last executing test programs:

58.775674204s ago: executing program 3 (id=4):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x6}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000380)={0x0, 0x8c}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
syz_emit_ethernet(0x13a, &(0x7f0000000e00)=ANY=[@ANYBLOB="0180c20000030180c200000188a8060081002b0086dd6040000000fc060100000000000000000000000000000000fe8000000000000000000000000000aa0c1b000000000000071000000000020d0600cb00000000000000050200000cbac2081d97de99e395ccf5dfbb5e4ffbf31d23bc3323d59502083678d45533dece21e3798c0bdad7152860eb61da0ebafb08512b63f6b4361322d104551b7645e7942a8cd2204224e39e5196bf833f3e04212ded48fd32dd7c7a960a459e36dc921a2ffd56d318383d510ed16ac649b610eba1d537cf8498ab7ca11abd4708b78e71362f34720a0536464ce0ea124361a6ec4d3678c9a91cf7365c1cafea901f526332e5abc9e1d83d25f9141a500517f2168e7ffa1d6110efeb01c204000000085e0005c8650000004e214e1e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500700009078001396ada745d642fef3930b35b021fc9c7dbf5945953430c7954c2fed98ac368e95e90b81bd3151ccad44595aa2e2933abc9d056164e41e12f6f9d2bbaa4f0425e296d14427f2f0a6d223b6f98aba8e80eb3df67e034f977adccfea5695e80b5e3f4a1de9f880cefdf5ebb3c668662d15f176460bb90f28"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80020001}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101401, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000500)=0x2)
socket$inet6(0xa, 0x3, 0xff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
rt_sigsuspend(&(0x7f00000005c0)={[0x225c17d05]}, 0x4b)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1e000000d5000000070000002500000000080000", @ANYRES32, @ANYBLOB="3c770000000000000000000000000000000000009e4de9680ae99c0232add99afed346c4e5ec494258857300"/56, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0200000004000000020000000300"/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00'}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f0000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@noquota}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x2, 0x4f3, &(0x7f0000000700)="$eJzs3c9vG0sdAPDvOnGTtHk4Dzg8nsSjgofSCmonDW0jDiVICE6VKOXCKYTEiaI4cRQ7bRNVKBV/ABLil+DEiQsSZ4SE+icgpEpwRwiBKmjLgQNgtM6ahtRJnNc4buPPR5ru7M7ufmfqeOzZWXkD6FsXI2ImIgYi4nJEFLLtuSzFzm5K93v29MF8mpJoDN35WxJJtq11riRbXsgOG46Ir30l4lvJy3FrW9src5VKeSNbL9VX10u1re0ry6tzS+Wl8trM1OT16RvT16YnTqytN7/05x9+9+dfvvmbz9774+xfL307rdZoVra3HZ3Y6XC/3abnm/8XLYMRsXGcYK+xgaw9+V5XBACAjqTf8T8cEZ+MiOc/6XVtAAAAgG5ofGE0/pVENAAAAIAzK9e8BzbJFbN7AUYjlysWd+/h/Wicz1WqtfpnFqubawu798qORT63uFwpT2T3Co9FPknXJ5v5F+tX961PRcTbEfH9wkhzvThfrSz0+uIHAAAA9IkL+8b//yjsjv8BAACAM2as1xUAAAAAus74HwAAAM6+A8f/yeDpVgQAAADohq/eupWmRuv51wt3tzZXqnevLJRrK8XVzfnifHVjvbhUrS41f7Nv9ajzVarV9c/F2ub9Ur1cq5dqW9uzq9XNtfps87nes+VG4VSaBQAAAOzx9ice/SGJiJ3PjzRT6lxWlj/68Jnu1g7optzxdk+6VQ/g9A30ugJAz7jBF/pXB2N84Iw7YmD/g33rx7xsAAAAvA7GP/ZK8//mA+ENZiAP/cv8P/Qv8//Qv8z/Q58bOnqX4YMKfnvCdQEAALpmtJmSXDGbCxyNXK5YjHir+ViAfLK4XClPRMSHIuL3hfxQuj7Z60oDAAAAAAAAAAAAAAAAAAAAAAAAwBum0UiiAQAAAJxpEbm/JNmD/McL74/uvz5wLvlnobmMiHs/vfOj+3P1+sZkuv3v/9te/3G2/WprS+obp3wlAwAAAGhpjdNb43gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOEnPnj6Yb6XTjPvkixEx1i7+YAw3l8O/KkTE+edJDO45LomIgROIv/MwIt5pFz9JqxVjWS32x89FxEiP4184gfjQzx6l/c9M+v7L73v/5eJic9n+/TeYpVf15OJB/V+u1f81+7l2/d9bh596uJV59/EvSy+VFrL4DyPeHWzf/7TiJ+3in+u8jd/8+vb2QWWNn0WMH/H5k8Yv1VfXS7Wt7SvLq3NL5aXy2tTU5PXpG9PXpidKi8uVcvZv2xjf+/iv/3NQ/LT959vG3+1/D2x/RLzfYfv//fj+048cEv/Sp9q//u8cEj/9m/h09jmQlo+38ju7+b3e+8Xv3jus/QsHtP/Q1z8iLnXY/su3v/OnDncFAE5BbWt7Za5SKW90JTPStTPLpJnq2lH7pN8TP3CI/Kn8kch0M3M7ew2PfXgPOyUAAKArXnzp319yjAkeAAAAAAAAAAAAAAAAAAAA4JV0/UfIhv7/lwWGe9dUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//V7HNuw==")
chmod(&(0x7f0000000340)='./file1\x00', 0x0)
truncate(&(0x7f0000000000)='./file1\x00', 0x4)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x6, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[], 0x1000f)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r4, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x4, '\x00', r2, r4, 0x2, 0x2, 0x1}, 0x50)

58.240004622s ago: executing program 3 (id=15):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000640)=ANY=[@ANYBLOB="48000000101003e698d4289d05f2c90000000000fbe487e5f66227a8d126666d8ff3d8e558b864ea994b1e46205f3032717f8cd63317471fa21f4263a8cd6f8e123c21a061b8018697f8d6bf5a11da4933ac0d21a66cfd067a4093a58eb7693f30fb05f51e8eb0c53e035add928b37d588c92c1853f191f1356bb33169a9942887ba41ff815fee7aa14e2454c4", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128008000100687372001c00028008000100", @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32=r4, @ANYBLOB="050003000f000000"], 0x48}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000280)='mm_page_free\x00', r5, 0x0, 0x800000000000002}, 0x18)
getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20050890)
r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f00000001c0)=0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e21, 0xad44, @local, 0x7}}, 0x8, 0xcc7}, &(0x7f0000000040)=0x90)

57.609031302s ago: executing program 3 (id=22):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x200, 0xc8, 0x8, 0x0, 0x5803, 0x360, 0x2e8, 0x2e8, 0x360, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00', {}, {}, 0x32}, 0x0, 0x198, 0x200, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1b, 0x2}}, @common=@ah={{0x30}, {[0x0, 0x4d5]}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x4, 0x100, 0x8, 0x8, '\x00', 'syz1\x00', {0xe}}}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x21)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r3 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
creat(0x0, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1b, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000028002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r5}, 0x10)
munlockall()
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r6, 0x80045505, &(0x7f0000000000)=0x1)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x513883, 0x488)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095", @ANYRESOCT=r0, @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

42.574227268s ago: executing program 32 (id=22):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x200, 0xc8, 0x8, 0x0, 0x5803, 0x360, 0x2e8, 0x2e8, 0x360, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00', {}, {}, 0x32}, 0x0, 0x198, 0x200, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1b, 0x2}}, @common=@ah={{0x30}, {[0x0, 0x4d5]}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x4, 0x100, 0x8, 0x8, '\x00', 'syz1\x00', {0xe}}}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x21)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r3 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
creat(0x0, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1b, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000028002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r5}, 0x10)
munlockall()
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r6, 0x80045505, &(0x7f0000000000)=0x1)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x513883, 0x488)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095", @ANYRESOCT=r0, @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

24.971344503s ago: executing program 5 (id=580):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000100)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8)

24.914110534s ago: executing program 5 (id=582):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550)

24.878611424s ago: executing program 5 (id=584):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x8020000)

24.857756365s ago: executing program 5 (id=585):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x48cf, &(0x7f0000000b40)=ANY=[@ANYBLOB='uni_xlate=1,shortname=winnt,rodir,shortname=winnt,quietlshortname=winnt,uni_xlate=1,codepage=950,showexec,uni_xlate=1,ut|8=0,rodir,\x00'], 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100), 0x8c03, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x252)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000680)=r0}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x1a, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, [@alu={0x4, 0x1, 0x8, 0x5, 0x2, 0xc, 0x4}, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x40}, @ldst={0x2, 0x2, 0x8, 0xa, 0x1, 0xfffffffffffffff4, 0xffffffffffffffff}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, @exit, @map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x40}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000500)='GPL\x00', 0x7fff, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000005c0)={0x6, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000700)=[r0, r2], &(0x7f0000000a00)=[{0x3, 0x5, 0x4, 0x8}, {0x0, 0x4, 0xd, 0xb}, {0x3, 0x4, 0x7, 0xb}, {0x1, 0x1, 0x6, 0xb}, {0x2, 0x1, 0x0, 0xa}, {0x0, 0x1, 0xf}, {0x3, 0x2, 0x2, 0x5}], 0x10, 0x7fff}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x60410, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x3ff, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4}, &(0x7f00000001c0)=0x1c)
sendto$inet6(r4, &(0x7f0000000200)="7361de0f5616e9762d4ce412941ce6fd1a2cfb4801f61f31396eaea5f0564b43293c417acca0f63febb26891942e999a35739684c683ae6996768dbdae60d32288d6aeca29b9850adf74c6040a3ea9767e4e1891f51ab79f9c284bd4908521bb5a6a69627c70686f380078777f2fd1291f0d89fab316b1f6ea47a4ade58686fa254288281f2f7bdd70bc60ce2a374a0ef789bdbea8586197bd23864555945f505f0a", 0xa2, 0x40, &(0x7f00000002c0)={0xa, 0x4e23, 0xf4, @private0, 0x7}, 0x1c)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = socket(0x10, 0x803, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c480000", @ANYRES16=0x0, @ANYBLOB="010000000008000000001200000007"], 0x1c}}, 0x0)
r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x101}, 0x18)
write$selinux_load(r6, &(0x7f0000000340)={0xf97cff8c, 0x8}, 0x2000)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'veth1_to_hsr\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)

24.717602527s ago: executing program 5 (id=587):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x4e1d, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000540)=[@mask_fadd={0x58, 0x114, 0x8, {{0xfffffffb, 0x29}, &(0x7f00000001c0)=0x24, &(0x7f0000000340)=0x4, 0xfc58, 0x8000000000000001, 0x3, 0x1, 0x4, 0x2}}, @fadd={0x58, 0x114, 0x6, {{0xf6e}, &(0x7f0000000400)=0x7fff, &(0x7f0000000500)=0x7fffffffffffffff, 0xa4000000000000, 0x1984, 0x400, 0x4, 0x4c, 0x60000000000000}}], 0xb0}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x9, [@volatile, @var={0x2, 0x0, 0x0, 0xe, 0x3}, @typedef={0x7, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x30, 0x61, 0x0, 0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x49, 0x0, 0x1}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x18, r6, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
r7 = epoll_create1(0x0)
r8 = socket(0x1, 0x80802, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x2, r8, 0x0)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r9, 0x4, 0x2070bd28, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0x3}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24040814}, 0x2c011)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000640)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x30, r9, 0x200, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x7fff, 0x100, 0x800, 0xe}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x20000090)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x3, r2, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r2, 0x6e2, 0x600, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
r10 = socket$kcm(0x11, 0x200000000000003, 0x300)
setsockopt$sock_attach_bpf(r10, 0x107, 0xf, &(0x7f0000000340), 0x4)
recvmsg(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001000)=""/253, 0xfd}], 0x1}, 0x2)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ec0)={0x14, r12, 0xc4fc9e906872338b, 0x70bd2d, 0x0, {{0x15}, {@void, @void}}}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="00042cbd7000fedbdf25facbb70900000008000300", @ANYRES32=r13, @ANYBLOB="0c0099000100000074000000110007006152dbe65dda96ab32f3f9d67c000000050008000100000018005080040006000800030005ac0f000700040078f23f0004000b0004002800"], 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4004000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x60, 0x0, 0x100, 0x5, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r13}, @val={0xc, 0x99, {0x7fff, 0x47}}}}, [@NL80211_ATTR_IE={0x25, 0x2a, [@mic={0x8c, 0x18, {0x743, "a2c63f9d75c5", @long="abac89cae94ba6adb3d6752563a0523b"}}, @supported_rates={0x1, 0x2, [{0xb2}, {0x16, 0x1}]}, @erp={0x2a, 0x1, {0x0, 0x0, 0x1}}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x1}}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x6}]}, 0x60}, 0x1, 0x0, 0x0, 0x8080}, 0x20000005)

24.5364388s ago: executing program 5 (id=589):
sched_rr_get_interval(0x0, &(0x7f0000000380))
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r1 = accept(0xffffffffffffffff, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @empty}}, &(0x7f0000000080)=0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002000100000008000a0004000100080017"], 0x3c}}, 0x0)
sendmsg$key(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="020d52021400000026bd7000fedbdf2512001800c1788200b27c95f95c2804e2c47c87c5166d88510d4762d908b847447d2abb379b2f81f756f5d286d4a4aad6e9edbb0da5d30d7c8409e3352b3b91ab7c11b4f6a705e6ed31e0cb387eb9cecc489c4ee715613ed0aae478b2fa94b041a4af994b90c69752e0537010a7864e03c77edff532a8bc848fb8e44fd0c6658980938696486a2d2c9134f21a5c41000000000000"], 0xa0}}, 0x4001)
r4 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000580))
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x4, @mcast1, 0xb}, {0xa, 0x4e23, 0x10000, @loopback, 0x80000000}, 0xffffffffffffffff, 0x1ff}}, 0x48)

24.51131665s ago: executing program 33 (id=589):
sched_rr_get_interval(0x0, &(0x7f0000000380))
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r1 = accept(0xffffffffffffffff, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @empty}}, &(0x7f0000000080)=0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002000100000008000a0004000100080017"], 0x3c}}, 0x0)
sendmsg$key(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="020d52021400000026bd7000fedbdf2512001800c1788200b27c95f95c2804e2c47c87c5166d88510d4762d908b847447d2abb379b2f81f756f5d286d4a4aad6e9edbb0da5d30d7c8409e3352b3b91ab7c11b4f6a705e6ed31e0cb387eb9cecc489c4ee715613ed0aae478b2fa94b041a4af994b90c69752e0537010a7864e03c77edff532a8bc848fb8e44fd0c6658980938696486a2d2c9134f21a5c41000000000000"], 0xa0}}, 0x4001)
r4 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000580))
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x4, @mcast1, 0xb}, {0xa, 0x4e23, 0x10000, @loopback, 0x80000000}, 0xffffffffffffffff, 0x1ff}}, 0x48)

12.960846344s ago: executing program 2 (id=782):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x81, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0)

12.727199048s ago: executing program 2 (id=784):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x2040600)
socket(0x15, 0x5, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
close(r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
cachestat(r2, 0x0, &(0x7f000009de80), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300), 0x4001, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f00000001c0)={<r6=>r4, 0x5, 0x44b9f12f, 0x9})
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000380)={'pim6reg\x00', 0x1})
connect$pppoe(r5, &(0x7f0000000000)={0x18, 0x0, {0x2, @multicast, 'ip_vti0\x00'}}, 0x1e)
connect$pppoe(r5, &(0x7f0000000340)={0x18, 0x0, {0x0, @multicast, 'macvlan0\x00'}}, 0x1e)
fstatfs(0xffffffffffffffff, &(0x7f0000000040)=""/133)

12.639863549s ago: executing program 2 (id=786):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001340)={<r0=>0x0}, &(0x7f0000001380)=0xc)
r1 = syz_open_procfs(r0, &(0x7f0000001300)='limits\x00')
preadv(r1, &(0x7f00000021c0)=[{&(0x7f00000001c0)=""/4075, 0xfeb}], 0x1, 0x96, 0x5)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='cpu<00\t&&')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x65, 0x7f, 0x5, 0x0, 0x0, 0x7, 0x89008, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc46, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x8, 0x7ffffefc, 0x3, 0xfffffffffffffffe, 0x0, 0x4000, 0x0, 0xfc, 0x0, 0x1}, 0x0, 0x6, 0xffffffffffffffff, 0x9)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r5, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x1, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
write$UHID_DESTROY(r5, &(0x7f0000000080), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a80000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r3, 0x0)
r8 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)=<r9=>0x0)
timer_settime(r9, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r10 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x1e5080, 0x0)
preadv2(r10, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1)
r11 = add_key$fscrypt_provisioning(&(0x7f00000011c0), &(0x7f0000001200)={'syz', 0x3}, &(0x7f0000001240)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffb)
r12 = add_key$keyring(&(0x7f0000001280), &(0x7f00000012c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r11, 0xfffffffffffffff9, r12, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000013c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB='3\x00'/12, @ANYRES32, @ANYBLOB="d384b814f748a2d004f9687ffa44327b1dfc63831df2f70a43458d6c4d8a2ae43820b0669e88f49b2b66efc9aa376510bcf3d7b01555dce2106777ddb2966d268b20ec39a4ae04947a5614f9c502aacaf3751edb3bf55cd888a0a88b5ed109f2a8dc65ed485151bc4788e82f8589a3204040d5d2c3c06dad48b10c4e4c07fba44ecc34c42c351332df947a79e69c49cda5d65680b98da8ccf72f98915c97fc70530e5d39b52b8994be533d843c00"/184, @ANYRES64=0x0], 0x20)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

12.123828787s ago: executing program 2 (id=791):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400)=<r2=>0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000"], 0x48)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
unshare(0x2c020400)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="5400ffff0000", 0x6, 0x0, 0x0, 0x2}])

11.878956711s ago: executing program 2 (id=795):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x40000000, 0x5, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000e00)={{r1}, &(0x7f0000000d80), &(0x7f0000000dc0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10)
ptrace(0x10, r0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0xfffffffffffffffc}, 0x18)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00', 0x2, 0xffffffffffffffff)

