last executing test programs:

4m55.637888726s ago: executing program 2 (id=106):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO+9RV/BWmwlLdqZpLFtcFEriK4Kat3HmExCyCQTMpO2CUVS/ACCiAquXLkR/ACC9COIUNC9iCiirS5cqCMzudPWOJMETHNx5veD03vOPTPzP6eTOXPPPZe5AXSt4xFxKSJ6IuJ0RAym+3NpivWNVH/c3Ts3puopiVrtyg9JJOm+5msl6fZg+rT+iHj5hYjXkr/GrayuzU+WSsXltFyoLiwVKqtrZ+YWJmeLs8XFsbHR8+MXxs+Nj+xaXy8+9807b374/MVPn7z21cR3p16vN2sgrXuwH7tpo+t9jf+Lpt6IWH4YwTLQk/anL+uGAACwI/Vj/P9ExGON4//B6GkczQEAAACdpPbMQPyaRNQAAACAjpVrXAOb5PLptQADkcvl8xvX8P4vDuRK5Ur1iZnyyuL0xrWyQ9GXm5krFUfSa4WHoi+pl0cb+fvls5vKYxFxOCLeHtzfKOenyqXprE9+AAAAQJc4uGn+//PgxvwfAAAA6DBDWTcAAAAAeOjM/wEAAKDzmf8DAABAR3vx8uV6qjXvfz19dXVlvnz1zHSxMp9fWJnKT5WXl/Kz5fJs4zf7FrZ7vVK5vPRULK5cL1SLlWqhsro2sVBeWaxONO7rPVF0n2gAAADYe4cfvfVlEhHrT+9vpLp9aZ25OnS2XNYNADLTk3UDgMz0Zt0AIDPm+ECyTX1/u4rPdr8tAADAwzH8f+v/0K2s/0P3sv4P3cv6P3Qvc3zA+j8AAHS+gUZKcvl0LXAgcrl8PuJQ47YAfcnMXKk4EhH/jogvBvv+VS+PZt1oAAAAAAAAAAAAAAAAAAAAAAAAAPiHqdWSqAEAAAAdLSL3bZLe/2t48OTA5vMD+5JfBhvbiLj2/pV3r09Wq8uj9f0/3ttffS/dfzaLMxgAAADAZs15enMeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76e6dG1PNtJdxv382IoZaxe+N/sa2P/oi4sBPSfQ+8LwkInp2If76zYg40ip+Um9WDKWt2Bw/FxH7M45/cBfiQze7VR9/LrX6/OXieGPb+vPXm6a/q/34l7s3/vW0Gf8O7TDG0dsfF9rGvxlxtLf1+NOMn7SJf2KH8V99ZW2tXV3tg4jhlt8/yZ9iFaoLS4XK6tqZuYXJ2eJscXFsbPT8+IXxc+MjhZm5UjH9t2WMtx755Pet+n+gTfyhbfp/cof9/+329Tv/3SL+qROt3/8jW8Sv/008nn4P1OuHm/n1jfyDjn30+bGt+j/dpv/bvf+ndtj/0y+98fUOHwoA7IHK6tr8ZKlUXJaRkZG5l8l6ZAIAAHbb/YP+rFsCAAAAAAAAAAAAAAAAAAAA3Wsvfk4s6z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzEHwEAAP//0wfUAw==")
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000005c0))
openat(0xffffffffffffff9c, &(0x7f0000000980)='./file1\x00', 0x42, 0xc2)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
pwrite64(r2, &(0x7f0000000a40)="dc8bdebc26b8b24bb4494d1bbe8b79a347d5f03bc8b396057456b24773439ef8078040694789f936f4d604fe4eebfcf207978c9a582cd6c8f5f9a698dcaf17d77b5a90eed5d432a3de481941aa8cc8c3b9d9b565e6bd37c3d9ab740d13cc4ba2b10281b7effd0d332f3a15fd79de8114818e7db5ac70df3d263c6d7e8c33604d35b6a279419084379ae37a60db2ccbfc4d5393eeb8159ddb3c3dc10035fcd37661a09c31e34db31704d3ee1dfd4618e2929a99b0191ae0b99722b8e041", 0xbd, 0x5)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendfile(r3, r3, 0x0, 0xe0000000)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', r4, &(0x7f0000000180)='./file0\x00', 0x257)

4m55.440065596s ago: executing program 2 (id=108):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x11c167, 0x0, 0xfffffffa, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x2000000000000242, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
modify_ldt$write(0x1, &(0x7f0000000040)={0x401, 0x1000, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)

4m55.336449637s ago: executing program 2 (id=111):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000650412422200000000000000001801deff1f2078250000000000202020d2e3ad88d47467537e67187b1af8fe00000000bfa10055504bcd8b955aac00f8ffffffb702000008000000c903000007000000850000001100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESDEC=r1, @ANYRESDEC], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/200, 0xc8, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0xcf50, 0x2925, 0xffff, 0x9dff, 0xf, "9402080100"})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x621c2, 0x0)
ftruncate(r4, 0x8800000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0)
sendfile(r5, r4, 0x0, 0x558410e8)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
syz_open_pts(r3, 0x0)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0x3fe3aa0262d8c783, 0x20, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xa}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x0, 0x7ff, 0x1}, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8, 0x80, 0x0, 0x0, 0x0, {0x0, 0x0, 0xffffffdc, 0x0, 0xff}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x0)

4m54.358150164s ago: executing program 2 (id=121):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x205) (fail_nth: 10)

4m54.138495146s ago: executing program 2 (id=122):
socket$nl_generic(0x10, 0x3, 0x10)
symlink(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000)

4m53.679975483s ago: executing program 2 (id=127):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x80}}, 0x2008001)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000480)=0x7d)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0x7e)
pipe2(&(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4008050}, 0x20044001)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x11)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)
tee(r2, r3, 0x53, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
r7 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x62, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x9}, 0x0, 0x7ff, 0x800003, 0x5, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socket$caif_stream(0x25, 0x1, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r8 = epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000100)={0x10000010})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000071043d000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

4m53.574564563s ago: executing program 32 (id=127):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x80}}, 0x2008001)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000480)=0x7d)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0x7e)
pipe2(&(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4008050}, 0x20044001)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x11)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)
tee(r2, r3, 0x53, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
r7 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x62, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x9}, 0x0, 0x7ff, 0x800003, 0x5, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socket$caif_stream(0x25, 0x1, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r8 = epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000100)={0x10000010})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000071043d000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

2.89941199s ago: executing program 0 (id=4678):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3, 0x54029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x40000000318, 0x0, 0x1, 0x0, 0x101}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x83, &(0x7f0000000140), 0x8)
r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe2981)
write$sndseq(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000080)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x4000)
gettid()
write$P9_RGETLOCK(r3, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(r3, 0x407, 0x7000000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80)

