.184977337s ago: executing program 4 (id=8259):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0xff}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x9, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0xfffffffffffffea6, 0x0, 0x41100, 0xb, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x20702, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r3}, 0x3d)
gettid()
timer_create(0x0, 0x0, &(0x7f0000000040)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x400})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000080))
write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYRES8=r5, @ANYRES64, @ANYRESDEC=r1], 0xfe49)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r8 = open(&(0x7f0000000280)='./file0\x00', 0x60842, 0x45)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000300)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0xc, 0x0, r8, 0x0, 0x0, 0x0, 0x8000})
getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f00000000c0)={<r11=>0x0, @loopback}, &(0x7f0000000200)=0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0xa, &(0x7f0000000880)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x7, 0xfe, &(0x7f0000000400)=""/244, 0x40f00, 0x8251dfbd9b1c0f1, '\x00', r11, 0x25, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000300)={0x2, 0x0, 0x640d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0xffffffffffffffff], 0x0, 0x10, 0x1, @value=r8}, 0x94)
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000140)={'geneve1\x00', 0x600})
semget$private(0x0, 0x4001, 0x20)
semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0)
unshare(0x20060400)

1.06947371s ago: executing program 2 (id=8260):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f0000000540), &(0x7f0000000600)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
mount_setattr(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x9900, &(0x7f0000000040)={0x0, 0x0, 0x40000}, 0x20)
r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000840)="aefdda9d240303005a90f57f14705309f0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072aea", 0x2b}], 0x1)

998.051551ms ago: executing program 1 (id=8262):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000280)=0x14)
read(r0, &(0x7f00000019c0)=""/4097, 0x1001)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r8, r6, 0x25, 0x2, @void}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYRESHEX=r2, @ANYRESDEC=r3, @ANYRESDEC=r4], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xff8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf8c}, 0x94)
r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000640), 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r9, 0x20, &(0x7f0000000880)={&(0x7f00000007c0)=""/122, 0x7a, <r10=>0x0, &(0x7f0000000680)=""/41, 0x29}}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000680)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r6, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, r11, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r12, 0x0, 0x2}, 0x18)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0)

962.344911ms ago: executing program 2 (id=8263):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00'}, 0x10)
setresuid(0xee01, 0xee00, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000001140)={0xa, 0x4e28, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}, 0x1c)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000e00), 0x0, 0xc8040)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001200)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r2, 0x0, 0x0)

885.024413ms ago: executing program 4 (id=8265):
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
socket$inet(0x2, 0x80001, 0x84)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x3})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x6, 0x2, 0x0, 0x2}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}, @TCA_NETEM_RATE={0x14, 0x6, {0x1, 0x80, 0x7, 0x7a7}}]}}}]}, 0x6c}}, 0x20000000)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

767.004395ms ago: executing program 6 (id=8266):
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000002740)=""/4071, &(0x7f00000004c0)=0xfe7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2007, &(0x7f0000000980)=<r7=>0x0)
r8 = eventfd2(0x9, 0x0)
io_pgetevents(r7, 0x2, 0x1, &(0x7f0000000080)=[{}], 0x0, 0x0)
io_submit(r7, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1, r8}])
io_destroy(r7)
socket$nl_netfilter(0x10, 0x3, 0xc)

654.670507ms ago: executing program 4 (id=8271):
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
r0 = socket$inet(0x2, 0x80001, 0x84)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r5=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x3})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x6, 0x2, 0x0, 0x2}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}, @TCA_NETEM_RATE={0x14, 0x6, {0x1, 0x80, 0x7, 0x7a7}}]}}}]}, 0x6c}}, 0x20000000)
sendmsg$inet(r1, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
r6 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4)
bind$inet(r6, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10)
listen(r6, 0x3)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4)
listen(r0, 0x3)
close(0x4)

653.043827ms ago: executing program 1 (id=8272):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@delalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=")
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0xdf, &(0x7f0000001400)=""/223, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, &(0x7f0000000180))
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_ifreq(r0, 0x8936, &(0x7f0000000100)={'wg1\x00', @ifru_data=&(0x7f0000000080)="c05307df9e384197131618ba85aea3377f350b4d5e2342662e5915ae5232a409"})
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
lstat(&(0x7f0000000440)='./file0\x00', 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000240)=""/263, 0x107, 0x7)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000018000000e700000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000a40)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1b}}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e20, 0x6, @remote, 0xf}, @in6={0xa, 0x4e21, 0x8, @empty, 0x9}, @in6={0xa, 0x4e20, 0xfffffffb, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x5}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, @in={0x2, 0x4e23, @rand_addr=0x64010101}, @in6={0xa, 0x4e24, 0x6, @loopback, 0x790b}], 0xb0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000100000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030002000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000085000000b7000000000100"/96], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})

608.824088ms ago: executing program 1 (id=8273):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f0000000540), &(0x7f0000000600)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
mount_setattr(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x9900, &(0x7f0000000040)={0x0, 0x0, 0x40000}, 0x20)
r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000840)="aefdda9d240303005a90f57f14705309f0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072aea", 0x2b}], 0x1)

499.3815ms ago: executing program 1 (id=8274):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280140003"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x20000000)

455.657971ms ago: executing program 1 (id=8276):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1f, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x10000000, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
write$P9_RREAD(r1, &(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x100b)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000"], 0x48)
io_uring_setup(0x3382, &(0x7f0000000000)={0x0, 0xf6a9, 0xc2, 0x0, 0x4})
r2 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
pause()
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x2, &(0x7f0000000600)=ANY=[@ANYBLOB="95004000ddffffff051c000000000100"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r4}], 0x2c, 0xffffffffffbffff8)
dup2(r3, r4)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)

414.245282ms ago: executing program 7 (id=8277):
r0 = epoll_create(0x3ff)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0000000})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
memfd_create(&(0x7f0000000cc0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\xd5\xfd\xa9\r\xac7V\xf2\x93A\x94k\xcd\t\x00\x90\xbe\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\agB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\x9f#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xd8\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x96!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2_\x16\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0V\\w\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x17fNo\xb3\x1d\xbb\xcaI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%UH\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\x02Y\x8e\xae\xf5m\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5\x04\x00\x00\x00\x00\x00\x00\x00\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9\xcfJ\t}\xd4:\xe4\xbe\x1c\x10\n\xc6hPO\xeagxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!D\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\xca\xc5kz\x8e9\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3d5V\x80\x1a\x90\x10\xe3\xdf%\xfdz\xf7\x9aE\xe6\x9b\x00'/993, 0x3)
r3 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000100)={<r4=>r3})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x11d, 0xf, 0x0, 0x0)
vmsplice(r3, &(0x7f0000000280)=[{&(0x7f0000000580)="a7c2b44ebde037bec2226e8a5429db1c18fca35f972bedede9bf4a145c13ce8dbbc0064a231cbede6286235c605e082659283f3eff7bdbce6cc19f596ed0e1a7dee1a8c8215ad7faf7cceec228180f6f45808b622fc65938ce245932228838a89c53876d8d6d55956670ccb639c75dba25d5bd0c6ac2f49660e2d9243116e12b33dcdeb9c5a43e9cf340cf0027c6bfa47a49a45cfae67e", 0x97}], 0x1, 0x4)
syz_io_uring_setup(0xeb, &(0x7f0000000480)={0x0, 0x7dbf, 0x8, 0x0, 0x1f0}, &(0x7f0000000500), &(0x7f0000000540))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
fchdir(r5)
fsmount(r5, 0x0, 0xfc)
syz_emit_ethernet(0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa2686dd6c370c8900282b01ce800000000000000000000000000025fe8000000000000000000000000000aa3c000000000000003b03000000000000c9100000000000000000000004"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x850, 0xffffffffffffffff, 0xfffffffd}, 0x50)

318.260294ms ago: executing program 7 (id=8278):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, &(0x7f0000000240))
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff00", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, {0x80}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)

318.080373ms ago: executing program 7 (id=8279):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000580)=ANY=[@ANYBLOB="18080000281c0040000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe00000000b6090000002000a80700000050000058bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056000000a80000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x11, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x94)

271.827604ms ago: executing program 7 (id=8280):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xb, 0x518, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20007, 0xc8, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x924}, 0x18)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x3, 0xff, 0x5e, 0x54, 0x0, 0x3, 0x89008, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2, @perf_config_ext={0x10000, 0xfffffffffffffff9}, 0x1a, 0x81, 0x800, 0x6, 0x8, 0x4002}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000780)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x800}}, 0x120)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

232.937506ms ago: executing program 7 (id=8281):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd_index=0x1, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(0xffffffffffffffff, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)

174.220687ms ago: executing program 7 (id=8282):
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
socket$inet(0x2, 0x80001, 0x84)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x3})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x6, 0x2, 0x0, 0x2}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}, @TCA_NETEM_RATE={0x14, 0x6, {0x1, 0x80, 0x7, 0x7a7}}]}}}]}, 0x6c}}, 0x20000000)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

0s ago: executing program 4 (id=8283):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@delalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=")
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0xdf, &(0x7f0000001400)=""/223, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, &(0x7f0000000180))
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_ifreq(r0, 0x8936, &(0x7f0000000100)={'wg1\x00', @ifru_data=&(0x7f0000000080)="c05307df9e384197131618ba85aea3377f350b4d5e2342662e5915ae5232a409"})
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
lstat(&(0x7f0000000440)='./file0\x00', 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000240)=""/263, 0x107, 0x7)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000018000000e700000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000a40)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1b}}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e20, 0x6, @remote, 0xf}, @in6={0xa, 0x4e21, 0x8, @empty, 0x9}, @in6={0xa, 0x4e20, 0xfffffffb, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x5}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, @in={0x2, 0x4e23, @rand_addr=0x64010101}, @in6={0xa, 0x4e24, 0x6, @loopback, 0x790b}], 0xb0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000100000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030002000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000085000000b7000000000100"/96], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})

kernel console output (not intermixed with test programs):

