last executing test programs:

10.449202345s ago: executing program 2 (id=8):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x21c91c, &(0x7f0000000900), 0x1e, 0x4ea, &(0x7f00000009c0)="$eJzs3VFrW9cdAPD/la3MSZzZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYR9gMMY22NOe9jLoByiUfIRSCLTvpS0tpU3ah0LbqOhKShxHip1GllLr94MjnXt0r/7nXKGje+49XAXQt05HxJmIeFitVs9FxEijPNNIsVVPtfUe3L89W0tJVKvXPkoiknpZbbXxbe95tLHZUET8/jcRf0qejlve2FyaKRYLa43lfGV5NV/e2Dy/uDyzUFgorExNTV6avjx9cXqiI+0cjogrv3rvn3/736+vvPaTm29f/2D8z0mjPOJxOzqt3vRsui+aBiNibT+C9chg2kIAAL4Jmsf5P4yIczESA+nRHAAAAHCQVH8+HF8kEVUAAADgwMqkc2CTTK4xD2A4Mplcrj6H97txJFMslSs/ni+tr8zV58qORjYzv1gsTDTmCo9GNqktT6b5x8sXdixPRcTxiPjHyOF0OTdbKs71+uQHAAAA9ImjO8b/n47Ux//bfN6zygEAAACdM9rrCgAAAAD7zvgfAAAADj7jfwAAADjQfnv1ai1Vm/9/PXdjY32pdOP8XKG8lFten83NltZWcwul0kJ6z77l3d6vWCqt/jRW1m/lK4VyJV/e2Ly+XFpfqVxffOIvsAEAAIAuOv6Du28lEbH1s8NpqjnU60oBXTH4PCu/u3/1ALpvoNcVAHrmuX7/gQMl2+sKAD2X7PJ628k7r3e+LgAAwP4Y+17r6/8Du54b2Mp0qYrAPnH+D/qX6//Qv1z/h/6VjYEwkIf+ttstQIfajRX2fP2/Wn3uSgEAAB01nKYkk4tIzwMMRyaTy0UcS8cE2WR+sViYiIhvR8SbI9lv1ZYn0y2TXecMAwAAAAAAAAAAAAAAAAAAAAAAAAB11WoSVQAAAOBAi8i8n6R3848YGzk7vPP8wKHks5H0OSJu/ufav27NVCprk7Xyjx+VV/7dKL/QizMYAAAAwE7NcXpzHA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfTg/u3ZZupm3A9/GRGjreIPxlD6PBTZiDjySRKD27ZLImKgA/G37kTEiVbxk1q1YrRRi1bxD/c4/tEOxId+drfW//yi1fcvE6fT59bfv0tpD/Xi2vd/mUf930CL+LWyY3uMcfLeK/m28e9EnBxs3f804ydt+p8ze4z/xz9sbrZ7rfrfiLGWvz/JE7HyleXVfHlj8/zi8sxCYaGwMjU1eWn68vTF6Yn8/GKx0HhsGePv33/14bPaf6RN/NFd2n92j+3/8t6t+9+pZ7OPNk8exx8/0/rzP9Emfqbx+f+oka+9PtbMb9Xz2536/xunntX+uTbt3+3zH99j+8/97q/v7HFVAKALyhubSzPFYmGtrzMvtDdqh0UvRStezkxtv379zYf2tYZ/2V6SdObrUDsyfzn2/ItletotAQAA++DpMTAAAAAAAAAAAAAAAAAAAADQbd24nVh2R8yt9LETd88HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOicrwIAAP///B/QPg==")
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x3000046, &(0x7f0000000840)={[{@delalloc}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x1}}, {@i_version}, {@nouid32}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xd2}}, {@abort}, {@nodelalloc}, {@nobh}, {@user_xattr}, {@dioread_lock}, {@dioread_nolock}]}, 0x1, 0x567, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTX/sp66DMVRECntwMpeurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfKTW+6dE3atMuaznw+cMM590fOPbn3nHxPTkIC6Fuj2UMh4uWI+CaJOBIRSb5tMPKNo6v7LT+6MZUtSaysfPpXUt8vyzeeq3HcoTzzUkT89lXEqcLGcquLS7Olcjmdz/NjtbmrY9XFpdOX50oz6Ux6ZWJy8uzbkxPvvftO1+r6xoV/vv/k3odnvz6x/N0vD47eSeJcHM63NddjZ4azh5vNa0ZjNH9NhuLcE3uPP11he07S6xNgRwbydj4UWR9wJAbyVg/8/30ZEStAn0rat/9IdvVMgN3ViAMaY/vNx8EvrqWaj32ePfxgdQC0sf6Dq5+NxP762OjgcrJuZJSNd0e6UH5Wxq9/3r2TLdGVzyEAOnPzVkScGRzc2P8lef+3c2dar97fnHmyDP0f7J57WfzzZqv4p7AW/0SL+OdQi7a7E1u3/8KDLhTTVhb/vd8y/l2btBoZyHMv1GO+oeTS5XJ6Jo+GT8bQviy/2XzO2eX7bWPl5vgvW7LyG7Fgfh4PBvetP2a6VCvVP7jrgoe3Il5pGf8ma9c/aXH9s9fjQodlHE/vvtZu29b1f7ZWfop4veX1fzyjlWw+PzlWvx/GGnfFRn/fPv57u/J7Xf/s+h/cvP4jSfN8bXX7Zfy4/9+03bZ19Y/O7//h5LN6ejhfd71Uq82PRwwnH29cP/H42Ea+sX9W/5MnNu//Wt3/ByLi8w7rf/vYz692VP8eXf/pbV3/7Sfuf/TFD+3K76z/e6ueOpmvqfd/W+j0BJ/mtQMAAAAAAIC9phARhyMpFNfShUKxuPr9jmNxsFCuVGunLlUWrkxH/beyIzFUaMx0H2n6PsR4/n3YRn7iifxkRByNiG8HDtTzxalKebrXlQcAAAAAAAAAAAAAAAAAAIA94lCb3/9n/hjo9dkBz5y//Ib+tWX778Y/PQF7kvd/6F/aP/Qv7R/6l/YP/Uv7h/61rv2b9Ie+4v0f+pf2DwAAAAAAAAAAAAAAAAAAAAAAAAAAAF114fz5bFlZfnRjKstPX1tcmK1cOz2dVmeLcwtTxanK/NXiTKUyU06LU5W5rZ6vXKlcHZ+IhetjtbRaG6suLl2cqyxcqV28PFeaSS+mQ7tSKwAAAAAAAAAAAAAAAAAAAHi+VBeXZkvlcjovIbGjxODeOA2JLid63TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGP/BQAA///oaTpO")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48)