2.230066967s ago: executing program 0 (id=4685):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_config_ext={0x100000001, 0xdd5}, 0x1004, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'hsr0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x64044880)
r3 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
io_setup(0x1ff, &(0x7f0000000300))
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r4=>r3}, './file0\x00'})
recvmsg$can_raw(r4, &(0x7f0000000200)={&(0x7f0000000400)=@nfc_llcp, 0x80, &(0x7f0000000780)=[{&(0x7f0000002480)=""/4096, 0x1000}, {&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/232, 0xe8}, {&(0x7f0000000640)=""/186, 0xba}, {&(0x7f0000000180)=""/30, 0x1e}, {&(0x7f0000000700)=""/100, 0x64}], 0x6, &(0x7f0000000800)=""/209, 0xd1}, 0x40010060)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r6, 0x40047459, &(0x7f0000001200))
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r10}, 0x10)
recvmmsg(r8, &(0x7f0000007700), 0x4000267, 0xfc0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x12, r5, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r5, 0x84, 0xc, &(0x7f00000000c0)=0x8, 0x4)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file0\x00', 0x14542, &(0x7f0000000b40)=ANY=[], 0x0, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x1e9)

1.584350392s ago: executing program 5 (id=4693):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000200)='.\x00', 0x50000a0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x2000)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000340)='./bus\x00', 0x41, &(0x7f0000000080), 0x67, 0x53c, &(0x7f0000000f40)="$eJzs3U9vHGcZAPBn1rvBTpzaBQ5QiVJoIYkgu3FNW4tDKRKCUyWg3IuxN5aVtdfyrtvYqrAjPgASQoDECS5ckPgASKgSF44IqRKcQYBACFI4cIBONbuztmPvvzRrr2v/ftJ43nnnnXmed5OZndkZzQRwYT0VES9FxDtpmt6IiJm8vpAPsdcesnZv339jKRuSSNNX/plEktd11pXk4yv5YpMR8fWvRHwrOR63sb1zZ7FWq27m05Xm2kalsb1zc3VtcaW6Ul2fn597fuGFhecWbvXIvPBQ/bwaES9+6a8/+O7Pvvzirz77+p9e/fv1b2dpTefzD/fjIRX7zWx3vdT6LA4vsPkeg51FxVYPc1PdWkwcq7l3wjkBANBddhT9wYj4ZETciJmY6H84CwAAALwPpV+Yjv8lEWl3l3rUAwAAAO8jhdY9sEmhnN8LMB2FQrncvof3w3G5UKs3mp+5Xd9aX27fKzsbpcLt1Vr1Vn6v8GyUkmx6rlU+mH72yPR8RDweEd+fmWpNl5fqteVx//gBAAAAF8SVI+f//5lpn/937I4zOQAAAGB0ZsedAAAAAHDihj3/v3zCeQAAAAAnx/V/AAAAONe++vLL2ZB23n+9/Nr21p36azeXq4075bWtpfJSfXOjvFKvr7Se2bc2aH21en3jc7G+dbfSrDaalcb2ZKzVt9abr64+8ApsAAAA4BQ9/vE3/5BExN7np1pD5tJwiw7ZDDirivulJB932az/+Fh7/JdTSgo4FRPjTgAYm+K4EwDGpjTuBICxSwbM73nzzm/z8SdGmw8AADB61z7a+/p/oe+Se/1nA2eejRguLtf/4eJqXf8f9k5eBwtwrpQGHQH03eZ3R5wNMA6PfP1/oDR9qIQAAICRm24NSaFc7EwXCuVyxNXWawFKye3VWvVWRDwWEb+fKX0gm55rtUwGnjMAAAAAAAAAAAAAAAAAAAAAAAAAAG1pmkQKAAAAnGsRhb8lv24/y//azDPTR38fuJT8dybyV4S+/uNXfnh3sdncnMvq/7Vf3/xRXv/sOH7BAAAAgAthwAv8H9Q5T++cxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKL19/42lznCacf/xxYiY7Ra/GJOt8WSUIuLyv5MoHlouiYiJEcSfyv58pFv8JEtrP2S3+FMjiL93r2/82Ms/hW7xr4wgPlxkb2b7n5e6bX+FeKo17r79FSMemH6veu//Yn//N9Fj+7/66cZQMZ546xeVnvHvRTxRPBZ/N4vQiZ/0iP/0kH385jd2dnrNS38Sca3r90/SaZLtIaPSXNuoNLZ3bq6uLa5UV6rr8/Nzzy+8sPDcwq3K7dVaNf/bNcb3PvbLd/r1/3KP+LMD+v/MsbVd6hrj/2/dvf+hdrHULf71p7vE/81P8xbH4xfy775P5eVs/rVOea9dPuzJn//uyX79X+7R/0H//td7rfSIG1/7zp+HbAoAnILG9s6dxVqtunluC9lZ+pCNs6OzM5HzOAqd/xFnJZ/TKOw++nomDmrSNE2zT/ARVpjEWfhYWoWx7pYAAIATcHDQP+5MAAAAAAAAAAAAAAAAAAAA4OI6jceJHQk5eVBMRvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAkXg3AAD//wuK1X0=")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
getxattr(0x0, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, &(0x7f00000001c0)={[{@inode32}]})
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x400, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54da0e13047e9f62fbb85ccc774b3ec4c81a1a985232d16d0d934460e920a59172e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9ae"], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
fsync(r1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4, 0x0, 0x7}, 0x18)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r5, 0x8b32, &(0x7f0000000040))
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

1.528123118s ago: executing program 0 (id=4695):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3, 0x54029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x40000000318, 0x0, 0x1, 0x0, 0x101}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x83, &(0x7f0000000140), 0x8)
r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe2981)
write$sndseq(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000080)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x4000)
gettid()
write$P9_RGETLOCK(r3, &(0x7f0000000640)=ANY=[], 0x200002e6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80)

1.460043894s ago: executing program 1 (id=4697):
chdir(&(0x7f00000003c0)='./file0\x00')
fspick(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x1)

1.459580514s ago: executing program 1 (id=4698):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0x80}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x2)
readv(r2, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYRES32, @ANYRES8], 0x50)

1.382891482s ago: executing program 1 (id=4700):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x808c)
write$nci(r0, &(0x7f0000000780)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x28, @f={0x8d, 0x2, 0x2, 0xf2, {0xf, 0x11, "44e78b822430e4d93120f69dffa9e3859f"}, 0x3}}, 0x1b)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
r5 = syz_io_uring_setup(0x20c5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff, 0x200004}, &(0x7f0000000600), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_FILES2(r5, 0xd, &(0x7f0000000740)={0x1000000000000059, 0x0, 0x0, &(0x7f0000000200)=[{0xffffffffffffffff}], &(0x7f0000000240)=[0x0, 0x4]}, 0x20)

1.372636403s ago: executing program 3 (id=4701):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000300)='kfree\x00', r0}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000680), 0x10a900, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="cc0000001900674c0000000000000000ff010000000000000000000000000001e00000010000000000000000000000004e21ff80000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000ffffffffffffff7f0100000000000000000000000000060008000000000000000000000000000000800000000000000000000000000001000000000000020003030000000008001f00020000000c0015005c07350004000000641845dfe5b7320929484580cc08ccb74324ccfec9a38a631608d0"], 0xcc}}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