11.458568587s ago: executing program 2 (id=799):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10400}, 0x94)
mount$9p_fd(0x0, &(0x7f00000004c0)='./bus\x00', &(0x7f0000000540), 0x8000, &(0x7f0000001e40)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES16=r0, @ANYBLOB="2c7766646e6f3d9ff9a841e2eb21486e05ddee41240bc9d3ce3a9a5915be607c5cce0385d1db5d73fe4794696bea5234b5b7209ef99689157147ba0bea60c07affcc3d2706527418b3fbc67dbee9e29d93b4938d36a0e3f01c52cbea346f00e6bf6acce5d8e8eedf69af14bdb88bb7d2d40847bce82093fa40b6ed5f9ee97fdb7265d5342696d18c05b0278e21f98bb64d111424f71bdb84800a55ded9cbfb81313876006e513a28834022aed2e5e1784d02202fc9bca90c3c2552ae9b25346c12942e758c68ba6b3513fed39552171f78882a", @ANYRESHEX=r0, @ANYBLOB=',dfltgid=', @ANYRESHEX=0x0, @ANYBLOB=',loose,posixacl,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB=',loose,noextend,obj_user=,mask=^MAY_WRITE,audit,obj_role=geneve0\x00,rw,obj_type=&[],smackfshat=ceph\x00,\x00'])
prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='wg1\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffff7ffffe9}, 0x18)
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214", 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b000000070000000f0000000900000005"], 0x50)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001840), 0xfffffff7, r1}, 0x38)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="a00100000314000127bd7000fbdbdf250900020073797a320000000008004100736977001400330076657468315f746f5f626f6e640000000900020073797a300000000008004100727865001400330076657468315f746f5f687372000000000900020073797a3200000000080041007278650014003300697036677265300000000000000000000900020073797a3200000000080041007278650014003300697036677265746170300000000000000900020073797a300000000008004100736977001400330073797a6b616c6c6572300000000000000900020073797a3100000000080041007369770014003300677265300000000000000000000000000900020073797a3200000000080041007278650014003300000000000000000000000000000000000900020073797a300000000008004100727865001400330076657468315f766972745f77696669000900020073797a300000000008004100720000000000000000000900020073797a320000000008004100736977001400330064756d6d793000"/416], 0x1a0}, 0x1, 0x0, 0x0, 0x44010}, 0x44000)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000440), 0x2, r1}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000007f1e1ca456a2a2eaf300"/37], 0x50)
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414"], 0x44}, 0x1, 0x2}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0x1000000000000}, 0x18)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x8)
r7 = dup(r6)
r8 = open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x0)
sendfile(r7, r8, 0x0, 0x8000fffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)

11.458161177s ago: executing program 34 (id=799):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10400}, 0x94)
mount$9p_fd(0x0, &(0x7f00000004c0)='./bus\x00', &(0x7f0000000540), 0x8000, &(0x7f0000001e40)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES16=r0, @ANYBLOB="2c7766646e6f3d9ff9a841e2eb21486e05ddee41240bc9d3ce3a9a5915be607c5cce0385d1db5d73fe4794696bea5234b5b7209ef99689157147ba0bea60c07affcc3d2706527418b3fbc67dbee9e29d93b4938d36a0e3f01c52cbea346f00e6bf6acce5d8e8eedf69af14bdb88bb7d2d40847bce82093fa40b6ed5f9ee97fdb7265d5342696d18c05b0278e21f98bb64d111424f71bdb84800a55ded9cbfb81313876006e513a28834022aed2e5e1784d02202fc9bca90c3c2552ae9b25346c12942e758c68ba6b3513fed39552171f78882a", @ANYRESHEX=r0, @ANYBLOB=',dfltgid=', @ANYRESHEX=0x0, @ANYBLOB=',loose,posixacl,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB=',loose,noextend,obj_user=,mask=^MAY_WRITE,audit,obj_role=geneve0\x00,rw,obj_type=&[],smackfshat=ceph\x00,\x00'])
prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='wg1\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffff7ffffe9}, 0x18)
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214", 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b000000070000000f0000000900000005"], 0x50)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001840), 0xfffffff7, r1}, 0x38)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="a00100000314000127bd7000fbdbdf250900020073797a320000000008004100736977001400330076657468315f746f5f626f6e640000000900020073797a300000000008004100727865001400330076657468315f746f5f687372000000000900020073797a3200000000080041007278650014003300697036677265300000000000000000000900020073797a3200000000080041007278650014003300697036677265746170300000000000000900020073797a300000000008004100736977001400330073797a6b616c6c6572300000000000000900020073797a3100000000080041007369770014003300677265300000000000000000000000000900020073797a3200000000080041007278650014003300000000000000000000000000000000000900020073797a300000000008004100727865001400330076657468315f766972745f77696669000900020073797a300000000008004100720000000000000000000900020073797a320000000008004100736977001400330064756d6d793000"/416], 0x1a0}, 0x1, 0x0, 0x0, 0x44010}, 0x44000)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000440), 0x2, r1}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000007f1e1ca456a2a2eaf300"/37], 0x50)
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414"], 0x44}, 0x1, 0x2}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0x1000000000000}, 0x18)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x8)
r7 = dup(r6)
r8 = open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x0)
sendfile(r7, r8, 0x0, 0x8000fffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)

2.260130675s ago: executing program 4 (id=966):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x2, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_setup(0x30, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000008, 0x8010, 0xffffffffffffffff, 0x8000000)
socketpair(0x15, 0xa, 0xe4c, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x100, &(0x7f0000000240)=0xff, 0x0, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}])

1.925392271s ago: executing program 4 (id=970):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e00000085"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000400)='kmem_cache_free\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

1.881765841s ago: executing program 4 (id=971):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000d00)=ANY=[@ANYBLOB], 0x0)

1.828388482s ago: executing program 4 (id=975):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0xfffd, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r1, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8)
r3 = dup2(r1, r2)
fcntl$setown(r3, 0x8, r0)
tkill(r0, 0x13)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r7, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0xc800)

1.403655618s ago: executing program 1 (id=979):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0xfffffffffffffffc, &(0x7f00000002c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={0x0, r3}}, 0x20) (fail_nth: 1)

1.336654699s ago: executing program 1 (id=980):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x2, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_setup(0x30, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000008, 0x8010, 0xffffffffffffffff, 0x8000000)
socketpair(0x15, 0xa, 0xe4c, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x100, &(0x7f0000000240)=0xff, 0x0, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}])

1.070383283s ago: executing program 4 (id=982):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000300f8ffff7f3d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000160600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$selinux_context(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r4}, 0x10)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x40000)
readv(r6, &(0x7f0000000080)=[{&(0x7f0000000880)=""/97, 0x61}], 0x1)

938.567765ms ago: executing program 7 (id=986):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0)
poll(&(0x7f0000000380)=[{r1, 0x2}], 0x1, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
close(r5)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110c23003f)
ioctl$TUNSETOFFLOAD(r5, 0x8004745a, 0x12)
r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r7, @ANYRES32=r4, @ANYBLOB='\a'], 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x800}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xba}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x20000}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=r7, 0x7, 0x0, 0x8, &(0x7f0000000180)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001a00010000000000000000000a"], 0x38}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x9, 0x3, 0x220, 0x90, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x3, &(0x7f0000000180), {[{{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x90, 0xf8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x2, 0xf, 0x80, 'syz0\x00', 'syz1\x00', {0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0xfffffffffffffffc, &(0x7f00000002c0)={<r9=>0xffffffffffffffff}, 0x13f}}, 0x20)
iopl(0x3)
clock_nanosleep(0xfffffff2, 0xca9a3b, &(0x7f0000000000)={0x0, 0x3938700}, 0xfffffffffffffffe)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x4e24, 0x48, @mcast2, 0x4}}, 0x0, 0x0, 0x19, 0x0, "4d29f325ee10f705641f16565503746e2a4eeb98cd5b4709f321aaadcaa871447b6aa2f7c8c8c43b94470815301b38610a472b5f2f324b6f59bb9894508edeba0fcedb8b4d300be761c311ea8324fd37"}, 0xd8)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={0x0, r9}}, 0x20)

907.800946ms ago: executing program 1 (id=987):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000940)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0x9, 0x0, &(0x7f0000000000))

654.4608ms ago: executing program 7 (id=994):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r0, @ANYRES32=<r1=>r0, @ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0xf7}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001280)=ANY=[@ANYRESDEC=r1, @ANYBLOB="90418ea505c029f2710b9e9f027b19ac31b28562703a61a10ee2106cceade23286c1a3ba045e62c60be20bf905e7dfeca703bf9ae603826874eb45fa0ba200c03c5652b751cce2bae4e4270f89771a98addd7acd7321607821b31b6900ec8ec0cfd701c1f397271dbb506009f48ec1f1899eb8210c5791446980ee7c164b5975eec8721668cb0b22bebb6babdbdee8c43bc3952949aad46fc2347545c51cf1fbf6d2e27303815c8849387f33c939925c3943596021703667ccd7f5ab38206d", @ANYBLOB="bb86eb6a03ddab9338d42ab746f4a2a5a2cff472efe01d1f296f6f3c368b9d99f15dded96be105adc6c5bb69aed4296298303146730e3447de43d41fe691dead35b511f4ea1464b29ccadf1d48e01e521311f5e5c6268259dd765372d36b1ea380cb5a801f5d6cb0bd5752d876901c101ded3fb8f157fe811adc45fb54140766383b3d18e55bf197869f5d43203d6bd54a57674ba5369ba3df481d0c92932b1b387f010de7107d8b7434687032a49a900ccc19153ba055515a3c39ce42e70bafafa9d08a4115161e5489213c81d10f4a3575ab3306936b7604828e43548d1681c7d3767382b815bb4ea4515ba4e5260b0d73", @ANYRESOCT=0x0, @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0b}, 0x94)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))
r4 = syz_open_procfs(0x0, 0x0)
r5 = syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x14806, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0], 0x0, 0x700, &(0x7f0000000a40)="$eJzs3V2P21gZB/D/STJJJoWqAlStqm7ndMpKUzGkTmabKipIGOckY0jiyPbAjIS0KnRmNWqmQFskmpt2bniRli/A3d5wwYdYiQuu9lvAFUgrEBJiBUJGPrbzMnEykzadbtn/b7Qbx358zuNjr896xj4GERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERQVgNw6gItO3uzq6czWq4Tif5ksXU8qi0FdyMJm7Oq3MlrBcQ4T8oFvFWNPutr4xCLof/WsfV6NtVFMOPIgYXLl+6++VcJll/TsIvAosW+Pjp4MG9fn//0Rlis1i4+NcJmTMEtVTX9hy7Y7aUtD1H1ms149Z205NNu628Pc9XHWm5KuM7rtywbspKvb4lVXnP2em2GmZbJTPvfL1qGDX5nUK0owGUPWvbbrftbkvHhIvDmDvygx9EAcrsSHlw2N/fGsvnWVobh0GVlOQz48FhUPW0za0a1WqlUq1Warfrt+8YRm5qhhESxhCmIpZ+0NIbZrkncKKXkLEa/zH+JIA2iuhiB7uQqT8WGnDhoDNjeSzp/9+5pebWO97/J738ymjxFej+/1r07dqs/n9GLhJSr5C2RMyYv9jPis5I4jGeYoAHuIc++tjHoyWULSHXXrqEvBG35FLymfnTgkIXNjw4sNGBiRa+CBnPkaijhhoMvIdtNOFBogkbbSh42IMHHyo8ovJhpgomfDhwIbEBCzchUUEddWxBQqGMPTjYQRctNGDiX0EQHOBQt/tWnM/zlK1GElSZsREF5JLjbh/VOVs7q///4bNo7bj/N9j/f15Fx0Eh+vh4XgzRZ0AQX/8vaO3VZENEREREREREr4LQv30X+q/ybwMI0LTbypiIKby27IiIiIiIiIhoGQSCAq5CRHfl422I6et/IiIiIiIiInqzCf2MnQBQ0jf1i9HjUmf5JUD2HFIkIiIiIiIiopekn/y/lgcCfZf/GsRC1/9ERERERERE9Ab41dgY+7lsPMZukPxZPwNg7c8F8dHfCnBXxHFv96viyAyXmEdxzNQdAH7zirgYD9SrP/IA9DdLXRVxbRL4Z/Lbh9AnB+lj/T8PIkII90QC+ex4ATMSEGHNtVz8DR/gerTK9Xic+fuDDPSSaEThUtNuq7LltO9WYJoXM77a9X/28PDngDvczoPD/n75Rz/u39e5HIezjo/CQp9NpJNJb4xRLk/0eAv6mYu00Y1X0Uyq/HW3UxK6XiPZ/izMo8x4RfN2QG0ViLbyF1iP9tl6EMWWBsMR9wWwpgd/qJT1LpvYendFjLKonNzytB0xY8uLOosbUcyNjRvRR9ImYTkZUfxaFqiWp/fBRBbV8SxObwvx9xPtPz8LiGLYFlthFn8ICzqRxfc/ilbe6u0mw2OcJYupo4CI6HU5GPVCehDzqTH2k+4hOamdvd9BDojPcjN691EtQdx/JL37k98GUQ+VBXLx3ybSa0n6FYRn9A2hy8lHA7rnrqSc0Y3yp0EQmBeLGD+j/zcIkg0yFujdjoMgOHlG//3oHUhx2lNZ/DsIgrsV3ZP85kSv+mG4wocz6/Xa1SyKKODJ0U/0APih9/ff339YrW7VjHcN43YVK/p/FeKPLNj3EBHRlNPfsaMjMnMixLu4HpVx/f5f34mmJnq8L8W3FGi3gD7uYzN5hcBaeqklHOCb/4huQ9iMrlqB9VL0WRrIy5fuhle1w9hDkdNveNmceVWn+9IoVt/eUB3GJu8dOnkFOIrdesV7gYiI6Hytz+iHgYn+H5P9f3Gi/9/ERhSxcSX1urs0dkvhZnJ1PLykH1w4To2tnJ78t5bcGERERJ8Tyv1ElPxfCte1e+9V6vWK6W8r6TrWd6VrN1pK2l1fuda22W0p2XMd37Gctuy5KNirypPeTq/nuL5sOq7sOZ69q9/8LuNXv3uqY3Z92/J6bWV6SlpO1zctXzZsz5K9nW+3bW9buXplr6csu2lbpm87Xek5O66lylJ6So0F2g3V9e2mHU52Zc+1O6a7J7/ntHc6SjaUZ7l2z3eiApO67G7TcTu62DKChV90SERE9P/o8dPBg3v9/v6jkxOr4aV5NOcYM2KmJ/IpBXKMICIios+YUXe9wErFV5gQERERERERERERERERERERERERERERERFNOf2RvgUnVtIeFgSGc356MZ6D5xg9YjhVjsDL5vOp+0c9sN+LrJ5ZtNLkkYjBg4/nBK8O5yTNPx5zvEiluAS8cPv85QvABT0H0ZzcEg+A6edHl36MpU184yBq0VkxemHqosJwX+SW/59DOPHwd9OLRNjyQRAE81cvTLZh/uzHcw7Ao/ycXbB6yvFz3mciIjpv/wsAAP//eO06pA==")
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10}, 0x94)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200000, 0x0, 0x6, 0x5})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000300)={0x0, 0x4}, 0x8)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="000000002008000020001280080100736974001400028005000a0001f8917adf2815ed87000000"], 0x40}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x4})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x18)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)
open$dir(&(0x7f00000002c0)='./file1\x00', 0x200, 0x53)
getdents(r5, &(0x7f00000005c0)=""/155, 0x9b)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000003a711a598f3b11960000"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

572.191831ms ago: executing program 7 (id=996):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x8020000)

548.610612ms ago: executing program 1 (id=997):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x2, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_setup(0x30, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000008, 0x8010, 0xffffffffffffffff, 0x8000000)
socketpair(0x15, 0xa, 0xe4c, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x100, &(0x7f0000000240)=0xff, 0x0, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}])

518.097572ms ago: executing program 7 (id=998):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async, rerun: 64)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x10514, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xc}, 0x2ef8, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async, rerun: 64)
r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t r'], 0x27) (async)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x57, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfffffffdffff18d6, 0x96ef}, 0x1206c, 0x80, 0x7, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffbfffffffffffff, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18) (async, rerun: 64)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0900000004000000abbf00000800000040000000", @ANYRES32, @ANYBLOB="ea00000000000000000001000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="3a72acc97b250fe1db929f7324b052981800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
getrandom(&(0x7f0000000340)=""/79, 0x4f, 0x3) (rerun: 32)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_uring_setup(0x36db, &(0x7f0000000280)={0x0, 0xfa2f, 0x1, 0x0, 0x310}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r4}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r3}, 0x10) (async)
accept$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev}, &(0x7f0000000300)=0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r5, &(0x7f0000000180), 0x40010)

430.491473ms ago: executing program 0 (id=1000):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x10, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b705"], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x2, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@can_newroute={0x14c, 0x18, 0x1, 0x0, 0x25dfdbfd, {}, [@CGW_MOD_XOR={0x15, 0x3, {{{0x2, 0x0, 0x1}, 0x7, 0x3, 0x0, 0x0, "03f87323f43325bd"}, 0x6}}, @CGW_CS_CRC8={0x11e, 0x6, {0x3d, 0x0, 0x0, 0x8, 0xe, "c1f61035f07374985891d5678659cf34f90b4511314ee61aef2d0b0160d287e402f87468e8434099ef1ba4477d3327c25a58a8f1b170e2267e016dd956655a51f47edb050b377f3807f55ba0e0ea4fb6c246e58b5624799a916fea44111e74182f1ccfe8033196e4903da661f7dc111cb035f18920525d96518344ba9b3912bc689c45a0521e80369eddde00de58abb7d0f099009f6dbad39a731d3227dc0aaaa05f342b8a5306124d6316afcede5ab604e1033a923647564b2142a30035b8559ce78ba6da3e9ad69ba1ee2cb2d7c383eeb3c2824d37521caa7e424f1000a5431f09656bf0487c358adf32c636ffd960e4fb3677c67a506a276b2cc799b91db5", 0x0, "13d9c85a85c4db2dafe558ade3379f8083e81185"}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x4000000}, 0x404c050)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140))
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00'}, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, 0x0, 0xffc9)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff})
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r7 = dup(r6)
write$P9_RLERRORu(r7, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r7, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
fcntl$setlease(r0, 0x400, 0x0)