10.187471502s ago: executing program 3 (id=9):
syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x842, &(0x7f0000000200)=ANY=[@ANYBLOB="696f636861727365743d6370313235302c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c74696d655f6f66667365743d3078303030303030303030303030303031652c756d61736b3d30303030303030303030303031353736313035323131332c756d61736b3d30303030303030303030303030303030303030303137342c646d61736b3d3030303030303030303030303030363031302c666d61736b3d30303030303030303030303030303030303030303030302c616c6c6f775f7574696d653d30303030303030303030303030303030303030303036342c7379735f747a2c000000000000b84974a4647e1629f375432f41042ec4fcf5706a510d085e109807ea9c36edc97802f8ae6bce00f4d453d0e704a56fb7ed35ddb60cb64fd4892d76f4550ec3150e2e4f0a2157381ba1864880d601b8c4ac1e8eb0c8bcb450e2fe2ce4176031562a639026158eef77926324e9d49a4698108ae3f39e3897202e060cd9d4bfa3750011278c673394c9a14fe5b25831d4585bdad875df96c940bc29656b13c299bd71da385449d953d5187674f888f02f437a5459690fbee7b13a3335f9291121821d0f95336d73ffb9314d86bb288b1939306532ec4f783f5d8016f11fd8c46bce04d9eb3c9148f0c15acac38bfea6f010c36ead47f6e74a000000000000000000", @ANYRES64=0x0], 0x1, 0x1531, &(0x7f0000000a00)="$eJzs3QuYTlXbOPD7XmvtMSQ9TXIY1lr35kkOyyRJDklySJIkSXJKSJrklYTEkFPSkITkMCSHISSHiUnjfD4fEpImTZKE5JSs/6X41Fvv/33f7+3Ld31z/65rX9b97H2vvfZzP8+z195mnvmmy9CajWtVa0hE8B/BX/5JAoBYABgIANcAQAAA5eLKxV1Yn1Ni0n+2E/bneij1So+AXUlc/+yN65+9cf2zN65/9sb1z964/tkb1z974/ozlp1tnl7wWl6y78L3/7MzPv//H5JVeuwXa0tf3xUg5l/Y2gPXP9vj+v8fgZfOv/8l+FfSuP7ZG9c/u4q90gNg/wvw+z87yPEP13D9szeuP2PZ2ZW+/3ylF4hk7+fgSr/+GGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlD6f9ZQoALrWv9LgYY4wxxhhjjDH25/E5fhurKzUQxhhjjDHGGGOM/Q9CECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+d/KfwF6wIvQE3pBEvSGPvAS9IV+0B8GwEB4GQbBKzAYXoVkGAJD4TUYBq/DcHgDRsBIGAVvwmh4C8bAWBgH4yEFJsBEeBsmwTswGabAVJgGqTAdZsC7MBNmwWx4D+bA+zAX5sF8WABp8AEshEWQDh/CYvgIMmAJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbATvgYdsEnsBv2wF74FPbBZ/9m/qm/y++KgIACBSpUGIMxGIuxmAtzYW7MjXkwD0YwgnEYh3kxL+bDfFgAC2A8xmNhLIwGDRISFsEiGMUoFsNiWByLY0ksiQ4dJmAClsGbsSyWxXJYDstjeayAFbEiVsbKWAWrYFWsitWwGlbH6lgTa+LdeDf2xjpYB+tiXayH9S7dnsKG2BAbYSNsjI2xCTbBptgUm2NzbIktsRW2wtbYGttiW2yH7bA9tsdETMQO2AE7YkfshJ2wM3bGLtgFu2I37Jb1Qg7AF/FF7IXVRW/sg32wLybn6I8DcAC+jIPwFXwFX8VkHIJD8TV8DV/H4XgSR+BIHIWjsIp4C8fgWCQxHlMwBSfiRJyEk3AyTsEpOA1TcTrOwBk4E2fhLHwP5+D7+D7Ow3m4ANMwDRfiIkzHdFyMpzADl+BSXIbLcQUux1W4GlfhWlyHa3EDbsBNuAm34BbchttwB+7Aj1EB4Ce4B/dgMu7Dfbgf92MmZuIBPIBZmIUH8SAewkN4GA/jETyCR/EYHsdjeAJP4Ek8hafxNJ7Fs3gOn4v/qtHHJdYkg7hACSViRIyIFbEil8glcovcIo/IIyIiIuJEnMgr8op8Ip8oIAqIeBEvCovCwggjSIQxACCiIiqKiWKiuCguSoqSwgknEkSCKCPKiLKirCgnbhXlxW2igqgo2rjKorKoItq6quJOUU1UE9VFDVFT1BK1RG1RW9QRdURdUVfUE/VEffGAaCB6Y398SFyoTGMxBJuIodhUNBPy4idYKzEcW4s2oq14QozEEdhetHKJ4mnRQYzBjuJvYiw+KzqL8dhFPC+6im6iu3hB9BCtXU/RS0zG3qKPmIZ9RT/RXwwQM7GGeA/n5KwpXhXJYogYKl4TC/B1MVy8IUaIkWKUeFOMFm+JMWKsGCfGixQxQUwUb4tJ4h0xWUwRU8U0kSqmixniXTFTzBKzxXtijnhfzBXzxHyxQKSJD8RCsUikiw/FYvGRyBBLxFKxTCwXK8RKsUqsFmvEWrFOrBcbxEaxSWwWW8RWsU1sFzvETvGx2CU+EbvFHrFXfCr2ic/EfvG5yBRfiAPiS5ElvhIHxdfikPhGHBbfiiPiO3FUHBPHxffihPhBnBSnxGlxRpwVP4pz4idxXngBEqWQUioZyBiZQ8bKnDKXvErmlsHFZ/daGSevk3nl9TKfzC8LyIIyXhaShaWWRlpJMpRFZFEZlTfIYvJGWVyWkCVlKelkaZkgb5Jl5M2yrLxFlpO3yvLyNllBVpSVZGV5u6wi75CQ+cs+qssasqasJe+WSXCPrCPvlXXlfbKevF/Wlw/IBvJB2VA+JBvJh2Vj+YhsIh+VTWUz2Vy2kC3lY7KVfFy2lm1kW/mEbCeflO3lUzJRPi07SH/xJfKs7Cyfk13k87Kr7Ca7y5/keellT9lLQm+QfeRLsq/sJ/vLAXKgfFkOkq/IwfJVmSyHyKHyNTlMvi6HyzfkCDlSjpJvytHyLTlGjpXj5HiZIifIifJtOUm+IyfLKXKqnCZT5XTZ/2JPs6X8p/lv/0H+4J/3vklullvkVrlNbpc75E75sdwld8ndcrfcK/fKfXKf3C/3y0yZKQ/IAzJLZsmD8qA8JA/Jw/KwPCKPyKPymDwjv5cn5A/ypDwlT8kz8qw8K89dfA5AoRJKKqUCFaNyqFiVU+VSV6nc6mqVR12jIupaFaeuU3nV9Sqfyq8KqIIqXhVShZVWRllFKlRFVFEVVTfgxReMKqlKKadKqwR107+Tr4qpG1VxVeI3+ZfGl/QPxtdStVStVCvVWrVWbVVb1U61U+1Ve5WoElUH1UF1VB1VJ9VJdVadVRfVRXVVXVV31V31UD1UT9VTJakk1Ue9pPqqfqq/GqAGqpfVIDVIDVaDVbJKVkPVUDVMDVPD1XA1Qo1Qo9QoNVqNVmPUGDVOjVMpKkVNVBPVJDVJTVaT1VQ1VaWqVDVDzVAz1Uw1W81Wc9QcNVfNVfPVfJWm0tRCtVClq3S1WC1WGWqJWqKWqWVqhVqhVqlVao1ao9apdWqD2qAy1Ga1WW1VW9V2tV3tVDvVLrVL7Va71V61V+1T+9R+tV9lqkx1QB1QWSpLHVQH1SF1SB1Wh9URdUQdVUfVcXVcnVAn1El1Up1Wp9VZdVadU+fUeXX+wrQvEIEIVKCCmCAmiA1ig1xBriB3kDvIE+QJIkEkiAvigrzB9UG+IH9QICgYxAeFgsKBDkxgA3Gx6NHghqBYcGNQPCgRlAxKBS4oHSQENwVlgpuDssEtQbng1qB8cFtQIagYVAoqB7cHVYI7gqrBnUG14K6gelAjqBnUCu4Oagf3BHWCe4O6wX1BveD+oH7wQNAgeDBoGDwUNAoeDhoHjwRNgkeDpkGzoHnQImj5p/bv/cn8j7ueupdO0r11H/2S7qv76f56gB6oX9aD9Ct6sH5VJ+sheqh+TQ/Tr+vh+g09Qo/Uo/SberR+S4/RY/U4PV6n6Al6on5bT9Lv6Ml6ip6qp+lUPV3P0O/qmXqWnq3f03P0+3qunqfn6wU6TX+gF+pFOl1/qBfrj3SGXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoXfqj/Uu/YnerffovfpTvU9/pvfrz3Wm/kIf0F/qLP2VPqi/1of0N/qw/lYf0d/po/qYPq6/1yf0D/qkPqVP6zP6rP5Rn9M/6fPaX5jcXzi9G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emr8lr8pl8poApYOJNvClsCpsLyJApYoqYqImaYqaYKW6Km5KmpHHGmQSTYMqYMqasKWvKmXKmvClvKpgKppKpZG43t5s7zB3mTnOnucvcZWqYGqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqapqa5aW5ampamlWllWpvWpq1pa9qZdqa9aW8STaLpYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6miSTZPqYPqav6Wv6m/5moBloBplBZrAZbJJNshlqhpphZpgZboabEWakGXVhomreMmPMWDPOjDcpJsVMNBPNJDPJTDaTzVQz1aSaVDPDzDAzzUwz28w2c8wcM9fMNfPNfJNm0sxCs9Ckm3Sz2Cw2GSbDLDVLzXKz3Kw0K81qs9qsNWvNelhvNpqNZrPZbLaarWa72W52mp1ml9lldpvdZq/Za/aZfWa/2W8yTaY5YA6YLJNlDpqD5pA5ZA6bw+aIOWKOmqPmuDluTpgT5qQ5aU6b0+asyX/xfOlNrM1pc9mrbG57tc1jr7F/HxewBW28LWQLW23z2fy/iY21trgtYUvaUtbZ0jbB3vS7uIKtaCvZyvZ2W8XeYav+Lq5t77F17L22rr3P1rJ3/yauZ++39e0jtgEigG1mG9kWtrF9xDaxj9qmtpltblvYdvZJ294+ZRPt07aDfeZ38UK7yK62a+xau87utnvsaXvGHrLf2LP2R9vT9rID7ct2kH3FDrav2mQ75HfxKPumHW3fsmPsWDvOjv9dPNVOs6l2up1h37Uz7azfxWn2AzvHptu5dp6dbxf8HF8YU7r90C62H9kMG8BSu8wutyvsSrvqv8a6zG6wG+0mu8t+YrfabXa73WF3XpoI2z12r/3U7rOf2YP2a5tpv7AH7GGbZb/6Ob5wfIftt/aI/c4etcfscfu9PWF/uPRf/j8f+/f2J3veeguEBCRJUUAxlINiKSfloqsoN11NeegaitC1FEfXUV66nvJRfipABSmeClFh0mTIElFIRagoRekGujS8klSKHJWmBLqJytDNVJZuoXJ0K5Wn26gCVaRKVJlupyp0B1WlO6ka3UXVqQbVpFp0N9Wme6gO3Ut16T6qR/dTfXqAGtCD1JAeokb0MDWmR6gJPUpNqRk1pxbUkh6jVvQ4taY21JaeoHb0JLWnpyiRnqYO9Ax1pL9RJ3qWOtNz1IWep67UjbrTC9SDXqSe1IuSqDf1oZeoL/Wj/jSABtLLNIheocH0KiXTEBpKr9Ewep2G0xs0gkbSKHqTRtNbNIbG0jgaTyk0gSbS2zSJ3qHJNIWm0jRKpek0g96lmTSLZtN7NIfep7k0j+bTAkqjD2ghLaJ0+pAW00eUQUtoKS2j5bSCVtIqWk1raC2to/W0gTbSJtpMW2grbaPttIN20se0iz6h3bSH9tKntI8+o/30OWXSF3SAvqQs+ooO0td0iL6hw/St70Xf0VE6RsfpezpBP9BJOkWn6QydpR/pHP1E58kThBiKUIYqDMKYMEcYG+YMc4VXhbnDq8M84TVhJLw2jAuvC/OG14f5wvxhgbBgGB8WCguHOjShDSkMwyJh0TAa3hAWC28Mi4clwpJhqdCFpcOE8KawTHhzWDa8JSwX3hqWD28LK4QVw0fuqxzeHlYJ7wirhneG1cK7wuphjbBmWOvqu8Pa4T1hnfDesG54X1g2vD+sHz4QNggfDBuGD4WNwofDxuEjYZPw0bBp2CxsHrYIW4aPha3Cx8PWYZuwbfhE2C58MmwfPhUmhk+HHcJnfl5//6J/vD4p7B32CV8KXwq9v1fOjy6IpkU/iC6MLoqmRz+MLo5+FM2ILokujS6LLo+uiK6Mroqujq6Jro2ui66PbohujG6Kel8rBzh0wkmnXOBiXA4X63K6XO4ql9td7fK4a1zEXevi3HUur7ve5XP5XQFX0MW7Qq6w084468iFrogr6qLuBlfM3eiKuxKupCvlnCvtElwL19K1dK3c4661a+PauifcE+5J96R7yj3lnnYd3DOuo/ub6+SedZ3dc+4597zr6rq57u4F18NNyPPLezLJ9XF9XF/X1/V3/d1AN9ANcoPcYDfYJbtkN9QNdcPcMDfcDXcj3Ag3yo1yo91oN8aNcePcOJfiUtxEN9FNcpPcZDfZTXVTXapLdTPcDDfTzXRVZv2yl7lurpvv5rs0l+YWugtzxnS32C12GS7DLXVL3XK33K10K91qt9qtdWvderfebXQb3Wa32W11W912t93tdDvdLrfL7fbX/NKp2+f2u/0u02W6A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcSmRCZGHk7MinyTmRyZEpkamRaJDUyPTIj8m5kZmRWZHbkvcicyPuRuZF5kfmRBZG0yAeRhZFFkfTIh5HFkY8iGZElkaWRZZHlkRUR7wttDX0RX9RH/Q2+mL/RF/clfElfyjtf2if4m3wZf7Mv62/x5fytvry/zVfwFX0l/6hv6pv55r6Fb+kf86384761b+Pb+id8O/+kb++f8on+ad/BP+M7+r/5Tv5Z39k/57v4531X38139y/4Hv5F39P38km+t+/jX/J9fT/f3w/wA/3LfpB/xQ/2r/pkP8QP9a/5Yf51P9y/4Uf4kX5UzJt+9KVLZBjvU/wEP9G/7Sf5d/xkP8VP9dN8qp/uZ/h3/Uw/y8/27/k5/n0/18/z8/0Cn+Y/8Av9Ip/uP/SL/Uc+wy+5dFPZr/Sr/Gq/xq/16/x6v8Fv9Jv8Zr/Fb/Xb/Ha/w+/0H/td/hO/2+/xe/2nfp//zO/3n/tM/4U/4L/0Wf4rf9B/7Q/5b/xh/60/4r/zR/0xf9x/70/4H/xJf8qf9mf8Wf+jP+d/8uf5d9YYY4wxxv4lEy43xW/X/HI7v/cf5IhfbdwHAK7eVjDr1+svzCjX5/ul3U/Et4sAwNO9ujx0aalePSkp6eK2GRKCovMAIHI5PwYux0ugLTwJidAGyvzh+PuJbmfpn/QfvRUg169yYuFyfLn/z0//0Vcf9BOPPTFqYfnwdNz/p/95AMWLXs7JCZfjJdD25/srbaDsPxh//lb/ZPw5v0gBaP2rnNxwOb48/gR4HJ6BxN9syRhjjDHGGGOM/aKfqNTp0vXnpZ/4/KPr8/hffTFADrgc/7Prc8YYY4wxxhhjjF15z3br/tRjiYltOv37jar/rax/udEE/qd65sYfNrwHuPSIAoD/sEOACw35Vx7Flr9kX8kX3zp/v2r5GR/A/45S/hmNK/zBxBhjjDHGGPvTXZ70//Zx/jsAjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYX+ev+DqxK32MjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2JX2/wIAAP//6WoMbA==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xa0242, 0x5)