1.29435009s ago: executing program 3 (id=4702):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0xa, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10)
pipe2(&(0x7f0000001cc0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@access_uid}]}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r7)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r10, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40)

1.266553723s ago: executing program 4 (id=4703):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3, 0x54029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x40000000318, 0x0, 0x1, 0x0, 0x101}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

1.175284653s ago: executing program 4 (id=4704):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x8, r0}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000900)={&(0x7f0000001600)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a40060000080a01030000000000000000030000087c000480680001800e000100636f6e6e6c696d69740000005400028008000240000000000800024000000000080001400000000f0800024000000001080002400000000108000240000000000800024000000001080002400000000008000240000000000800024000000001100001800c0001006e6f747261636b00b00504800c00018008000100636d7000b80401801a02040a00010072616e6765000000a8040280300304809900d1b5715d0f4affdc7c9ca19b5752203a6e5134f93d1c2d58dca8b80da1e77d0cf70f033dc73f5c2d3b7144d1c627db96a7e8cd164b523ed224a4aa61a4c21aef0df1e0ba57cbf905cbd73b817bd59fa299fd1cf05490db756fe9c1659fa7ab0f6bb82dd8597b918d8e643fc0893a18960141cd3aedb952723f0e1c655937ec5d29a0e205bec5e9020a01b4cf9e2db95029609e538b0ac8000000c4000100302ec436acbaf4be0b0dd0ea5ff6fd34cb3ec79e6b0b01da77959cd259a9bac16134555dd625b1bf2a49f71b68d8554ca6d4e30b41dbfa85f55f267340b9099eec086c0772a0e9fa4dc8875566913dc452aa9849da2e2559733098f78b8067dd3a32f4e2082efd9a161c37cc41a3ec45bbc2ab959693a9d0f9ffd7aef7c9c41a04883b7595b901b7a7bdb469b96b9c8fb446e57a2b56b44b37205af0f611d61316f5015564403a58f05a9dfe637ef641758b111ebce25cb49979b42ea5c65bb9480002800900020073797a30000000000900020073797a310000000008000180fffffffc080003400000000308000340000000020900020073797a32000000000800034000000003a900010000690eb0f756fc516446295d8582163920b252a23d7502fda795f5faaaeb6c0d5b3ce908c449d312dccd6b68da466f09274a9ead05f91b5bf6e2a133b866eda23800752b7c54f9a742b17c93bd409f9e77024c40da03241a8ceab358db5bf0c54c8edb89406b9c443add8c79ad526adfa4c5fc959ab3d75e1861d688f9fa555e0d5cb18a9d79f696ea360b150c322de81a22073e4527fa7ea0aa1645963fa2bfe2fbae02ec000036facfb964418268a16f56ca6632e3cc91bc7d4ca2e8a75942f1a6b376f651cf401daeda50ae25fa8ef9b4672fab3e37fa8945597de681bf5e19bab41f404d2a7edef05a7f9a9754210e4ee53174ed67f00e95e9ceb150c7c69133254fe5b0544b3568ba883ffd86ff04883171c14d088efd2d2d25a4d9df2bfcb806908c0cd5b583e403020f9c0923f57e9b4552eaead0c21232cd32c82ca46ccae21d65f79671d2e6203dcc989ec8b6861c63a6b05b2f53ed6f63d424bc41ffe511f404ece0b18da69ab763b78bbcb246b6210199dd63b80139179486473b0e0008000140000000150800014000000001080001400000001744010480f40001008dc2f13892ef81d3073c540ae8e93a08bc2ad35c5f7f2aa6490a3a133501ad4649b0663c857202327387b9d77740f8377f3b0312eba68b25ed1b945a223715c543defb46a1711b9965aad4893e8c3ef811d873a950db0f10365e0192f4e55cd4ffd78f79ffa88330d86b5d328421fbec6e32247b2badda7e8a76b0054ba88e4dd4ba1e39dc57c7f1ae35666a6e1c9fe1c52b5b83eebee27639239e346dd8b28a1a5f05ca55cee402e054bda0a1b690b43e0295d0b7e4bb372fb1298cb88b20a7db48961eb3d880a9d00de1b169278f1527c6fab701e2b88afae68a9cf9b4f5f44dc05e2636cbdd0782fd618daa17ae09200002800900020073797a300000000008000180ffffffff08000340000000022c000280080003400000000208000180ffffffff0900020073797a32000000000900020073797a30000000000800014000000012080001400000000a0800014000000018100001800c0001006269747769736500300001800a00010071756f746100000020000280080002400000000208000240000000010c000440000000000000ccf3380001800e000100636f6e6e6c696d6974000000240002800800024000000001080002400000000108000140000000070800014000000000100001800a0001007265646972000000140001800e000100636f6e6e6c696d6974000000100001800b000100736f636b657400003c0001800a00010072656469720000002c000280080002400000001408000240000000130800024000000017080001400000000d0800024000fdffff130000001100010000000000000000000000000a0000000000"], 0x668}, 0x1, 0x0, 0x0, 0x40}, 0x400c040)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r3 = syz_io_uring_setup(0xbc3, &(0x7f0000000540)={0x0, 0x1568, 0x10000, 0x2, 0x3e8}, &(0x7f0000000280)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r8 = socket$inet6(0xa, 0x400000000001, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x20004048, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty, 0x4}, 0x1c)
getsockopt$inet_int(r8, 0x0, 0xe, 0x0, &(0x7f0000000500)=0x3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}})
io_uring_enter(r3, 0x29ab, 0xd480, 0x2f, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000002c0), &(0x7f0000000340)=0x14)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)

1.09301178s ago: executing program 4 (id=4705):
r0 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=@delchain={0x70, 0x65, 0x100, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xffe0}, {0x8, 0x5}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_CVLAN_ETH_TYPE={0x6}, @TCA_FLOWER_KEY_PORT_DST_MAX={0x6, 0x5a, 0x4e21}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "273a83dcb46d209b4237ab640052bd49"}, @TCA_FLOWER_KEY_PORT_SRC_MIN={0x6, 0x57, 0x4e21}, @TCA_FLOWER_KEY_TCP_FLAGS={0x6, 0x47, 0x6}, @TCA_FLOWER_KEY_IP_TTL={0x5, 0x4b, 0xce}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="05"], 0x10)
close(r5)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r6}, &(0x7f0000000500), &(0x7f0000000540)=r5}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r8}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000003980))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c690500000005000400"/83], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x88a4)
ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f0000000280)={0x8000})

1.09261491s ago: executing program 4 (id=4706):
unshare(0x6a040000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x74}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00')
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x3, 0xff, 0x4e, 0x54, 0x0, 0xcb2, 0x9c40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0xb6b5c95fd317821}, 0x18144, 0x81, 0x800, 0x4, 0x9, 0x1, 0x77c, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffeff, 0xffffffffffffffff, 0x9)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r2, &(0x7f0000000780)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x800}}, 0x120)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
write$UHID_DESTROY(r2, &(0x7f0000000080), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16=r5], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
ioctl$FIBMAP(r5, 0x1, &(0x7f0000000080)=0x10001)