401.074043ms ago: executing program 6 (id=1002):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000001c0), 0x81, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0)

384.992954ms ago: executing program 6 (id=1003):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)

367.151044ms ago: executing program 6 (id=1004):
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000000400)={{0x0, 0x9, 0x5, 0x6, 0xafc, 0xe, 0x3, 0x180000, 0xf, 0x2, 0x2, 0x4, 0x9, 0x8, 0x5}}) (async)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000000400)={{0x0, 0x9, 0x5, 0x6, 0xafc, 0xe, 0x3, 0x180000, 0xf, 0x2, 0x2, 0x4, 0x9, 0x8, 0x5}})
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4d8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c952197b0a508c0e16fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb)
r2 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xd4, 0x1, 0x0, 0x0, 0x0, 0xf, 0x9211, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0xa}, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000a, 0x12, r0, 0x80000000) (async)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000a, 0x12, r0, 0x80000000)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) (async)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000180)={0xd2, @time={0x95}, 0x0, {}, 0x0, 0x2})

346.644844ms ago: executing program 0 (id=1005):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)

339.555774ms ago: executing program 1 (id=1006):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r0, @ANYRES32=<r1=>r0, @ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0xf7}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001280)=ANY=[@ANYRESDEC=r1, @ANYBLOB="90418ea505c029f2710b9e9f027b19ac31b28562703a61a10ee2106cceade23286c1a3ba045e62c60be20bf905e7dfeca703bf9ae603826874eb45fa0ba200c03c5652b751cce2bae4e4270f89771a98addd7acd7321607821b31b6900ec8ec0cfd701c1f397271dbb506009f48ec1f1899eb8210c5791446980ee7c164b5975eec8721668cb0b22bebb6babdbdee8c43bc3952949aad46fc2347545c51cf1fbf6d2e27303815c8849387f33c939925c3943596021703667ccd7f5ab38206d", @ANYBLOB="bb86eb6a03ddab9338d42ab746f4a2a5a2cff472efe01d1f296f6f3c368b9d99f15dded96be105adc6c5bb69aed4296298303146730e3447de43d41fe691dead35b511f4ea1464b29ccadf1d48e01e521311f5e5c6268259dd765372d36b1ea380cb5a801f5d6cb0bd5752d876901c101ded3fb8f157fe811adc45fb54140766383b3d18e55bf197869f5d43203d6bd54a57674ba5369ba3df481d0c92932b1b387f010de7107d8b7434687032a49a900ccc19153ba055515a3c39ce42e70bafafa9d08a4115161e5489213c81d10f4a3575ab3306936b7604828e43548d1681c7d3767382b815bb4ea4515ba4e5260b0d73", @ANYRESOCT=0x0, @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0b}, 0x94)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))
r4 = syz_open_procfs(0x0, 0x0)
r5 = syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x14806, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0], 0x0, 0x700, &(0x7f0000000a40)="$eJzs3V2P21gZB/D/STJJJoWqAlStqm7ndMpKUzGkTmabKipIGOckY0jiyPbAjIS0KnRmNWqmQFskmpt2bniRli/A3d5wwYdYiQuu9lvAFUgrEBJiBUJGPrbzMnEykzadbtn/b7Qbx358zuNjr896xj4GERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERQVgNw6gItO3uzq6czWq4Tif5ksXU8qi0FdyMJm7Oq3MlrBcQ4T8oFvFWNPutr4xCLof/WsfV6NtVFMOPIgYXLl+6++VcJll/TsIvAosW+Pjp4MG9fn//0Rlis1i4+NcJmTMEtVTX9hy7Y7aUtD1H1ms149Z205NNu628Pc9XHWm5KuM7rtywbspKvb4lVXnP2em2GmZbJTPvfL1qGDX5nUK0owGUPWvbbrftbkvHhIvDmDvygx9EAcrsSHlw2N/fGsvnWVobh0GVlOQz48FhUPW0za0a1WqlUq1Warfrt+8YRm5qhhESxhCmIpZ+0NIbZrkncKKXkLEa/zH+JIA2iuhiB7uQqT8WGnDhoDNjeSzp/9+5pebWO97/J738ymjxFej+/1r07dqs/n9GLhJSr5C2RMyYv9jPis5I4jGeYoAHuIc++tjHoyWULSHXXrqEvBG35FLymfnTgkIXNjw4sNGBiRa+CBnPkaijhhoMvIdtNOFBogkbbSh42IMHHyo8ovJhpgomfDhwIbEBCzchUUEddWxBQqGMPTjYQRctNGDiX0EQHOBQt/tWnM/zlK1GElSZsREF5JLjbh/VOVs7q///4bNo7bj/N9j/f15Fx0Eh+vh4XgzRZ0AQX/8vaO3VZENEREREREREr4LQv30X+q/ybwMI0LTbypiIKby27IiIiIiIiIhoGQSCAq5CRHfl422I6et/IiIiIiIiInqzCf2MnQBQ0jf1i9HjUmf5JUD2HFIkIiIiIiIiopekn/y/lgcCfZf/GsRC1/9ERERERERE9Ab41dgY+7lsPMZukPxZPwNg7c8F8dHfCnBXxHFv96viyAyXmEdxzNQdAH7zirgYD9SrP/IA9DdLXRVxbRL4Z/Lbh9AnB+lj/T8PIkII90QC+ex4ATMSEGHNtVz8DR/gerTK9Xic+fuDDPSSaEThUtNuq7LltO9WYJoXM77a9X/28PDngDvczoPD/n75Rz/u39e5HIezjo/CQp9NpJNJb4xRLk/0eAv6mYu00Y1X0Uyq/HW3UxK6XiPZ/izMo8x4RfN2QG0ViLbyF1iP9tl6EMWWBsMR9wWwpgd/qJT1LpvYendFjLKonNzytB0xY8uLOosbUcyNjRvRR9ImYTkZUfxaFqiWp/fBRBbV8SxObwvx9xPtPz8LiGLYFlthFn8ICzqRxfc/ilbe6u0mw2OcJYupo4CI6HU5GPVCehDzqTH2k+4hOamdvd9BDojPcjN691EtQdx/JL37k98GUQ+VBXLx3ybSa0n6FYRn9A2hy8lHA7rnrqSc0Y3yp0EQmBeLGD+j/zcIkg0yFujdjoMgOHlG//3oHUhx2lNZ/DsIgrsV3ZP85kSv+mG4wocz6/Xa1SyKKODJ0U/0APih9/ff339YrW7VjHcN43YVK/p/FeKPLNj3EBHRlNPfsaMjMnMixLu4HpVx/f5f34mmJnq8L8W3FGi3gD7uYzN5hcBaeqklHOCb/4huQ9iMrlqB9VL0WRrIy5fuhle1w9hDkdNveNmceVWn+9IoVt/eUB3GJu8dOnkFOIrdesV7gYiI6Hytz+iHgYn+H5P9f3Gi/9/ERhSxcSX1urs0dkvhZnJ1PLykH1w4To2tnJ78t5bcGERERJ8Tyv1ElPxfCte1e+9V6vWK6W8r6TrWd6VrN1pK2l1fuda22W0p2XMd37Gctuy5KNirypPeTq/nuL5sOq7sOZ69q9/8LuNXv3uqY3Z92/J6bWV6SlpO1zctXzZsz5K9nW+3bW9buXplr6csu2lbpm87Xek5O66lylJ6So0F2g3V9e2mHU52Zc+1O6a7J7/ntHc6SjaUZ7l2z3eiApO67G7TcTu62DKChV90SERE9P/o8dPBg3v9/v6jkxOr4aV5NOcYM2KmJ/IpBXKMICIios+YUXe9wErFV5gQERERERERERERERERERERERERERERERFNOf2RvgUnVtIeFgSGc356MZ6D5xg9YjhVjsDL5vOp+0c9sN+LrJ5ZtNLkkYjBg4/nBK8O5yTNPx5zvEiluAS8cPv85QvABT0H0ZzcEg+A6edHl36MpU184yBq0VkxemHqosJwX+SW/59DOPHwd9OLRNjyQRAE81cvTLZh/uzHcw7Ao/ycXbB6yvFz3mciIjpv/wsAAP//eO06pA==")
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10}, 0x94)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200000, 0x0, 0x6, 0x5})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000300)={0x0, 0x4}, 0x8)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="000000002008000020001280080100736974001400028005000a0001f8917adf2815ed87000000"], 0x40}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x4})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x18)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)
open$dir(&(0x7f00000002c0)='./file1\x00', 0x200, 0x53)
getdents(r5, &(0x7f00000005c0)=""/155, 0x9b)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000003a711a598f3b11960000"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

339.205844ms ago: executing program 0 (id=1007):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x2040600)
socket(0x15, 0x5, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
close(r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
cachestat(r2, 0x0, &(0x7f000009de80), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300), 0x4001, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000380)={'pim6reg\x00', 0x1})
connect$pppoe(r5, &(0x7f0000000000)={0x18, 0x0, {0x2, @multicast, 'ip_vti0\x00'}}, 0x1e)
connect$pppoe(r5, &(0x7f0000000340)={0x18, 0x0, {0x0, @multicast, 'macvlan0\x00'}}, 0x1e)
fstatfs(0xffffffffffffffff, 0x0)

289.482055ms ago: executing program 7 (id=1008):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x8020000)

289.158335ms ago: executing program 0 (id=1009):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000002140)=""/4088, 0xff8}], 0x4, 0x4, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5`\xda\xca\xd1\xab:\x18\x10\x9b\xd0w', 0x0)
write$binfmt_misc(r3, &(0x7f0000000180)="e502", 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)

278.096155ms ago: executing program 7 (id=1010):
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x65, 0xfc, 0x5, 0x0, 0x0, 0x7, 0x88008, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc46, 0x0, @perf_bp={0x0, 0x4}, 0x10, 0xa, 0x7ffffefc, 0x3, 0x1, 0x0, 0x4, 0x0, 0x100, 0x0, 0x1}, 0x0, 0x400000000007, 0xffffffffffffffff, 0x3)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x80402, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
write$cgroup_int(r1, 0x0, 0x2)
write$UHID_CREATE(r0, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120)
write$UHID_DESTROY(r0, &(0x7f0000000080), 0x4)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0)
pread64(r4, &(0x7f0000000140)=""/252, 0xfc, 0x6)

272.905405ms ago: executing program 1 (id=1011):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000940)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0x9, 0x0, &(0x7f0000000000))

111.488158ms ago: executing program 4 (id=1012):
syz_usbip_server_init(0x1)

111.032728ms ago: executing program 0 (id=1013):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)

72.258048ms ago: executing program 6 (id=1014):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)

52.370239ms ago: executing program 0 (id=1015):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)="ec000900062b2c25fe800000f7ffffffdc8b851a238466cc80007a000000ad6e911b51818462b4003a000001828c75416cf99116e3a902d8", 0x38}], 0x2}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000003000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708d107fc24175827f31db577e10000000000007b8af8ff00000000bf2200000000000007020922000178f79451730008001000b70400000000000085000000030000009500000000000200"], &(0x7f0000000040)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@bsdgroups}, {@mblk_io_submit}, {@dax_always}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r5 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r5, 0x4000)
fallocate(r4, 0x0, 0x0, 0x1000f4)
io_setup(0x5ff, &(0x7f0000000040)=<r6=>0x0)
io_submit(r6, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r4, 0x0, 0x0, 0xffffffffffffffff}])
openat$null(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r7, 0x10e, 0xc, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ustat(0x11, &(0x7f0000000600))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kfree\x00', r3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
uname(&(0x7f0000000000)=""/2)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r8, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x3fffffffffffe52, 0x10003, '\x00', [{}, {0xffffffff}]})

22.786759ms ago: executing program 6 (id=1016):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e0000008500000050"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000400)='kmem_cache_free\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

0s ago: executing program 6 (id=1017):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x2, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_setup(0x30, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000008, 0x8010, 0xffffffffffffffff, 0x8000000)
socketpair(0x15, 0xa, 0xe4c, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x100, &(0x7f0000000240)=0xff, 0x0, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}])

kernel console output (not intermixed with test programs):