9.631816828s ago: executing program 1 (id=2):
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000040))

9.60852047s ago: executing program 3 (id=11):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
syz_clone3(&(0x7f0000000340)={0x42107480, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)

8.712445419s ago: executing program 1 (id=14):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000001100)=0x804, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20000004, 0x0, 0x0)

7.17144765s ago: executing program 1 (id=16):
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000500)="178d7c9659be39d13d77365e2f6ff9d7a959c8c2016ffaad8476d336c0f0a2f8f7ee7b67666970e5a6d6b2972070f85338ba67b29b693fad461bd065806d9203d6b9d4c55368ca96dad5a3f0da4650dd98a8c36940d3666ef2efa6ae969c7740a2e91f82274a9975f69383d96babacb2dc6e00810010a6de207d90ccd6f03eb3ce5cbc6bee756d81f38f7ddaf760a47a4361be774ff2e3b9da8a237ad09ca7b3c8019eed1d6d528f2dd899e31d07800ae595a83d07e1d17110698a94d09762e3eab3e69996e8ab0d382a763010863070be986b7d06518c9d389ba6db422730e877eea3383289623fedc08f72b4a4a48ea2045265cb6b5a567ad0c1747844f24e69c17f32690983d8e047b303533ecc4d4715e26141196a9a9e7298ee0143c9204f7e101b0587671143622a800d25c53b951dea9316dd3fc65500a9ead006e2e3123c42eb156f7ce060917bad03316cb537ed0b9a2ad3197d79ee0682137691374469ca6fa34911fb022479bcc7756d3f475da0edc62374422e5ecfcd88ed4805d8ce3290af12e1ba4b2f17b6d56fac9ab97554813268a352810a2ea7ec53558b95eb7dfb6542ba592e5fccb9ff093f50305cfc1586594ecdb32ff4d4491df4e33b806b0a69f93446e4f657cf57f6eb5a91404a04b5060e6051a17cd2c556ca4eb1a720b215ed182c78c3f698b05990bed46dc9392c2ad1db11d787c37e9ae71b9f0fde00dcc085f0764a92b38d6bea9d93998f4c7e6602f19917370132af9b5c9dbef2e33ddc06e2a4f1272338f0805d90d70f29245409ad151f524ac874da6ee3ce3d3a2e0b69c3ac1d6b7598328ff6ce6cc7c9035fb3688bf38fbca361eb83", 0x3}, 0x38)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
write$tun(r5, &(0x7f0000000140)={@void, @val={0x3, 0x1, 0x0, 0x401, 0x2, 0x6}, @eth={@broadcast, @random="3ce5d7cb8553", @val={@void, {0x8100, 0x7, 0x0, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0x2, "01"}}}}}}, 0x1f)
unshare(0x64000600)

6.910911267s ago: executing program 2 (id=17):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000400)={[{}]})

5.728236244s ago: executing program 2 (id=19):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1600000000000000040000000500000000", @ANYBLOB, @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
close(0xffffffffffffffff)
lchown(0x0, 0x0, 0x0)
r7 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000080)={0x0, r7, 0xf4ca, 0x7fffffff, 0xfffffffffffffffc, 0x7ff})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r8}, 0x10)
mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x80c000, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0xd}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)

4.355487034s ago: executing program 0 (id=21):
close(0xffffffffffffffff)

4.27453106s ago: executing program 0 (id=22):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000000))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
sendmmsg$inet(r7, &(0x7f0000000e80)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0xee0000b0}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

4.073402793s ago: executing program 3 (id=23):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000001100)=0x804, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20000004, 0x0, 0x0)

2.89917198s ago: executing program 3 (id=24):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x40881)
pidfd_send_signal(0xffffffffffffffff, 0x28, &(0x7f0000000300)={0x3f, 0x2, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$TIOCSPGRP(r4, 0x5410, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x20000004, 0x0, 0x0)

2.695528523s ago: executing program 0 (id=25):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4010)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)

2.606797479s ago: executing program 2 (id=26):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
capset(0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

1.755541164s ago: executing program 3 (id=27):
r0 = socket(0x1f, 0x3, 0x11)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@getchain={0x24, 0x66, 0x311, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0xc}, {0x0, 0x1}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x54}, 0x44080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xb, &(0x7f00000004c0)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYRES16, @ANYRES8=r1, @ANYRESDEC=r1, @ANYRES8=r0, @ANYRESDEC=r0, @ANYRES64], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000300)={&(0x7f00008a0000/0x3000)=nil, &(0x7f0000000000/0xc00000)=nil, &(0x7f00006f1000/0x3000)=nil, &(0x7f00005da000/0x3000)=nil, &(0x7f0000b43000/0x4000)=nil, &(0x7f0000581000/0x2000)=nil, &(0x7f00001d1000/0x4000)=nil, &(0x7f00007e6000/0x3000)=nil, &(0x7f00006a0000/0x4000)=nil, &(0x7f00006bd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0}, 0x68)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0e880000000000000000000000000000000000000000000000000000b1e46058805928"], 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000080000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x880)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)

1.231674979s ago: executing program 0 (id=28):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000400)={[{}]})

1.231405839s ago: executing program 2 (id=29):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xb, &(0x7f00000001c0)=ANY=[@ANYRESHEX], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000980)={'wg2\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000180)="0b031407e0ff640f0200475400f6a13bb1000e00080008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x9)
r8 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000140)={0xfffffffffffffffc, 0x0, 0x0, r8})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
fsmount(0xffffffffffffffff, 0x1, 0x40)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x22020600)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000003c0)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
close_range(r6, r6, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r5, 0x0, 0x1000000000000}, 0x18)
openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/power/pm_trace_dev_match', 0x20800, 0x2)

925.113459ms ago: executing program 0 (id=30):
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x118)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d39"])

904.17856ms ago: executing program 3 (id=31):
r0 = socket$inet(0x2, 0xa, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007f6f28614b2a2a832e5a95942b8a9e3559bff5dbc188a61d2fc0426473b0b53e2ed370530a6b18a97e7cd7bf0b9129c45847211733e30362a7749bde62d1e52fe313bead74119cfc5c2b78a6506dc3bdf2f5dfa24c2df62f7916deb2f6c5afcee646f3d7832c322cc2d9d60f0f69de01bf3e5733fd6b2fabe353907a6a703fdb81adbb4d0651f9fec3cb076d5692c6caf1da9a696f328376fa3d4e8119db0a2d9270f4947c69c320e892e5642c058a311ef2f9ed048c99ca1bbede8c585cc55df17d367bde33a514c61ff30b3c44cd7dbc2108175756a8fcf762f68ff913b989a17a1227e6de8a262f673fed8d2a3ee51b3c059a5470a87de7ce0da35bfd30d5c939c0e000d2ca284d0de0e69a7f7f3201161f6c3cebaa936806210457116cdadf7df5"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x5c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
socket$nl_netfilter(0x10, 0x3, 0xc)
setitimer(0x1, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002400)=@newtaction={0x68, 0x30, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0xa6, 0xfffffff9, 0x10000000, 0x96, 0x7}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x5}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x2000e095}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()

731.591572ms ago: executing program 1 (id=32):
socket(0x0, 0x9f5faa811eea84c5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
setpriority(0x0, 0x0, 0xacf0165)
fsync(0xffffffffffffffff)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0)
fstat(r1, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/237, 0xed, 0x5)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=")
creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0x301, &(0x7f0000000640)={'\x00', 0x40, 0x200000a, 0x2, 0x8, 0xfffffffffffffffd})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fadvise64(r2, 0xe0ffff, 0x19, 0x3)

467.593279ms ago: executing program 0 (id=33):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000001100)=0x804, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20000004, 0x0, 0x0)

55.392336ms ago: executing program 2 (id=34):
r0 = socket$packet(0x11, 0x3, 0x300)
madvise(&(0x7f00001e4000/0x4000)=nil, 0x4000, 0xe)
setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000040000000300000000", @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x1c, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4008084}, 0x0)