1.018500068s ago: executing program 5 (id=4707):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3, 0x54029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x40000000318, 0x0, 0x1, 0x0, 0x101}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r5, 0x84, 0x83, &(0x7f0000000140), 0x8)
r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe2981)
write$sndseq(r6, 0x0, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r7, &(0x7f0000000080)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x4000)
gettid()
write$P9_RGETLOCK(r4, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(r4, 0x407, 0x7000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
fcntl$setpipe(r3, 0x407, 0x8)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)

1.017245928s ago: executing program 4 (id=4708):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000100000000000000020000009500170000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f1ff0000000071108a00000000001d300500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efa95ea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f023486404c8df47e4ff2ad7f4132b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226d79fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000080)})
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001dc0)=ANY=[@ANYBLOB="620af8ff0c011021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e4000000000d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100"/3816], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0x0, @private0, @loopback, {[], {{0x4e24, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x3, 0x0, 0x3}}}}}}}, 0x0)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000340), 0x0}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000001e0601020000000000000000020000050900020073797a30000000000500010007000000"], 0x28}}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_skbmod={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7, 0x0, 0x5}, 0x18)
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r8 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$selinux_load(r8, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757814"], 0x65)
chmod(&(0x7f0000000000)='./file0/file0\x00', 0x3ec)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x60040, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000008"], 0x50)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)

807.255699ms ago: executing program 5 (id=4709):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000040)={0x3, 'ip6gre0\x00', {0x7fffffff}, 0xd0bc})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x1000000009, 0x440b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x2003fff8000}, 0x8804, 0x0, 0x43a1bd76, 0x3, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
ioctl$int_out(r5, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4)

645.254545ms ago: executing program 0 (id=4710):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@ptr={0xe, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x5f, 0x61, 0x0, 0x2e, 0x30, 0x0]}}, &(0x7f0000000340)=""/219, 0x2c, 0xdb, 0x1, 0x2}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1a78ff00000000bfa100000000000007010000f8ffffffb703000008000000b703e2ffffff002085000000000000", @ANYBLOB="8f06fd92", @ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0x7fffffffffffffff}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=f'])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='cachefiles_mark_failed\x00', r6, 0x0, 0x8000}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, &(0x7f0000000140)=""/12, 0x0, 0xc, 0x0, 0x9}, 0x28)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r8=>r4, {0x451}}, './file0\x00'})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70300001d0000fd840000001b000000a2e3a1f899ebd22851236d7e7b02b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r9, 0x0, 0x2}, 0x18)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a808682b7fc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c00008008000340000000023f"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)={0x118, 0x29, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x108, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac0b}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc7dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb399b70c76f1145db2abfda0e3081bff81a8b9482565856555ee923c65973deb0a99b962bc0e994a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a0789e26972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a6", @typed={0x8, 0x145, 0x0, 0x0, @ipv4=@remote}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='cachefiles_tmpfile\x00', r1}, 0x18)
r11 = socket$packet(0x11, 0x3, 0x300)
close(r11)

511.758739ms ago: executing program 5 (id=4711):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x103c41, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r2, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='batadv0\x00', 0x10)
write(r2, &(0x7f0000000400)="14c951c1", 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r5=>0x0})
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r4, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xb}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x68}, 0x1, 0x0, 0x0, 0x84}, 0x4000)

510.508909ms ago: executing program 0 (id=4712):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@ptr={0xe, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x5f, 0x61, 0x0, 0x2e, 0x30, 0x0]}}, &(0x7f0000000340)=""/219, 0x2c, 0xdb, 0x1, 0x2}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1a78ff00000000bfa100000000000007010000f8ffffffb703000008000000b703e2ffffff002085000000000000", @ANYBLOB="8f06fd92", @ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0x7fffffffffffffff}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=f'])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='cachefiles_mark_failed\x00', r5, 0x0, 0x8000}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, &(0x7f0000000140)=""/12, 0x0, 0xc, 0x0, 0x9}, 0x28)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r7=>r3, {0x451}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70300001d0000fd840000001b000000a2e3a1f899ebd22851236d7e7b02b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0x2}, 0x18)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a808682b7fc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c00008008000340000000023f"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)={0x118, 0x29, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x108, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac0b}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc7dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb399b70c76f1145db2abfda0e3081bff81a8b9482565856555ee923c65973deb0a99b962bc0e994a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a0789e26972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a6", @typed={0x8, 0x145, 0x0, 0x0, @ipv4=@remote}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x8)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r10, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10)
close(r10)

466.978173ms ago: executing program 1 (id=4713):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, @perf_config_ext={0x8, 0x6}, 0x120, 0x10000, 0x33f8, 0x1, 0x8, 0x20007, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x800000, 0x0) (fail_nth: 3)

466.007773ms ago: executing program 0 (id=4714):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3, 0x54029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x40000000318, 0x0, 0x1, 0x0, 0x101}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

460.480174ms ago: executing program 5 (id=4715):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x4, 0x127d, &(0x7f00000011c0)="$eJzs3U1rJMUfB/DfJJPH/SeTv66ruyAWelGEcZODJy9BdkEMKNEsqKdeM9EhkwcyQyAi7njyJPgyRD16E8Q3kIsXz4IgkovHPYgtyUw085BsYjIJyOdz6aK6vlXV6U5DD1303itfrK2u1MsrWSOGCoUobo5E8WGKFEMxHC3NeOHeTz8//dY7774+v7BwZzGlu/Nvz76cUpp+5vv3Pv7m2R8a1+59O/3dWOzODO39PvfL7o3dm3t/fh3VeqrW0/pGI2Xp/sZGI7tfq6Tlan21nNKbtUpWr6Tqer2y1bF/pbaxubmTsvXlqcnNrUq9nrL1nbRa2UmNQmps7aTsg6y6nsrlcpqaDM5j6auHeZ5H5PlIjEae5/lETMa1+F9MxXSUYib+H4/F43E9nogb8WQ8FTcPWl31vAEAAAAAAAAAAAAAAAAAAOC/5RHr/wvW/wMAAAAAAAAAAAAAAAAAAMDgda//L0b4/j8AAAAAAAAAAAAAAAAAAABcskd8/79r/f+L1v8DAAAAAAAAAAAAAAAAAADAIIy3NospjUesfba9tL3U2rbq51eiGrWoxO0oxR9xsPq/pVW++9rCndvpwEy8tPagnX+wvTTcmZ8dKcVMoW9+diIiUkqd+bGYPJqfi1Jc7z/+XGv8rvx4PP/cfv7TVr4cpfjx/diIWixHFNpHf5D/ZDalV99YmOjM39pvd6zhAZ8WAAAAuEjl9Lfe5/dmu1Hf/a1d7efz1G5ZOOH3ga7n82LcKl7VUXOovvPRalarVbb+ZWH0+H5Gz9dzT6EQEVkcrZme/HVxf/BT9nN4uV3QfI4Uhi+6wxMLIye3Occ5jeKp/5gDKkSzuyYvRZy1n9++PFIzfub4+QpD7cssqzVPfbFFM88HOrG+/4xjJ6WOv2cUBnxP4vL8c9KveiYAAAAAAAAAAACcRd+3/yYioud9wA97ag5fD++M9/Z8/OifX8IRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sQPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//w+Ty90=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file3\x00', 0x11e)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0)
r2 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x550, 0xfffffffffffffc75}, 0x0, 0x0, 0x3, 0x4, 0x0, 0x40d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000000)='cpu~=0||!')