472.525661][ T5505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.525758][ T5505] RSP: 002b:00007fe450c3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  472.525806][ T5505] RAX: ffffffffffffffda RBX: 00007fe452436090 RCX: 00007fe4521febe9
[  472.525819][ T5505] RDX: 0000200000000340 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  472.525831][ T5505] RBP: 00007fe450c3e090 R08: 0000000000000000 R09: 0000000000000000
[  472.525843][ T5505] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[  472.525861][ T5505] R13: 00007fe452436128 R14: 00007fe452436090 R15: 00007ffe5ba8a6c8
[  472.525878][ T5505]  </TASK>
[  472.720378][ T5494] bridge0: entered allmulticast mode
[  472.729239][ T5494] macsec1: left allmulticast mode
[  472.734372][ T5494] bridge0: left allmulticast mode
[  472.754084][ T5494] bridge0: left promiscuous mode
[  473.383033][ T5568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7446'.
[  473.411389][ T5568] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7446'.
[  473.514286][ T5578] 9pnet: Could not find request transport: f
[  473.644487][ T5571] loop7: detected capacity change from 0 to 8192
[  473.652970][ T5571] vfat: Unknown parameter '��A�;�$G�΍��Ռ��a����N����qݒ��w�|�v�7�._���6�>a��7[o��% ��00000000000000000005��������������9�Q��ɟ�t#��>�v12J��~&�{-*\#\n�p����2.'
[  473.938434][ T5621] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7459'.
[  473.949151][ T5614] smc: net device bond0 applied user defined pnetid SYZ0
[  473.959087][ T5614] smc: net device bond0 erased user defined pnetid SYZ0
[  473.972845][ T5613] 9pnet: Could not find request transport: f
[  473.981682][   T29] kauditd_printk_skb: 27 callbacks suppressed
[  473.981697][   T29] audit: type=1400 audit(1757369686.784:22822): avc:  denied  { listen } for  pid=5611 comm="syz.4.7458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  474.061346][ T5632] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7463'.
[  474.130050][ T5635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7464'.
[  474.208724][ T5653] FAULT_INJECTION: forcing a failure.
[  474.208724][ T5653] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.221932][ T5653] CPU: 0 UID: 0 PID: 5653 Comm: syz.1.7468 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  474.221960][ T5653] Tainted: [W]=WARN
[  474.221965][ T5653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  474.222048][ T5653] Call Trace:
[  474.222052][ T5653]  <TASK>
[  474.222113][ T5653]  __dump_stack+0x1d/0x30
[  474.222134][ T5653]  dump_stack_lvl+0xe8/0x140
[  474.222156][ T5653]  dump_stack+0x15/0x1b
[  474.222170][ T5653]  should_fail_ex+0x265/0x280
[  474.222189][ T5653]  should_fail+0xb/0x20
[  474.222223][ T5653]  should_fail_usercopy+0x1a/0x20
[  474.222242][ T5653]  _copy_from_user+0x1c/0xb0
[  474.222266][ T5653]  memdup_user+0x5e/0xd0
[  474.222304][ T5653]  __se_sys_kexec_load+0x109/0x160
[  474.222325][ T5653]  __x64_sys_kexec_load+0x55/0x70
[  474.222345][ T5653]  x64_sys_call+0x2898/0x2ff0
[  474.222363][ T5653]  do_syscall_64+0xd2/0x200
[  474.222433][ T5653]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  474.222452][ T5653]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  474.222531][ T5653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.222547][ T5653] RIP: 0033:0x7fdba249ebe9
[  474.222559][ T5653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.222573][ T5653] RSP: 002b:00007fdba0f07038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  474.222588][ T5653] RAX: ffffffffffffffda RBX: 00007fdba26d5fa0 RCX: 00007fdba249ebe9
[  474.222598][ T5653] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000004
[  474.222664][ T5653] RBP: 00007fdba0f07090 R08: 0000000000000000 R09: 0000000000000000
[  474.222728][ T5653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.222738][ T5653] R13: 00007fdba26d6038 R14: 00007fdba26d5fa0 R15: 00007fffe1063588
[  474.222788][ T5653]  </TASK>
[  474.227460][ T5656] netlink: 44 bytes leftover after parsing attributes in process `syz.4.7469'.
[  474.286192][ T5664] loop4: detected capacity change from 0 to 164
[  474.298980][ T5656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7469'.
[  474.305363][ T5664] Unable to read rock-ridge attributes
[  474.649427][ T5656] veth0: entered promiscuous mode
[  474.913114][ T5700] 9pnet: Could not find request transport: f
[  475.194338][ T5726] random: crng reseeded on system resumption
[  475.225528][   T29] audit: type=1326 audit(1757369688.014:22823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.249077][   T29] audit: type=1326 audit(1757369688.014:22824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.272583][   T29] audit: type=1326 audit(1757369688.014:22825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.296132][   T29] audit: type=1326 audit(1757369688.014:22826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.321010][   T29] audit: type=1326 audit(1757369688.014:22827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.345272][   T29] audit: type=1326 audit(1757369688.014:22828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.368784][   T29] audit: type=1326 audit(1757369688.014:22829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.392378][   T29] audit: type=1326 audit(1757369688.014:22830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.415901][   T29] audit: type=1326 audit(1757369688.014:22831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5725 comm="syz.2.7483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  475.471426][ T5731] vxcan6: entered promiscuous mode
[  475.476601][ T5731] vxcan6: entered allmulticast mode
[  475.541813][ T5738] 9pnet: Could not find request transport: f
[  475.559513][ T5743] FAULT_INJECTION: forcing a failure.
[  475.559513][ T5743] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  475.565282][ T5745] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  475.572629][ T5743] CPU: 1 UID: 0 PID: 5743 Comm: syz.1.7490 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  475.572660][ T5743] Tainted: [W]=WARN
[  475.572667][ T5743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  475.572717][ T5743] Call Trace:
[  475.572723][ T5743]  <TASK>
[  475.572730][ T5743]  __dump_stack+0x1d/0x30
[  475.572750][ T5743]  dump_stack_lvl+0xe8/0x140
[  475.572768][ T5743]  dump_stack+0x15/0x1b
[  475.572785][ T5743]  should_fail_ex+0x265/0x280
[  475.572850][ T5743]  should_fail+0xb/0x20
[  475.572868][ T5743]  should_fail_usercopy+0x1a/0x20
[  475.572891][ T5743]  _copy_from_user+0x1c/0xb0
[  475.572984][ T5743]  __sys_sendto+0x19e/0x330
[  475.573012][ T5743]  __x64_sys_sendto+0x76/0x90
[  475.573034][ T5743]  x64_sys_call+0x2d05/0x2ff0
[  475.573060][ T5743]  do_syscall_64+0xd2/0x200
[  475.573087][ T5743]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  475.573140][ T5743]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  475.573169][ T5743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.573198][ T5743] RIP: 0033:0x7fdba249ebe9
[  475.573214][ T5743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  475.573293][ T5743] RSP: 002b:00007fdba0f07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  475.573311][ T5743] RAX: ffffffffffffffda RBX: 00007fdba26d5fa0 RCX: 00007fdba249ebe9
[  475.573323][ T5743] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003
[  475.573357][ T5743] RBP: 00007fdba0f07090 R08: 0000200000000140 R09: 000000000000001c
[  475.573369][ T5743] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000001
[  475.573382][ T5743] R13: 00007fdba26d6038 R14: 00007fdba26d5fa0 R15: 00007fffe1063588
[  475.573399][ T5743]  </TASK>
[  475.752942][ T5745] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  475.760619][ T5745] vhci_hcd vhci_hcd.0: Device attached
[  475.832473][ T5746] vhci_hcd: connection closed
[  475.836302][ T2219] vhci_hcd: stop threads
[  475.845259][ T2219] vhci_hcd: release socket
[  475.849664][ T2219] vhci_hcd: disconnect device
[  476.240862][ T5773] loop4: detected capacity change from 0 to 512
[  476.304057][ T5773] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  476.379185][ T5773] ext4 filesystem being mounted at /250/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  477.017068][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.107130][ T5797] ipvlan2: entered promiscuous mode
[  477.159912][ T5804] netlink: 'syz.1.7512': attribute type 1 has an invalid length.
[  477.167817][ T5801] FAULT_INJECTION: forcing a failure.
[  477.167817][ T5801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  477.180929][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: syz.4.7504 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  477.180972][ T5801] Tainted: [W]=WARN
[  477.180978][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  477.180988][ T5801] Call Trace:
[  477.180996][ T5801]  <TASK>
[  477.181003][ T5801]  __dump_stack+0x1d/0x30
[  477.181021][ T5801]  dump_stack_lvl+0xe8/0x140
[  477.181036][ T5801]  dump_stack+0x15/0x1b
[  477.181050][ T5801]  should_fail_ex+0x265/0x280
[  477.181122][ T5801]  should_fail+0xb/0x20
[  477.181181][ T5801]  should_fail_usercopy+0x1a/0x20
[  477.181206][ T5801]  _copy_to_user+0x20/0xa0
[  477.181229][ T5801]  simple_read_from_buffer+0xb5/0x130
[  477.181352][ T5801]  proc_fail_nth_read+0x10e/0x150
[  477.181379][ T5801]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  477.181460][ T5801]  vfs_read+0x1a5/0x770
[  477.181477][ T5801]  ? __rcu_read_unlock+0x4f/0x70
[  477.181494][ T5801]  ? __fget_files+0x184/0x1c0
[  477.181521][ T5801]  ksys_read+0xda/0x1a0
[  477.181543][ T5801]  __x64_sys_read+0x40/0x50
[  477.181628][ T5801]  x64_sys_call+0x27bc/0x2ff0
[  477.181645][ T5801]  do_syscall_64+0xd2/0x200
[  477.181789][ T5801]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  477.181864][ T5801]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  477.181893][ T5801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.181914][ T5801] RIP: 0033:0x7fe4521fd5fc
[  477.181929][ T5801] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  477.181986][ T5801] RSP: 002b:00007fe450c5f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  477.182006][ T5801] RAX: ffffffffffffffda RBX: 00007fe452435fa0 RCX: 00007fe4521fd5fc
[  477.182066][ T5801] RDX: 000000000000000f RSI: 00007fe450c5f0a0 RDI: 0000000000000004
[  477.182077][ T5801] RBP: 00007fe450c5f090 R08: 0000000000000000 R09: 0000000000000000
[  477.182090][ T5801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  477.182106][ T5801] R13: 00007fe452436038 R14: 00007fe452435fa0 R15: 00007ffe5ba8a6c8
[  477.182120][ T5801]  </TASK>
[  477.501327][ T5826] loop7: detected capacity change from 0 to 1024
[  477.514217][ T5829] __nla_validate_parse: 8 callbacks suppressed
[  477.514268][ T5829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7523'.
[  477.516100][ T5826] EXT4-fs: Ignoring removed orlov option
[  477.538054][ T5826] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  477.560820][ T5834] loop6: detected capacity change from 0 to 512
[  477.567960][ T5834] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  477.581452][ T5834] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.7525: Bad quota inum: 2, type: 0
[  477.592501][ T5834] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  477.607635][ T5834] EXT4-fs (loop6): mount failed
[  477.618838][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.082371][ T5853] FAULT_INJECTION: forcing a failure.
[  478.082371][ T5853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.095563][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz.2.7532 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  478.095594][ T5853] Tainted: [W]=WARN
[  478.095599][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  478.095610][ T5853] Call Trace:
[  478.095630][ T5853]  <TASK>
[  478.095637][ T5853]  __dump_stack+0x1d/0x30
[  478.095659][ T5853]  dump_stack_lvl+0xe8/0x140
[  478.095692][ T5853]  dump_stack+0x15/0x1b
[  478.095751][ T5853]  should_fail_ex+0x265/0x280
[  478.095778][ T5853]  should_fail+0xb/0x20
[  478.095795][ T5853]  should_fail_usercopy+0x1a/0x20
[  478.095843][ T5853]  _copy_from_user+0x1c/0xb0
[  478.095891][ T5853]  lo_ioctl+0x383/0x12b0
[  478.095906][ T5853]  ? avc_has_extended_perms+0x73d/0x940
[  478.095939][ T5853]  ? blkdev_common_ioctl+0xad6/0x1ad0
[  478.095966][ T5853]  ? do_vfs_ioctl+0x866/0xe10
[  478.095986][ T5853]  ? selinux_file_ioctl+0x308/0x3a0
[  478.096039][ T5853]  ? __pfx_lo_ioctl+0x10/0x10
[  478.096054][ T5853]  ? __pfx_blkdev_ioctl+0x10/0x10
[  478.096078][ T5853]  blkdev_ioctl+0x34f/0x440
[  478.096101][ T5853]  __se_sys_ioctl+0xcb/0x140
[  478.096168][ T5853]  __x64_sys_ioctl+0x43/0x50
[  478.096186][ T5853]  x64_sys_call+0x1816/0x2ff0
[  478.096208][ T5853]  do_syscall_64+0xd2/0x200
[  478.096239][ T5853]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  478.096323][ T5853]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  478.096345][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.096363][ T5853] RIP: 0033:0x7fb11ef1ebe9
[  478.096379][ T5853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.096397][ T5853] RSP: 002b:00007fb11d987038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  478.096505][ T5853] RAX: ffffffffffffffda RBX: 00007fb11f155fa0 RCX: 00007fb11ef1ebe9
[  478.096516][ T5853] RDX: 0000200000001600 RSI: 0000000000004c0a RDI: 0000000000000004
[  478.096527][ T5853] RBP: 00007fb11d987090 R08: 0000000000000000 R09: 0000000000000000
[  478.096537][ T5853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.096548][ T5853] R13: 00007fb11f156038 R14: 00007fb11f155fa0 R15: 00007ffc9ed113f8
[  478.096564][ T5853]  </TASK>
[  478.554463][ T5857] loop9: detected capacity change from 0 to 7
[  478.570369][ T5857] Buffer I/O error on dev loop9, logical block 0, async page read
[  478.591242][ T5857] Buffer I/O error on dev loop9, logical block 0, async page read
[  478.599073][ T5857]  loop9: unable to read partition table
[  478.606459][ T5860] random: crng reseeded on system resumption
[  478.617945][ T5857] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  478.617945][ T5857] 
) failed (rc=-5)
[  478.650835][ T5863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7536'.
[  478.814102][ T5877] ipvlan2: entered promiscuous mode
[  479.002865][ T5887] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7548'.
[  479.028573][ T5890] loop4: detected capacity change from 0 to 512
[  479.036998][   T29] kauditd_printk_skb: 188 callbacks suppressed
[  479.037009][   T29] audit: type=1326 audit(1757369691.844:23020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.066812][   T29] audit: type=1326 audit(1757369691.844:23021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.090391][   T29] audit: type=1326 audit(1757369691.844:23022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.113868][   T29] audit: type=1326 audit(1757369691.844:23023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.137483][   T29] audit: type=1326 audit(1757369691.844:23024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.171581][ T5890] EXT4-fs: Ignoring removed mblk_io_submit option