0s ago: executing program 1 (id=35):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x40881)
pidfd_send_signal(0xffffffffffffffff, 0x28, &(0x7f0000000300)={0x3f, 0x2, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$TIOCSPGRP(r4, 0x5410, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x20000004, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts.
[   87.355897][ T5777] cgroup: Unknown subsys name 'net'
[   87.550303][ T5777] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   89.305034][ T5777] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.234626][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   91.243841][ T5788] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   91.252333][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   91.260675][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   91.269716][ T5788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   91.278202][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   91.291776][ T5788] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   91.300966][ T5788] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   91.308701][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   91.315755][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   91.317851][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   91.324947][ T5788] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   91.331997][ T5801] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   91.337811][ T5788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   91.345715][ T5801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   91.352418][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   91.359239][ T5801] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   91.365869][ T5788] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   91.372820][ T5801] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   91.379874][ T5788] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   91.402544][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   91.439637][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   91.449579][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   91.457212][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.052211][ T5796] chnl_net:caif_netlink_parms(): no params data found
[   92.179975][ T5791] chnl_net:caif_netlink_parms(): no params data found
[   92.200452][ T5786] chnl_net:caif_netlink_parms(): no params data found
[   92.232693][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.239918][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.248234][ T5796] bridge_slave_0: entered allmulticast mode
[   92.255565][ T5796] bridge_slave_0: entered promiscuous mode
[   92.285420][ T5789] chnl_net:caif_netlink_parms(): no params data found
[   92.311118][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.318413][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.326159][ T5796] bridge_slave_1: entered allmulticast mode
[   92.334209][ T5796] bridge_slave_1: entered promiscuous mode
[   92.439285][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.453367][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.537507][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.545727][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.553339][ T5786] bridge_slave_0: entered allmulticast mode
[   92.560636][ T5786] bridge_slave_0: entered promiscuous mode
[   92.581721][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.588907][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.596413][ T5791] bridge_slave_0: entered allmulticast mode
[   92.603696][ T5791] bridge_slave_0: entered promiscuous mode
[   92.639685][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.647216][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.654584][ T5786] bridge_slave_1: entered allmulticast mode
[   92.662169][ T5786] bridge_slave_1: entered promiscuous mode
[   92.673065][ T5796] team0: Port device team_slave_0 added
[   92.679512][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.686949][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.694288][ T5791] bridge_slave_1: entered allmulticast mode
[   92.701921][ T5791] bridge_slave_1: entered promiscuous mode
[   92.720690][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.727928][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.735510][ T5789] bridge_slave_0: entered allmulticast mode
[   92.743211][ T5789] bridge_slave_0: entered promiscuous mode
[   92.778316][ T5796] team0: Port device team_slave_1 added
[   92.808937][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.816571][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.823948][ T5789] bridge_slave_1: entered allmulticast mode
[   92.832049][ T5789] bridge_slave_1: entered promiscuous mode
[   92.841808][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.855968][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.879662][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.886735][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.913437][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.928163][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.940794][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.989209][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.996329][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.023375][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.088511][ T5786] team0: Port device team_slave_0 added
[   93.098642][ T5791] team0: Port device team_slave_0 added
[   93.107979][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.121374][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.146935][ T5786] team0: Port device team_slave_1 added
[   93.154690][ T5791] team0: Port device team_slave_1 added
[   93.208947][ T5796] hsr_slave_0: entered promiscuous mode
[   93.215694][ T5796] hsr_slave_1: entered promiscuous mode
[   93.250809][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.257813][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.283897][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.313074][ T5789] team0: Port device team_slave_0 added
[   93.335340][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.342693][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.368816][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.382725][ T5789] team0: Port device team_slave_1 added
[   93.402428][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.409426][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.431961][ T5103] Bluetooth: hci2: command tx timeout
[   93.435598][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.441472][ T5794] Bluetooth: hci3: command tx timeout
[   93.452447][   T50] Bluetooth: hci1: command tx timeout
[   93.463522][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.470589][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.496676][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.510366][   T50] Bluetooth: hci0: command tx timeout
[   93.594570][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.601692][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.627762][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.641035][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.648034][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.674117][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.697898][ T5791] hsr_slave_0: entered promiscuous mode
[   93.705012][ T5791] hsr_slave_1: entered promiscuous mode
[   93.711577][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.719572][ T5791] Cannot create hsr debugfs directory
[   93.805925][ T5786] hsr_slave_0: entered promiscuous mode
[   93.812987][ T5786] hsr_slave_1: entered promiscuous mode
[   93.819433][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.829544][ T5786] Cannot create hsr debugfs directory
[   93.878811][ T5789] hsr_slave_0: entered promiscuous mode
[   93.885583][ T5789] hsr_slave_1: entered promiscuous mode
[   93.892464][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.900112][ T5789] Cannot create hsr debugfs directory
[   94.297234][ T5796] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   94.316944][ T5796] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   94.330038][ T5796] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   94.341900][ T5796] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   94.423960][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.446946][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.476361][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.488170][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.582591][ T5791] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   94.596893][ T5791] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   94.608319][ T5791] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   94.620964][ T5791] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   94.742794][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.764386][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   94.778610][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   94.804233][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   94.816208][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   94.841153][ T5796] 8021q: adding VLAN 0 to HW filter on device team0