type 2 family 0 port 6081 - 0
[   67.800672][   T31] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.865296][ T6263] loop1: detected capacity change from 0 to 2048
[   67.874459][   T31] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.895490][ T6263] EXT4-fs (loop1): failed to initialize system zone (-117)
[   67.903017][ T6263] EXT4-fs (loop1): mount failed
[   67.911322][   T31] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.968282][ T6256] lo speed is unknown, defaulting to 1000
[   67.981038][ T6286] loop1: detected capacity change from 0 to 164
[   67.988647][   T31] dummy0: left allmulticast mode
[   67.994978][   T31] bridge0: port 3(dummy0) entered disabled state
[   68.002120][   T31] bridge_slave_1: left allmulticast mode
[   68.007875][   T31] bridge_slave_1: left promiscuous mode
[   68.013600][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.021676][   T31] bridge_slave_0: left allmulticast mode
[   68.027472][   T31] bridge_slave_0: left promiscuous mode
[   68.033317][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.079219][ T6305] random: crng reseeded on system resumption
[   68.136285][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   68.146358][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   68.156000][   T31] bond0 (unregistering): Released all slaves
[   68.238711][   T31] hsr_slave_0: left promiscuous mode
[   68.248304][   T31] hsr_slave_1: left promiscuous mode
[   68.254414][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.261929][   T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[   68.270811][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.278261][   T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[   68.292073][   T31] veth1_macvtap: left promiscuous mode
[   68.302680][   T31] veth0_macvtap: left promiscuous mode
[   68.308505][   T31] veth1_vlan: left promiscuous mode
[   68.313845][   T31] veth0_vlan: left promiscuous mode
[   68.397840][   T31] team0 (unregistering): Port device team_slave_1 removed
[   68.408345][   T31] team0 (unregistering): Port device team_slave_0 removed
[   68.452887][ T6256] chnl_net:caif_netlink_parms(): no params data found
[   68.495432][ T6256] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.502628][ T6256] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.510220][ T6256] bridge_slave_0: entered allmulticast mode
[   68.517278][ T6256] bridge_slave_0: entered promiscuous mode
[   68.524384][ T6256] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.531545][ T6256] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.539107][ T6256] bridge_slave_1: entered allmulticast mode
[   68.546133][ T6256] bridge_slave_1: entered promiscuous mode
[   68.572324][ T6256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.586305][ T6256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.622385][ T6256] team0: Port device team_slave_0 added
[   68.633793][ T6256] team0: Port device team_slave_1 added
[   68.661478][   T29] kauditd_printk_skb: 365 callbacks suppressed
[   68.661494][   T29] audit: type=1326 audit(1751781200.097:3707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6403 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2f06fd58e7 code=0x7ffc0000
[   68.663501][ T6545] FAULT_INJECTION: forcing a failure.
[   68.663501][ T6545] name failslab, interval 1, probability 0, space 0, times 0
[   68.667819][   T29] audit: type=1326 audit(1751781200.097:3708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6403 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2f06f7ab19 code=0x7ffc0000
[   68.712132][   T29] audit: type=1326 audit(1751781200.097:3709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6403 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   68.727208][ T6545] CPU: 1 UID: 0 PID: 6545 Comm: syz.4.607 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   68.727248][ T6545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   68.727267][ T6545] Call Trace:
[   68.727277][ T6545]  <TASK>
[   68.727289][ T6545]  __dump_stack+0x1d/0x30
[   68.727351][ T6545]  dump_stack_lvl+0xe8/0x140
[   68.727378][ T6545]  dump_stack+0x15/0x1b
[   68.727399][ T6545]  should_fail_ex+0x265/0x280
[   68.727489][ T6545]  should_failslab+0x8c/0xb0
[   68.727591][ T6545]  kmem_cache_alloc_noprof+0x50/0x310
[   68.727628][ T6545]  ? audit_log_start+0x365/0x6c0
[   68.727749][ T6545]  audit_log_start+0x365/0x6c0
[   68.727796][ T6545]  audit_seccomp+0x48/0x100
[   68.727832][ T6545]  ? __seccomp_filter+0x68c/0x10d0
[   68.727865][ T6545]  __seccomp_filter+0x69d/0x10d0
[   68.727898][ T6545]  ? __fget_files+0x3c/0x1c0
[   68.727973][ T6545]  ? __rcu_read_unlock+0x4f/0x70
[   68.728002][ T6545]  ? __fget_files+0x184/0x1c0
[   68.728090][ T6545]  __secure_computing+0x82/0x150
[   68.728120][ T6545]  syscall_trace_enter+0xcf/0x1e0
[   68.728153][ T6545]  do_syscall_64+0xac/0x200
[   68.728206][ T6545]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   68.728241][ T6545]  ? clear_bhb_loop+0x40/0x90
[   68.728291][ T6545]  ? clear_bhb_loop+0x40/0x90
[   68.728323][ T6545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.728351][ T6545] RIP: 0033:0x7fc4ce21d33c
[   68.728378][ T6545] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   68.728458][ T6545] RSP: 002b:00007fc4cc887030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   68.728488][ T6545] RAX: ffffffffffffffda RBX: 00007fc4ce445fa0 RCX: 00007fc4ce21d33c
[   68.728504][ T6545] RDX: 000000000000000f RSI: 00007fc4cc8870a0 RDI: 0000000000000003
[   68.728521][ T6545] RBP: 00007fc4cc887090 R08: 0000000000000000 R09: 0000000000000000
[   68.728537][ T6545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.728552][ T6545] R13: 0000000000000000 R14: 00007fc4ce445fa0 R15: 00007fffa35d9338
[   68.728577][ T6545]  </TASK>
[   68.728588][ T6545] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[   68.750436][   T29] audit: type=1326 audit(1751781200.097:3710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6543 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4ce21e929 code=0x7ffc0000
[   68.750473][   T29] audit: type=1326 audit(1751781200.097:3711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6543 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc4ce21d290 code=0x7ffc0000
[   68.763015][ T6545] audit: out of memory in audit_log_start
[   68.773059][   T29] audit: type=1326 audit(1751781200.097:3712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6543 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc4ce21d3df code=0x7ffc0000
[   69.041409][   T29] audit: type=1326 audit(1751781200.097:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6543 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7fc4ce21e929 code=0x7ffc0000
[   69.064833][   T29] audit: type=1326 audit(1751781200.227:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6403 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2f06fd58e7 code=0x7ffc0000
[   69.091063][ T6256] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.098171][ T6256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.124261][ T6256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.147353][ T6256] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.154441][ T6256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.180428][ T6256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.229019][ T6572] loop4: detected capacity change from 0 to 512
[   69.251432][ T6256] hsr_slave_0: entered promiscuous mode
[   69.257934][ T6572] EXT4-fs: Ignoring removed orlov option
[   69.264817][ T6572] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.273498][ T6256] hsr_slave_1: entered promiscuous mode
[   69.279560][ T6256] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.287296][ T6256] Cannot create hsr debugfs directory
[   69.299218][ T6572] EXT4-fs (loop4): orphan cleanup on readonly fs
[   69.320503][ T6572] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.609: bg 0: block 248: padding at end of block bitmap is not set
[   69.340909][ T6572] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.609: Failed to acquire dquot type 1
[   69.357458][ T6572] EXT4-fs (loop4): 1 truncate cleaned up
[   69.366722][ T6572] EXT4-fs mount: 26 callbacks suppressed
[   69.366743][ T6572] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   69.411048][ T6572] EXT4-fs: Ignoring removed orlov option
[   69.420718][ T6572] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.436642][ T6572] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   69.513316][ T6683] lo speed is unknown, defaulting to 1000
[   69.605653][ T6572] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.609: Abort forced by user
[   69.681498][ T6572] EXT4-fs (loop4): Remounting filesystem read-only
[   69.688149][ T6572] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   69.720891][ T6256] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   69.763024][ T6720] random: crng reseeded on system resumption
[   69.809304][ T6572] ext4 filesystem being remounted at /151/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   69.822742][ T6256] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   69.872445][ T6256] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   69.955329][ T6256] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   70.029565][ T6722] netlink: 24 bytes leftover after parsing attributes in process `syz.2.614'.
[   70.042267][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.110513][ T6256] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.118965][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.614'.
[   70.125718][ T6256] 8021q: adding VLAN 0 to HW filter on device team0
[   70.129568][ T6722] netlink: 32 bytes leftover after parsing attributes in process `syz.2.614'.
[   70.138647][ T6733] loop4: detected capacity change from 0 to 512
[   70.154457][  T316] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.155699][ T6733] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   70.161569][  T316] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.192168][ T6733] EXT4-fs (loop4): 1 truncate cleaned up
[   70.198488][ T6733] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.216537][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.223713][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.246853][ T6256] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.257347][ T6256] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.432750][ T6256] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.476191][ T6747] netlink: 8 bytes leftover after parsing attributes in process `wg1'.
[   70.477152][ T6733] smc: net device bond0 applied user defined pnetid SYZ2
[   70.513858][ T6752] loop0: detected capacity change from 0 to 512
[   70.537142][ T6752] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   70.549814][ T6752] EXT4-fs (loop0): 1 truncate cleaned up
[   70.557557][ T6752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.585574][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.751268][ T6256] veth0_vlan: entered promiscuous mode
[   70.759569][ T6256] veth1_vlan: entered promiscuous mode
[   70.779291][ T6256] veth0_macvtap: entered promiscuous mode
[   70.787616][ T6256] veth1_macvtap: entered promiscuous mode
[   70.798757][ T6256] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.810709][ T6256] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.823327][ T6256] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.832126][ T6256] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.840894][ T6256] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.849785][ T6256] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.865589][ T6796] vxcan1: MTU too low for tipc bearer
[   70.871095][ T6796] tipc: Enabling of bearer <ib:vxcan1> rejected, failed to enable media
[   70.883433][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   70.892542][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   70.926376][ T6801] loop1: detected capacity change from 0 to 128
[   70.935816][ T6801] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.948755][ T6801] ext4 filesystem being mounted at /163/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   70.982056][ T6801] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.1.625: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   71.034488][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   71.085008][ T6812] loop1: detected capacity change from 0 to 8192
[   71.162477][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.183377][ T6827] loop1: detected capacity change from 0 to 164
[   71.205330][ T6833] netlink: 24 bytes leftover after parsing attributes in process `syz.0.632'.
[   71.263419][ T6843] xt_TPROXY: Can be used only with -p tcp or -p udp
[   71.272220][ T6844] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[   71.386691][ T6858] loop6: detected capacity change from 0 to 2048
[   71.409290][ T6852] loop1: detected capacity change from 0 to 512
[   71.417805][ T6852] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   71.430269][ T6858] EXT4-fs (loop6): failed to initialize system zone (-117)
[   71.438593][ T6858] EXT4-fs (loop6): mount failed
[   71.458131][ T6852] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.473160][ T6852] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.507426][ T6852] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.638: corrupted xattr block 19: overlapping e_value 
[   71.532228][ T6852] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   71.549550][ T6868] loop6: detected capacity change from 0 to 8192
[   71.556305][ T6852] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.638: corrupted xattr block 19: overlapping e_value 
[   71.564336][ T6872] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.638: corrupted xattr block 19: overlapping e_value 
[   71.593933][ T6852] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   71.608004][ T6852] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.638: corrupted xattr block 19: overlapping e_value 
[   71.613120][ T6872] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   71.632116][ T6876] loop0: detected capacity change from 0 to 512
[   71.639605][ T6876] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   71.671275][ T6883] loop6: detected capacity change from 0 to 512
[   71.685184][ T6876] EXT4-fs (loop0): 1 truncate cleaned up
[   71.691260][ T6872] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.638: corrupted xattr block 19: overlapping e_value 
[   71.691437][ T6876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.709876][ T6885] __nla_validate_parse: 4 callbacks suppressed
[   71.709896][ T6885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.647'.
[   71.748773][ T6883] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.750550][ T6872] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.638: corrupted xattr block 19: overlapping e_value 
[   71.767481][ T6883] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.801020][ T6895] loop2: detected capacity change from 0 to 2048
[   71.802571][ T6872] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   71.828160][ T6895] EXT4-fs (loop2): failed to initialize system zone (-117)
[   71.834938][ T6902] netlink: 24 bytes leftover after parsing attributes in process `syz.4.652'.
[   71.835538][ T6895] EXT4-fs (loop2): mount failed
[   71.869045][ T6902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.652'.
[   71.879325][ T6902] netlink: 32 bytes leftover after parsing attributes in process `syz.4.652'.
[   71.902031][ T6906] loop2: detected capacity change from 0 to 512
[   71.902736][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.911371][ T6906] EXT4-fs: Ignoring removed orlov option
[   71.925096][ T6906] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   71.925683][ T6256] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.937534][ T6906] EXT4-fs (loop2): orphan cleanup on readonly fs
[   71.954723][ T6906] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.654: bg 0: block 248: padding at end of block bitmap is not set
[   71.977071][ T6917] loop1: detected capacity change from 0 to 512
[   71.985936][ T6917] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   72.011637][ T6906] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.654: Failed to acquire dquot type 1
[   72.024653][ T6917] EXT4-fs (loop1): 1 truncate cleaned up
[   72.031450][ T6906] EXT4-fs (loop2): 1 truncate cleaned up
[   72.037784][ T6917] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.051647][ T6906] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   72.067039][ T6927] loop4: detected capacity change from 0 to 512
[   72.071603][ T6906] EXT4-fs: Ignoring removed orlov option
[   72.074657][ T6927] EXT4-fs: Ignoring removed orlov option
[   72.079717][ T6906] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   72.093218][ T6927] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   72.093269][ T6906] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   72.116472][ T6927] EXT4-fs (loop4): orphan cleanup on readonly fs
[   72.123631][ T6927] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.659: bg 0: block 248: padding at end of block bitmap is not set
[   72.140391][ T6927] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.659: Failed to acquire dquot type 1
[   72.146448][ T6906] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.654: Abort forced by user
[   72.156838][ T6927] EXT4-fs (loop4): 1 truncate cleaned up
[   72.167711][ T6936] netlink: 8 bytes leftover after parsing attributes in process `wg1'.
[   72.178303][ T6906] EXT4-fs (loop2): Remounting filesystem read-only
[   72.185035][ T6906] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   72.194511][ T6927] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   72.219527][ T6927] EXT4-fs: Ignoring removed orlov option
[   72.224022][ T6906] ext4 filesystem being remounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   72.225734][ T6927] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   72.260653][ T6927] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   72.274384][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.304720][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.314299][ T6927] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.659: Abort forced by user
[   72.315548][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.333721][ T6927] EXT4-fs (loop4): Remounting filesystem read-only
[   72.340350][ T6927] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   72.350114][ T6927] ext4 filesystem being remounted at /162/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   72.399201][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.430434][ T6966] netlink: 580 bytes leftover after parsing attributes in process `syz.1.665'.
[   72.493984][ T6975] random: crng reseeded on system resumption
[   72.512746][ T6983] netlink: 'syz.4.670': attribute type 13 has an invalid length.
[   72.532467][ T6981] loop1: detected capacity change from 0 to 2048
[   72.543713][ T6981] EXT4-fs: Ignoring removed mblk_io_submit option
[   72.576064][ T6981] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.592088][ T6983] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   72.609371][ T3386] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   72.623490][ T3386] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   72.637916][   T36] Process accounting resumed
[   72.643088][  T292] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm kworker/u8:5: bg 0: block 234: padding at end of block bitmap is not set
[   72.661859][  T292] EXT4-fs (loop1): Remounting filesystem read-only
[   72.693404][ T7003] loop2: detected capacity change from 0 to 1024
[   72.726102][ T7003] EXT4-fs (loop2): orphan cleanup on readonly fs
[   72.733111][ T7003] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.673: Failed to acquire dquot type 0
[   72.746164][ T7003] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   72.763345][ T7007] loop4: detected capacity change from 0 to 128
[   72.770306][ T7003] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #13: comm syz.2.673: corrupted inode contents
[   72.782859][ T7003] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #13: comm syz.2.673: mark_inode_dirty error
[   72.784565][ T7007] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   72.796943][ T7003] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #13: comm syz.2.673: corrupted inode contents
[   72.808766][ T7007] ext4 filesystem being mounted at /165/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   72.819150][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.861440][ T7003] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #13: comm syz.2.673: mark_inode_dirty error
[   72.887399][ T7007] EXT4-fs error (device loop4): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.4.675: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   73.006014][ T7014] lo speed is unknown, defaulting to 1000
[   73.113131][ T7003] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #13: comm syz.2.673: corrupted inode contents
[   73.181002][ T7003] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[   73.193872][ T7003] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #13: comm syz.2.673: corrupted inode contents
[   73.207754][ T7003] EXT4-fs error (device loop2): ext4_truncate:4597: inode #13: comm syz.2.673: mark_inode_dirty error
[   73.219371][ T7003] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[   73.230666][ T7003] EXT4-fs (loop2): 1 truncate cleaned up
[   73.237156][ T7003] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   73.276743][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.278545][ T7045] netlink: 580 bytes leftover after parsing attributes in process `syz.6.678'.
[   73.338623][ T7055] loop4: detected capacity change from 0 to 2048
[   73.357920][ T7055] EXT4-fs (loop4): failed to initialize system zone (-117)
[   73.357950][ T7055] EXT4-fs (loop4): mount failed
[   73.400008][ T7065] netlink: 2 bytes leftover after parsing attributes in process `syz.1.682'.