[  479.178401][ T5890] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  479.197780][   T29] audit: type=1326 audit(1757369691.974:23025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.221342][   T29] audit: type=1326 audit(1757369691.974:23026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.245043][   T29] audit: type=1326 audit(1757369691.974:23027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.268520][   T29] audit: type=1326 audit(1757369691.974:23028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.292151][   T29] audit: type=1326 audit(1757369691.994:23029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5888 comm="syz.1.7549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  479.318215][ T5890] EXT4-fs (loop4): 1 truncate cleaned up
[  479.330601][ T5890] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  479.509590][ T5910] vxcan6: entered promiscuous mode
[  479.514888][ T5910] vxcan6: entered allmulticast mode
[  480.121972][ T5940] loop7: detected capacity change from 0 to 1024
[  480.133180][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.157545][ T5940] EXT4-fs: Ignoring removed orlov option
[  480.199802][ T5940] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  480.327200][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.547931][ T5947] 9pnet: Could not find request transport: f
[  480.814317][ T5995] loop4: detected capacity change from 0 to 512
[  480.847900][ T5995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  480.884789][ T5995] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  480.915062][ T6009] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7573'.
[  480.960058][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.039618][ T6022] FAULT_INJECTION: forcing a failure.
[  481.039618][ T6022] name failslab, interval 1, probability 0, space 0, times 0
[  481.052277][ T6022] CPU: 1 UID: 0 PID: 6022 Comm: syz.6.7576 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  481.052306][ T6022] Tainted: [W]=WARN
[  481.052312][ T6022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  481.052358][ T6022] Call Trace:
[  481.052364][ T6022]  <TASK>
[  481.052371][ T6022]  __dump_stack+0x1d/0x30
[  481.052482][ T6022]  dump_stack_lvl+0xe8/0x140
[  481.052500][ T6022]  dump_stack+0x15/0x1b
[  481.052516][ T6022]  should_fail_ex+0x265/0x280
[  481.052540][ T6022]  should_failslab+0x8c/0xb0
[  481.052583][ T6022]  kmem_cache_alloc_noprof+0x50/0x310
[  481.052626][ T6022]  ? getname_flags+0x80/0x3b0
[  481.052649][ T6022]  getname_flags+0x80/0x3b0
[  481.052742][ T6022]  user_path_create+0x27/0x130
[  481.052764][ T6022]  bpf_obj_pin_user+0xe0/0x230
[  481.052785][ T6022]  bpf_obj_pin+0xac/0xd0
[  481.052850][ T6022]  __sys_bpf+0x6cb/0x7b0
[  481.052876][ T6022]  __x64_sys_bpf+0x41/0x50
[  481.052926][ T6022]  x64_sys_call+0x2aea/0x2ff0
[  481.052947][ T6022]  do_syscall_64+0xd2/0x200
[  481.052973][ T6022]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  481.052996][ T6022]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  481.053027][ T6022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.053072][ T6022] RIP: 0033:0x7fe686acebe9
[  481.053085][ T6022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.053179][ T6022] RSP: 002b:00007fe68552f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  481.053196][ T6022] RAX: ffffffffffffffda RBX: 00007fe686d05fa0 RCX: 00007fe686acebe9
[  481.053210][ T6022] RDX: 0000000000000018 RSI: 00002000000003c0 RDI: 0000000000000006
[  481.053222][ T6022] RBP: 00007fe68552f090 R08: 0000000000000000 R09: 0000000000000000
[  481.053235][ T6022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.053247][ T6022] R13: 00007fe686d06038 R14: 00007fe686d05fa0 R15: 00007ffed53f3698
[  481.053266][ T6022]  </TASK>
[  481.281637][ T6026] vxcan2: entered promiscuous mode
[  481.286782][ T6026] vxcan2: entered allmulticast mode
[  481.294845][ T6034] 9pnet: Could not find request transport: f
[  481.354444][ T6043] random: crng reseeded on system resumption
[  481.369114][ T6051] 9pnet: Could not find request transport: f
[  481.438984][ T6074] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7585'.
[  481.683872][   T23] hid_parser_main: 18 callbacks suppressed
[  481.683945][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.697273][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.704739][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.712783][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.720193][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.727571][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.734962][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.742423][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.749828][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.757238][   T23] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0
[  481.765504][   T23] hid-generic 0000:0000:0000.0053: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  481.913746][ T6145] 9pnet: Could not find request transport: f
[  482.245038][ T6153] loop7: detected capacity change from 0 to 512
[  482.272055][ T6153] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  482.284748][ T6153] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  482.314261][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.554293][ T6201] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7599'.
[  482.580350][   T23] hid-generic 0000:0000:0000.0054: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  482.625844][ T6221] loop6: detected capacity change from 0 to 512
[  482.652499][ T6221] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  482.665413][ T6221] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  482.745688][ T6221] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7602'.
[  482.756323][ T6221] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7602'.
[  482.805333][ T6240] 9pnet: Could not find request transport: f
[  482.868466][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7606'.
[  482.880402][ T6255] ipvlan3: entered promiscuous mode
[  482.903425][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.931037][ T6260] loop6: detected capacity change from 0 to 512
[  482.959527][ T6260] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  482.975994][ T6260] ext4 filesystem being mounted at /220/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  483.004109][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  483.046097][ T6283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7611'.
[  483.070721][ T3394] hid-generic 0000:0000:0000.0055: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  483.244013][ T6322] loop7: detected capacity change from 0 to 1024
[  483.257008][ T6322] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 458756)!
[  483.267786][ T6322] EXT4-fs (loop7): group descriptors corrupted!
[  485.848656][   T29] kauditd_printk_skb: 178 callbacks suppressed
[  485.848671][   T29] audit: type=1326 audit(1757369698.654:23205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6342 comm="syz.2.7620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  485.879437][   T29] audit: type=1326 audit(1757369698.654:23206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6342 comm="syz.2.7620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  485.905017][ T6345] loop9: detected capacity change from 0 to 7
[  485.911281][ T6345] Buffer I/O error on dev loop9, logical block 0, async page read
[  485.919147][ T6345] Buffer I/O error on dev loop9, logical block 0, async page read
[  485.927024][ T6345]  loop9: unable to read partition table
[  485.933064][ T6345] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  485.933064][ T6345] 
) failed (rc=-5)
[  485.947116][ T6264] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  485.974203][ T6347] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  485.974203][ T6347]    program syz.2.7622 not setting count and/or reply_len properly
[  485.991064][   T29] audit: type=1326 audit(1757369698.784:23207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.014953][   T29] audit: type=1326 audit(1757369698.784:23208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.038540][   T29] audit: type=1326 audit(1757369698.784:23209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.062085][   T29] audit: type=1326 audit(1757369698.784:23210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb11ef1d550 code=0x7ffc0000
[  486.085608][   T29] audit: type=1326 audit(1757369698.784:23211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.109119][   T29] audit: type=1326 audit(1757369698.784:23212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.132641][   T29] audit: type=1326 audit(1757369698.804:23213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.156146][   T29] audit: type=1326 audit(1757369698.804:23214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.2.7622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  486.184898][   T10] hid-generic 0000:0000:0000.0056: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  486.214374][ T6353] loop4: detected capacity change from 0 to 1024
[  486.222383][ T6353] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 458756)!
[  486.233094][ T6353] EXT4-fs (loop4): group descriptors corrupted!
[  486.541678][ T6375] geneve0: entered allmulticast mode
[  487.444563][   T36] hid_parser_main: 102 callbacks suppressed
[  487.444578][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.458101][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.465638][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.475306][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.482719][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.490127][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.497491][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.504896][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.512301][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.519684][   T36] hid-generic 0000:0000:0000.0057: unknown main item tag 0x0
[  487.528079][   T36] hid-generic 0000:0000:0000.0057: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  487.630507][ T6406] 8021q: adding VLAN 0 to HW filter on device bond1
[  488.473144][ T6417] random: crng reseeded on system resumption
[  489.601994][ T6379] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  489.639124][ T6420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7648'.
[  489.649503][ T6420] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7648'.
[  489.661674][ T6423] loop6: detected capacity change from 0 to 512
[  489.668289][ T6423] EXT4-fs: Ignoring removed mblk_io_submit option
[  489.678467][ T6425] loop7: detected capacity change from 0 to 512
[  489.698582][ T6423] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  489.709089][   T10] hid-generic 0000:0000:0000.0058: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  489.720370][ T6425] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  489.720477][ T6425] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  489.721032][ T6423] EXT4-fs (loop6): 1 truncate cleaned up
[  489.721455][ T6423] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  489.743533][ T6425] 9pnet_fd: Insufficient options for proto=fd
[  489.764126][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.796858][ T6439] FAULT_INJECTION: forcing a failure.
[  489.796858][ T6439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  489.810010][ T6439] CPU: 1 UID: 0 PID: 6439 Comm: syz.1.7653 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  489.810040][ T6439] Tainted: [W]=WARN
[  489.810045][ T6439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  489.810056][ T6439] Call Trace:
[  489.810063][ T6439]  <TASK>
[  489.810070][ T6439]  __dump_stack+0x1d/0x30
[  489.810159][ T6439]  dump_stack_lvl+0xe8/0x140
[  489.810174][ T6439]  dump_stack+0x15/0x1b
[  489.810270][ T6439]  should_fail_ex+0x265/0x280
[  489.810292][ T6439]  should_fail+0xb/0x20
[  489.810310][ T6439]  should_fail_usercopy+0x1a/0x20
[  489.810329][ T6439]  _copy_from_user+0x1c/0xb0
[  489.810416][ T6439]  kstrtouint_from_user+0x69/0xf0
[  489.810435][ T6439]  ? 0xffffffff81000000
[  489.810446][ T6439]  ? selinux_file_permission+0x1e4/0x320
[  489.810477][ T6439]  proc_fail_nth_write+0x50/0x160
[  489.810504][ T6439]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  489.810555][ T6439]  vfs_write+0x266/0x960
[  489.810571][ T6439]  ? vfs_read+0x4e6/0x770
[  489.810588][ T6439]  ? __rcu_read_unlock+0x4f/0x70
[  489.810617][ T6439]  ? __fget_files+0x184/0x1c0
[  489.810711][ T6439]  ksys_write+0xda/0x1a0
[  489.810734][ T6439]  __x64_sys_write+0x40/0x50
[  489.810761][ T6439]  x64_sys_call+0x27fe/0x2ff0
[  489.810789][ T6439]  do_syscall_64+0xd2/0x200
[  489.810819][ T6439]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  489.810840][ T6439]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  489.810915][ T6439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.810934][ T6439] RIP: 0033:0x7fdba249d69f
[  489.810946][ T6439] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  489.811025][ T6439] RSP: 002b:00007fdba0ee6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  489.811121][ T6439] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdba249d69f
[  489.811133][ T6439] RDX: 0000000000000001 RSI: 00007fdba0ee60a0 RDI: 000000000000000c
[  489.811222][ T6439] RBP: 00007fdba0ee6090 R08: 0000000000000000 R09: 0000000000000000
[  489.811235][ T6439] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  489.811248][ T6439] R13: 00007fdba26d6128 R14: 00007fdba26d6090 R15: 00007fffe1063588
[  489.811266][ T6439]  </TASK>
[  489.852319][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.926287][ T6449] loop4: detected capacity change from 0 to 1024
[  490.012567][ T6448] loop7: detected capacity change from 0 to 512
[  490.026426][ T6449] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 458756)!
[  490.053206][ T6448] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  490.055414][ T6449] EXT4-fs (loop4): group descriptors corrupted!
[  490.121776][ T6448] EXT4-fs error (device loop7): ext4_quota_enable:7124: comm syz.7.7655: Bad quota inum: 2, type: 0
[  490.134803][ T6448] EXT4-fs warning (device loop7): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  490.152299][ T6448] EXT4-fs (loop7): mount failed
[  490.186718][ T6457] random: crng reseeded on system resumption
[  490.339449][ T6470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7662'.