239.833676ms ago: executing program 3 (id=4716):
r0 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=@delchain={0x70, 0x65, 0x100, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xffe0}, {0x8, 0x5}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_CVLAN_ETH_TYPE={0x6}, @TCA_FLOWER_KEY_PORT_DST_MAX={0x6, 0x5a, 0x4e21}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "273a83dcb46d209b4237ab640052bd49"}, @TCA_FLOWER_KEY_PORT_SRC_MIN={0x6, 0x57, 0x4e21}, @TCA_FLOWER_KEY_TCP_FLAGS={0x6, 0x47, 0x6}, @TCA_FLOWER_KEY_IP_TTL={0x5, 0x4b, 0xce}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="05"], 0x10)
close(r5)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r6}, &(0x7f0000000500), &(0x7f0000000540)=r5}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r8}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000003980))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c690500000005000400"/83], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x88a4)
ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f0000000280)={0x8000})

180.241922ms ago: executing program 4 (id=4717):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x808c)
write$nci(r0, &(0x7f0000000780)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x28, @f={0x8d, 0x2, 0x2, 0xf2, {0xf, 0x11, "44e78b822430e4d93120f69dffa9e3859f"}, 0x3}}, 0x1b)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00'}, 0x10)
r5 = syz_io_uring_setup(0x20c5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff, 0x200004}, &(0x7f0000000600), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_FILES2(r5, 0xd, &(0x7f0000000740)={0x1000000000000059, 0x0, 0x0, &(0x7f0000000200)=[{0xffffffffffffffff}], &(0x7f0000000240)=[0x0, 0x4]}, 0x20)

179.736202ms ago: executing program 1 (id=4718):
unshare(0x6a040000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x74}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00')
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x3, 0xff, 0x4e, 0x54, 0x0, 0xcb2, 0x9c40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0xb6b5c95fd317821}, 0x18144, 0x81, 0x800, 0x4, 0x9, 0x1, 0x77c, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffeff, 0xffffffffffffffff, 0x9)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r2, &(0x7f0000000780)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x800}}, 0x120)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
write$UHID_DESTROY(r2, &(0x7f0000000080), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16=r5], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
ioctl$FIBMAP(r5, 0x1, &(0x7f0000000080)=0x10001)

163.011044ms ago: executing program 3 (id=4719):
getresuid(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")
stat(0x0, &(0x7f0000001200))

136.555416ms ago: executing program 5 (id=4720):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3, 0x54029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x40000000318, 0x0, 0x1, 0x0, 0x101}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x83, &(0x7f0000000140), 0x8)
r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe2981)
write$sndseq(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000080)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x4000)
gettid()
write$P9_RGETLOCK(r3, &(0x7f0000000640)=ANY=[], 0x200002e6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80)

64.151723ms ago: executing program 3 (id=4721):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x24004054}, 0x0)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000080)) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xd, 0xfffffffffffffff8, 0x2, 0x8001, 0x8000059, 0x3ff}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0) (async)
sendmsg$nl_route_sched(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x8}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008000}, 0x404c040) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

39.021416ms ago: executing program 3 (id=4722):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)

0s ago: executing program 1 (id=4723):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@ptr={0xe, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x5f, 0x61, 0x0, 0x2e, 0x30, 0x0]}}, &(0x7f0000000340)=""/219, 0x2c, 0xdb, 0x1, 0x2}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1a78ff00000000bfa100000000000007010000f8ffffffb703000008000000b703e2ffffff002085000000000000", @ANYBLOB="8f06fd92", @ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0x7fffffffffffffff}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=f'])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='cachefiles_mark_failed\x00', r5, 0x0, 0x8000}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, &(0x7f0000000140)=""/12, 0x0, 0xc, 0x0, 0x9}, 0x28)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r7=>r3, {0x451}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70300001d0000fd840000001b000000a2e3a1f899ebd22851236d7e7b02b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0x2}, 0x18)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a808682b7fc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c00008008000340000000023f"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r9 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r9, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10)
close(r9)

kernel console output (not intermixed with test programs):