[   73.442459][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.464605][ T7065] xt_TCPMSS: Only works on TCP SYN packets
[   73.534761][ T7068] lo speed is unknown, defaulting to 1000
[   73.588984][ T7096] loop2: detected capacity change from 0 to 512
[   73.606534][ T7096] EXT4-fs: Ignoring removed orlov option
[   73.621933][ T7096] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   73.632952][ T7113] netlink: 580 bytes leftover after parsing attributes in process `syz.6.690'.
[   73.636256][ T7096] EXT4-fs (loop2): orphan cleanup on readonly fs
[   73.649359][ T7096] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.687: bg 0: block 248: padding at end of block bitmap is not set
[   73.664372][   T29] kauditd_printk_skb: 1008 callbacks suppressed
[   73.664446][   T29] audit: type=1326 audit(1751781205.107:4715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01709558e7 code=0x7ffc0000
[   73.664709][ T7096] Quota error (device loop2): write_blk: dquota write failed
[   73.670747][   T29] audit: type=1326 audit(1751781205.107:4716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f01708fab19 code=0x7ffc0000
[   73.670782][   T29] audit: type=1326 audit(1751781205.107:4717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   73.694042][ T7096] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   73.758299][ T7096] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.687: Failed to acquire dquot type 1
[   73.761672][ T7117] loop1: detected capacity change from 0 to 128
[   73.770631][   T29] audit: type=1326 audit(1751781205.177:4718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01709558e7 code=0x7ffc0000
[   73.799190][   T29] audit: type=1326 audit(1751781205.177:4719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f01708fab19 code=0x7ffc0000
[   73.802707][ T7119] loop6: detected capacity change from 0 to 164
[   73.822459][   T29] audit: type=1326 audit(1751781205.177:4720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   73.831166][ T7096] EXT4-fs (loop2): 1 truncate cleaned up
[   73.852221][   T29] audit: type=1326 audit(1751781205.177:4721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01709558e7 code=0x7ffc0000
[   73.863255][ T7096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   73.881178][   T29] audit: type=1326 audit(1751781205.177:4722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f01708fab19 code=0x7ffc0000
[   73.903653][ T7096] EXT4-fs: Ignoring removed orlov option
[   73.923613][ T7096] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   73.927283][ T7117] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.933750][ T7119] bio_check_eod: 4 callbacks suppressed
[   73.933768][ T7119] syz.6.692: attempt to access beyond end of device
[   73.933768][ T7119] loop6: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   73.963763][ T7119] syz.6.692: attempt to access beyond end of device
[   73.963763][ T7119] loop6: rw=0, sector=263328, nr_sectors = 4 limit=164
[   73.964831][ T7117] ext4 filesystem being mounted at /177/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   74.013233][ T7096] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   74.030406][ T7117] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.1.691: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   74.035138][ T7096] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.687: Abort forced by user
[   74.060571][ T7096] EXT4-fs (loop2): Remounting filesystem read-only
[   74.067237][ T7096] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   74.075757][ T7096] ext4 filesystem being remounted at /122/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   74.103909][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.123566][ T7129] netlink: 8 bytes leftover after parsing attributes in process `syz.2.693'.
[   74.207293][ T7133] loop4: detected capacity change from 0 to 8192
[   74.261185][ T7148] loop6: detected capacity change from 0 to 2048
[   74.271115][ T7145] lo speed is unknown, defaulting to 1000
[   74.285116][ T7148] EXT4-fs (loop6): failed to initialize system zone (-117)
[   74.292700][ T7148] EXT4-fs (loop6): mount failed
[   74.432052][ T7185] loop2: detected capacity change from 0 to 1024
[   74.476405][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   74.490969][ T7185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.526707][ T7194] loop4: detected capacity change from 0 to 164
[   74.572948][ T7194] syz.4.707: attempt to access beyond end of device
[   74.572948][ T7194] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   74.594932][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.609431][ T7194] syz.4.707: attempt to access beyond end of device
[   74.609431][ T7194] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[   74.623726][ T7205] loop6: detected capacity change from 0 to 8192
[   74.688305][ T7229] loop2: detected capacity change from 0 to 512
[   74.695453][ T7229] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   74.715410][ T7229] EXT4-fs (loop2): 1 truncate cleaned up
[   74.738690][ T7235] loop1: detected capacity change from 0 to 2048
[   74.747289][ T7235] EXT4-fs: Ignoring removed mblk_io_submit option
[   74.756445][ T7229] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.789691][ T7235] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.813471][ T7247] syz_tun: entered allmulticast mode
[   74.838596][ T7246] syz_tun: left allmulticast mode
[   74.921744][ T7254] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.715: bg 0: block 234: padding at end of block bitmap is not set
[   74.945834][ T7255] dummy0: left allmulticast mode
[   74.951238][ T7255] bridge0: port 3(dummy0) entered disabled state
[   74.980534][ T7259] random: crng reseeded on system resumption
[   74.983186][ T7255] bridge_slave_0: left allmulticast mode
[   74.992391][ T7255] bridge_slave_0: left promiscuous mode
[   74.998217][ T7255] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.011540][ T7254] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 358 with error 117
[   75.024129][ T7254] EXT4-fs (loop1): This should not happen!! Data will be lost
[   75.024129][ T7254] 
[   75.041350][ T7255] bridge_slave_1: left allmulticast mode
[   75.047114][ T7255] bridge_slave_1: left promiscuous mode
[   75.052925][ T7255] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.087460][ T7255] bond0: (slave bond_slave_0): Releasing backup interface
[   75.124450][ T7255] bond0: (slave bond_slave_1): Releasing backup interface
[   75.139685][   T37] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 358 with max blocks 34 with error 28
[   75.152302][   T37] EXT4-fs (loop1): This should not happen!! Data will be lost
[   75.152302][   T37] 
[   75.162125][   T37] EXT4-fs (loop1): Total free blocks count 0
[   75.168176][   T37] EXT4-fs (loop1): Free/Dirty block details
[   75.174137][   T37] EXT4-fs (loop1): free_blocks=0
[   75.179093][   T37] EXT4-fs (loop1): dirty_blocks=48
[   75.184380][   T37] EXT4-fs (loop1): Block reservation details
[   75.204435][ T7255] team0: Port device team_slave_0 removed
[   75.215598][ T7255] team0: Port device team_slave_1 removed
[   75.222602][ T7255] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.230275][ T7255] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.242349][ T7255] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.249899][ T7255] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.280408][   T10] syz!: Port: 1 Link DOWN
[   75.329730][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.340681][ T7271] loop4: detected capacity change from 0 to 2048
[   75.366160][ T7271] EXT4-fs (loop4): failed to initialize system zone (-117)
[   75.373538][ T7271] EXT4-fs (loop4): mount failed
[   75.461044][ T7293] random: crng reseeded on system resumption
[   75.496435][ T7297] netlink: 'syz.1.732': attribute type 10 has an invalid length.
[   75.515460][ T7297] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.527799][ T7297] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   75.541120][ T7297] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.548816][ T7297] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.556916][ T7297] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.564428][ T7297] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.574226][ T7297] bond0: (slave batadv0): Releasing backup interface
[   75.589121][ T7301] loop6: detected capacity change from 0 to 8192
[   75.624557][ T7309] tipc: Started in network mode
[   75.629502][ T7309] tipc: Node identity , cluster identity 4711
[   75.635720][ T7309] tipc: Failed to obtain node identity
[   75.641181][ T7309] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   75.735329][ T7313] loop1: detected capacity change from 0 to 512
[   75.742928][ T7313] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   75.754791][ T7313] EXT4-fs (loop1): 1 truncate cleaned up
[   75.760989][ T7313] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.901588][ T7314] FAULT_INJECTION: forcing a failure.
[   75.901588][ T7314] name failslab, interval 1, probability 0, space 0, times 0
[   75.914481][ T7314] CPU: 1 UID: 0 PID: 7314 Comm: syz.6.734 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   75.914627][ T7314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   75.914642][ T7314] Call Trace:
[   75.914650][ T7314]  <TASK>
[   75.914659][ T7314]  __dump_stack+0x1d/0x30
[   75.914699][ T7314]  dump_stack_lvl+0xe8/0x140
[   75.914723][ T7314]  dump_stack+0x15/0x1b
[   75.914744][ T7314]  should_fail_ex+0x265/0x280
[   75.914774][ T7314]  should_failslab+0x8c/0xb0
[   75.914850][ T7314]  __kvmalloc_node_noprof+0x123/0x4e0
[   75.914887][ T7314]  ? io_sqe_buffers_register+0xc2/0x530
[   75.914959][ T7314]  io_sqe_buffers_register+0xc2/0x530
[   75.914990][ T7314]  ? __fget_files+0x184/0x1c0
[   75.915092][ T7314]  __se_sys_io_uring_register+0xa9f/0xeb0
[   75.915142][ T7314]  ? fput+0x8f/0xc0
[   75.915173][ T7314]  ? ksys_write+0x192/0x1a0
[   75.915217][ T7314]  __x64_sys_io_uring_register+0x55/0x70
[   75.915336][ T7314]  x64_sys_call+0xc91/0x2fb0
[   75.915360][ T7314]  do_syscall_64+0xd2/0x200
[   75.915397][ T7314]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   75.915425][ T7314]  ? clear_bhb_loop+0x40/0x90
[   75.915530][ T7314]  ? clear_bhb_loop+0x40/0x90
[   75.915559][ T7314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.915587][ T7314] RIP: 0033:0x7f2e2eace929
[   75.915606][ T7314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.915627][ T7314] RSP: 002b:00007f2e2d116038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   75.915645][ T7314] RAX: ffffffffffffffda RBX: 00007f2e2ecf6080 RCX: 00007f2e2eace929
[   75.915737][ T7314] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 000000000000000e
[   75.915752][ T7314] RBP: 00007f2e2d116090 R08: 0000000000000000 R09: 0000000000000000
[   75.915767][ T7314] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[   75.915782][ T7314] R13: 0000000000000000 R14: 00007f2e2ecf6080 R15: 00007ffe0bb36768
[   75.915805][ T7314]  </TASK>
[   76.137119][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.152006][ T7323] tipc: Started in network mode
[   76.157193][ T7323] tipc: Node identity f244258a7ea3, cluster identity 4711
[   76.164556][ T7323] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.174207][ T7323] tipc: Disabling bearer <eth:syzkaller0>
[   76.205946][ T7335] loop1: detected capacity change from 0 to 164
[   76.215147][ T7335] syz.1.740: attempt to access beyond end of device
[   76.215147][ T7335] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   76.230032][ T7335] syz.1.740: attempt to access beyond end of device
[   76.230032][ T7335] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   76.269499][ T7338] loop0: detected capacity change from 0 to 164
[   76.279762][ T7338] syz.0.741: attempt to access beyond end of device
[   76.279762][ T7338] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   76.293816][ T7338] syz.0.741: attempt to access beyond end of device
[   76.293816][ T7338] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164
[   76.513558][ T7362] loop0: detected capacity change from 0 to 1024
[   76.548887][ T7362] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   76.583800][ T7370] loop1: detected capacity change from 0 to 2048
[   76.584121][ T7362] EXT4-fs (loop0): stripe (8) is not aligned with cluster size (4096), stripe is disabled
[   76.622596][ T7370] EXT4-fs (loop1): failed to initialize system zone (-117)
[   76.635217][ T7362] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   76.655636][ T7370] EXT4-fs (loop1): mount failed
[   76.671803][ T7362] EXT4-fs (loop0): orphan cleanup on readonly fs
[   76.695213][ T7362] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.748: Invalid inode table block 0 in block_group 0
[   76.735611][ T7362] EXT4-fs (loop0): Remounting filesystem read-only
[   76.742399][ T7385] random: crng reseeded on system resumption
[   76.748509][ T7362] EXT4-fs (loop0): 1 truncate cleaned up
[   76.764605][ T7362] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.798867][ T7387] FAULT_INJECTION: forcing a failure.
[   76.798867][ T7387] name failslab, interval 1, probability 0, space 0, times 0
[   76.811564][ T7387] CPU: 1 UID: 0 PID: 7387 Comm: syz.1.754 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   76.811592][ T7387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   76.811618][ T7387] Call Trace:
[   76.811626][ T7387]  <TASK>
[   76.811636][ T7387]  __dump_stack+0x1d/0x30
[   76.811662][ T7387]  dump_stack_lvl+0xe8/0x140
[   76.811736][ T7387]  dump_stack+0x15/0x1b
[   76.811755][ T7387]  should_fail_ex+0x265/0x280
[   76.811788][ T7387]  should_failslab+0x8c/0xb0
[   76.811818][ T7387]  kmem_cache_alloc_noprof+0x50/0x310
[   76.811893][ T7387]  ? security_file_alloc+0x32/0x100
[   76.811920][ T7387]  security_file_alloc+0x32/0x100
[   76.811972][ T7387]  init_file+0x5c/0x1d0
[   76.812005][ T7387]  alloc_empty_file+0x8b/0x200
[   76.812036][ T7387]  alloc_file_pseudo+0xc6/0x160
[   76.812074][ T7387]  __shmem_file_setup+0x1de/0x210
[   76.812168][ T7387]  shmem_file_setup+0x3b/0x50
[   76.812231][ T7387]  __se_sys_memfd_create+0x2c3/0x590
[   76.812275][ T7387]  __x64_sys_memfd_create+0x31/0x40
[   76.812310][ T7387]  x64_sys_call+0x122f/0x2fb0
[   76.812337][ T7387]  do_syscall_64+0xd2/0x200
[   76.812377][ T7387]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   76.812406][ T7387]  ? clear_bhb_loop+0x40/0x90
[   76.812500][ T7387]  ? clear_bhb_loop+0x40/0x90
[   76.812528][ T7387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.812553][ T7387] RIP: 0033:0x7f2f06fde929
[   76.812571][ T7387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.812622][ T7387] RSP: 002b:00007f2f05646d68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   76.812645][ T7387] RAX: ffffffffffffffda RBX: 000000000000105b RCX: 00007f2f06fde929
[   76.812657][ T7387] RDX: 00007f2f05646dec RSI: 0000000000000000 RDI: 00007f2f070614cc
[   76.812669][ T7387] RBP: 0000200000000000 R08: 00007f2f05646b07 R09: 0000000000000000
[   76.812681][ T7387] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[   76.812692][ T7387] R13: 00007f2f05646dec R14: 00007f2f05646df0 R15: 00007fffda3283e8
[   76.812712][ T7387]  </TASK>
[   77.151673][ T7391] vxcan0: tx drop: invalid sa for name 0x0000001000000000
[   77.450838][ T7407] loop2: detected capacity change from 0 to 512
[   77.496783][ T7399] lo speed is unknown, defaulting to 1000
[   77.524437][ T7345] lo speed is unknown, defaulting to 1000
[   77.554050][ T7407] EXT4-fs: Ignoring removed orlov option
[   77.591134][ T7432] __nla_validate_parse: 5 callbacks suppressed
[   77.591152][ T7432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.760'.
[   77.614761][ T7407] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   77.654671][ T7407] EXT4-fs (loop2): orphan cleanup on readonly fs
[   77.664369][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.760'.
[   77.673919][ T7407] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.758: bg 0: block 248: padding at end of block bitmap is not set
[   77.723006][ T7432] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.740918][ T7407] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.758: Failed to acquire dquot type 1
[   77.782605][ T7432] bridge_slave_1 (unregistering): left allmulticast mode
[   77.789856][ T7432] bridge_slave_1 (unregistering): left promiscuous mode
[   77.796990][ T7432] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.812774][ T7407] EXT4-fs (loop2): 1 truncate cleaned up
[   77.839921][ T7407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   77.866705][ T7458] netlink: 24 bytes leftover after parsing attributes in process `syz.4.762'.
[   77.883477][ T7407] EXT4-fs: Ignoring removed orlov option
[   77.902809][ T7407] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   77.928146][ T7407] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   77.955270][ T7407] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.758: Abort forced by user
[   77.973334][ T7407] EXT4-fs (loop2): Remounting filesystem read-only
[   77.979933][ T7407] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   78.030659][ T7407] ext4 filesystem being remounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   78.059145][ T7465] loop1: detected capacity change from 0 to 2048
[   78.070556][ T7467] random: crng reseeded on system resumption
[   78.103296][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.115068][ T7465] EXT4-fs (loop1): failed to initialize system zone (-117)
[   78.132040][ T7465] EXT4-fs (loop1): mount failed
[   78.266839][ T7487] loop2: detected capacity change from 0 to 164
[   78.304576][ T7487] syz.2.768: attempt to access beyond end of device
[   78.304576][ T7487] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   78.318431][ T7487] syz.2.768: attempt to access beyond end of device
[   78.318431][ T7487] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[   78.456762][ T7497] loop1: detected capacity change from 0 to 1024
[   78.595282][ T7497] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.665625][ T7495] loop6: detected capacity change from 0 to 2048
[   78.674106][   T29] kauditd_printk_skb: 738 callbacks suppressed
[   78.674120][   T29] audit: type=1326 audit(1751781210.117:5457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7457 comm="syz.4.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc4ce2158e7 code=0x7ffc0000
[   78.733855][ T7506] netlink: 'syz.1.771': attribute type 298 has an invalid length.
[   78.838050][ T7511] loop4: detected capacity change from 0 to 256
[   78.872718][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.944345][ T7495] EXT4-fs (loop6): failed to initialize system zone (-117)
[   78.951734][ T7495] EXT4-fs (loop6): mount failed
[   78.963274][ T7521] netlink: 'syz.4.778': attribute type 10 has an invalid length.
[   78.971223][ T7521] netlink: 40 bytes leftover after parsing attributes in process `syz.4.778'.
[   78.982627][ T7522] FAULT_INJECTION: forcing a failure.
[   78.982627][ T7522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.995739][ T7522] CPU: 0 UID: 0 PID: 7522 Comm: syz.2.779 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   78.995767][ T7522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.995779][ T7522] Call Trace:
[   78.995786][ T7522]  <TASK>
[   78.995795][ T7522]  __dump_stack+0x1d/0x30
[   78.995821][ T7522]  dump_stack_lvl+0xe8/0x140
[   78.995891][ T7522]  dump_stack+0x15/0x1b
[   78.995979][ T7522]  should_fail_ex+0x265/0x280
[   78.996020][ T7522]  should_fail+0xb/0x20
[   78.996056][ T7522]  should_fail_usercopy+0x1a/0x20
[   78.996165][ T7522]  _copy_from_user+0x1c/0xb0
[   78.996191][ T7522]  memdup_user+0x5e/0xd0
[   78.996228][ T7522]  security_setselfattr+0x8d/0x260
[   78.996332][ T7522]  __x64_sys_lsm_set_self_attr+0x51/0x60
[   78.996367][ T7522]  x64_sys_call+0x2b0f/0x2fb0
[   78.996391][ T7522]  do_syscall_64+0xd2/0x200
[   78.996494][ T7522]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   78.996523][ T7522]  ? clear_bhb_loop+0x40/0x90
[   78.996544][ T7522]  ? clear_bhb_loop+0x40/0x90
[   78.996573][ T7522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.996677][ T7522] RIP: 0033:0x7f74ab35e929
[   78.996696][ T7522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.996719][ T7522] RSP: 002b:00007f74a99c7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001cc
[   78.996743][ T7522] RAX: ffffffffffffffda RBX: 00007f74ab585fa0 RCX: 00007f74ab35e929
[   78.996758][ T7522] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000069
[   78.996816][ T7522] RBP: 00007f74a99c7090 R08: 0000000000000000 R09: 0000000000000000
[   78.996831][ T7522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.996846][ T7522] R13: 0000000000000001 R14: 00007f74ab585fa0 R15: 00007fffd18ec3d8
[   78.996867][ T7522]  </TASK>
[   79.194687][ T7521] bridge0: port 1(dummy0) entered blocking state
[   79.201138][ T7521] bridge0: port 1(dummy0) entered disabled state
[   79.224121][ T7521] dummy0: entered allmulticast mode
[   79.230338][ T7521] bridge0: port 1(dummy0) entered blocking state
[   79.236760][ T7521] bridge0: port 1(dummy0) entered forwarding state
[   79.250568][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.281749][ T7526] loop1: detected capacity change from 0 to 512
[   79.289119][ T7524] netlink: 8 bytes leftover after parsing attributes in process `wg1'.
[   79.290513][ T7526] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   79.310293][ T7526] EXT4-fs (loop1): 1 truncate cleaned up