[  490.355406][ T6470] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7662'.
[  490.388420][   T36] hid-generic 0000:0000:0000.0059: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  490.774497][ T6515] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  490.774497][ T6515]    program syz.6.7667 not setting count and/or reply_len properly
[  490.899439][   T29] kauditd_printk_skb: 223 callbacks suppressed
[  490.899451][   T29] audit: type=1326 audit(1757369703.704:23438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  490.934475][   T29] audit: type=1326 audit(1757369703.744:23439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  490.958019][   T29] audit: type=1326 audit(1757369703.744:23440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  490.981539][   T29] audit: type=1326 audit(1757369703.744:23441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.005064][   T29] audit: type=1326 audit(1757369703.744:23442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.028560][   T29] audit: type=1326 audit(1757369703.744:23443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.059356][   T29] audit: type=1326 audit(1757369703.874:23444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.082903][   T29] audit: type=1326 audit(1757369703.874:23445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.106460][   T29] audit: type=1326 audit(1757369703.874:23446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.130076][   T29] audit: type=1326 audit(1757369703.874:23447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6522 comm="syz.6.7668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe686acebe9 code=0x7ffc0000
[  491.235894][ T6585] loop6: detected capacity change from 0 to 1024
[  491.242942][ T6585] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 458756)!
[  491.253671][ T6585] EXT4-fs (loop6): group descriptors corrupted!
[  491.679246][ T6676] loop6: detected capacity change from 0 to 512
[  491.689057][ T6676] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  491.701913][ T6676] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.7671: Bad quota inum: 2, type: 0
[  491.712975][ T6676] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  491.728169][ T6676] EXT4-fs (loop6): mount failed
[  492.022097][ T6747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7672'.
[  492.044864][ T6749] loop9: detected capacity change from 0 to 7
[  492.051133][ T6749] Buffer I/O error on dev loop9, logical block 0, async page read
[  492.059037][ T6749] Buffer I/O error on dev loop9, logical block 0, async page read
[  492.066940][ T6749]  loop9: unable to read partition table
[  492.072865][ T6749] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  492.072865][ T6749] 
) failed (rc=-5)
[  492.107936][ T6751] loop9: detected capacity change from 0 to 7
[  492.114243][ T6751] Buffer I/O error on dev loop9, logical block 0, async page read
[  492.122147][ T6751] Buffer I/O error on dev loop9, logical block 0, async page read
[  492.129962][ T6751]  loop9: unable to read partition table
[  492.135689][ T6751] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  492.135689][ T6751] 
) failed (rc=-5)
[  492.162802][ T6753] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7675'.
[  493.204538][ T6460] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  493.234259][ T6884] loop7: detected capacity change from 0 to 512
[  493.250734][ T6884] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  493.274867][ T6884] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e09c, mo2=0002]
[  493.292151][ T6884] EXT4-fs (loop7): orphan cleanup on readonly fs
[  493.298495][ T6884] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.7678: bad orphan inode 267
[  493.309687][ T6884] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  493.323557][ T6884] FAULT_INJECTION: forcing a failure.
[  493.323557][ T6884] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.336624][ T6884] CPU: 0 UID: 0 PID: 6884 Comm: syz.7.7678 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  493.336659][ T6884] Tainted: [W]=WARN
[  493.336666][ T6884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  493.336679][ T6884] Call Trace:
[  493.336759][ T6884]  <TASK>
[  493.336767][ T6884]  __dump_stack+0x1d/0x30
[  493.336786][ T6884]  dump_stack_lvl+0xe8/0x140
[  493.336834][ T6884]  dump_stack+0x15/0x1b
[  493.336850][ T6884]  should_fail_ex+0x265/0x280
[  493.336874][ T6884]  should_fail+0xb/0x20
[  493.336928][ T6884]  should_fail_usercopy+0x1a/0x20
[  493.336949][ T6884]  strncpy_from_user+0x25/0x230
[  493.337020][ T6884]  ? kmem_cache_alloc_noprof+0x186/0x310
[  493.337047][ T6884]  ? getname_flags+0x80/0x3b0
[  493.337075][ T6884]  getname_flags+0xae/0x3b0
[  493.337151][ T6884]  do_sys_openat2+0x60/0x110
[  493.337183][ T6884]  __x64_sys_openat+0xf2/0x120
[  493.337286][ T6884]  x64_sys_call+0x2e9c/0x2ff0
[  493.337307][ T6884]  do_syscall_64+0xd2/0x200
[  493.337417][ T6884]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  493.337482][ T6884]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  493.337509][ T6884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.337545][ T6884] RIP: 0033:0x7ff99691ebe9
[  493.337561][ T6884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.337577][ T6884] RSP: 002b:00007ff995387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  493.337606][ T6884] RAX: ffffffffffffffda RBX: 00007ff996b55fa0 RCX: 00007ff99691ebe9
[  493.337619][ T6884] RDX: 0000000000200002 RSI: 0000200000000d40 RDI: ffffffffffffff9c
[  493.337632][ T6884] RBP: 00007ff995387090 R08: 0000000000000000 R09: 0000000000000000
[  493.337644][ T6884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.337694][ T6884] R13: 00007ff996b56038 R14: 00007ff996b55fa0 R15: 00007ffe81135758
[  493.337712][ T6884]  </TASK>
[  493.339443][ T6888] tmpfs: Bad value for 'mpol'
[  493.507574][ T6894] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  493.507574][ T6894]    program syz.6.7680 not setting count and/or reply_len properly
[  493.513903][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  493.592724][ T6898] random: crng reseeded on system resumption
[  493.617632][   T10] hid_parser_main: 74 callbacks suppressed
[  493.617658][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.630965][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.638345][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.657482][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.664984][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.672471][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.679862][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.687278][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.694671][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.702110][   T10] hid-generic 0000:0000:0000.005A: unknown main item tag 0x0
[  493.710589][   T10] hid-generic 0000:0000:0000.005A: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  493.735128][ T6907] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7686'.
[  494.258950][ T6996] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  494.258950][ T6996]    program syz.4.7696 not setting count and/or reply_len properly
[  494.388424][ T7010] loop9: detected capacity change from 0 to 7
[  494.408801][ T7010] Buffer I/O error on dev loop9, logical block 0, async page read
[  494.417060][ T7010] Buffer I/O error on dev loop9, logical block 0, async page read
[  494.424942][ T7010]  loop9: unable to read partition table
[  494.432488][ T7010] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  494.432488][ T7010] 
) failed (rc=-5)
[  494.454004][ T7014] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7698'.
[  494.535772][ T7034] loop6: detected capacity change from 0 to 164
[  494.712625][ T7057] random: crng reseeded on system resumption
[  494.746720][ T7063] loop6: detected capacity change from 0 to 512
[  494.774000][ T7063] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  494.792412][ T7067] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  494.792412][ T7067]    program syz.4.7710 not setting count and/or reply_len properly
[  494.815455][ T7063] ext4 filesystem being mounted at /244/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  494.840438][ T7073] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7711'.
[  494.875463][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  495.047327][ T7084] loop4: detected capacity change from 0 to 1024
[  495.099164][ T7084] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  495.192763][ T7084] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.7715: Invalid block bitmap block 0 in block_group 0
[  495.208760][ T7084] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.7715: Failed to acquire dquot type 0
[  495.241316][ T7084] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.7715: Freeing blocks not in datazone - block = 0, count = 4096
[  495.254977][ T7084] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.7715: Invalid inode bitmap blk 0 in block_group 0
[  495.268403][ T7084] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  495.277211][ T7084] EXT4-fs (loop4): 1 orphan inode deleted
[  495.283452][ T7084] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  495.360261][ T7080] syz.4.7715 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  495.371265][ T7080] CPU: 1 UID: 0 PID: 7080 Comm: syz.4.7715 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  495.371295][ T7080] Tainted: [W]=WARN
[  495.371302][ T7080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  495.371315][ T7080] Call Trace:
[  495.371331][ T7080]  <TASK>
[  495.371339][ T7080]  __dump_stack+0x1d/0x30
[  495.371360][ T7080]  dump_stack_lvl+0xe8/0x140
[  495.371378][ T7080]  dump_stack+0x15/0x1b
[  495.371393][ T7080]  dump_header+0x81/0x220
[  495.371451][ T7080]  oom_kill_process+0x342/0x400
[  495.371534][ T7080]  out_of_memory+0x979/0xb80
[  495.371600][ T7080]  try_charge_memcg+0x5e6/0x9e0
[  495.371629][ T7080]  charge_memcg+0x51/0xc0
[  495.371645][ T7080]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  495.371664][ T7080]  __read_swap_cache_async+0x1df/0x350
[  495.371774][ T7080]  swap_cluster_readahead+0x277/0x3e0
[  495.371888][ T7080]  swapin_readahead+0xde/0x6f0
[  495.371916][ T7080]  ? __filemap_get_folio+0x4f7/0x6b0
[  495.371988][ T7080]  ? swap_cache_get_folio+0x77/0x200
[  495.372012][ T7080]  do_swap_page+0x301/0x2430
[  495.372090][ T7080]  ? css_rstat_updated+0xb7/0x240
[  495.372119][ T7080]  ? __pfx_default_wake_function+0x10/0x10
[  495.372143][ T7080]  handle_mm_fault+0x9a5/0x2c20
[  495.372174][ T7080]  do_user_addr_fault+0x636/0x1090
[  495.372277][ T7080]  ? fpregs_restore_userregs+0xad/0x1d0
[  495.372329][ T7080]  ? switch_fpu_return+0xe/0x20
[  495.372356][ T7080]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  495.372382][ T7080]  exc_page_fault+0x62/0xa0
[  495.372429][ T7080]  asm_exc_page_fault+0x26/0x30
[  495.372446][ T7080] RIP: 0033:0x7fe4520d560c
[  495.372458][ T7080] Code: 66 0f 1f 44 00 00 69 3d a6 00 e9 00 e8 03 00 00 48 8d 1d a7 09 36 00 e8 42 95 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[  495.372494][ T7080] RSP: 002b:00007ffe5ba8a830 EFLAGS: 00010206
[  495.372510][ T7080] RAX: 0000000000000000 RBX: 00007fe452435fa0 RCX: 0000000000000000
[  495.372520][ T7080] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055555e395808
[  495.372531][ T7080] RBP: 00007fe452437da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  495.372607][ T7080] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000079070
[  495.372683][ T7080] R13: 00007fe452436180 R14: ffffffffffffffff R15: 00007ffe5ba8a940
[  495.372702][ T7080]  </TASK>
[  495.372709][ T7080] memory: usage 267680kB, limit 307200kB, failcnt 2177
[  495.500329][ T4594] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:57: Failed to release dquot type 0
[  495.503918][ T7080] memory+swap: usage 1816kB, limit 9007199254740988kB, failcnt 0
[  495.625349][ T7080] kmem: usage 856kB, limit 9007199254740988kB, failcnt 0
[  495.632422][ T7080] Memory cgroup stats for /syz4:
[  495.632739][ T7080] cache 245760
[  495.641107][ T7080] rss 32768
[  495.644201][ T7080] shmem 16384
[  495.647483][ T7080] mapped_file 204800
[  495.651435][ T7080] dirty 204800
[  495.654805][ T7080] writeback 0
[  495.658126][ T7080] workingset_refault_anon 22
[  495.662736][ T7080] workingset_refault_file 0
[  495.667225][ T7080] swap 655360
[  495.670524][ T7080] swapcached 61440
[  495.674221][ T7080] pgpgin 610843
[  495.677688][ T7080] pgpgout 610765
[  495.681275][ T7080] pgfault 543013
[  495.684806][ T7080] pgmajfault 9
[  495.688165][ T7080] inactive_anon 90112
[  495.692160][ T7080] active_anon 0
[  495.695598][ T7080] inactive_file 4096
[  495.699474][ T7080] active_file 225280
[  495.703374][ T7080] unevictable 0
[  495.706812][ T7080] hierarchical_memory_limit 314572800
[  495.712218][ T7080] hierarchical_memsw_limit 9223372036854771712
[  495.718364][ T7080] total_cache 245760
[  495.722282][ T7080] total_rss 32768
[  495.725987][ T7080] total_shmem 16384
[  495.729855][ T7080] total_mapped_file 204800
[  495.734278][ T7080] total_dirty 204800
[  495.738166][ T7080] total_writeback 0
[  495.742064][ T7080] total_workingset_refault_anon 22
[  495.747160][ T7080] total_workingset_refault_file 0
[  495.752915][ T7080] total_swap 655360
[  495.756714][ T7080] total_swapcached 61440
[  495.761475][ T7080] total_pgpgin 610843
[  495.765816][ T7080] total_pgpgout 610765
[  495.769874][ T7080] total_pgfault 543013
[  495.774376][ T7080] total_pgmajfault 9
[  495.774384][ T7080] total_inactive_anon 90112
[  495.774390][ T7080] total_active_anon 0
[  495.774396][ T7080] total_inactive_file 4096
[  495.774409][ T7080] total_active_file 225280
[  495.774416][ T7080] total_unevictable 0
[  495.774424][ T7080] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.7715,pid=7080,uid=0
[  495.816224][ T7080] Memory cgroup out of memory: Killed process 7080 (syz.4.7715) total-vm:93960kB, anon-rss:1004kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  495.853817][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  495.917133][ T3414] hid-generic 0000:0000:0000.005B: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  495.933384][   T10] hid-generic 0000:0000:0000.005C: hidraw1: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  495.967055][ T7106] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7723'.
[  496.079797][ T7114] loop7: detected capacity change from 0 to 512
[  496.093564][ T7114] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  496.141518][ T7116] loop6: detected capacity change from 0 to 512
[  496.142341][ T7114] EXT4-fs error (device loop7): ext4_quota_enable:7124: comm syz.7.7726: Bad quota inum: 2, type: 0