 296.695743][T12641] RIP: 0033:0x7fc1ac055f34
[  296.695758][T12641] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 68 f8 ea 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d 79 f7 ea 00 48 01 d1
[  296.695774][T12641] RSP: 002b:00007ffdc63b5820 EFLAGS: 00010202
[  296.695788][T12641] RAX: 0000001b32924000 RBX: 000000000000024c RCX: 0000000000048440
[  296.695800][T12641] RDX: 000000000a224247 RSI: 00007ffdc63b58b0 RDI: 0000000000000001
[  296.695854][T12641] RBP: 00007ffdc63b585c R08: 0000000026a84ff7 R09: 7fffffffffffffff
[  296.695867][T12641] R10: 3fffffffffffffff R11: 0000000000000202 R12: 0000000000001388
[  296.695881][T12641] R13: 00000000000927c0 R14: 0000000000048494 R15: 00007ffdc63b58b0
[  296.695899][T12641]  </TASK>
[  296.695906][T12641] memory: usage 307200kB, limit 307200kB, failcnt 2757
[  296.891840][T12641] memory+swap: usage 127336kB, limit 9007199254740988kB, failcnt 0
[  296.899726][T12641] kmem: usage 45296kB, limit 9007199254740988kB, failcnt 0
[  296.907056][T12641] Memory cgroup stats for /syz0:
[  296.919620][T12641] cache 67031040
[  296.919664][T13239] EXT4-fs unmount: 55 callbacks suppressed
[  296.919677][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.924553][T12641] rss 0
[  296.924589][T12641] shmem 0
[  296.948610][T12641] mapped_file 0
[  296.952052][T12641] dirty 0
[  296.954980][T12641] writeback 0
[  296.958270][T12641] workingset_refault_anon 10
[  296.962841][T12641] workingset_refault_file 30
[  296.967454][T12641] swap 323584
[  296.970725][T12641] swapcached 0
[  296.974119][T12641] pgpgin 467275
[  296.977576][T12641] pgpgout 450910
[  296.981094][T12641] pgfault 440399
[  296.984676][T12641] pgmajfault 12
[  296.988127][T12641] inactive_anon 0
[  296.991739][T12641] active_anon 0
[  296.995167][T12641] inactive_file 0
[  296.998779][T12641] active_file 0
[  297.002284][T12641] unevictable 67031040
[  297.006337][T12641] hierarchical_memory_limit 314572800
[  297.011764][T12641] hierarchical_memsw_limit 9223372036854771712
[  297.017901][T12641] total_cache 67031040
[  297.021938][T12641] total_rss 0
[  297.025271][T12641] total_shmem 0
[  297.028721][T12641] total_mapped_file 0
[  297.032672][T12641] total_dirty 0
[  297.036132][T12641] total_writeback 0
[  297.039989][T12641] total_workingset_refault_anon 10
[  297.045081][T12641] total_workingset_refault_file 30
[  297.050172][T12641] total_swap 323584
[  297.054021][T12641] total_swapcached 0
[  297.057912][T12641] total_pgpgin 467275
[  297.061878][T12641] total_pgpgout 450910
[  297.065922][T12641] total_pgfault 440399
[  297.069980][T12641] total_pgmajfault 12
[  297.073932][T12641] total_inactive_anon 0
[  297.078131][T12641] total_active_anon 0
[  297.082094][T12641] total_inactive_file 0
[  297.086220][T12641] total_active_file 0
[  297.090187][T12641] total_unevictable 67031040
[  297.094758][T12641] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.4031,pid=15768,uid=0
[  297.109410][T12641] Memory cgroup out of memory: Killed process 15768 (syz.0.4031) total-vm:93956kB, anon-rss:1136kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  297.186788][T15827] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4052'.
[  297.227060][T15832] loop0: detected capacity change from 0 to 512
[  297.228658][T15831] netlink: 'syz.1.4054': attribute type 4 has an invalid length.
[  297.260934][T15834] serio: Serial port ttyS3
[  297.264087][T15832] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  297.366427][T15832] EXT4-fs (loop0): orphan cleanup on readonly fs
[  297.373227][T15843] loop1: detected capacity change from 0 to 512
[  297.374683][T15832] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4051: corrupted inode contents
[  297.392807][T15832] EXT4-fs (loop0): Remounting filesystem read-only
[  297.399590][T15832] EXT4-fs (loop0): 1 truncate cleaned up
[  297.405552][ T3733] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  297.416110][ T3733] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  297.454877][ T3733] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  297.498344][T15832] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  297.550986][T15832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4051'.
[  297.656082][T15855] syzkaller0: entered promiscuous mode
[  297.661614][T15855] syzkaller0: entered allmulticast mode
[  297.708437][T15858] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  297.833518][T15863] loop1: detected capacity change from 0 to 512
[  297.908225][T15875] netlink: 'syz.5.4069': attribute type 4 has an invalid length.
[  297.936609][T15863] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.981768][T15863] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  298.064781][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.082891][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.128873][T15884] loop0: detected capacity change from 0 to 512
[  298.135429][T15884] EXT4-fs: Ignoring removed bh option
[  298.182295][T15884] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  298.207232][T15884] EXT4-fs (loop0): 1 truncate cleaned up
[  298.213267][T15884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.288557][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.322207][T15886] program syz.5.4073 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  298.389041][T15901] FAULT_INJECTION: forcing a failure.
[  298.389041][T15901] name failslab, interval 1, probability 0, space 0, times 0
[  298.401668][T15901] CPU: 0 UID: 0 PID: 15901 Comm: syz.4.4079 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  298.401708][T15901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  298.401719][T15901] Call Trace:
[  298.401725][T15901]  <TASK>
[  298.401732][T15901]  __dump_stack+0x1d/0x30
[  298.401756][T15901]  dump_stack_lvl+0xe8/0x140
[  298.401842][T15901]  dump_stack+0x15/0x1b
[  298.401858][T15901]  should_fail_ex+0x265/0x280
[  298.401889][T15901]  should_failslab+0x8c/0xb0
[  298.401914][T15901]  kmem_cache_alloc_noprof+0x50/0x480
[  298.401965][T15901]  ? skb_clone+0x151/0x1f0
[  298.401998][T15901]  skb_clone+0x151/0x1f0
[  298.402014][T15901]  __netlink_deliver_tap+0x2c9/0x500
[  298.402083][T15901]  netlink_unicast+0x66b/0x690
[  298.402110][T15901]  netlink_sendmsg+0x58b/0x6b0
[  298.402157][T15901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.402175][T15901]  __sock_sendmsg+0x145/0x180
[  298.402208][T15901]  ____sys_sendmsg+0x31e/0x4e0
[  298.402226][T15901]  ___sys_sendmsg+0x17b/0x1d0
[  298.402249][T15901]  __x64_sys_sendmsg+0xd4/0x160
[  298.402268][T15901]  x64_sys_call+0x191e/0x3000
[  298.402295][T15901]  do_syscall_64+0xd2/0x200
[  298.402314][T15901]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  298.402341][T15901]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  298.402437][T15901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.402500][T15901] RIP: 0033:0x7f8cd01ef6c9
[  298.402574][T15901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.402594][T15901] RSP: 002b:00007f8ccec57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  298.402615][T15901] RAX: ffffffffffffffda RBX: 00007f8cd0445fa0 RCX: 00007f8cd01ef6c9
[  298.402630][T15901] RDX: 0000000004000010 RSI: 0000200000000280 RDI: 000000000000000a
[  298.402644][T15901] RBP: 00007f8ccec57090 R08: 0000000000000000 R09: 0000000000000000
[  298.402656][T15901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.402682][T15901] R13: 00007f8cd0446038 R14: 00007f8cd0445fa0 R15: 00007fff9c0bab58
[  298.402698][T15901]  </TASK>
[  298.402710][T15901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4079'.
[  298.616563][T15901] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.623942][T15901] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.653402][T15901] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.660851][T15901] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.926484][T15926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4085'.
[  299.177451][T15937] syzkaller0: entered promiscuous mode
[  299.182940][T15937] syzkaller0: entered allmulticast mode
[  299.199461][T15940] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4090'.
[  299.353757][T15957] loop1: detected capacity change from 0 to 512