[   94.903619][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.911543][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.949921][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.957138][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.999541][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.058792][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.098488][ T5786] 8021q: adding VLAN 0 to HW filter on device team0
[   95.129833][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.137225][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.154297][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.161554][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.181045][ T5791] 8021q: adding VLAN 0 to HW filter on device team0
[   95.245067][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.252307][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.269271][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.276545][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.469883][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.511004][   T50] Bluetooth: hci3: command tx timeout
[   95.516504][   T50] Bluetooth: hci1: command tx timeout
[   95.522924][ T5794] Bluetooth: hci2: command tx timeout
[   95.574611][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.589986][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   95.596939][   T50] Bluetooth: hci0: command tx timeout
[   95.658573][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.665845][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.731707][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.738909][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.795259][ T5796] veth0_vlan: entered promiscuous mode
[   95.882001][ T5796] veth1_vlan: entered promiscuous mode
[   95.916477][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.017781][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.058370][ T5796] veth0_macvtap: entered promiscuous mode
[   96.068305][ T5791] veth0_vlan: entered promiscuous mode
[   96.095522][ T5791] veth1_vlan: entered promiscuous mode
[   96.107380][ T5796] veth1_macvtap: entered promiscuous mode
[   96.193057][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.236440][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.251957][ T5796] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.262319][ T5796] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.271664][ T5796] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.281387][ T5796] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.346759][ T5791] veth0_macvtap: entered promiscuous mode
[   96.356514][ T5786] veth0_vlan: entered promiscuous mode
[   96.368421][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.402864][ T5791] veth1_macvtap: entered promiscuous mode
[   96.445132][ T5786] veth1_vlan: entered promiscuous mode
[   96.534272][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.545699][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.558225][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.572378][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.574041][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.624063][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   96.636203][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.648158][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.683567][ T5791] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.693532][ T5791] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.702400][ T5791] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.713689][ T5791] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.737659][ T5789] veth0_vlan: entered promiscuous mode
[   96.743888][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.745310][ T5786] veth0_macvtap: entered promiscuous mode
[   96.766397][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.787297][ T5786] veth1_macvtap: entered promiscuous mode
[   96.823615][ T5789] veth1_vlan: entered promiscuous mode
[   96.932979][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.948949][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.960744][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.971757][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.986579][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.007699][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.011331][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.019463][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.039961][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.054037][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.058740][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.066247][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.085041][ T5786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.094688][ T5786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.104358][ T5786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.115468][ T5786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.156927][ T5789] veth0_macvtap: entered promiscuous mode
[   97.235801][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.236838][ T5789] veth1_macvtap: entered promiscuous mode
[   97.265167][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.302397][ T5878] input: syz1 as /devices/virtual/input/input5
[   97.421209][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.450218][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.469185][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.480966][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.491286][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.502071][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.515692][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.564462][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.580279][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.599528][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.636912][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.647530][   T50] Bluetooth: hci3: command tx timeout
[   97.656409][   T50] Bluetooth: hci1: command tx timeout
[   97.662173][   T50] Bluetooth: hci2: command tx timeout
[   97.670788][   T50] Bluetooth: hci0: command tx timeout
[   97.721659][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.741986][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.760036][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.771174][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.783320][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.453021][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.463524][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.485623][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.493525][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.535945][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.586097][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.691369][   T28] audit: type=1326 audit(1759842632.732:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   98.739613][   T28] audit: type=1326 audit(1759842632.732:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   98.766914][   T28] audit: type=1326 audit(1759842632.732:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   98.819890][   T28] audit: type=1326 audit(1759842632.732:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   98.856344][   T28] audit: type=1326 audit(1759842632.732:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   98.901380][ T5894] syz.2.8[5894]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   98.929454][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.948255][   T28] audit: type=1326 audit(1759842632.732:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   98.963955][ T5894] loop2: detected capacity change from 0 to 512
[   98.980028][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.050300][ T5894] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   99.060562][   T28] audit: type=1326 audit(1759842632.732:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   99.123133][ T1124] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.138110][ T5900] loop3: detected capacity change from 0 to 256
[   99.156633][   T28] audit: type=1326 audit(1759842632.732:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   99.160215][ T1124] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.188947][ T5900] =======================================================
[   99.188947][ T5900] WARNING: The mand mount option has been deprecated and
[   99.188947][ T5900]          and is ignored by this kernel. Remove the mand
[   99.188947][ T5900]          option from the mount to silence this warning.
[   99.188947][ T5900] =======================================================
[   99.244959][ T5894] EXT4-fs (loop2): failed to initialize system zone (-117)
[   99.278670][ T5894] EXT4-fs (loop2): mount failed