[  496.161943][ T7114] EXT4-fs warning (device loop7): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  496.164175][ T7116] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  496.190337][ T7114] EXT4-fs (loop7): mount failed
[  496.230156][ T7121] loop4: detected capacity change from 0 to 512
[  496.240938][ T7121] EXT4-fs: Ignoring removed mblk_io_submit option
[  496.248251][ T7116] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.7727: Bad quota inum: 2, type: 0
[  496.262267][ T7121] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  496.264287][ T7116] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  496.298685][ T7116] EXT4-fs (loop6): mount failed
[  496.307951][ T7121] EXT4-fs (loop4): 1 truncate cleaned up
[  496.320730][ T7121] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  496.360371][   T29] kauditd_printk_skb: 191 callbacks suppressed
[  496.360465][   T29] audit: type=1326 audit(1757369709.164:23636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.396066][ T7126] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  496.396066][ T7126]    program syz.7.7729 not setting count and/or reply_len properly
[  496.413079][   T29] audit: type=1326 audit(1757369709.204:23637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.436627][   T29] audit: type=1326 audit(1757369709.204:23638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.460195][   T29] audit: type=1326 audit(1757369709.204:23639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.483684][   T29] audit: type=1326 audit(1757369709.204:23640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff99691d550 code=0x7ffc0000
[  496.507257][   T29] audit: type=1326 audit(1757369709.204:23641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.530710][   T29] audit: type=1326 audit(1757369709.204:23642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.554168][   T29] audit: type=1326 audit(1757369709.204:23643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.655911][ T7133] random: crng reseeded on system resumption
[  496.662192][   T29] audit: type=1326 audit(1757369709.274:23644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.685816][   T29] audit: type=1326 audit(1757369709.274:23645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7125 comm="syz.7.7729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  496.754828][ T1035] hid-generic 0000:0000:0000.005D: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  496.776334][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  497.578122][ T7225] lo speed is unknown, defaulting to 1000
[  497.598843][ T7225] lo speed is unknown, defaulting to 1000
[  497.627739][ T7225] lo speed is unknown, defaulting to 1000
[  497.648389][ T7225] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  497.667777][ T7225] lo speed is unknown, defaulting to 1000
[  497.668046][ T7225] lo speed is unknown, defaulting to 1000
[  497.668338][ T7225] lo speed is unknown, defaulting to 1000
[  497.668720][ T7225] lo speed is unknown, defaulting to 1000
[  497.669131][ T7225] lo speed is unknown, defaulting to 1000
[  497.669411][ T7225] lo speed is unknown, defaulting to 1000
[  497.723527][ T7225] loop7: detected capacity change from 0 to 2048
[  497.765842][ T7225]  loop7: p1 p3 p4
[  497.766869][ T7225] loop7: p4 size 589824 extends beyond EOD, truncated
[  497.894028][ T7264] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7750'.
[  497.915970][ T7236] lo speed is unknown, defaulting to 1000
[  497.941871][ T7264] bridge0: entered promiscuous mode
[  497.947113][ T7264] macsec1: entered promiscuous mode
[  497.962085][ T7260] loop7: detected capacity change from 0 to 2048
[  498.003289][ T7260]  loop7: p1 p3 p4
[  498.031156][ T7284] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7751'.
[  498.073957][ T7260] loop7: p4 size 589824 extends beyond EOD, truncated
[  498.185718][ T7262] lo speed is unknown, defaulting to 1000
[  498.803461][ T7332] bridge0: entered promiscuous mode
[  498.809648][ T7332] macsec1: entered promiscuous mode
[  498.847464][ T7339] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7764'.
[  499.046789][ T7349] lo speed is unknown, defaulting to 1000
[  499.738209][ T7456] loop6: detected capacity change from 0 to 512
[  499.757590][ T7456] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  499.785169][ T7456] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.7780: Bad quota inum: 2, type: 0
[  499.810449][ T7456] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  499.825354][ T7456] EXT4-fs (loop6): mount failed
[  499.855357][ T7462] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7781'.
[  499.891794][ T7465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7783'.
[  499.912604][ T7465] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7783'.
[  500.007603][ T7462] lo speed is unknown, defaulting to 1000
[  500.436229][ T7536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.447670][ T7536] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.488917][ T7548] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7795'.
[  500.640538][ T7548] lo speed is unknown, defaulting to 1000
[  501.009042][ T7609] loop6: detected capacity change from 0 to 512
[  501.016238][ T7609] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  501.031457][ T7609] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.7801: Bad quota inum: 2, type: 0
[  501.045410][ T7614] loop9: detected capacity change from 0 to 7
[  501.053682][ T7614] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.053883][ T7609] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  501.061635][ T7614] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.084082][ T7614]  loop9: unable to read partition table
[  501.089794][ T7614] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  501.089794][ T7614] 
) failed (rc=-5)
[  501.103271][ T7609] EXT4-fs (loop6): mount failed
[  501.193997][ T7623] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7806'.
[  501.306034][ T7623] lo speed is unknown, defaulting to 1000
[  501.499755][ T7639] FAULT_INJECTION: forcing a failure.
[  501.499755][ T7639] name failslab, interval 1, probability 0, space 0, times 0
[  501.512535][ T7639] CPU: 1 UID: 0 PID: 7639 Comm: syz.7.7813 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  501.512565][ T7639] Tainted: [W]=WARN
[  501.512572][ T7639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.512583][ T7639] Call Trace:
[  501.512615][ T7639]  <TASK>
[  501.512623][ T7639]  __dump_stack+0x1d/0x30
[  501.512642][ T7639]  dump_stack_lvl+0xe8/0x140
[  501.512658][ T7639]  dump_stack+0x15/0x1b
[  501.512671][ T7639]  should_fail_ex+0x265/0x280
[  501.512724][ T7639]  should_failslab+0x8c/0xb0
[  501.512802][ T7639]  __kmalloc_noprof+0xa5/0x3e0
[  501.512829][ T7639]  ? sk_prot_alloc+0xa8/0x190
[  501.512850][ T7639]  sk_prot_alloc+0xa8/0x190
[  501.512869][ T7639]  sk_alloc+0x34/0x360
[  501.512950][ T7639]  pfkey_create+0xd7/0x3a0
[  501.513007][ T7639]  __sock_create+0x2e9/0x5b0
[  501.513027][ T7639]  __sys_socketpair+0x1bc/0x430
[  501.513049][ T7639]  __x64_sys_socketpair+0x52/0x60
[  501.513069][ T7639]  x64_sys_call+0x2bf2/0x2ff0
[  501.513089][ T7639]  do_syscall_64+0xd2/0x200
[  501.513155][ T7639]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  501.513178][ T7639]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  501.513201][ T7639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.513290][ T7639] RIP: 0033:0x7ff99691ebe9
[  501.513304][ T7639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.513319][ T7639] RSP: 002b:00007ff995387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  501.513336][ T7639] RAX: ffffffffffffffda RBX: 00007ff996b55fa0 RCX: 00007ff99691ebe9
[  501.513346][ T7639] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f
[  501.513425][ T7639] RBP: 00007ff995387090 R08: 0000000000000000 R09: 0000000000000000
[  501.513493][ T7639] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  501.513504][ T7639] R13: 00007ff996b56038 R14: 00007ff996b55fa0 R15: 00007ffe81135758
[  501.513520][ T7639]  </TASK>
[  501.750761][ T7644] loop9: detected capacity change from 0 to 7
[  501.757098][ T7644] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.765353][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  501.765400][   T29] audit: type=1326 audit(1757369714.554:23816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.795068][   T29] audit: type=1326 audit(1757369714.554:23817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.818547][   T29] audit: type=1326 audit(1757369714.554:23818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.842028][   T29] audit: type=1326 audit(1757369714.554:23819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.865392][   T29] audit: type=1326 audit(1757369714.554:23820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.870857][ T7644] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.888893][   T29] audit: type=1326 audit(1757369714.554:23821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.888919][   T29] audit: type=1326 audit(1757369714.554:23822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.896773][ T7644]  loop9: unable to read partition table
[  501.920204][   T29] audit: type=1326 audit(1757369714.554:23823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.920227][   T29] audit: type=1326 audit(1757369714.564:23824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  501.993463][ T7644] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  501.993463][ T7644] 
) failed (rc=-5)
[  501.996682][   T29] audit: type=1326 audit(1757369714.564:23825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.1.7815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  502.041978][ T7651] loop6: detected capacity change from 0 to 512
[  502.050793][ T7651] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  502.062493][ T7651] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.7818: Bad quota inum: 2, type: 0
[  502.073656][ T7651] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  502.116791][ T7651] EXT4-fs (loop6): mount failed
[  502.191189][ T7664] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7823'.
[  502.285583][ T7664] lo speed is unknown, defaulting to 1000
[  502.314267][ T7662] lo speed is unknown, defaulting to 1000
[  502.513728][ T7677] loop7: detected capacity change from 0 to 8192
[  502.520373][ T7677] vfat: Unknown parameter '��A�;�$G�΍��Ռ��a����N����qݒ��w�|�v�7�._���6�>a��7[o��% ��00000000000000000003��������������9�Q��ɟ�t#��>�v12J��~&�{-*\#\n�p����2.'
[  502.707384][ T7693] loop9: detected capacity change from 0 to 7
[  502.714562][ T7695] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.726882][ T7695] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.734809][ T7695]  loop9: unable to read partition table
[  502.741061][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.749690][ T7693] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.757673][ T7693]  loop9: unable to read partition table
[  502.763731][ T7693] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  502.763731][ T7693] 
) failed (rc=-5)
[  502.803057][ T7700] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7837'.
[  503.046574][ T7708] lo speed is unknown, defaulting to 1000
[  503.083215][ T7700] lo speed is unknown, defaulting to 1000
[  503.274515][ T7721] openvswitch: netlink: Message has 6 unknown bytes.
[  503.340071][ T7723] loop6: detected capacity change from 0 to 512
[  503.372490][ T7723] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  503.452908][ T7723] EXT4-fs (loop6): 1 orphan inode deleted
[  503.459625][ T7723] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  503.473657][ T4597] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:60: Failed to release dquot type 1
[  503.485896][ T7723] ext4 filesystem being mounted at /271/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  503.534013][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.811039][ T7735] loop9: detected capacity change from 0 to 7
[  504.006401][ T7735] Buffer I/O error on dev loop9, logical block 0, async page read
[  504.089947][ T7735] Buffer I/O error on dev loop9, logical block 0, async page read
[  504.097821][ T7735]  loop9: unable to read partition table
[  504.150184][ T7735] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  504.150184][ T7735] 
) failed (rc=-5)
[  504.402765][ T7742] lo speed is unknown, defaulting to 1000
[  504.584962][ T7748] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7852'.
[  504.855800][ T7748] lo speed is unknown, defaulting to 1000
[  505.103159][ T7794] lo speed is unknown, defaulting to 1000
[  505.149338][ T7796] loop4: detected capacity change from 0 to 512
[  505.176094][ T7796] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  505.254200][ T7796] EXT4-fs error (device loop4): ext4_quota_enable:7124: comm syz.4.7858: Bad quota inum: 2, type: 0
[  505.312138][ T7796] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  505.396697][ T7796] EXT4-fs (loop4): mount failed
[  505.691097][ T7833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7859'.
[  505.793230][ T7843] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7860'.
[  506.408113][ T7899] loop7: detected capacity change from 0 to 512
[  506.420643][ T7908] loop6: detected capacity change from 0 to 512
[  506.452970][ T7908] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  506.469994][ T7899] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.7872: Failed to acquire dquot type 1
[  506.486992][ T7899] EXT4-fs (loop7): 1 truncate cleaned up
[  506.493730][ T7908] ext4 filesystem being mounted at /277/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  506.514906][ T7899] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  506.555478][ T7899] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  506.861497][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  506.875398][ T7899] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  506.911726][   T29] kauditd_printk_skb: 64 callbacks suppressed
[  506.911742][   T29] audit: type=1326 audit(1757369719.714:23887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  506.941550][   T29] audit: type=1326 audit(1757369719.714:23888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  506.971740][   T29] audit: type=1326 audit(1757369719.724:23889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  506.995158][   T29] audit: type=1326 audit(1757369719.724:23890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.018748][   T29] audit: type=1326 audit(1757369719.724:23891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.042122][   T29] audit: type=1326 audit(1757369719.764:23892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.065611][   T29] audit: type=1326 audit(1757369719.764:23893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.089178][   T29] audit: type=1326 audit(1757369719.764:23894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.112750][   T29] audit: type=1326 audit(1757369719.764:23895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.136264][   T29] audit: type=1326 audit(1757369719.764:23896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7932 comm="syz.2.7877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  507.328977][ T7999] loop7: detected capacity change from 0 to 1024