[  299.397287][T15957] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.430335][T15957] ext4 filesystem being mounted at /196/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  299.495536][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.557386][T15971] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4104'.
[  299.577779][T15975] FAULT_INJECTION: forcing a failure.
[  299.577779][T15975] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  299.591017][T15975] CPU: 0 UID: 0 PID: 15975 Comm: syz.4.4102 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  299.591046][T15975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  299.591060][T15975] Call Trace:
[  299.591068][T15975]  <TASK>
[  299.591075][T15975]  __dump_stack+0x1d/0x30
[  299.591100][T15975]  dump_stack_lvl+0xe8/0x140
[  299.591122][T15975]  dump_stack+0x15/0x1b
[  299.591183][T15975]  should_fail_ex+0x265/0x280
[  299.591261][T15975]  should_fail_alloc_page+0xf2/0x100
[  299.591292][T15975]  __alloc_frozen_pages_noprof+0xff/0x360
[  299.591400][T15975]  alloc_pages_mpol+0xb3/0x260
[  299.591476][T15975]  vma_alloc_folio_noprof+0x1aa/0x300
[  299.591499][T15975]  handle_mm_fault+0xec2/0x2be0
[  299.591527][T15975]  ? vma_start_read+0x141/0x1f0
[  299.591612][T15975]  do_user_addr_fault+0x630/0x1080
[  299.591633][T15975]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  299.591657][T15975]  exc_page_fault+0x62/0xa0
[  299.591693][T15975]  asm_exc_page_fault+0x26/0x30
[  299.591716][T15975] RIP: 0033:0x7f8cd00ba5bb
[  299.591732][T15975] Code: 00 00 00 48 8d 3d 7d 3b 19 00 48 89 c1 31 c0 e8 cb 39 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d b1 3b 19 00 48 89 34 24 48 8b 14 24 48 8b
[  299.591797][T15975] RSP: 002b:00007f8ccec55fb0 EFLAGS: 00010202
[  299.591812][T15975] RAX: 0000000000000000 RBX: 00007f8cd0445fa0 RCX: 0000000000000000
[  299.591824][T15975] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000180
[  299.591837][T15975] RBP: 00007f8ccec57090 R08: 0000000000000000 R09: 0000000000000000
[  299.591912][T15975] R10: 0000200000000180 R11: 0000000000000000 R12: 0000000000000001
[  299.591924][T15975] R13: 00007f8cd0446038 R14: 00007f8cd0445fa0 R15: 00007fff9c0bab58
[  299.591942][T15975]  </TASK>
[  299.591952][T15975] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  299.776105][T15973] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15973 comm=syz.1.4103
[  299.837540][T15984] syzkaller0: entered promiscuous mode
[  299.843034][T15984] syzkaller0: entered allmulticast mode
[  299.852358][T15985] loop1: detected capacity change from 0 to 164
[  299.864016][T15985] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  299.885412][T15985] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  299.893736][T15985] Symlink component flag not implemented
[  299.899395][T15985] Symlink component flag not implemented
[  299.905626][T15985] Symlink component flag not implemented (7)
[  299.911649][T15985] Symlink component flag not implemented (116)
[  299.996906][T15995] netlink: 'syz.5.4109': attribute type 4 has an invalid length.
[  300.420641][T16011] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4115'.
[  300.436729][T16015] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4117'.
[  300.468327][T16015] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4117'.
[  300.488038][T16015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4117'.
[  300.540174][T16038] loop3: detected capacity change from 0 to 1024
[  300.572736][T16038] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.585986][   T29] kauditd_printk_skb: 1208 callbacks suppressed
[  300.586043][   T29] audit: type=1326 audit(1763380387.498:41896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc1ac17f757 code=0x7ffc0000
[  300.616152][T16036] loop0: detected capacity change from 0 to 512
[  300.624064][   T29] audit: type=1326 audit(1763380387.538:41897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc1ac17df10 code=0x7ffc0000
[  300.647778][   T29] audit: type=1326 audit(1763380387.538:41898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc1ac17f2cb code=0x7ffc0000
[  300.671469][   T29] audit: type=1326 audit(1763380387.538:41899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc1ac17e32a code=0x7ffc0000
[  300.694950][   T29] audit: type=1326 audit(1763380387.538:41900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc1ac17e32a code=0x7ffc0000
[  300.718531][   T29] audit: type=1326 audit(1763380387.538:41901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc1ac17de17 code=0x7ffc0000
[  300.742310][   T29] audit: type=1326 audit(1763380387.538:41902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16035 comm="syz.0.4125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc1ac180e6a code=0x7ffc0000
[  300.800709][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.807058][   T29] audit: type=1400 audit(1763380387.568:41903): avc:  denied  { setcheckreqprot } for  pid=16037 comm="syz.3.4126" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  300.830434][   T29] audit: type=1400 audit(1763380387.568:41904): avc:  denied  { read write } for  pid=16037 comm="syz.3.4126" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  300.831376][T16036] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.853221][   T29] audit: type=1400 audit(1763380387.568:41905): avc:  denied  { execute } for  pid=16037 comm="syz.3.4126" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  300.888861][T16036] ext4 filesystem being mounted at /263/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  300.947415][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.681483][T16098] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.719455][T16100] syzkaller0: entered promiscuous mode
[  301.725020][T16100] syzkaller0: entered allmulticast mode
[  301.741568][T16098] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.754286][ T3394] hid_parser_main: 32 callbacks suppressed
[  301.754304][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.767548][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.774976][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.783656][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.791087][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.798504][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.805921][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.813354][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.820784][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.828199][ T3394] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  301.861521][T16103] loop0: detected capacity change from 0 to 2048
[  301.870460][ T3394] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  301.880890][T16098] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.917476][T16103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  301.938340][T16108] serio: Serial port ttyS3
[  301.938786][T16098] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.036124][T16116] syzkaller0: entered promiscuous mode
[  302.041679][T16116] syzkaller0: entered allmulticast mode
[  302.063380][ T3714] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.092094][ T3714] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.105517][ T3714] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.113880][ T3714] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.284906][T16138] serio: Serial port ttyS3
[  302.481645][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  302.515189][T16154] syzkaller0: entered promiscuous mode
[  302.520703][T16154] syzkaller0: entered allmulticast mode
[  302.678648][T16171] __nla_validate_parse: 2 callbacks suppressed
[  302.678726][T16171] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4171'.
[  302.690251][T16170] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4172'.
[  302.774852][T16181] loop0: detected capacity change from 0 to 512
[  302.797788][T16181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.811446][T16181] netlink: 'syz.0.4176': attribute type 12 has an invalid length.
[  302.835800][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.962936][T16193] syzkaller0: entered promiscuous mode
[  302.968549][T16193] syzkaller0: entered allmulticast mode
[  303.190670][T16204] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4183'.
[  303.212965][T16206] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  303.216950][T16208] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4185'.