[   79.316722][ T7526] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.333228][   T29] audit: type=1326 audit(1751781210.767:5458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.357992][   T29] audit: type=1326 audit(1751781210.797:5459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.381383][   T29] audit: type=1326 audit(1751781210.797:5460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.406454][   T29] audit: type=1326 audit(1751781210.847:5461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.430088][   T29] audit: type=1326 audit(1751781210.847:5462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.453546][   T29] audit: type=1326 audit(1751781210.847:5463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.476930][   T29] audit: type=1326 audit(1751781210.847:5464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.500225][   T29] audit: type=1326 audit(1751781210.847:5465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.523748][   T29] audit: type=1326 audit(1751781210.847:5466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7525 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2f06fde929 code=0x7ffc0000
[   79.586179][ T7544] random: crng reseeded on system resumption
[   79.670439][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.678136][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.690361][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.697861][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.705398][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.712816][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.720362][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.727816][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.735298][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.742789][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.750233][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.757756][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.765982][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.773468][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.780967][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.788400][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.795841][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.803292][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.810796][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.818236][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.825677][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.833079][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.840562][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.848077][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.855541][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.862952][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.870497][   T36] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   79.932944][ T7559] loop4: detected capacity change from 0 to 1024
[   79.958377][   T36] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   79.977371][ T7569] dummy0: entered promiscuous mode
[   79.984134][ T7559] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.998508][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.6.789'.
[   80.014226][ T7569] dummy0 (unregistering): left promiscuous mode
[   80.075777][ T7559] netlink: 'syz.4.788': attribute type 298 has an invalid length.
[   80.106450][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.158189][ T7578] loop4: detected capacity change from 0 to 164
[   80.178564][ T7578] syz.4.790: attempt to access beyond end of device
[   80.178564][ T7578] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   80.192487][ T7578] syz.4.790: attempt to access beyond end of device
[   80.192487][ T7578] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[   80.243417][ T7577] loop2: detected capacity change from 0 to 8192
[   80.295052][ T7577] loop2: detected capacity change from 8192 to 0
[   80.331163][ T7541] lo speed is unknown, defaulting to 1000
[   80.353621][ T7591] loop4: detected capacity change from 0 to 2048
[   80.366090][ T7591] EXT4-fs (loop4): failed to initialize system zone (-117)
[   80.373725][ T7591] EXT4-fs (loop4): mount failed
[   80.398151][ T3313] syz-executor: attempt to access beyond end of device
[   80.398151][ T3313] loop2: rw=0, sector=65, nr_sectors = 1 limit=0
[   80.425697][ T3313] FAT-fs (loop2): Directory bread(block 65) failed
[   80.444413][ T3313] syz-executor: attempt to access beyond end of device
[   80.444413][ T3313] loop2: rw=0, sector=66, nr_sectors = 1 limit=0
[   80.460022][ T3313] FAT-fs (loop2): Directory bread(block 66) failed
[   80.469997][ T3313] syz-executor: attempt to access beyond end of device
[   80.469997][ T3313] loop2: rw=0, sector=67, nr_sectors = 1 limit=0
[   80.484117][ T3313] FAT-fs (loop2): Directory bread(block 67) failed
[   80.490714][ T3313] syz-executor: attempt to access beyond end of device
[   80.490714][ T3313] loop2: rw=0, sector=68, nr_sectors = 1 limit=0
[   80.504861][ T3313] FAT-fs (loop2): Directory bread(block 68) failed
[   80.511857][ T3313] syz-executor: attempt to access beyond end of device
[   80.511857][ T3313] loop2: rw=0, sector=69, nr_sectors = 1 limit=0
[   80.526397][ T3313] FAT-fs (loop2): Directory bread(block 69) failed
[   80.533015][ T3313] syz-executor: attempt to access beyond end of device
[   80.533015][ T3313] loop2: rw=0, sector=70, nr_sectors = 1 limit=0
[   80.547953][ T3313] FAT-fs (loop2): Directory bread(block 70) failed
[   80.554611][ T3313] syz-executor: attempt to access beyond end of device
[   80.554611][ T3313] loop2: rw=0, sector=71, nr_sectors = 1 limit=0
[   80.569834][ T3313] FAT-fs (loop2): Directory bread(block 71) failed
[   80.587365][ T3313] syz-executor: attempt to access beyond end of device
[   80.587365][ T3313] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[   80.601379][ T3313] FAT-fs (loop2): unable to read boot sector to mark fs as dirty
[   80.982255][ T7626] lo speed is unknown, defaulting to 1000
[   81.078370][ T7626] chnl_net:caif_netlink_parms(): no params data found
[   81.161700][ T7626] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.168938][ T7626] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.176236][ T7626] bridge_slave_0: entered allmulticast mode
[   81.183028][ T7626] bridge_slave_0: entered promiscuous mode
[   81.189999][ T7626] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.197230][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.204560][ T7626] bridge_slave_1: entered allmulticast mode
[   81.211163][ T7626] bridge_slave_1: entered promiscuous mode
[   81.253351][ T7626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.264402][ T7626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.300152][ T7626] team0: Port device team_slave_0 added
[   81.307317][ T7626] team0: Port device team_slave_1 added
[   81.386435][ T7875] loop4: detected capacity change from 0 to 2048
[   81.401611][ T7626] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.408662][ T7626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.434860][ T7626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.446312][ T7626] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.453289][ T7626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.479439][ T7626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.523602][ T7875] EXT4-fs (loop4): failed to initialize system zone (-117)
[   81.545026][ T7875] EXT4-fs (loop4): mount failed
[   81.545320][ T7626] hsr_slave_0: entered promiscuous mode
[   81.577021][ T7626] hsr_slave_1: entered promiscuous mode
[   81.604979][ T7921] netlink: 'syz.4.809': attribute type 10 has an invalid length.
[   81.612780][ T7921] netlink: 40 bytes leftover after parsing attributes in process `syz.4.809'.
[   81.664989][ T7626] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.672604][ T7626] Cannot create hsr debugfs directory
[   81.825073][ T7958] loop0: detected capacity change from 0 to 2048
[   81.846423][ T7958] EXT4-fs (loop0): failed to initialize system zone (-117)
[   81.856227][ T7958] EXT4-fs (loop0): mount failed
[   81.925309][ T7626] netdevsim netdevsim7 netdevsim0: renamed from eth0
[   81.934505][ T7626] netdevsim netdevsim7 netdevsim1: renamed from eth1
[   81.947532][ T7626] netdevsim netdevsim7 netdevsim2: renamed from eth2
[   81.968150][ T7626] netdevsim netdevsim7 netdevsim3: renamed from eth3
[   81.999329][ T7736] lo speed is unknown, defaulting to 1000
[   82.059282][ T7626] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.116191][ T7626] 8021q: adding VLAN 0 to HW filter on device team0
[   82.152563][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.159750][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.170471][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.177602][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.316243][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.382253][ T7626] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.490100][ T8061] loop0: detected capacity change from 0 to 512
[   82.490608][ T8061] EXT4-fs: Ignoring removed orlov option
[   82.494448][ T8061] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   82.507915][ T8061] EXT4-fs (loop0): orphan cleanup on readonly fs
[   82.515867][ T8061] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.819: bg 0: block 248: padding at end of block bitmap is not set
[   82.516118][ T8061] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.819: Failed to acquire dquot type 1
[   82.556364][ T8061] EXT4-fs (loop0): 1 truncate cleaned up
[   82.557003][ T8061] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   82.559481][ T8061] EXT4-fs: Ignoring removed orlov option
[   82.559596][ T8061] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   82.561273][ T8061] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   82.588163][ T8061] EXT4-fs error (device loop0): __ext4_remount:6736: comm syz.0.819: Abort forced by user
[   82.588314][ T8061] EXT4-fs (loop0): Remounting filesystem read-only
[   82.588327][ T8061] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   82.588351][ T8061] ext4 filesystem being remounted at /154/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   82.674750][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.808170][ T7626] veth0_vlan: entered promiscuous mode
[   82.820356][ T8085] loop0: detected capacity change from 0 to 512
[   82.826495][ T7626] veth1_vlan: entered promiscuous mode
[   82.833288][ T8085] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   82.861904][ T7626] veth0_macvtap: entered promiscuous mode
[   82.868715][ T8088] loop1: detected capacity change from 0 to 512
[   82.876452][ T8088] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   82.890026][ T8088] EXT4-fs (loop1): 1 truncate cleaned up
[   82.896720][ T8088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.910588][ T8085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.925477][ T8095] netlink: 'syz.4.824': attribute type 3 has an invalid length.
[   82.937617][ T7626] veth1_macvtap: entered promiscuous mode
[   82.952492][ T8085] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.959989][ T7626] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.988394][ T7626] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.988986][ T8085] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.822: corrupted xattr block 19: overlapping e_value 
[   83.005409][ T7626] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.018101][ T7626] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.027320][ T7626] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.036275][ T7626] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.049620][ T8085] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   83.065549][ T8085] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.822: corrupted xattr block 19: overlapping e_value 
[   83.082245][ T8085] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   83.098203][ T8101] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.822: corrupted xattr block 19: overlapping e_value 
[   83.100497][ T8085] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.822: corrupted xattr block 19: overlapping e_value 
[   83.118429][ T8099] loop4: detected capacity change from 0 to 512
[   83.127496][ T8101] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   83.141555][ T8101] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.822: corrupted xattr block 19: overlapping e_value 
[   83.143738][ T8099] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   83.156883][ T8101] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.822: corrupted xattr block 19: overlapping e_value 
[   83.181362][ T8099] EXT4-fs (loop4): 1 truncate cleaned up
[   83.187608][ T8099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.201205][ T8101] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   83.234550][ T8107] loop7: detected capacity change from 0 to 1024
[   83.234981][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.245974][ T8107] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.342514][ T8121] netlink: 'syz.7.800': attribute type 298 has an invalid length.
[   83.396798][ T7626] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.412895][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.433888][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.627848][ T8150] loop0: detected capacity change from 0 to 2048
[   83.654387][ T8150] EXT4-fs (loop0): failed to initialize system zone (-117)
[   83.662138][ T8150] EXT4-fs (loop0): mount failed
[   83.739377][ T8162] loop4: detected capacity change from 0 to 512
[   83.751000][ T8162] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   83.776135][ T8162] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.790356][ T8162] ext4 filesystem being mounted at /200/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.803781][ T8162] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.837: corrupted xattr block 19: overlapping e_value 
[   83.804351][ T8174] SELinux:  Context system_u:object_r:hald_mac_exec_t:s0 is not valid (left unmapped).
[   83.819489][ T8162] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   83.827820][   T29] kauditd_printk_skb: 88 callbacks suppressed
[   83.827839][   T29] audit: type=1400 audit(1751781215.277:5553): avc:  denied  { relabelto } for  pid=8165 comm="syz.0.838" name="file0" dev="tmpfs" ino=891 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hald_mac_exec_t:s0"
[   83.836619][ T8162] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.837: corrupted xattr block 19: overlapping e_value 
[   83.842363][   T29] audit: type=1400 audit(1751781215.277:5554): avc:  denied  { associate } for  pid=8165 comm="syz.0.838" name="file0" dev="tmpfs" ino=891 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_mac_exec_t:s0"
[   83.914455][ T8175] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.837: corrupted xattr block 19: overlapping e_value 
[   83.920174][ T8162] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   83.928498][ T8175] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   83.949147][ T8174] loop0: detected capacity change from 0 to 512
[   83.951238][ T8162] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.837: corrupted xattr block 19: overlapping e_value 
[   83.957360][ T8174] ext3: Bad value for 'max_batch_time'
[   83.969810][   T29] audit: type=1400 audit(1751781215.407:5555): avc:  denied  { mounton } for  pid=8165 comm="syz.0.838" path="/161/file0" dev="tmpfs" ino=891 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hald_mac_exec_t:s0"
[   84.012064][ T8175] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.837: corrupted xattr block 19: overlapping e_value 
[   84.042721][ T8175] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.837: corrupted xattr block 19: overlapping e_value 
[   84.075823][   T29] audit: type=1400 audit(1751781215.507:5556): avc:  denied  { rmdir } for  pid=3309 comm="syz-executor" name="file0" dev="tmpfs" ino=891 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hald_mac_exec_t:s0"
[   84.116278][ T8182] loop0: detected capacity change from 0 to 512
[   84.123647][ T8182] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   84.137956][ T8182] EXT4-fs (loop0): 1 truncate cleaned up
[   84.148012][ T8175] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   84.148578][ T8182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.174452][   T29] audit: type=1326 audit(1751781215.617:5557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8181 comm="syz.0.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   84.207119][   T29] audit: type=1326 audit(1751781215.647:5558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8181 comm="syz.0.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   84.230803][   T29] audit: type=1326 audit(1751781215.647:5559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8181 comm="syz.0.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   84.254240][   T29] audit: type=1326 audit(1751781215.647:5560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8181 comm="syz.0.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   84.277671][   T29] audit: type=1326 audit(1751781215.647:5561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8181 comm="syz.0.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   84.301132][   T29] audit: type=1326 audit(1751781215.647:5562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8181 comm="syz.0.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   84.370780][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.395543][ T8195] loop0: detected capacity change from 0 to 512
[   84.402850][ T8195] EXT4-fs: Ignoring removed orlov option
[   84.409499][ T8195] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.419686][ T8195] EXT4-fs (loop0): orphan cleanup on readonly fs
[   84.427163][ T8195] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.841: bg 0: block 248: padding at end of block bitmap is not set
[   84.445908][ T8195] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.841: Failed to acquire dquot type 1
[   84.466792][ T8195] EXT4-fs (loop0): 1 truncate cleaned up
[   84.473546][ T8195] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   84.490973][ T8199] loop7: detected capacity change from 0 to 2048
[   84.502070][ T8195] EXT4-fs: Ignoring removed orlov option
[   84.509503][ T8195] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.518959][ T8195] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   84.525789][ T8199] EXT4-fs (loop7): failed to initialize system zone (-117)
[   84.535923][ T8199] EXT4-fs (loop7): mount failed
[   84.573144][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.586696][ T8195] EXT4-fs error (device loop0): __ext4_remount:6736: comm syz.0.841: Abort forced by user
[   84.614114][ T8195] EXT4-fs (loop0): Remounting filesystem read-only
[   84.620706][ T8195] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   84.640986][ T8195] ext4 filesystem being remounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   84.710370][ T8217] loop4: detected capacity change from 0 to 164
[   84.726498][ T8129] lo speed is unknown, defaulting to 1000
[   84.736817][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.747695][ T8217] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   84.779539][ T8217] netlink: 28 bytes leftover after parsing attributes in process `syz.4.847'.
[   84.792528][ T8230] loop0: detected capacity change from 0 to 512
[   84.807508][ T8230] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.830651][ T8238] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   84.840828][ T8230] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.890778][ T8230] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.849: corrupted xattr block 19: overlapping e_value 
[   84.937714][ T8230] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   84.955498][ T8230] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.849: corrupted xattr block 19: overlapping e_value 
[   84.995005][ T8257] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.849: corrupted xattr block 19: overlapping e_value 
[   85.005177][ T8261] loop7: detected capacity change from 0 to 128
[   85.008955][ T8230] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   85.024419][ T8230] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.849: corrupted xattr block 19: overlapping e_value 
[   85.046182][ T8257] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   85.061400][ T8261] ext4 filesystem being mounted at /8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   85.064645][ T8257] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.849: corrupted xattr block 19: overlapping e_value 
[   85.097929][ T8268] random: crng reseeded on system resumption
[   85.128431][ T8257] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.849: corrupted xattr block 19: overlapping e_value 
[   85.142399][ T8257] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   85.187827][ T8261] EXT4-fs error (device loop7): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.7.854: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   85.227524][ T8274] loop4: detected capacity change from 0 to 2048
[   85.274559][ T8274] EXT4-fs (loop4): failed to initialize system zone (-117)
[   85.295813][ T8274] EXT4-fs (loop4): mount failed
[   85.324210][ T8291] loop6: detected capacity change from 0 to 512
[   85.342909][ T8291] EXT4-fs: Ignoring removed orlov option
[   85.348961][ T8298] netlink: 256 bytes leftover after parsing attributes in process `syz.0.861'.
[   85.358280][ T8291] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.377480][ T8291] EXT4-fs (loop6): orphan cleanup on readonly fs
[   85.399014][ T8291] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.860: bg 0: block 248: padding at end of block bitmap is not set
[   85.503617][ T8291] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.860: Failed to acquire dquot type 1
[   85.546096][ T8291] EXT4-fs (loop6): 1 truncate cleaned up
[   85.573211][ T8291] EXT4-fs: Ignoring removed orlov option
[   85.588066][ T8291] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.609110][ T8291] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[   85.643678][ T8316] loop4: detected capacity change from 0 to 2048
[   85.651734][ T8291] EXT4-fs error (device loop6): __ext4_remount:6736: comm syz.6.860: Abort forced by user
[   85.664496][ T8291] EXT4-fs (loop6): Remounting filesystem read-only