[  507.336743][ T7999] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  507.351965][ T7999] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.7881: Invalid block bitmap block 0 in block_group 0
[  507.365878][ T7999] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.7881: Failed to acquire dquot type 0
[  507.378367][ T7999] EXT4-fs error (device loop7): ext4_free_blocks:6696: comm syz.7.7881: Freeing blocks not in datazone - block = 0, count = 4096
[  507.392318][ T7999] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.7881: Invalid inode bitmap blk 0 in block_group 0
[  507.407628][ T7999] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  507.416398][ T3943] EXT4-fs error (device loop7): ext4_release_dquot:6973: comm kworker/u8:10: Failed to release dquot type 0
[  507.416400][ T7999] EXT4-fs (loop7): 1 orphan inode deleted
[  507.433838][ T7999] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  507.577148][ T8012] lo speed is unknown, defaulting to 1000
[  508.020827][ T3394] hid_parser_main: 102 callbacks suppressed
[  508.020842][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.034160][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.041604][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.082427][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  508.114625][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.122208][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.129600][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.137134][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.144528][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.151933][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.159400][ T3394] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  508.237416][ T3394] hid-generic 0000:0000:0000.005E: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  508.973540][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7896'.
[  509.001762][ T8143] loop6: detected capacity change from 0 to 512
[  509.044983][ T8143] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  509.060002][ T8143] ext4 filesystem being mounted at /282/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  509.167773][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.199955][ T8183] loop9: detected capacity change from 0 to 7
[  509.207955][ T8183] Buffer I/O error on dev loop9, logical block 0, async page read
[  509.216084][ T8183] Buffer I/O error on dev loop9, logical block 0, async page read
[  509.223987][ T8183]  loop9: unable to read partition table
[  509.229787][ T8183] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  509.229787][ T8183] 
) failed (rc=-5)
[  509.233782][ T8187] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7900'.
[  509.251982][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7900'.
[  509.367682][ T8203] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7908'.
[  510.238977][ T8328] random: crng reseeded on system resumption
[  510.537507][ T8369] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7923'.
[  510.609090][ T8369] lo speed is unknown, defaulting to 1000
[  510.842759][ T8372] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7924'.
[  510.851785][ T8372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7924'.
[  510.915186][ T8377] loop9: detected capacity change from 0 to 7
[  510.922506][ T8377] Buffer I/O error on dev loop9, logical block 0, async page read
[  510.934965][ T8377] Buffer I/O error on dev loop9, logical block 0, async page read
[  510.942826][ T8377]  loop9: unable to read partition table
[  510.949288][ T8377] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  510.949288][ T8377] 
) failed (rc=-5)
[  511.136432][ T8395] loop7: detected capacity change from 0 to 512
[  511.153399][ T8395] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  511.166581][ T8395] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  511.248737][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.732933][ T8521] bridge8: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  511.776017][ T8537] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  511.776017][ T8537]    program syz.4.7938 not setting count and/or reply_len properly
[  511.833595][ T8543] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7941'.
[  511.842668][ T8543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7941'.
[  512.129815][ T8555] loop9: detected capacity change from 0 to 7
[  512.138011][ T8555] Buffer I/O error on dev loop9, logical block 0, async page read
[  512.146257][ T8555] Buffer I/O error on dev loop9, logical block 0, async page read
[  512.154191][ T8555]  loop9: unable to read partition table
[  512.161070][ T8555] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  512.161070][ T8555] 
) failed (rc=-5)
[  512.195649][ T8557] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7946'.
[  512.205028][ T8557] netlink: 28 bytes leftover after parsing attributes in process `syz.7.7946'.
[  512.374532][   T29] kauditd_printk_skb: 194 callbacks suppressed
[  512.374545][   T29] audit: type=1326 audit(1757369725.184:24088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.416072][ T8563] loop9: detected capacity change from 0 to 7
[  512.422686][ T8563] Buffer I/O error on dev loop9, logical block 0, async page read
[  512.431577][ T8563] Buffer I/O error on dev loop9, logical block 0, async page read
[  512.439393][ T8563]  loop9: unable to read partition table
[  512.445420][   T29] audit: type=1326 audit(1757369725.224:24089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.468945][   T29] audit: type=1326 audit(1757369725.224:24090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.492530][   T29] audit: type=1326 audit(1757369725.224:24091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.515925][   T29] audit: type=1326 audit(1757369725.224:24092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.539471][   T29] audit: type=1326 audit(1757369725.224:24093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.562955][   T29] audit: type=1326 audit(1757369725.224:24094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.586469][   T29] audit: type=1326 audit(1757369725.224:24095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.599934][ T8567] SELinux: ebitmap: map size 4160 does not match my size 64 (high bit was 0)
[  512.609942][   T29] audit: type=1326 audit(1757369725.224:24096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.609968][   T29] audit: type=1326 audit(1757369725.224:24097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8562 comm="syz.7.7949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  512.623361][ T8567] SELinux: failed to load policy
[  512.644282][ T8563] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  512.644282][ T8563] 
) failed (rc=-5)
[  512.734944][ T8572] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  512.734944][ T8572]    program syz.6.7952 not setting count and/or reply_len properly
[  512.765944][ T8574] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7953'.
[  512.774984][ T8574] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7953'.
[  512.849134][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7957'.
[  512.893404][ T8580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7957'.
[  512.916473][ T8584] loop9: detected capacity change from 0 to 7
[  512.933868][ T8584] Buffer I/O error on dev loop9, logical block 0, async page read
[  512.946666][ T8584] Buffer I/O error on dev loop9, logical block 0, async page read
[  512.954519][ T8584]  loop9: unable to read partition table
[  512.993500][ T8584] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  512.993500][ T8584] 
) failed (rc=-5)
[  513.119147][ T8612] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  513.119147][ T8612]    program syz.1.7964 not setting count and/or reply_len properly
[  514.286833][ T8762] loop7: detected capacity change from 0 to 2048
[  515.633862][ T8785] loop7: detected capacity change from 0 to 512
[  515.640505][ T8785] EXT4-fs: Ignoring removed mblk_io_submit option
[  515.647273][ T8785] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  515.658599][ T8785] EXT4-fs (loop7): 1 truncate cleaned up
[  515.664693][ T8785] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  515.741894][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  515.894673][ T8799] __nla_validate_parse: 3 callbacks suppressed
[  515.894769][ T8799] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7994'.
[  515.986903][ T8814] loop4: detected capacity change from 0 to 512
[  515.995538][ T8814] EXT4-fs: Ignoring removed mblk_io_submit option
[  516.002698][ T8814] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  516.021529][ T8814] EXT4-fs (loop4): 1 truncate cleaned up
[  516.027866][ T8814] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  516.127804][ T8846] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8005'.
[  516.493277][ T8898] loop6: detected capacity change from 0 to 1024
[  516.502178][ T8898] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  516.513951][ T8898] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.8009: Invalid block bitmap block 0 in block_group 0
[  516.528215][ T8898] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.8009: Failed to acquire dquot type 0
[  516.540302][ T8898] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.8009: Freeing blocks not in datazone - block = 0, count = 4096
[  516.554092][ T8898] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.8009: Invalid inode bitmap blk 0 in block_group 0
[  516.567114][ T8898] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  516.576084][ T8898] EXT4-fs (loop6): 1 orphan inode deleted
[  516.582211][ T8898] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  516.596008][ T3942] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:9: Failed to release dquot type 0
[  516.620610][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  516.695316][ T8918] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  516.695316][ T8918]    program syz.6.8011 not setting count and/or reply_len properly
[  516.844173][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  517.061769][ T8963] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  517.061769][ T8963]    program syz.2.8022 not setting count and/or reply_len properly
[  517.358595][ T9027] loop7: detected capacity change from 0 to 512
[  517.376084][ T9027] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  517.388772][ T9027] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  517.404073][   T29] kauditd_printk_skb: 462 callbacks suppressed
[  517.404118][   T29] audit: type=1400 audit(1757369730.214:24557): avc:  denied  { ioctl } for  pid=9025 comm="syz.7.8027" path="socket:[94184]" dev="sockfs" ino=94184 ioctlcmd=0x8936 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  517.441597][   T29] audit: type=1400 audit(1757369730.214:24558): avc:  denied  { mounton } for  pid=9025 comm="syz.7.8027" path="/195/file0/file0" dev="loop7" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  517.466165][   T29] audit: type=1400 audit(1757369730.284:24559): avc:  denied  { connect } for  pid=9025 comm="syz.7.8027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  517.485983][   T29] audit: type=1400 audit(1757369730.284:24560): avc:  denied  { name_connect } for  pid=9025 comm="syz.7.8027" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  517.509051][   T29] audit: type=1326 audit(1757369730.284:24561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9025 comm="syz.7.8027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  517.532663][   T29] audit: type=1326 audit(1757369730.284:24562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9025 comm="syz.7.8027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  517.566016][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  517.653531][ T9058] wg2: entered promiscuous mode
[  517.657108][   T29] audit: type=1400 audit(1757369730.464:24563): avc:  denied  { ioctl } for  pid=9057 comm="syz.1.8033" path="socket:[94749]" dev="sockfs" ino=94749 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  517.658475][ T9058] wg2: entered allmulticast mode
[  517.683538][   T29] audit: type=1400 audit(1757369730.464:24564): avc:  denied  { write } for  pid=9057 comm="syz.1.8033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  517.714811][   T29] audit: type=1326 audit(1757369730.524:24565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9063 comm="syz.7.8034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  517.768991][   T29] audit: type=1326 audit(1757369730.554:24566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9063 comm="syz.7.8034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  517.829906][ T9080] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  517.829906][ T9080]    program syz.1.8035 not setting count and/or reply_len properly
[  517.997814][ T9118] loop4: detected capacity change from 0 to 512
[  518.013119][ T9118] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  518.026167][ T9118] ext4 filesystem being mounted at /333/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  518.103965][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  518.115432][ T9133] random: crng reseeded on system resumption
[  518.124684][ T9132] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  518.124684][ T9132]    program syz.2.8046 not setting count and/or reply_len properly
[  518.785389][ T3401] hid_parser_main: 18 callbacks suppressed
[  518.785401][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.798666][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.806099][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.813792][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.821186][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.828591][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.835957][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.843381][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.850773][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.858169][ T3401] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0
[  518.866500][ T3401] hid-generic 0000:0000:0000.005F: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  518.893785][ T9274] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  518.903112][ T9274] FAULT_INJECTION: forcing a failure.