[   99.287552][   T28] audit: type=1326 audit(1759842632.742:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   99.332184][   T28] audit: type=1326 audit(1759842632.742:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5889 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb618eec9 code=0x7ffc0000
[   99.348322][ T5900] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d)
[   99.448107][ T5894] loop2: detected capacity change from 0 to 1024
[   99.482553][ T5894] EXT4-fs: Ignoring removed i_version option
[   99.488685][ T5894] EXT4-fs: Ignoring removed nobh option
[   99.511351][ T5894] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   99.578625][ T5894] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.671806][ T5794] Bluetooth: hci2: command tx timeout
[   99.677405][   T50] Bluetooth: hci1: command tx timeout
[   99.683712][   T50] Bluetooth: hci3: command tx timeout
[   99.693318][ T5909] input: syz1 as /devices/virtual/input/input6
[   99.750796][ T5103] Bluetooth: hci0: command tx timeout
[  101.470171][    C0] sched: RT throttling activated
[  101.903020][  T785] cfg80211: failed to load regulatory.db
[  102.339854][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.499571][ T5931] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  103.718982][ T5944] loop2: detected capacity change from 0 to 512
[  103.918592][ T5944] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.931814][ T5944] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  104.004065][ T5944] netlink: 'syz.2.19': attribute type 13 has an invalid length.
[  104.243846][ T5944] gretap0: refused to change device tx_queue_len
[  104.253502][ T5944] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  107.625889][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.795118][ T5966] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  107.805072][ T5966] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  107.814747][ T5966] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  107.917373][   T28] kauditd_printk_skb: 24 callbacks suppressed
[  107.917389][   T28] audit: type=1800 audit(1759842641.842:36): pid=5966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.25" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  107.948214][ T5966] syz.0.25 (5966) used greatest stack depth: 19432 bytes left
[  108.499708][ T5982] syz.3.31 uses obsolete (PF_INET,SOCK_PACKET)
[  108.513678][ T5981] 9pnet: Unknown protocol version 9
[  108.538675][ T5984] loop1: detected capacity change from 0 to 16
[  108.713811][ T5984] erofs: (device loop1): mounted with root inode @ nid 36.
[  108.811244][ T5984] syz.1.32: attempt to access beyond end of device
[  108.811244][ T5984] loop1: rw=0, sector=8, nr_sectors = 32 limit=16
[  108.828764][ T5985] syz.3.31 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  108.915972][ T5984] syz.1.32: attempt to access beyond end of device
[  108.915972][ T5984] loop1: rw=524288, sector=16, nr_sectors = 32 limit=16
[  108.969934][ T5984] syz.1.32: attempt to access beyond end of device
[  108.969934][ T5984] loop1: rw=524288, sector=8, nr_sectors = 32 limit=16
[  109.286138][ T5789] BUG: Bad page state in process syz-executor  pfn:62040
[  109.293823][ T5789] page:ffffea0001881000 refcount:0 mapcount:0 mapping:ffff88805f7407c8 index:0x2 pfn:0x62040
[  109.305233][ T5789] aops:z_erofs_cache_aops ino:0
[  109.310380][ T5789] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  109.318146][ T5789] page_type: 0xffffffff()
[  109.322651][ T5789] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805f7407c8
[  109.331327][ T5789] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  109.339947][ T5789] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  109.347323][ T5789] page_owner tracks the page as allocated
[  109.353560][ T5789] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5984, tgid 5983 (syz.1.32), ts 108810479400, free_ts 108808307887
[  109.375505][ T5789]  post_alloc_hook+0x1cd/0x210
[  109.380402][ T5789]  get_page_from_freelist+0x195c/0x19f0
[  109.386022][ T5789]  __alloc_pages+0x1e3/0x460
[  109.390744][ T5789]  z_erofs_do_read_page+0x20c0/0x3680
[  109.396176][ T5789]  z_erofs_pcluster_readmore+0x2cf/0x450
[  109.403016][ T5789]  z_erofs_read_folio+0x208/0x540
[  109.408107][ T5789]  filemap_read_folio+0x167/0x760
[  109.413450][ T5789]  do_read_cache_folio+0x470/0x7e0
[  109.418628][ T5789]  erofs_bread+0x16f/0x630
[  109.423188][ T5789]  erofs_namei+0x28c/0xf00
[  109.427678][ T5789]  erofs_lookup+0x135/0x310
[  109.432303][ T5789]  path_openat+0x10b8/0x3190
[  109.436961][ T5789]  do_filp_open+0x1c5/0x3d0
[  109.441628][ T5789]  do_sys_openat2+0x12c/0x1c0
[  109.446357][ T5789]  __x64_sys_creat+0x90/0xb0
[  109.451092][ T5789]  do_syscall_64+0x55/0xb0
[  109.455633][ T5789] page last free stack trace:
[  109.460437][ T5789]  free_unref_page_prepare+0x7ce/0x8e0
[  109.465988][ T5789]  free_unref_page+0x32/0x2e0
[  109.470975][ T5789]  vfree+0x1a6/0x320
[  109.474953][ T5789]  do_ipt_get_ctl+0xea1/0x1140
[  109.479788][ T5789]  nf_getsockopt+0x262/0x280
[  109.484539][ T5789]  ip_getsockopt+0x1c1/0x210
[  109.489194][ T5789]  do_sock_getsockopt+0x368/0x440
[  109.494414][ T5789]  __x64_sys_getsockopt+0x1d6/0x280
[  109.500760][ T5789]  do_syscall_64+0x55/0xb0
[  109.505266][ T5789]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.511665][ T5789] Modules linked in:
[  109.515637][ T5789] CPU: 0 PID: 5789 Comm: syz-executor Not tainted syzkaller #0
[  109.523312][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  109.533427][ T5789] Call Trace:
[  109.536788][ T5789]  <TASK>
[  109.539818][ T5789]  dump_stack_lvl+0x16c/0x230
[  109.545357][ T5789]  ? show_regs_print_info+0x20/0x20
[  109.545428][ T5789]  ? swiotlb_print_info+0x70/0x70
[  109.545465][ T5789]  bad_page+0x14b/0x170
[  109.545498][ T5789]  free_unref_page_prepare+0x887/0x8e0
[  109.545535][ T5789]  free_unref_page+0x32/0x2e0
[  109.545583][ T5789]  ? __folio_put+0xef/0x210
[  109.545606][ T5789]  erofs_try_to_free_all_cached_pages+0x295/0x600
[  109.545640][ T5789]  erofs_shrink_workstation+0x118/0x290
[  109.545678][ T5789]  ? erofs_shrinker_unregister+0x170/0x170
[  109.593031][ T5789]  ? io_schedule+0xd0/0xd0
[  109.597509][ T5789]  ? kobject_put+0x43c/0x470
[  109.602167][ T5789]  erofs_shrinker_unregister+0x5d/0x170
[  109.607787][ T5789]  erofs_put_super+0x4e/0x150
[  109.612604][ T5789]  ? erofs_free_inode+0xb0/0xb0
[  109.617501][ T5789]  generic_shutdown_super+0x134/0x2b0
[  109.622938][ T5789]  kill_block_super+0x44/0x90
[  109.627660][ T5789]  erofs_kill_sb+0x4c/0x140
[  109.632195][ T5789]  deactivate_locked_super+0x97/0x100
[  109.637598][ T5789]  cleanup_mnt+0x429/0x4c0
[  109.642041][ T5789]  task_work_run+0x1ce/0x250
[  109.646681][ T5789]  ? task_work_cancel+0x240/0x240
[  109.651740][ T5789]  ? exit_to_user_mode_loop+0x3b/0x110
[  109.657251][ T5789]  exit_to_user_mode_loop+0xe6/0x110
[  109.662602][ T5789]  exit_to_user_mode_prepare+0xf6/0x180
[  109.668201][ T5789]  syscall_exit_to_user_mode+0x1a/0x50
[  109.673712][ T5789]  do_syscall_64+0x61/0xb0
[  109.678155][ T5789]  ? clear_bhb_loop+0x40/0x90
[  109.682854][ T5789]  ? clear_bhb_loop+0x40/0x90
[  109.687551][ T5789]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.693551][ T5789] RIP: 0033:0x7fb7f9b901f7
[  109.697994][ T5789] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  109.717622][ T5789] RSP: 002b:00007ffc15e36f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  109.726065][ T5789] RAX: 0000000000000000 RBX: 00007fb7f9c11d7d RCX: 00007fb7f9b901f7
[  109.734049][ T5789] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc15e36fe0
[  109.742034][ T5789] RBP: 00007ffc15e36fe0 R08: 0000000000000000 R09: 0000000000000000
[  109.750029][ T5789] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc15e38070
[  109.758015][ T5789] R13: 00007fb7f9c11d7d R14: 000000000001a9f4 R15: 00007ffc15e380b0
[  109.766015][ T5789]  </TASK>
[  109.771330][ T5789] Disabling lock debugging due to kernel taint
[  109.777559][ T5789] BUG: Bad page state in process syz-executor  pfn:616f7
[  109.785344][ T5789] page:ffffea000185bdc0 refcount:0 mapcount:0 mapping:ffff88805f7407c8 index:0x3 pfn:0x616f7
[  109.795600][ T5789] aops:z_erofs_cache_aops ino:0
[  109.800548][ T5789] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  109.809239][ T5789] page_type: 0xffffffff()
[  109.813758][ T5789] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805f7407c8
[  109.822432][ T5789] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000
[  109.831440][ T5789] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  109.838757][ T5789] page_owner tracks the page as allocated
[  109.844537][ T5789] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5984, tgid 5983 (syz.1.32), ts 108810499931, free_ts 108739417033
[  109.866429][ T5789]  post_alloc_hook+0x1cd/0x210
[  109.871293][ T5789]  get_page_from_freelist+0x195c/0x19f0
[  109.876877][ T5789]  __alloc_pages+0x1e3/0x460
[  109.881529][ T5789]  z_erofs_do_read_page+0x20c0/0x3680
[  109.886971][ T5789]  z_erofs_pcluster_readmore+0x2cf/0x450
[  109.892692][ T5789]  z_erofs_read_folio+0x208/0x540