[   85.671062][ T8291] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   85.688852][ T8320] 9pnet_fd: Insufficient options for proto=fd
[   85.698214][ T8316] EXT4-fs (loop4): failed to initialize system zone (-117)
[   85.699405][ T8291] ext4 filesystem being remounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   85.707273][ T8320] loop0: detected capacity change from 0 to 512
[   85.723607][ T8316] EXT4-fs (loop4): mount failed
[   85.747272][ T8320] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   85.756703][ T8320] EXT4-fs (loop0): orphan cleanup on readonly fs
[   85.790432][ T8320] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #16: comm syz.0.868: corrupted inode contents
[   85.803594][ T8320] EXT4-fs (loop0): Remounting filesystem read-only
[   85.804304][ T8333] netlink: 'syz.6.869': attribute type 10 has an invalid length.
[   85.812138][ T8320] EXT4-fs (loop0): 1 truncate cleaned up
[   85.817909][ T8333] netlink: 40 bytes leftover after parsing attributes in process `syz.6.869'.
[   85.832844][  T316] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   85.843582][  T316] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   85.867668][  T316] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   85.899887][ T8337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.872'.
[   85.919156][ T8337] netlink: 312 bytes leftover after parsing attributes in process `syz.4.872'.
[   85.961906][ T8345] loop0: detected capacity change from 0 to 2048
[   85.968963][ T8347] netlink: 'syz.7.875': attribute type 13 has an invalid length.
[   85.976815][ T8347] netlink: 4 bytes leftover after parsing attributes in process `syz.7.875'.
[   85.991227][ T8337] 9pnet_fd: Insufficient options for proto=fd
[   86.018364][ T8345] EXT4-fs (loop0): failed to initialize system zone (-117)
[   86.030571][ T8345] EXT4-fs (loop0): mount failed
[   86.035872][ T8356] loop4: detected capacity change from 0 to 1024
[   86.047229][ T8356] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.877: Failed to acquire dquot type 0
[   86.070290][ T8356] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   86.085730][ T8356] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.877: corrupted inode contents
[   86.093081][ T8367] random: crng reseeded on system resumption
[   86.098449][ T8356] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #13: comm syz.4.877: mark_inode_dirty error
[   86.116337][ T8356] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.877: corrupted inode contents
[   86.129881][ T8356] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.877: mark_inode_dirty error
[   86.141564][ T8356] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.877: corrupted inode contents
[   86.146394][ T8370] random: crng reseeded on system resumption
[   86.155353][ T8356] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[   86.175147][ T8356] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.877: corrupted inode contents
[   86.187426][ T8356] EXT4-fs error (device loop4): ext4_truncate:4597: inode #13: comm syz.4.877: mark_inode_dirty error
[   86.199988][ T8356] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[   86.217636][ T8372] loop7: detected capacity change from 0 to 512
[   86.226940][ T8372] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   86.236577][ T8356] EXT4-fs (loop4): 1 truncate cleaned up
[   86.244662][ T8356] FAULT_INJECTION: forcing a failure.
[   86.244662][ T8356] name failslab, interval 1, probability 0, space 0, times 0
[   86.250564][ T8377] loop0: detected capacity change from 0 to 2048
[   86.257373][ T8356] CPU: 1 UID: 0 PID: 8356 Comm: syz.4.877 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   86.257440][ T8356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   86.257456][ T8356] Call Trace:
[   86.257466][ T8356]  <TASK>
[   86.257477][ T8356]  __dump_stack+0x1d/0x30
[   86.257548][ T8356]  dump_stack_lvl+0xe8/0x140
[   86.257576][ T8356]  dump_stack+0x15/0x1b
[   86.257734][ T8356]  should_fail_ex+0x265/0x280
[   86.257778][ T8356]  ? alloc_pipe_info+0xae/0x350
[   86.257804][ T8356]  should_failslab+0x8c/0xb0
[   86.257838][ T8356]  __kmalloc_cache_noprof+0x4c/0x320
[   86.257997][ T8356]  alloc_pipe_info+0xae/0x350
[   86.258025][ T8356]  splice_direct_to_actor+0x592/0x680
[   86.258066][ T8356]  ? kstrtouint_from_user+0x9f/0xf0
[   86.258136][ T8356]  ? __pfx_direct_splice_actor+0x10/0x10
[   86.258179][ T8356]  ? __rcu_read_unlock+0x4f/0x70
[   86.258210][ T8356]  ? get_pid_task+0x96/0xd0
[   86.258237][ T8356]  ? avc_policy_seqno+0x15/0x30
[   86.258291][ T8356]  ? selinux_file_permission+0x1e4/0x320
[   86.258326][ T8356]  do_splice_direct+0xda/0x150
[   86.258406][ T8356]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   86.258455][ T8356]  do_sendfile+0x380/0x650
[   86.258494][ T8356]  __x64_sys_sendfile64+0xb8/0x150
[   86.258528][ T8356]  x64_sys_call+0xb39/0x2fb0
[   86.258573][ T8356]  do_syscall_64+0xd2/0x200
[   86.258606][ T8356]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   86.258710][ T8356]  ? clear_bhb_loop+0x40/0x90
[   86.258734][ T8356]  ? clear_bhb_loop+0x40/0x90
[   86.258755][ T8356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.258833][ T8356] RIP: 0033:0x7fc4ce21e929
[   86.258848][ T8356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.258866][ T8356] RSP: 002b:00007fc4cc887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   86.258938][ T8356] RAX: ffffffffffffffda RBX: 00007fc4ce445fa0 RCX: 00007fc4ce21e929
[   86.258956][ T8356] RDX: 0000200000000000 RSI: 0000000000000006 RDI: 0000000000000006
[   86.258973][ T8356] RBP: 00007fc4cc887090 R08: 0000000000000000 R09: 0000000000000000
[   86.259060][ T8356] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[   86.259077][ T8356] R13: 0000000000000000 R14: 00007fc4ce445fa0 R15: 00007fffa35d9338
[   86.259104][ T8356]  </TASK>
[   86.309802][ T8372] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.326435][ T8377] EXT4-fs (loop0): failed to initialize system zone (-117)
[   86.336678][ T8372] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.880: corrupted xattr block 19: overlapping e_value 
[   86.341101][ T8377] EXT4-fs (loop0): mount failed
[   86.362647][ T8372] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[   86.540310][ T8372] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.880: corrupted xattr block 19: overlapping e_value 
[   86.554292][ T8390] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.880: corrupted xattr block 19: overlapping e_value 
[   86.569276][ T8390] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[   86.569339][ T8372] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[   86.589784][ T8372] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.880: corrupted xattr block 19: overlapping e_value 
[   86.590195][ T8397] netlink: 180 bytes leftover after parsing attributes in process `syz.0.887'.
[   86.613498][ T8390] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.880: corrupted xattr block 19: overlapping e_value 
[   86.643721][ T8390] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.880: corrupted xattr block 19: overlapping e_value 
[   86.659047][ T8390] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[   86.707080][ T8400] loop6: detected capacity change from 0 to 8192
[   86.724472][ T8397] lo speed is unknown, defaulting to 1000
[   86.751540][ T8400]  loop6: p1 p2 p4
[   86.755555][ T8400] loop6: p1 size 65536 extends beyond EOD, truncated
[   86.764409][ T8400] loop6: p2 start 861536256 is beyond EOD, truncated
[   86.771288][ T8400] loop6: p4 size 65536 extends beyond EOD, truncated
[   86.780149][ T8415] loop7: detected capacity change from 0 to 2048
[   86.828309][ T8415] EXT4-fs (loop7): failed to initialize system zone (-117)
[   86.882150][ T8415] EXT4-fs (loop7): mount failed
[   86.910591][ T8450] loop4: detected capacity change from 0 to 8192
[   86.951817][ T8458] loop6: detected capacity change from 0 to 2048
[   86.959454][ T8460] netlink: 'syz.0.898': attribute type 10 has an invalid length.
[   86.967347][ T8460] netlink: 40 bytes leftover after parsing attributes in process `syz.0.898'.
[   86.977529][ T8450]  loop4: p3 p4 < >
[   86.980658][ T8462] loop7: detected capacity change from 0 to 164
[   86.981500][ T8450] loop4: p3 size 2051506176 extends beyond EOD, truncated
[   86.997838][ T8460] team0: Port device dummy0 removed
[   86.998999][ T8462] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   87.003380][ T8460] bridge0: port 3(dummy0) entered blocking state
[   87.017880][ T8460] bridge0: port 3(dummy0) entered disabled state
[   87.028050][ T8447] program syz.1.895 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   87.040168][ T8458] EXT4-fs (loop6): failed to initialize system zone (-117)
[   87.055826][ T8458] EXT4-fs (loop6): mount failed
[   87.061426][ T8460] dummy0: entered allmulticast mode
[   87.079210][ T8462] netlink: 28 bytes leftover after parsing attributes in process `syz.7.899'.
[   87.090349][ T8462] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   87.143025][ T8487] FAULT_INJECTION: forcing a failure.
[   87.143025][ T8487] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.156180][ T8487] CPU: 1 UID: 0 PID: 8487 Comm: syz.4.903 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   87.156221][ T8487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.156237][ T8487] Call Trace:
[   87.156244][ T8487]  <TASK>
[   87.156254][ T8487]  __dump_stack+0x1d/0x30
[   87.156354][ T8487]  dump_stack_lvl+0xe8/0x140
[   87.156408][ T8487]  dump_stack+0x15/0x1b
[   87.156424][ T8487]  should_fail_ex+0x265/0x280
[   87.156531][ T8487]  should_fail+0xb/0x20
[   87.156566][ T8487]  should_fail_usercopy+0x1a/0x20
[   87.156604][ T8487]  _copy_from_user+0x1c/0xb0
[   87.156628][ T8487]  __x64_sys_signalfd+0x7f/0xf0
[   87.156674][ T8487]  x64_sys_call+0xeea/0x2fb0
[   87.156702][ T8487]  do_syscall_64+0xd2/0x200
[   87.156725][ T8487]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   87.156757][ T8487]  ? clear_bhb_loop+0x40/0x90
[   87.156834][ T8487]  ? clear_bhb_loop+0x40/0x90
[   87.156950][ T8487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.157016][ T8487] RIP: 0033:0x7fc4ce21e929
[   87.157035][ T8487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.157059][ T8487] RSP: 002b:00007fc4cc887038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a
[   87.157081][ T8487] RAX: ffffffffffffffda RBX: 00007fc4ce445fa0 RCX: 00007fc4ce21e929
[   87.157093][ T8487] RDX: 0000000000000008 RSI: 0000200000000280 RDI: ffffffffffffffff
[   87.157134][ T8487] RBP: 00007fc4cc887090 R08: 0000000000000000 R09: 0000000000000000
[   87.157149][ T8487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.157163][ T8487] R13: 0000000000000000 R14: 00007fc4ce445fa0 R15: 00007fffa35d9338
[   87.157188][ T8487]  </TASK>
[   87.348069][ T8494] pimreg: entered allmulticast mode
[   87.354476][ T8494] pimreg: left allmulticast mode
[   87.425914][ T8508] loop7: detected capacity change from 0 to 512
[   87.432599][ T8506] loop4: detected capacity change from 0 to 2048
[   87.433433][ T8508] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[   87.450622][ T8508] EXT4-fs (loop7): 1 truncate cleaned up
[   87.458668][ T8506] EXT4-fs (loop4): failed to initialize system zone (-117)
[   87.470859][ T8506] EXT4-fs (loop4): mount failed
[   87.505272][ T8520] loop4: detected capacity change from 0 to 164
[   87.512716][ T8520] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   87.538280][ T8520] netlink: 28 bytes leftover after parsing attributes in process `syz.4.913'.
[   87.548402][ T8520] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   87.613812][ T8531] loop4: detected capacity change from 0 to 512
[   87.622846][ T8531] EXT4-fs: Ignoring removed orlov option
[   87.629330][ T8531] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   87.640406][ T8531] EXT4-fs (loop4): orphan cleanup on readonly fs
[   87.647823][ T8531] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.916: bg 0: block 248: padding at end of block bitmap is not set
[   87.666709][ T8531] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.916: Failed to acquire dquot type 1
[   87.680107][ T8531] EXT4-fs (loop4): 1 truncate cleaned up
[   87.688491][ T8531] EXT4-fs: Ignoring removed orlov option
[   87.695669][ T8531] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   87.705284][ T8531] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   87.724945][ T8531] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.916: Abort forced by user
[   87.736378][ T8531] EXT4-fs (loop4): Remounting filesystem read-only
[   87.743110][ T8531] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   87.751873][ T8531] ext4 filesystem being remounted at /224/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   87.766232][ T8538] loop1: detected capacity change from 0 to 164
[   87.778774][ T8538] syz.1.917: attempt to access beyond end of device
[   87.778774][ T8538] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   87.798727][ T8538] syz.1.917: attempt to access beyond end of device
[   87.798727][ T8538] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   87.828049][ T8545] Invalid ELF header magic: != ELF
[   87.856830][ T8547] blktrace: Concurrent blktraces are not allowed on sg0
[   87.929902][ T8561] program syz.1.926 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   87.963137][ T8565] FAULT_INJECTION: forcing a failure.
[   87.963137][ T8565] name failslab, interval 1, probability 0, space 0, times 0
[   87.976080][ T8565] CPU: 0 UID: 0 PID: 8565 Comm: syz.4.928 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   87.976112][ T8565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.976127][ T8565] Call Trace:
[   87.976144][ T8565]  <TASK>
[   87.976151][ T8565]  __dump_stack+0x1d/0x30
[   87.976173][ T8565]  dump_stack_lvl+0xe8/0x140
[   87.976192][ T8565]  dump_stack+0x15/0x1b
[   87.976208][ T8565]  should_fail_ex+0x265/0x280
[   87.976306][ T8565]  should_failslab+0x8c/0xb0
[   87.976330][ T8565]  __kmalloc_noprof+0xa5/0x3e0
[   87.976410][ T8565]  ? parse_usbdevfs_streams+0x11c/0x610
[   87.976436][ T8565]  parse_usbdevfs_streams+0x11c/0x610
[   87.976473][ T8565]  ? ioctl_has_perm+0x257/0x2a0
[   87.976500][ T8565]  proc_free_streams+0x55/0xe0
[   87.976519][ T8565]  usbdev_ioctl+0x1012/0x1710
[   87.976616][ T8565]  ? __pfx_usbdev_ioctl+0x10/0x10
[   87.976645][ T8565]  __se_sys_ioctl+0xce/0x140
[   87.976675][ T8565]  __x64_sys_ioctl+0x43/0x50
[   87.976742][ T8565]  x64_sys_call+0x19a8/0x2fb0
[   87.976763][ T8565]  do_syscall_64+0xd2/0x200
[   87.976782][ T8565]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   87.976808][ T8565]  ? clear_bhb_loop+0x40/0x90
[   87.976899][ T8565]  ? clear_bhb_loop+0x40/0x90
[   87.976921][ T8565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.976978][ T8565] RIP: 0033:0x7fc4ce21e929
[   87.976992][ T8565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.977010][ T8565] RSP: 002b:00007fc4cc887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.977028][ T8565] RAX: ffffffffffffffda RBX: 00007fc4ce445fa0 RCX: 00007fc4ce21e929
[   87.977082][ T8565] RDX: 0000200000000140 RSI: 000000008008551d RDI: 0000000000000003
[   87.977093][ T8565] RBP: 00007fc4cc887090 R08: 0000000000000000 R09: 0000000000000000
[   87.977184][ T8565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.977196][ T8565] R13: 0000000000000000 R14: 00007fc4ce445fa0 R15: 00007fffa35d9338
[   87.977215][ T8565]  </TASK>
[   88.200716][ T8568] netlink: 'syz.4.929': attribute type 10 has an invalid length.
[   88.254398][ T8576] loop6: detected capacity change from 0 to 128
[   88.263263][ T8576] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   88.299688][ T8576] EXT4-fs error (device loop6): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.6.932: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   88.319447][ T8580] loop0: detected capacity change from 0 to 512
[   88.327202][ T8580] journal_path: Lookup failure for './file0/../file0'
[   88.334203][ T8580] EXT4-fs: error: could not find journal device path
[   88.375015][ T8593] loop7: detected capacity change from 0 to 1764
[   88.411299][ T8593] loop7: detected capacity change from 0 to 128
[   88.418829][ T8593] EXT4-fs: Ignoring removed nobh option
[   88.426651][ T8593] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   88.508742][ T8618] FAULT_INJECTION: forcing a failure.
[   88.508742][ T8618] name failslab, interval 1, probability 0, space 0, times 0
[   88.521525][ T8618] CPU: 1 UID: 0 PID: 8618 Comm: syz.6.940 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   88.521561][ T8618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.521576][ T8618] Call Trace:
[   88.521582][ T8618]  <TASK>
[   88.521588][ T8618]  __dump_stack+0x1d/0x30
[   88.521751][ T8618]  dump_stack_lvl+0xe8/0x140
[   88.521776][ T8618]  dump_stack+0x15/0x1b
[   88.521798][ T8618]  should_fail_ex+0x265/0x280
[   88.521870][ T8618]  should_failslab+0x8c/0xb0
[   88.521894][ T8618]  kmem_cache_alloc_noprof+0x50/0x310
[   88.521928][ T8618]  ? fcntl_setlease+0x82/0x300
[   88.522027][ T8618]  fcntl_setlease+0x82/0x300
[   88.522065][ T8618]  ? __rcu_read_unlock+0x4f/0x70
[   88.522169][ T8618]  do_fcntl+0x524/0xdf0
[   88.522212][ T8618]  ? selinux_file_fcntl+0x1b4/0x1e0
[   88.522241][ T8618]  __se_sys_fcntl+0xb1/0x120
[   88.522266][ T8618]  __x64_sys_fcntl+0x43/0x50
[   88.522290][ T8618]  x64_sys_call+0x1f1d/0x2fb0
[   88.522391][ T8618]  do_syscall_64+0xd2/0x200
[   88.522410][ T8618]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   88.522435][ T8618]  ? clear_bhb_loop+0x40/0x90
[   88.522513][ T8618]  ? clear_bhb_loop+0x40/0x90
[   88.522542][ T8618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.522570][ T8618] RIP: 0033:0x7f2e2eace929
[   88.522590][ T8618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.522668][ T8618] RSP: 002b:00007f2e2d137038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[   88.522692][ T8618] RAX: ffffffffffffffda RBX: 00007f2e2ecf5fa0 RCX: 00007f2e2eace929
[   88.522707][ T8618] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000003
[   88.522722][ T8618] RBP: 00007f2e2d137090 R08: 0000000000000000 R09: 0000000000000000
[   88.522832][ T8618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.522848][ T8618] R13: 0000000000000000 R14: 00007f2e2ecf5fa0 R15: 00007ffe0bb36768
[   88.522872][ T8618]  </TASK>
[   88.825924][ T8626] loop0: detected capacity change from 0 to 2048
[   88.849384][   T29] kauditd_printk_skb: 350 callbacks suppressed
[   88.849404][   T29] audit: type=1400 audit(1751781220.287:5897): avc:  denied  { append } for  pid=8622 comm="syz.6.941" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   88.895022][   T29] audit: type=1400 audit(1751781220.337:5898): avc:  denied  { bind } for  pid=8625 comm="syz.0.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   88.898356][ T8632] loop1: detected capacity change from 0 to 164
[   88.955689][ T8632] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   88.966344][   T29] audit: type=1400 audit(1751781220.407:5899): avc:  denied  { connect } for  pid=8625 comm="syz.0.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   88.986003][   T29] audit: type=1400 audit(1751781220.407:5900): avc:  denied  { read } for  pid=8625 comm="syz.0.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   89.055203][ T8632] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   89.121136][ T8649] loop1: detected capacity change from 0 to 128
[   89.139951][ T8641] loop4: detected capacity change from 0 to 164
[   89.150036][ T8641] syz.4.944: attempt to access beyond end of device
[   89.150036][ T8641] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   89.166928][ T8641] syz.4.944: attempt to access beyond end of device
[   89.166928][ T8641] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[   89.213498][ T8649] ext4 filesystem being mounted at /224/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   89.248695][ T8649] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.1.946: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   89.424513][ T8673] loop1: detected capacity change from 0 to 512
[   89.433211][ T8673] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   89.457473][ T8673] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.474611][ T8673] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.951: corrupted xattr block 19: overlapping e_value 
[   89.492800][ T8697] loop4: detected capacity change from 0 to 164
[   89.499299][ T8673] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   89.509601][ T8673] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.951: corrupted xattr block 19: overlapping e_value 
[   89.529502][ T8673] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   89.536136][ T8703] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.951: corrupted xattr block 19: overlapping e_value 
[   89.538956][ T8673] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.951: corrupted xattr block 19: overlapping e_value 
[   89.565662][ T8702] netlink: 'syz.7.954': attribute type 10 has an invalid length.
[   89.565693][ T8702] dummy0: entered promiscuous mode
[   89.566473][ T8702] bridge0: port 3(dummy0) entered blocking state
[   89.585181][ T8702] bridge0: port 3(dummy0) entered disabled state
[   89.593093][ T8702] dummy0: entered allmulticast mode
[   89.598709][ T8703] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   89.604000][ T8697] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   89.608826][ T8702] bridge0: port 3(dummy0) entered blocking state
[   89.620558][ T8703] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.951: corrupted xattr block 19: overlapping e_value 
[   89.622281][ T8702] bridge0: port 3(dummy0) entered forwarding state
[   89.638219][ T8703] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.951: corrupted xattr block 19: overlapping e_value 