[  518.903112][ T9274] name failslab, interval 1, probability 0, space 0, times 0
[  518.915818][ T9274] CPU: 1 UID: 0 PID: 9274 Comm: syz.4.8052 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  518.915846][ T9274] Tainted: [W]=WARN
[  518.915908][ T9274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  518.915920][ T9274] Call Trace:
[  518.915924][ T9274]  <TASK>
[  518.915929][ T9274]  __dump_stack+0x1d/0x30
[  518.915966][ T9274]  dump_stack_lvl+0xe8/0x140
[  518.915977][ T9274]  dump_stack+0x15/0x1b
[  518.915986][ T9274]  should_fail_ex+0x265/0x280
[  518.916005][ T9274]  should_failslab+0x8c/0xb0
[  518.916018][ T9274]  kmem_cache_alloc_node_noprof+0x57/0x320
[  518.916035][ T9274]  ? __alloc_skb+0x101/0x320
[  518.916085][ T9274]  __alloc_skb+0x101/0x320
[  518.916095][ T9274]  ? audit_log_start+0x365/0x6c0
[  518.916145][ T9274]  audit_log_start+0x380/0x6c0
[  518.916273][ T9274]  audit_seccomp+0x48/0x100
[  518.916286][ T9274]  ? __seccomp_filter+0x68c/0x10d0
[  518.916298][ T9274]  __seccomp_filter+0x69d/0x10d0
[  518.916309][ T9274]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  518.916400][ T9274]  ? vfs_write+0x7e8/0x960
[  518.916454][ T9274]  ? __rcu_read_unlock+0x4f/0x70
[  518.916465][ T9274]  ? __fget_files+0x184/0x1c0
[  518.916480][ T9274]  __secure_computing+0x82/0x150
[  518.916515][ T9274]  syscall_trace_enter+0xcf/0x1e0
[  518.916528][ T9274]  do_syscall_64+0xac/0x200
[  518.916545][ T9274]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  518.916557][ T9274]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  518.916643][ T9274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.916656][ T9274] RIP: 0033:0x7fe4521febe9
[  518.916665][ T9274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.916734][ T9274] RSP: 002b:00007fe450c5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[  518.916746][ T9274] RAX: ffffffffffffffda RBX: 00007fe452435fa0 RCX: 00007fe4521febe9
[  518.916753][ T9274] RDX: 0000000000000000 RSI: 0000200000002080 RDI: 0000000000000000
[  518.916760][ T9274] RBP: 00007fe450c5f090 R08: 0000000000000000 R09: 0000000000000000
[  518.916767][ T9274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.916774][ T9274] R13: 00007fe452436038 R14: 00007fe452435fa0 R15: 00007ffe5ba8a6c8
[  518.916800][ T9274]  </TASK>
[  519.156212][ T9278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8054'.
[  519.191689][ T9284] loop4: detected capacity change from 0 to 512
[  519.206901][ T9284] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  519.219598][ T9284] ext4 filesystem being mounted at /340/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  519.290835][ T9290] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  519.290835][ T9290]    program syz.2.8059 not setting count and/or reply_len properly
[  519.308410][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.329076][ T9292] loop9: detected capacity change from 0 to 7
[  519.335485][ T9292] Buffer I/O error on dev loop9, logical block 0, async page read
[  519.344405][ T9292] Buffer I/O error on dev loop9, logical block 0, async page read
[  519.352247][ T9292]  loop9: unable to read partition table
[  519.358321][ T9292] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  519.358321][ T9292] 
) failed (rc=-5)
[  519.384295][ T9298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8063'.
[  519.421026][ T9300] loop4: detected capacity change from 0 to 512
[  519.427744][ T9300] EXT4-fs: Ignoring removed mblk_io_submit option
[  519.434446][ T9300] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  519.445194][ T9300] EXT4-fs (loop4): 1 truncate cleaned up
[  519.451465][ T9300] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  519.548746][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.734956][ T9316] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  519.734956][ T9316]    program syz.4.8071 not setting count and/or reply_len properly
[  519.775544][ T3401] hid-generic 0000:0000:0000.0060: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  520.909415][ T9092] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  520.965316][ T9353] netlink: 'syz.1.8085': attribute type 4 has an invalid length.
[  520.982240][ T9351] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  520.982346][ T9353] netlink: 'syz.1.8085': attribute type 4 has an invalid length.
[  520.990847][ T9355] netlink: 260 bytes leftover after parsing attributes in process `syz.2.8086'.
[  521.005664][ T9355] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8086'.
[  521.047821][ T3414] hid-generic 0000:0000:0000.0061: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  521.101063][ T9364] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8089'.
[  521.119017][ T9368] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8092'.
[  522.090636][ T9392] netlink: 'syz.7.8100': attribute type 12 has an invalid length.
[  522.101152][ T9392] loop7: detected capacity change from 0 to 512
[  522.112203][ T9392] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.8100: Failed to acquire dquot type 1
[  522.124045][ T9392] EXT4-fs (loop7): 1 truncate cleaned up
[  522.129994][ T9392] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  522.142756][ T9392] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  522.160744][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  522.188439][ T9399] loop7: detected capacity change from 0 to 512
[  522.195057][ T9399] EXT4-fs: Ignoring removed mblk_io_submit option
[  522.201770][ T9399] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  522.212471][ T9399] EXT4-fs (loop7): 1 truncate cleaned up
[  522.218421][ T9399] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  522.833952][ T9403] loop6: detected capacity change from 0 to 1024
[  522.840786][ T9403] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  522.852351][ T9403] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.8103: Invalid block bitmap block 0 in block_group 0
[  522.865993][ T9403] __quota_error: 293 callbacks suppressed
[  522.866007][ T9403] Quota error (device loop6): write_blk: dquota write failed
[  522.879095][ T9403] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  522.889015][ T9403] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.8103: Failed to acquire dquot type 0
[  522.900524][ T9403] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.8103: Freeing blocks not in datazone - block = 0, count = 4096
[  522.913971][ T9403] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.8103: Invalid inode bitmap blk 0 in block_group 0
[  522.926672][ T9403] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  522.926859][ T2219] Quota error (device loop6): do_check_range: Getting block 0 out of range 1-8
[  522.935792][ T9403] EXT4-fs (loop6): 1 orphan inode deleted
[  522.944182][ T2219] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:6: Failed to release dquot type 0
[  522.961666][ T9403] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  522.986078][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  523.030952][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  523.044449][   T29] audit: type=1326 audit(1757369735.854:24856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.070452][   T29] audit: type=1326 audit(1757369735.854:24857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.094053][   T29] audit: type=1326 audit(1757369735.854:24858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.148238][   T29] audit: type=1326 audit(1757369735.954:24859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.171826][   T29] audit: type=1326 audit(1757369735.954:24860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.195238][   T29] audit: type=1326 audit(1757369735.954:24861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.218738][   T29] audit: type=1326 audit(1757369735.954:24862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.7.8105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff99691ebe9 code=0x7ffc0000
[  523.317606][ T9419] loop7: detected capacity change from 0 to 512
[  523.341771][ T9419] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  523.354310][ T9419] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  523.409810][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  523.705732][ T9423] loop7: detected capacity change from 0 to 8192
[  523.714820][ T9423] vfat: Unknown parameter '��A�;�$G�΍��Ռ��a����N����qݒ��w�|�v�7�._���6�>a��7[o��% ��00000000000000000003��������������9�Q��ɟ�t#��>�v12J��~&�{-*\#\n�p����2.'
[  523.832243][ T9430] netlink: 'syz.7.8112': attribute type 7 has an invalid length.
[  524.274325][ T9376] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  524.337181][ T9440] FAULT_INJECTION: forcing a failure.
[  524.337181][ T9440] name failslab, interval 1, probability 0, space 0, times 0
[  524.349883][ T9440] CPU: 1 UID: 0 PID: 9440 Comm: syz.6.8114 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  524.349915][ T9440] Tainted: [W]=WARN
[  524.349922][ T9440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  524.349935][ T9440] Call Trace:
[  524.349942][ T9440]  <TASK>
[  524.349951][ T9440]  __dump_stack+0x1d/0x30
[  524.349973][ T9440]  dump_stack_lvl+0xe8/0x140
[  524.350015][ T9440]  dump_stack+0x15/0x1b
[  524.350029][ T9440]  should_fail_ex+0x265/0x280
[  524.350048][ T9440]  should_failslab+0x8c/0xb0
[  524.350070][ T9440]  __kmalloc_noprof+0xa5/0x3e0
[  524.350097][ T9440]  ? io_cache_alloc_new+0x2a/0xb0
[  524.350215][ T9440]  io_cache_alloc_new+0x2a/0xb0
[  524.350291][ T9440]  __io_prep_rw+0xcf/0x6d0
[  524.350324][ T9440]  ? __io_alloc_req_refill+0x12e/0x1d0
[  524.350350][ T9440]  io_prep_read+0x20/0xa0
[  524.350369][ T9440]  io_submit_sqes+0x5ef/0x1060
[  524.350393][ T9440]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  524.350478][ T9440]  ? 0xffffffff81000000
[  524.350489][ T9440]  ? __rcu_read_unlock+0x4f/0x70
[  524.350506][ T9440]  ? get_pid_task+0x96/0xd0
[  524.350533][ T9440]  ? proc_fail_nth_write+0x13b/0x160
[  524.350562][ T9440]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  524.350588][ T9440]  ? vfs_write+0x7e8/0x960
[  524.350612][ T9440]  ? __cond_resched+0x4e/0x90
[  524.350631][ T9440]  ? fput+0x8f/0xc0
[  524.350716][ T9440]  __x64_sys_io_uring_enter+0x78/0x90
[  524.350739][ T9440]  x64_sys_call+0x2de1/0x2ff0
[  524.350796][ T9440]  do_syscall_64+0xd2/0x200
[  524.350845][ T9440]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  524.350868][ T9440]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  524.350894][ T9440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.350943][ T9440] RIP: 0033:0x7fe686acebe9
[  524.350954][ T9440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.350968][ T9440] RSP: 002b:00007fe68552f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  524.350984][ T9440] RAX: ffffffffffffffda RBX: 00007fe686d05fa0 RCX: 00007fe686acebe9
[  524.351064][ T9440] RDX: 00000000000004c1 RSI: 0000000000000fd0 RDI: 0000000000000006
[  524.351077][ T9440] RBP: 00007fe68552f090 R08: 0000000000000000 R09: 0000000000000000
[  524.351091][ T9440] R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000001
[  524.351102][ T9440] R13: 00007fe686d06038 R14: 00007fe686d05fa0 R15: 00007ffed53f3698
[  524.351117][ T9440]  </TASK>
[  524.612882][ T9442] loop6: detected capacity change from 0 to 1024
[  524.620067][ T9442] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  524.650008][ T9442] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.8115: Invalid block bitmap block 0 in block_group 0
[  524.664018][ T9442] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.8115: Failed to acquire dquot type 0
[  524.676463][ T9442] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.8115: Freeing blocks not in datazone - block = 0, count = 4096
[  524.690238][ T9442] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.8115: Invalid inode bitmap blk 0 in block_group 0
[  524.703496][ T3943] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:10: Failed to release dquot type 0
[  524.725516][ T9442] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  524.736469][ T9442] EXT4-fs (loop6): 1 orphan inode deleted
[  524.742557][ T9442] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  524.773055][ T9453] loop7: detected capacity change from 0 to 512
[  524.780530][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.792469][ T9455] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  524.792469][ T9455]    program syz.1.8121 not setting count and/or reply_len properly
[  524.822103][ T9453] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  524.837076][ T9453] ext4 filesystem being mounted at /222/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  524.978705][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.287022][ T9482] lo speed is unknown, defaulting to 1000
[  525.934168][ T9502] random: crng reseeded on system resumption
[  526.838710][ T9638] loop7: detected capacity change from 0 to 1024
[  526.845604][ T9638] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  526.857252][ T9638] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.8144: Invalid block bitmap block 0 in block_group 0
[  526.870926][ T9638] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.8144: Failed to acquire dquot type 0
[  526.882483][ T9638] EXT4-fs error (device loop7): ext4_free_blocks:6696: comm syz.7.8144: Freeing blocks not in datazone - block = 0, count = 4096
[  526.896199][ T9638] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.8144: Invalid inode bitmap blk 0 in block_group 0
[  526.909147][ T3943] EXT4-fs error (device loop7): ext4_release_dquot:6973: comm kworker/u8:10: Failed to release dquot type 0
[  526.909392][ T9638] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  526.929406][ T9638] EXT4-fs (loop7): 1 orphan inode deleted
[  526.935638][ T9638] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  526.965231][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  527.219233][ T9658] lo speed is unknown, defaulting to 1000
[  528.173285][ T9663] lo speed is unknown, defaulting to 1000
[  528.179465][ T9478] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  528.301728][   T29] kauditd_printk_skb: 149 callbacks suppressed
[  528.301741][   T29] audit: type=1326 audit(1757369741.104:25006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.331399][   T29] audit: type=1326 audit(1757369741.104:25007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.355015][   T29] audit: type=1326 audit(1757369741.104:25008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.453093][ T9677] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8156'.