[  109.897754][ T5789]  filemap_read_folio+0x167/0x760
[  109.902892][ T5789]  do_read_cache_folio+0x470/0x7e0
[  109.908122][ T5789]  erofs_bread+0x16f/0x630
[  109.913367][ T5789]  erofs_namei+0x28c/0xf00
[  109.917843][ T5789]  erofs_lookup+0x135/0x310
[  109.922563][ T5789]  path_openat+0x10b8/0x3190
[  109.927664][ T5789]  do_filp_open+0x1c5/0x3d0
[  109.932244][ T5789]  do_sys_openat2+0x12c/0x1c0
[  109.936951][ T5789]  __x64_sys_creat+0x90/0xb0
[  109.941596][ T5789]  do_syscall_64+0x55/0xb0
[  109.946144][ T5789] page last free stack trace:
[  109.950896][ T5789]  free_unref_page_prepare+0x7ce/0x8e0
[  109.956398][ T5789]  free_unref_page+0x32/0x2e0
[  109.961172][ T5789]  tlb_finish_mmu+0x112/0x1d0
[  109.965903][ T5789]  exit_mmap+0x3f0/0xb50
[  109.970232][ T5789]  __mmput+0x118/0x3c0
[  109.974326][ T5789]  exit_mm+0x1da/0x2c0
[  109.978409][ T5789]  do_exit+0x88e/0x23c0
[  109.982651][ T5789]  do_group_exit+0x21b/0x2d0
[  109.987275][ T5789]  get_signal+0x12fc/0x1400
[  109.991845][ T5789]  arch_do_signal_or_restart+0x96/0x780
[  109.997422][ T5789]  exit_to_user_mode_loop+0x70/0x110
[  110.002883][ T5789]  exit_to_user_mode_prepare+0xf6/0x180
[  110.008467][ T5789]  syscall_exit_to_user_mode+0x1a/0x50
[  110.014697][ T5789]  do_syscall_64+0x61/0xb0
[  110.019260][ T5789]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.025343][ T5789] Modules linked in:
[  110.029274][ T5789] CPU: 0 PID: 5789 Comm: syz-executor Tainted: G    B              syzkaller #0
[  110.038392][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  110.048477][ T5789] Call Trace:
[  110.051762][ T5789]  <TASK>
[  110.054703][ T5789]  dump_stack_lvl+0x16c/0x230
[  110.059417][ T5789]  ? show_regs_print_info+0x20/0x20
[  110.064670][ T5789]  ? swiotlb_print_info+0x70/0x70
[  110.069732][ T5789]  bad_page+0x14b/0x170
[  110.073913][ T5789]  free_unref_page_prepare+0x887/0x8e0
[  110.079404][ T5789]  free_unref_page+0x32/0x2e0
[  110.084121][ T5789]  ? __folio_put+0xef/0x210
[  110.088660][ T5789]  erofs_try_to_free_all_cached_pages+0x295/0x600
[  110.095116][ T5789]  erofs_shrink_workstation+0x118/0x290
[  110.100698][ T5789]  ? erofs_shrinker_unregister+0x170/0x170
[  110.106527][ T5789]  ? io_schedule+0xd0/0xd0
[  110.110961][ T5789]  ? kobject_put+0x43c/0x470
[  110.115575][ T5789]  erofs_shrinker_unregister+0x5d/0x170
[  110.121153][ T5789]  erofs_put_super+0x4e/0x150
[  110.125849][ T5789]  ? erofs_free_inode+0xb0/0xb0
[  110.130721][ T5789]  generic_shutdown_super+0x134/0x2b0
[  110.136137][ T5789]  kill_block_super+0x44/0x90
[  110.140920][ T5789]  erofs_kill_sb+0x4c/0x140
[  110.145455][ T5789]  deactivate_locked_super+0x97/0x100
[  110.150856][ T5789]  cleanup_mnt+0x429/0x4c0
[  110.155300][ T5789]  task_work_run+0x1ce/0x250
[  110.159904][ T5789]  ? task_work_cancel+0x240/0x240
[  110.164942][ T5789]  ? exit_to_user_mode_loop+0x3b/0x110
[  110.170425][ T5789]  exit_to_user_mode_loop+0xe6/0x110
[  110.175732][ T5789]  exit_to_user_mode_prepare+0xf6/0x180
[  110.181291][ T5789]  syscall_exit_to_user_mode+0x1a/0x50
[  110.186767][ T5789]  do_syscall_64+0x61/0xb0
[  110.191193][ T5789]  ? clear_bhb_loop+0x40/0x90
[  110.195879][ T5789]  ? clear_bhb_loop+0x40/0x90
[  110.200570][ T5789]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.206486][ T5789] RIP: 0033:0x7fb7f9b901f7
[  110.210912][ T5789] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  110.230553][ T5789] RSP: 002b:00007ffc15e36f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  110.239000][ T5789] RAX: 0000000000000000 RBX: 00007fb7f9c11d7d RCX: 00007fb7f9b901f7
[  110.247146][ T5789] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc15e36fe0
[  110.255183][ T5789] RBP: 00007ffc15e36fe0 R08: 0000000000000000 R09: 0000000000000000
[  110.263187][ T5789] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc15e38070
[  110.271184][ T5789] R13: 00007fb7f9c11d7d R14: 000000000001a9f4 R15: 00007ffc15e380b0
[  110.279285][ T5789]  </TASK>
[  110.283481][ T5789] BUG: Bad page state in process syz-executor  pfn:6176b
[  110.290706][ T5789] page:ffffea000185dac0 refcount:0 mapcount:0 mapping:ffff88805f7407c8 index:0x4 pfn:0x6176b
[  110.300969][ T5789] aops:z_erofs_cache_aops ino:0
[  110.305879][ T5789] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  110.313849][ T5789] page_type: 0xffffffff()
[  110.318228][ T5789] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805f7407c8
[  110.327721][ T5789] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  110.336520][ T5789] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  110.343879][ T5789] page_owner tracks the page as allocated
[  110.349603][ T5789] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5984, tgid 5983 (syz.1.32), ts 108810541457, free_ts 108739399192
[  110.371475][ T5789]  post_alloc_hook+0x1cd/0x210
[  110.376279][ T5789]  get_page_from_freelist+0x195c/0x19f0
[  110.381946][ T5789]  __alloc_pages+0x1e3/0x460
[  110.386577][ T5789]  z_erofs_do_read_page+0x20c0/0x3680
[  110.392977][ T5789]  z_erofs_pcluster_readmore+0x2cf/0x450
[  110.398676][ T5789]  z_erofs_read_folio+0x208/0x540
[  110.404317][ T5789]  filemap_read_folio+0x167/0x760
[  110.409393][ T5789]  do_read_cache_folio+0x470/0x7e0
[  110.414637][ T5789]  erofs_bread+0x16f/0x630
[  110.419092][ T5789]  erofs_namei+0x28c/0xf00
[  110.424323][ T5789]  erofs_lookup+0x135/0x310
[  110.428943][ T5789]  path_openat+0x10b8/0x3190
[  110.433739][ T5789]  do_filp_open+0x1c5/0x3d0
[  110.438453][ T5789]  do_sys_openat2+0x12c/0x1c0
[  110.443257][ T5789]  __x64_sys_creat+0x90/0xb0
[  110.447909][ T5789]  do_syscall_64+0x55/0xb0
[  110.452420][ T5789] page last free stack trace:
[  110.457126][ T5789]  free_unref_page_prepare+0x7ce/0x8e0
[  110.462688][ T5789]  free_unref_page+0x32/0x2e0
[  110.467397][ T5789]  tlb_finish_mmu+0x112/0x1d0
[  110.472154][ T5789]  exit_mmap+0x3f0/0xb50
[  110.476433][ T5789]  __mmput+0x118/0x3c0
[  110.480571][ T5789]  exit_mm+0x1da/0x2c0
[  110.484669][ T5789]  do_exit+0x88e/0x23c0
[  110.488868][ T5789]  do_group_exit+0x21b/0x2d0
[  110.493551][ T5789]  get_signal+0x12fc/0x1400
[  110.498096][ T5789]  arch_do_signal_or_restart+0x96/0x780
[  110.503758][ T5789]  exit_to_user_mode_loop+0x70/0x110
[  110.509123][ T5789]  exit_to_user_mode_prepare+0xf6/0x180
[  110.514768][ T5789]  syscall_exit_to_user_mode+0x1a/0x50
[  110.520314][ T5789]  do_syscall_64+0x61/0xb0
[  110.525743][ T5789]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.531930][ T5789] Modules linked in:
[  110.535864][ T5789] CPU: 0 PID: 5789 Comm: syz-executor Tainted: G    B              syzkaller #0
[  110.544893][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  110.555056][ T5789] Call Trace:
[  110.558367][ T5789]  <TASK>
[  110.561317][ T5789]  dump_stack_lvl+0x16c/0x230
[  110.566072][ T5789]  ? show_regs_print_info+0x20/0x20
[  110.571282][ T5789]  ? swiotlb_print_info+0x70/0x70
[  110.576342][ T5789]  bad_page+0x14b/0x170
[  110.580507][ T5789]  free_unref_page_prepare+0x887/0x8e0
[  110.585982][ T5789]  free_unref_page+0x32/0x2e0
[  110.590676][ T5789]  ? __folio_put+0xef/0x210
[  110.595193][ T5789]  erofs_try_to_free_all_cached_pages+0x295/0x600
[  110.601650][ T5789]  erofs_shrink_workstation+0x118/0x290
[  110.607221][ T5789]  ? erofs_shrinker_unregister+0x170/0x170
[  110.613076][ T5789]  ? io_schedule+0xd0/0xd0
[  110.617530][ T5789]  ? kobject_put+0x43c/0x470
[  110.622239][ T5789]  erofs_shrinker_unregister+0x5d/0x170
[  110.627828][ T5789]  erofs_put_super+0x4e/0x150
[  110.632620][ T5789]  ? erofs_free_inode+0xb0/0xb0
[  110.637492][ T5789]  generic_shutdown_super+0x134/0x2b0
[  110.642886][ T5789]  kill_block_super+0x44/0x90
[  110.647576][ T5789]  erofs_kill_sb+0x4c/0x140
[  110.652098][ T5789]  deactivate_locked_super+0x97/0x100
[  110.657488][ T5789]  cleanup_mnt+0x429/0x4c0
[  110.661916][ T5789]  task_work_run+0x1ce/0x250
[  110.666539][ T5789]  ? task_work_cancel+0x240/0x240
[  110.671590][ T5789]  ? exit_to_user_mode_loop+0x3b/0x110
[  110.677065][ T5789]  exit_to_user_mode_loop+0xe6/0x110
[  110.682363][ T5789]  exit_to_user_mode_prepare+0xf6/0x180
[  110.687925][ T5789]  syscall_exit_to_user_mode+0x1a/0x50
[  110.693424][ T5789]  do_syscall_64+0x61/0xb0
[  110.697860][ T5789]  ? clear_bhb_loop+0x40/0x90
[  110.702550][ T5789]  ? clear_bhb_loop+0x40/0x90
[  110.707234][ T5789]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.713142][ T5789] RIP: 0033:0x7fb7f9b901f7
[  110.717580][ T5789] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  110.737212][ T5789] RSP: 002b:00007ffc15e36f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  110.745640][ T5789] RAX: 0000000000000000 RBX: 00007fb7f9c11d7d RCX: 00007fb7f9b901f7
[  110.753620][ T5789] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc15e36fe0
[  110.761598][ T5789] RBP: 00007ffc15e36fe0 R08: 0000000000000000 R09: 0000000000000000
[  110.769599][ T5789] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc15e38070
[  110.777620][ T5789] R13: 00007fb7f9c11d7d R14: 000000000001a9f4 R15: 00007ffc15e380b0
[  110.785619][ T5789]  </TASK>
[  112.586475][ T5992] syz.2.34 (5992) used greatest stack depth: 17392 bytes left