[   89.658300][ T8703] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   89.659048][ T8697] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   89.701883][ T8712] loop0: detected capacity change from 0 to 512
[   89.705848][   T29] audit: type=1400 audit(1751781221.137:5901): avc:  denied  { setopt } for  pid=8713 comm="syz.4.957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   89.710269][ T8712] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   89.739947][ T8712] EXT4-fs (loop0): 1 truncate cleaned up
[   89.753290][   T29] audit: type=1326 audit(1751781221.187:5902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8711 comm="syz.0.958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   89.780652][   T29] audit: type=1326 audit(1751781221.217:5903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8711 comm="syz.0.958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   89.804074][   T29] audit: type=1326 audit(1751781221.217:5904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8711 comm="syz.0.958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   89.827479][   T29] audit: type=1326 audit(1751781221.217:5905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8711 comm="syz.0.958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   89.833024][ T8720] loop6: detected capacity change from 0 to 128
[   89.850837][   T29] audit: type=1326 audit(1751781221.217:5906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8711 comm="syz.0.958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f017095e929 code=0x7ffc0000
[   89.886516][ T8720] ext4 filesystem being mounted at /62/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   89.928964][ T8720] EXT4-fs error (device loop6): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.6.961: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[   89.961524][ T8727] loop4: detected capacity change from 0 to 2048
[   89.986092][ T8727] EXT4-fs (loop4): failed to initialize system zone (-117)
[   89.993720][ T8727] EXT4-fs (loop4): mount failed
[   90.034627][ T8742] FAULT_INJECTION: forcing a failure.
[   90.034627][ T8742] name failslab, interval 1, probability 0, space 0, times 0
[   90.047412][ T8742] CPU: 1 UID: 0 PID: 8742 Comm: syz.6.965 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   90.047442][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   90.047456][ T8742] Call Trace:
[   90.047464][ T8742]  <TASK>
[   90.047473][ T8742]  __dump_stack+0x1d/0x30
[   90.047551][ T8742]  dump_stack_lvl+0xe8/0x140
[   90.047576][ T8742]  dump_stack+0x15/0x1b
[   90.047613][ T8742]  should_fail_ex+0x265/0x280
[   90.047647][ T8742]  should_failslab+0x8c/0xb0
[   90.047673][ T8742]  kmem_cache_alloc_node_noprof+0x57/0x320
[   90.047705][ T8742]  ? __alloc_skb+0x101/0x320
[   90.047819][ T8742]  __alloc_skb+0x101/0x320
[   90.047862][ T8742]  netlink_alloc_large_skb+0xba/0xf0
[   90.047922][ T8742]  netlink_sendmsg+0x3cf/0x6b0
[   90.047943][ T8742]  ? __pfx_netlink_sendmsg+0x10/0x10
[   90.047962][ T8742]  __sock_sendmsg+0x142/0x180
[   90.047992][ T8742]  ____sys_sendmsg+0x31e/0x4e0
[   90.048113][ T8742]  ___sys_sendmsg+0x17b/0x1d0
[   90.048165][ T8742]  __x64_sys_sendmsg+0xd4/0x160
[   90.048187][ T8742]  x64_sys_call+0x2999/0x2fb0
[   90.048268][ T8742]  do_syscall_64+0xd2/0x200
[   90.048289][ T8742]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   90.048318][ T8742]  ? clear_bhb_loop+0x40/0x90
[   90.048377][ T8742]  ? clear_bhb_loop+0x40/0x90
[   90.048404][ T8742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.048429][ T8742] RIP: 0033:0x7f2e2eace929
[   90.048447][ T8742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.048464][ T8742] RSP: 002b:00007f2e2d137038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   90.048550][ T8742] RAX: ffffffffffffffda RBX: 00007f2e2ecf5fa0 RCX: 00007f2e2eace929
[   90.048564][ T8742] RDX: 0000000000000880 RSI: 0000200000001ac0 RDI: 0000000000000003
[   90.048578][ T8742] RBP: 00007f2e2d137090 R08: 0000000000000000 R09: 0000000000000000
[   90.048590][ T8742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.048602][ T8742] R13: 0000000000000000 R14: 00007f2e2ecf5fa0 R15: 00007ffe0bb36768
[   90.048672][ T8742]  </TASK>
[   90.283714][ T8736] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.291544][ T8736] tipc: Disabling bearer <eth:syzkaller0>
[   90.308964][ T8756] loop1: detected capacity change from 0 to 164
[   90.316811][ T8756] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   90.326629][ T8756] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   90.358107][ T8762] loop1: detected capacity change from 0 to 164
[   90.368488][ T8762] syz.1.969: attempt to access beyond end of device
[   90.368488][ T8762] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   90.393351][ T8762] syz.1.969: attempt to access beyond end of device
[   90.393351][ T8762] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   90.449468][ T8772] loop7: detected capacity change from 0 to 2048
[   90.462223][ T8776] loop0: detected capacity change from 0 to 164
[   90.471862][ T8776] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   90.483819][ T8783] loop4: detected capacity change from 0 to 512
[   90.490914][ T8772] EXT4-fs (loop7): failed to initialize system zone (-117)
[   90.493425][ T8776] __nla_validate_parse: 7 callbacks suppressed
[   90.493444][ T8776] netlink: 28 bytes leftover after parsing attributes in process `syz.0.974'.
[   90.513761][ T8783] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   90.518737][ T8772] EXT4-fs (loop7): mount failed
[   90.527279][ T8776] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   90.533881][ T8785] FAULT_INJECTION: forcing a failure.
[   90.533881][ T8785] name failslab, interval 1, probability 0, space 0, times 0
[   90.549495][ T8785] CPU: 1 UID: 0 PID: 8785 Comm: syz.1.976 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   90.549585][ T8785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   90.549597][ T8785] Call Trace:
[   90.549603][ T8785]  <TASK>
[   90.549610][ T8785]  __dump_stack+0x1d/0x30
[   90.549634][ T8785]  dump_stack_lvl+0xe8/0x140
[   90.549721][ T8785]  dump_stack+0x15/0x1b
[   90.549742][ T8785]  should_fail_ex+0x265/0x280
[   90.549773][ T8785]  should_failslab+0x8c/0xb0
[   90.549801][ T8785]  kmem_cache_alloc_node_noprof+0x57/0x320
[   90.549838][ T8785]  ? __alloc_skb+0x101/0x320
[   90.549876][ T8785]  __alloc_skb+0x101/0x320
[   90.549941][ T8785]  alloc_skb_with_frags+0x7d/0x470
[   90.549985][ T8785]  ? xas_load+0x413/0x430
[   90.550058][ T8785]  ? __rcu_read_unlock+0x4f/0x70
[   90.550096][ T8785]  tcp_send_rcvq+0xef/0x2b0
[   90.550125][ T8785]  tcp_sendmsg_locked+0x28ad/0x2cc0
[   90.550155][ T8785]  ? should_fail_ex+0x30/0x280
[   90.550234][ T8785]  ? __rcu_read_unlock+0x4f/0x70
[   90.550254][ T8785]  ? avc_has_perm_noaudit+0x1b1/0x200
[   90.550304][ T8785]  ? avc_has_perm+0xd3/0x150
[   90.550332][ T8785]  ? selinux_file_open+0x2df/0x330
[   90.550360][ T8785]  tls_push_sg+0x155/0x560
[   90.550391][ T8785]  tls_push_partial_record+0x5a/0x70
[   90.550429][ T8785]  tls_tx_records+0xab/0x350
[   90.550458][ T8785]  tls_sw_release_resources_tx+0xa7/0x310
[   90.550495][ T8785]  tls_sk_proto_close+0x1aa/0x520
[   90.550526][ T8785]  inet_release+0xce/0xf0
[   90.550593][ T8785]  inet6_release+0x3e/0x60
[   90.550614][ T8785]  sock_close+0x6b/0x150
[   90.550642][ T8785]  ? __pfx_sock_close+0x10/0x10
[   90.550671][ T8785]  __fput+0x298/0x650
[   90.550777][ T8785]  ____fput+0x1c/0x30
[   90.550864][ T8785]  task_work_run+0x131/0x1a0
[   90.550918][ T8785]  exit_to_user_mode_loop+0xe4/0x100
[   90.550949][ T8785]  do_syscall_64+0x1d6/0x200
[   90.551006][ T8785]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   90.551037][ T8785]  ? clear_bhb_loop+0x40/0x90
[   90.551058][ T8785]  ? clear_bhb_loop+0x40/0x90
[   90.551079][ T8785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.551158][ T8785] RIP: 0033:0x7f2f06fde929
[   90.551190][ T8785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.551211][ T8785] RSP: 002b:00007f2f05647038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   90.551230][ T8785] RAX: 0000000000000000 RBX: 00007f2f07205fa0 RCX: 00007f2f06fde929
[   90.551295][ T8785] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[   90.551308][ T8785] RBP: 00007f2f05647090 R08: 0000000000000000 R09: 0000000000000000
[   90.551322][ T8785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.551336][ T8785] R13: 0000000000000000 R14: 00007f2f07205fa0 R15: 00007fffda3283e8
[   90.551359][ T8785]  </TASK>
[   90.839332][ T8783] EXT4-fs (loop4): 1 truncate cleaned up
[   90.851183][ T8797] loop0: detected capacity change from 0 to 512
[   90.860029][ T8797] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   90.879650][ T8801] loop7: detected capacity change from 0 to 1024
[   90.890207][ T8797] ext4 filesystem being mounted at /193/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.901193][ T8806] FAULT_INJECTION: forcing a failure.
[   90.901193][ T8806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   90.905072][ T8797] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.977: corrupted xattr block 19: overlapping e_value 
[   90.914375][ T8806] CPU: 1 UID: 0 PID: 8806 Comm: syz.1.979 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   90.914418][ T8806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   90.914438][ T8806] Call Trace:
[   90.914448][ T8806]  <TASK>
[   90.914457][ T8806]  __dump_stack+0x1d/0x30
[   90.914521][ T8806]  dump_stack_lvl+0xe8/0x140
[   90.914549][ T8806]  dump_stack+0x15/0x1b
[   90.914573][ T8806]  should_fail_ex+0x265/0x280
[   90.914618][ T8806]  should_fail+0xb/0x20
[   90.914706][ T8806]  should_fail_usercopy+0x1a/0x20
[   90.914752][ T8806]  _copy_from_user+0x1c/0xb0
[   90.914781][ T8806]  ucma_write+0xd9/0x250
[   90.914808][ T8806]  ? __pfx_ucma_write+0x10/0x10
[   90.914836][ T8806]  vfs_write+0x269/0x8e0
[   90.914961][ T8806]  ? __rcu_read_unlock+0x4f/0x70
[   90.914991][ T8806]  ? __fget_files+0x184/0x1c0
[   90.915023][ T8806]  ksys_write+0xda/0x1a0
[   90.915115][ T8806]  __x64_sys_write+0x40/0x50
[   90.915161][ T8806]  x64_sys_call+0x2cdd/0x2fb0
[   90.915189][ T8806]  do_syscall_64+0xd2/0x200
[   90.915290][ T8806]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   90.915352][ T8806]  ? clear_bhb_loop+0x40/0x90
[   90.915437][ T8806]  ? clear_bhb_loop+0x40/0x90
[   90.915469][ T8806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.915499][ T8806] RIP: 0033:0x7f2f06fde929
[   90.915522][ T8806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.915548][ T8806] RSP: 002b:00007f2f05647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.915609][ T8806] RAX: ffffffffffffffda RBX: 00007f2f07205fa0 RCX: 00007f2f06fde929
[   90.915627][ T8806] RDX: 0000000000000020 RSI: 0000200000000380 RDI: 0000000000000006
[   90.915643][ T8806] RBP: 00007f2f05647090 R08: 0000000000000000 R09: 0000000000000000
[   90.915660][ T8806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.915677][ T8806] R13: 0000000000000000 R14: 00007f2f07205fa0 R15: 00007fffda3283e8
[   90.915704][ T8806]  </TASK>
[   91.080803][ T8815] netlink: 'syz.7.978': attribute type 298 has an invalid length.
[   91.137223][ T8797] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   91.147519][ T8809] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.977: corrupted xattr block 19: overlapping e_value 
[   91.165996][ T8797] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.977: corrupted xattr block 19: overlapping e_value 
[   91.182506][ T8797] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   91.193771][ T8809] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   91.203437][ T8797] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.977: corrupted xattr block 19: overlapping e_value 
[   91.217884][ T8809] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.977: corrupted xattr block 19: overlapping e_value 
[   91.233301][ T8817] loop6: detected capacity change from 0 to 164
[   91.241584][ T8817] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   91.251849][ T8809] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.977: corrupted xattr block 19: overlapping e_value 
[   91.267158][ T8817] netlink: 28 bytes leftover after parsing attributes in process `syz.6.981'.
[   91.276820][ T8817] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   91.277645][ T8809] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   91.303271][ T8822] netlink: 'syz.4.982': attribute type 10 has an invalid length.
[   91.311134][ T8822] netlink: 40 bytes leftover after parsing attributes in process `syz.4.982'.
[   91.344440][ T8830] loop6: detected capacity change from 0 to 1024
[   91.352401][ T8830] EXT4-fs: Ignoring removed orlov option
[   91.359962][ T8830] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   91.390566][ T8844] random: crng reseeded on system resumption
[   91.415508][ T8846] loop1: detected capacity change from 0 to 512
[   91.424454][ T8850] netlink: 'syz.6.989': attribute type 1 has an invalid length.
[   91.432446][ T8837] netlink: 28 bytes leftover after parsing attributes in process `syz.7.986'.
[   91.433184][ T8846] EXT4-fs: Ignoring removed orlov option
[   91.453526][ T8850] 8021q: adding VLAN 0 to HW filter on device bond1
[   91.463739][ T8888] netlink: 'syz.0.990': attribute type 6 has an invalid length.
[   91.471617][ T8846] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   91.481094][ T8846] EXT4-fs (loop1): orphan cleanup on readonly fs
[   91.488087][ T8846] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.987: bg 0: block 248: padding at end of block bitmap is not set
[   91.502578][ T8850] netlink: 4 bytes leftover after parsing attributes in process `syz.6.989'.
[   91.502785][ T8846] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.987: Failed to acquire dquot type 1
[   91.536707][ T8846] EXT4-fs (loop1): 1 truncate cleaned up
[   91.568994][ T8897] loop0: detected capacity change from 0 to 512
[   91.574415][ T8846] EXT4-fs: Ignoring removed orlov option
[   91.576029][ T8897] EXT4-fs: Ignoring removed orlov option
[   91.587589][ T8846] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   91.596249][ T8897] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   91.601940][ T8900] loop7: detected capacity change from 0 to 164
[   91.606205][ T8846] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   91.620893][ T8897] EXT4-fs (loop0): orphan cleanup on readonly fs
[   91.621117][ T8900] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   91.629191][ T8897] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.993: bg 0: block 248: padding at end of block bitmap is not set
[   91.642408][ T8900] netlink: 28 bytes leftover after parsing attributes in process `syz.7.994'.
[   91.650530][ T8897] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.993: Failed to acquire dquot type 1
[   91.658909][ T8846] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.987: Abort forced by user
[   91.680114][ T8900] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   91.680415][ T8846] EXT4-fs (loop1): Remounting filesystem read-only
[   91.695149][ T8846] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   91.703778][ T8846] ext4 filesystem being remounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   91.721657][ T8897] EXT4-fs (loop0): 1 truncate cleaned up
[   91.743415][ T8897] EXT4-fs: Ignoring removed orlov option
[   91.749353][ T8897] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   91.758352][ T8897] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   91.775128][ T8897] EXT4-fs error (device loop0): __ext4_remount:6736: comm syz.0.993: Abort forced by user
[   91.794641][ T8913] SELinux: syz.7.998 (8913) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   91.795541][ T8919] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8919 comm=syz.6.999
[   91.809326][ T8897] EXT4-fs (loop0): Remounting filesystem read-only
[   91.827409][ T8897] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   91.836057][ T8897] ext4 filesystem being remounted at /198/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   91.952758][ T8938] loop1: detected capacity change from 0 to 164
[   91.957239][ T8940] random: crng reseeded on system resumption
[   91.965276][ T8938] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   91.976104][ T8938] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1006'.
[   91.989508][ T8938] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   92.024806][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.030015][ T8953] loop1: detected capacity change from 0 to 512
[   92.032353][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.039636][ T8953] EXT4-fs: Ignoring removed orlov option
[   92.046208][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.059686][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.061979][ T8953] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.067232][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.067329][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.090608][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.098124][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.100284][ T8953] EXT4-fs (loop1): orphan cleanup on readonly fs
[   92.105575][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.113071][ T8953] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1011: bg 0: block 248: padding at end of block bitmap is not set
[   92.119329][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.119359][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.148698][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.156139][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.167140][ T8953] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1011: Failed to acquire dquot type 1
[   92.188865][ T8953] EXT4-fs (loop1): 1 truncate cleaned up
[   92.202261][ T8953] EXT4-fs: Ignoring removed orlov option
[   92.209174][ T8953] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.210888][ T8961] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[   92.224169][ T8961] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   92.231813][ T8961] vhci_hcd vhci_hcd.0: Device attached
[   92.238065][ T8953] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   92.238154][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.255106][ T8963] vhci_hcd: connection closed
[   92.255183][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.267474][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.274938][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.282413][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.290053][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.297887][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.305184][ T8971] loop0: detected capacity change from 0 to 1024
[   92.305355][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.312152][ T8971] EXT4-fs: Ignoring removed mblk_io_submit option
[   92.319120][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.325703][ T8971] EXT4-fs: dax option not supported
[   92.332932][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.345691][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.353114][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.354335][  T316] vhci_hcd: stop threads
[   92.360550][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.360619][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.364844][  T316] vhci_hcd: release socket
[   92.372211][ T3459] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.379583][  T316] vhci_hcd: disconnect device
[   92.386627][ T8953] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.1011: Abort forced by user
[   92.392614][ T3459] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   92.397585][ T8953] EXT4-fs (loop1): Remounting filesystem read-only
[   92.422502][ T8953] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   92.432712][  T316] ==================================================================
[   92.440841][  T316] BUG: KCSAN: data-race in alloc_pid / copy_process
[   92.447450][  T316] 
[   92.449792][  T316] read-write to 0xffffffff86860860 of 4 bytes by task 292 on cpu 1:
[   92.457785][  T316]  alloc_pid+0x539/0x720
[   92.462039][  T316]  copy_process+0xe0e/0x1fe0
[   92.466645][  T316]  kernel_clone+0x16c/0x5b0
[   92.471173][  T316]  user_mode_thread+0x7d/0xb0
[   92.475869][  T316]  call_usermodehelper_exec_work+0x41/0x160
[   92.481790][  T316]  process_scheduled_works+0x4cb/0x9d0
[   92.487275][  T316]  worker_thread+0x582/0x770
[   92.491887][  T316]  kthread+0x489/0x510
[   92.495975][  T316]  ret_from_fork+0xda/0x150
[   92.500494][  T316]  ret_from_fork_asm+0x1a/0x30
[   92.505274][  T316] 
[   92.507606][  T316] read to 0xffffffff86860860 of 4 bytes by task 316 on cpu 0:
[   92.515067][  T316]  copy_process+0x148f/0x1fe0
[   92.519768][  T316]  kernel_clone+0x16c/0x5b0
[   92.524296][  T316]  user_mode_thread+0x7d/0xb0
[   92.529011][  T316]  call_usermodehelper_exec_work+0x41/0x160
[   92.534933][  T316]  process_scheduled_works+0x4cb/0x9d0
[   92.540415][  T316]  worker_thread+0x582/0x770
[   92.545033][  T316]  kthread+0x489/0x510
[   92.549116][  T316]  ret_from_fork+0xda/0x150
[   92.553639][  T316]  ret_from_fork_asm+0x1a/0x30
[   92.558437][  T316] 
[   92.560776][  T316] value changed: 0x800000f9 -> 0x800000fa
[   92.566515][  T316] 
[   92.568856][  T316] Reported by Kernel Concurrency Sanitizer on:
[   92.575021][  T316] CPU: 0 UID: 0 PID: 316 Comm: kworker/u8:6 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(voluntary) 
[   92.587538][  T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   92.597609][  T316] Workqueue: events_unbound call_usermodehelper_exec_work
[   92.604758][  T316] ==================================================================
[   92.616677][ T8953] ext4 filesystem being remounted at /234/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   92.723742][ T8971] loop0: detected capacity change from 0 to 128
[   92.732097][ T8971] ext4 filesystem being mounted at /204/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)