[  528.491480][   T29] audit: type=1326 audit(1757369741.304:25009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.518524][   T29] audit: type=1326 audit(1757369741.324:25010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.588021][ T9686] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8159'.
[  528.631369][   T29] audit: type=1326 audit(1757369741.434:25011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.655000][   T29] audit: type=1326 audit(1757369741.434:25012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.678587][   T29] audit: type=1326 audit(1757369741.434:25013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.702067][   T29] audit: type=1326 audit(1757369741.434:25014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.725586][   T29] audit: type=1326 audit(1757369741.434:25015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9671 comm="syz.4.8155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe4521febe9 code=0x7ffc0000
[  528.917391][ T9686] lo speed is unknown, defaulting to 1000
[  529.066840][ T9698] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8163'.
[  529.139810][ T9700] loop4: detected capacity change from 0 to 512
[  529.187428][ T9700] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  529.197467][ T9702] loop9: detected capacity change from 0 to 7
[  529.203942][ T9702] Buffer I/O error on dev loop9, logical block 0, async page read
[  529.211878][ T9702] Buffer I/O error on dev loop9, logical block 0, async page read
[  529.219714][ T9702]  loop9: unable to read partition table
[  529.225470][ T9702] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  529.225470][ T9702] 
) failed (rc=-5)
[  529.244400][ T9705] loop6: detected capacity change from 0 to 512
[  529.259379][ T9707] loop9: detected capacity change from 0 to 7
[  529.265819][ T9707] Buffer I/O error on dev loop9, logical block 0, async page read
[  529.270558][ T9705] EXT4-fs: Ignoring removed mblk_io_submit option
[  529.274292][ T9707] Buffer I/O error on dev loop9, logical block 0, async page read
[  529.287921][ T9707]  loop9: unable to read partition table
[  529.290365][ T9705] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  529.303741][ T9707] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  529.303741][ T9707] 
) failed (rc=-5)
[  529.317395][ T9700] EXT4-fs error (device loop4): ext4_quota_enable:7124: comm syz.4.8164: Bad quota inum: 2, type: 0
[  529.328615][ T9700] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  529.343952][ T9700] EXT4-fs (loop4): mount failed
[  529.349285][ T9705] EXT4-fs (loop6): 1 truncate cleaned up
[  529.386160][ T9705] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  529.614703][ T9719] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  529.614703][ T9719]    program syz.1.8171 not setting count and/or reply_len properly
[  529.658026][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.794599][ T9729] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  529.794599][ T9729]    program syz.4.8175 not setting count and/or reply_len properly
[  530.094552][ T9724] lo speed is unknown, defaulting to 1000
[  530.211052][ T9743] loop6: detected capacity change from 0 to 512
[  530.217828][ T9743] EXT4-fs: Ignoring removed mblk_io_submit option
[  530.290242][ T9743] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  530.388088][ T9743] EXT4-fs (loop6): 1 truncate cleaned up
[  530.395816][ T9743] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.704018][   T23] hid_parser_main: 74 callbacks suppressed
[  530.704036][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.717361][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.724963][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.740525][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.747954][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.755409][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.762816][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.770220][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.777603][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.785014][   T23] hid-generic 0000:0000:0000.0062: unknown main item tag 0x0
[  530.795142][   T23] hid-generic 0000:0000:0000.0062: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[  530.899087][ T9767] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8190'.
[  530.908520][ T9767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8190'.
[  531.055241][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.085381][ T9782] random: crng reseeded on system resumption
[  531.157230][ T9793] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8201'.
[  531.247367][ T9798] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8203'.
[  531.269746][ T9802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8204'.
[  531.279083][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8204'.
[  531.349738][ T9810] loop9: detected capacity change from 0 to 7
[  531.357363][ T9810] Buffer I/O error on dev loop9, logical block 0, async page read
[  531.369124][ T9810] Buffer I/O error on dev loop9, logical block 0, async page read
[  531.377081][ T9810]  loop9: unable to read partition table
[  531.391032][ T9810] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  531.391032][ T9810] 
) failed (rc=-5)
[  531.433824][ T9818] netlink: 36 bytes leftover after parsing attributes in process `syz.7.8212'.
[  531.458716][ T9820] loop7: detected capacity change from 0 to 512
[  531.485913][ T9820] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  531.514812][ T9820] ext4 filesystem being mounted at /239/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  531.554226][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.931283][ T9860] loop7: detected capacity change from 0 to 512
[  531.938015][ T9860] EXT4-fs: Ignoring removed mblk_io_submit option
[  531.944847][ T9860] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  531.956906][ T9860] EXT4-fs (loop7): 1 truncate cleaned up
[  531.963514][ T9860] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  531.984931][ T9866] loop6: detected capacity change from 0 to 512
[  531.991643][ T9866] EXT4-fs: Ignoring removed mblk_io_submit option
[  532.001601][ T9866] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  532.028497][ T9866] EXT4-fs (loop6): 1 truncate cleaned up
[  532.038978][ T9866] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  532.083118][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.171762][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.198943][ T9877] loop6: detected capacity change from 0 to 512
[  532.208836][ T9877] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  532.230814][ T9877] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.8233: Bad quota inum: 2, type: 0
[  532.250619][ T9877] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  532.272200][ T9877] EXT4-fs (loop6): mount failed
[  532.368135][ T9889] loop7: detected capacity change from 0 to 8192
[  532.375294][ T9889] vfat: Unknown parameter '��A�;�$G�΍��Ռ��a����N����qݒ��w�|�v�7�._���6�>a��7[o��% ��00000000000000000003��������������9�Q��ɟ�t#��>�v12J��~&�{-*\#\n�p����2.'
[  532.384943][ T9898] loop6: detected capacity change from 0 to 1024
[  532.402771][ T9898] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  532.421783][ T9898] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.8240: Invalid block bitmap block 0 in block_group 0
[  532.440262][ T9898] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.8240: Failed to acquire dquot type 0
[  532.451781][ T9898] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.8240: Freeing blocks not in datazone - block = 0, count = 4096
[  532.470246][ T9898] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.8240: Invalid inode bitmap blk 0 in block_group 0
[  532.488492][ T3943] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:10: Failed to release dquot type 0
[  532.501540][ T9898] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  532.524237][ T9898] EXT4-fs (loop6): 1 orphan inode deleted
[  532.531370][ T9898] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  532.584040][T32763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.597586][ T9906] loop7: detected capacity change from 0 to 8192
[  532.618086][ T9906] vfat: Unknown parameter '��A�;�$G�΍��Ռ��a����N����qݒ��w�|�v�7�._���6�>a��7[o��% ��00000000000000000003��������������9�Q��ɟ�t#��>�v12J��~&�{-*\#\n�p����2.'
[  532.719528][ T9917] loop6: detected capacity change from 0 to 512
[  532.726929][ T9917] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  532.791541][ T9917] EXT4-fs error (device loop6): ext4_quota_enable:7124: comm syz.6.8247: Bad quota inum: 2, type: 0
[  532.810857][ T9917] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[  532.826596][ T9917] EXT4-fs (loop6): mount failed
[  532.853985][ T9925] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  532.853985][ T9925]    program syz.6.8249 not setting count and/or reply_len properly
[  532.928827][ T9934] loop6: detected capacity change from 0 to 512
[  532.942903][ T9934] EXT4-fs (loop6): too many log groups per flexible block group
[  532.950696][ T9934] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  532.957980][ T9934] EXT4-fs (loop6): mount failed
[  533.492819][ T9947] __nla_validate_parse: 8 callbacks suppressed
[  533.492834][ T9947] netlink: 96 bytes leftover after parsing attributes in process `syz.7.8255'.
[  533.564465][   T29] kauditd_printk_skb: 280 callbacks suppressed
[  533.564475][   T29] audit: type=1400 audit(1757369746.374:25293): avc:  denied  { create } for  pid=9957 comm="syz.4.8259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  533.614814][ T9958] pim6reg1: entered promiscuous mode
[  533.630321][   T29] audit: type=1400 audit(1757369746.434:25294): avc:  denied  { attach_queue } for  pid=9957 comm="syz.4.8259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  533.685939][   T29] audit: type=1326 audit(1757369746.494:25295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9961 comm="syz.1.8262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  533.717306][ T9964] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  533.717306][ T9964]    program syz.2.8260 not setting count and/or reply_len properly
[  533.746324][   T29] audit: type=1326 audit(1757369746.524:25296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9961 comm="syz.1.8262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fdba249ebe9 code=0x7ffc0000
[  533.800422][   T29] audit: type=1326 audit(1757369746.584:25297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9967 comm="syz.2.8263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  533.823946][   T29] audit: type=1326 audit(1757369746.584:25298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9967 comm="syz.2.8263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  533.847532][   T29] audit: type=1326 audit(1757369746.584:25299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9967 comm="syz.2.8263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  533.871103][   T29] audit: type=1326 audit(1757369746.584:25300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9967 comm="syz.2.8263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  533.894737][   T29] audit: type=1326 audit(1757369746.584:25301): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9967 comm="syz.2.8263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  533.918553][   T29] audit: type=1326 audit(1757369746.584:25302): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9967 comm="syz.2.8263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb11ef1ebe9 code=0x7ffc0000
[  533.976998][ T9979] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8267'.
[  533.987660][ T9979] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8267'.
[  534.080607][ T9987] loop7: detected capacity change from 0 to 512
[  534.087160][ T9987] EXT4-fs: Ignoring removed mblk_io_submit option
[  534.095215][ T9987] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  534.124642][ T9987] EXT4-fs (loop7): 1 truncate cleaned up
[  534.131607][ T9987] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  534.161777][ T9995] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  534.161777][ T9995]    program syz.1.8273 not setting count and/or reply_len properly
[  534.290520][ T4280] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.376960][T10010] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8278'.
[  534.386387][T10010] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8278'.
[  534.743080][T10023] loop4: detected capacity change from 0 to 512
[  534.751896][T10020] ==================================================================
[  534.759969][T10020] BUG: KCSAN: data-race in fifo_open / wait_for_partner
[  534.766890][T10020] 
[  534.769192][T10020] read-write to 0xffff88811aaef12c of 4 bytes by task 10019 on cpu 1:
[  534.777314][T10020]  fifo_open+0x86/0x5d0
[  534.781451][T10020]  do_dentry_open+0x649/0xa20
[  534.786140][T10020]  vfs_open+0x37/0x1e0
[  534.790205][T10020]  path_openat+0x1c5e/0x2170
[  534.794774][T10020]  do_filp_open+0x109/0x230
[  534.799261][T10020]  do_sys_openat2+0xa6/0x110
[  534.803835][T10020]  __x64_sys_openat+0xf2/0x120
[  534.804027][T10023] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  534.808603][T10020]  x64_sys_call+0x2e9c/0x2ff0
[  534.808626][T10020]  do_syscall_64+0xd2/0x200
[  534.830134][T10020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.836016][T10020] 
[  534.838323][T10020] read to 0xffff88811aaef12c of 4 bytes by task 10020 on cpu 0:
[  534.845937][T10020]  wait_for_partner+0xb5/0x1c0
[  534.850693][T10020]  fifo_open+0x462/0x5d0
[  534.854922][T10020]  do_dentry_open+0x649/0xa20
[  534.859593][T10020]  vfs_open+0x37/0x1e0
[  534.863651][T10020]  path_openat+0x1c5e/0x2170
[  534.868224][T10020]  do_filp_open+0x109/0x230
[  534.872709][T10020]  do_sys_openat2+0xa6/0x110
[  534.877291][T10020]  __x64_sys_open+0xe6/0x110
[  534.881874][T10020]  x64_sys_call+0x1457/0x2ff0
[  534.886534][T10020]  do_syscall_64+0xd2/0x200
[  534.891029][T10020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.896905][T10020] 
[  534.899208][T10020] value changed: 0x00000001 -> 0x00000002
[  534.904900][T10020] 
[  534.907203][T10020] Reported by Kernel Concurrency Sanitizer on:
[  534.913334][T10020] CPU: 0 UID: 0 PID: 10020 Comm: syz.7.8282 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  534.924688][T10020] Tainted: [W]=WARN
[  534.928470][T10020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  534.938505][T10020] ==================================================================
[  534.948059][T10023] ext4 filesystem being mounted at /370/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  534.975760][T32524] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.