[  303.234979][T16208] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4185'.
[  303.292283][T16216] serio: Serial port ttyS3
[  303.355143][T16223] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4192'.
[  303.428624][T16233] loop3: detected capacity change from 0 to 512
[  303.435218][T16233] EXT4-fs: Ignoring removed nobh option
[  303.442806][T16233] ------------[ cut here ]------------
[  303.448304][T16233] EA inode 11 i_nlink=2
[  303.448620][T16233] WARNING: CPU: 0 PID: 16233 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x36a/0x380
[  303.462971][T16233] Modules linked in:
[  303.466878][T16233] CPU: 0 UID: 0 PID: 16233 Comm: syz.3.4194 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  303.476740][T16233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  303.486783][T16233] RIP: 0010:ext4_xattr_inode_update_ref+0x36a/0x380
[  303.493430][T16233] Code: 90 49 8d 7e 40 e8 d6 f8 b8 ff 4d 8b 6e 40 4c 89 e7 e8 ea f3 b8 ff 41 8b 56 48 48 c7 c7 66 d4 55 86 4c 89 ee e8 97 f4 67 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 18 f3 b5 03 0f 1f 84 00 00 00 00 00
[  303.513047][T16233] RSP: 0018:ffffc9000177f5a0 EFLAGS: 00010246
[  303.519111][T16233] RAX: a75aae33aa6efc00 RBX: ffff88811982ba20 RCX: ffff88812813e300
[  303.527156][T16233] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  303.535174][T16233] RBP: 0000000000000002 R08: 0001c9000177f427 R09: 0000000000000000
[  303.543142][T16233] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff88811982b9d0
[  303.551104][T16233] R13: 000000000000000b R14: ffff88811982b988 R15: 0000000000000001
[  303.559074][T16233] FS:  00007f3cae46e6c0(0000) GS:ffff8882aee11000(0000) knlGS:0000000000000000
[  303.568106][T16233] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  303.574688][T16233] CR2: 00007f3cafa129e0 CR3: 000000010d9a0000 CR4: 00000000003506f0
[  303.574826][   T36] hid-generic 0000:0000:0000.0020: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  303.582738][T16233] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  303.600190][T16233] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  303.608173][T16233] Call Trace:
[  303.611451][T16233]  <TASK>
[  303.614435][T16233]  ext4_xattr_set_entry+0x77f/0x1020
[  303.619934][T16233]  ext4_xattr_ibody_set+0x184/0x3c0
[  303.625125][T16233]  ext4_expand_extra_isize_ea+0xcbb/0x11f0
[  303.631022][T16233]  __ext4_expand_extra_isize+0x246/0x280
[  303.636652][T16233]  __ext4_mark_inode_dirty+0x29d/0x3f0
[  303.642097][T16233]  ext4_evict_inode+0x80e/0xd90
[  303.647023][T16233]  ? __pfx_ext4_evict_inode+0x10/0x10
[  303.652461][T16233]  evict+0x2e3/0x550
[  303.656347][T16233]  ? __dquot_initialize+0x146/0x7c0
[  303.661652][T16233]  iput+0x4ed/0x650
[  303.665496][T16233]  ext4_process_orphan+0x1a9/0x1c0
[  303.670728][T16233]  ext4_orphan_cleanup+0x6a8/0xa00
[  303.675824][T16233]  ext4_fill_super+0x3483/0x3810
[  303.680766][T16233]  ? snprintf+0x86/0xb0
[  303.684931][T16233]  ? set_blocksize+0x1a8/0x310
[  303.689690][T16233]  ? sb_set_blocksize+0xe3/0x100
[  303.694690][T16233]  ? setup_bdev_super+0x30e/0x370
[  303.699746][T16233]  ? __pfx_ext4_fill_super+0x10/0x10
[  303.705011][T16233]  get_tree_bdev_flags+0x291/0x300
[  303.710134][T16233]  ? __pfx_ext4_fill_super+0x10/0x10
[  303.715400][T16233]  get_tree_bdev+0x1f/0x30
[  303.719829][T16233]  ext4_get_tree+0x1c/0x30
[  303.724320][T16233]  vfs_get_tree+0x57/0x1d0
[  303.728735][T16233]  do_new_mount+0x24d/0x660
[  303.733222][T16233]  path_mount+0x4a5/0xb70
[  303.737586][T16233]  ? user_path_at+0x109/0x130
[  303.742243][T16233]  __se_sys_mount+0x28c/0x2e0
[  303.746958][T16233]  __x64_sys_mount+0x67/0x80
[  303.751531][T16233]  x64_sys_call+0x2b51/0x3000
[  303.756207][T16233]  do_syscall_64+0xd2/0x200
[  303.760859][T16233]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  303.766971][T16233]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  303.772674][T16233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.778628][T16233] RIP: 0033:0x7f3cafa30e6a
[  303.783020][T16233] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.802625][T16233] RSP: 002b:00007f3cae46de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  303.811028][T16233] RAX: ffffffffffffffda RBX: 00007f3cae46def0 RCX: 00007f3cafa30e6a
[  303.819087][T16233] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f3cae46deb0
[  303.827067][T16233] RBP: 0000200000000180 R08: 00007f3cae46def0 R09: 0000000000800700
[  303.835088][T16233] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  303.843046][T16233] R13: 00007f3cae46deb0 R14: 000000000000046f R15: 000000000000002c
[  303.851010][T16233]  </TASK>
[  303.854007][T16233] ---[ end trace 0000000000000000 ]---
[  303.859692][T16233] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #18: comm syz.3.4194: iget: bad extra_isize 90 (inode size 256)
[  303.873157][T16233] EXT4-fs (loop3): Remounting filesystem read-only
[  303.879778][T16233] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -30)
[  303.888833][T16233] EXT4-fs (loop3): 1 orphan inode deleted
[  303.894793][T16233] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  303.977441][T16236] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4195'.
[  304.074722][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.177634][T16252] serio: Serial port ttyS3
[  304.427829][T16267] loop0: detected capacity change from 0 to 512
[  304.460936][T16267] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.476343][T16271] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  304.487722][T16267] ext4 filesystem being mounted at /288/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  304.560864][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.757379][T16296] loop0: detected capacity change from 0 to 1024
[  304.791524][T16296] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  304.942158][T16299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4219'.
[  305.127157][T16309] serio: Serial port ttyS3
[  305.166387][ T3415] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  305.223699][T16299] loop0: detected capacity change from 0 to 2048
[  305.248445][T16299] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  305.415892][T16331] FAULT_INJECTION: forcing a failure.
[  305.415892][T16331] name failslab, interval 1, probability 0, space 0, times 0
[  305.428559][T16331] CPU: 0 UID: 0 PID: 16331 Comm: syz.4.4230 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  305.428618][T16331] Tainted: [W]=WARN
[  305.428625][T16331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  305.428637][T16331] Call Trace:
[  305.428644][T16331]  <TASK>
[  305.428650][T16331]  __dump_stack+0x1d/0x30
[  305.428736][T16331]  dump_stack_lvl+0xe8/0x140
[  305.428775][T16331]  dump_stack+0x15/0x1b
[  305.428792][T16331]  should_fail_ex+0x265/0x280
[  305.428821][T16331]  should_failslab+0x8c/0xb0
[  305.428922][T16331]  kmem_cache_alloc_noprof+0x50/0x480
[  305.428953][T16331]  ? security_file_alloc+0x32/0x100
[  305.429015][T16331]  security_file_alloc+0x32/0x100
[  305.429062][T16331]  init_file+0x5c/0x1d0
[  305.429094][T16331]  alloc_empty_file+0x8b/0x200
[  305.429140][T16331]  alloc_file_pseudo+0xc6/0x160
[  305.429214][T16331]  anon_inode_getfile_fmode+0xa5/0x140
[  305.429237][T16331]  __se_sys_timerfd_create+0x1f6/0x260
[  305.429259][T16331]  __x64_sys_timerfd_create+0x31/0x40
[  305.429358][T16331]  x64_sys_call+0x1039/0x3000
[  305.429382][T16331]  do_syscall_64+0xd2/0x200
[  305.429406][T16331]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  305.429512][T16331]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  305.429547][T16331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.429567][T16331] RIP: 0033:0x7f8cd01ef6c9
[  305.429586][T16331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.429647][T16331] RSP: 002b:00007f8ccec57038 EFLAGS: 00000246 ORIG_RAX: 000000000000011b
[  305.429666][T16331] RAX: ffffffffffffffda RBX: 00007f8cd0445fa0 RCX: 00007f8cd01ef6c9
[  305.429678][T16331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  305.429689][T16331] RBP: 00007f8ccec57090 R08: 0000000000000000 R09: 0000000000000000
[  305.429768][T16331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  305.429781][T16331] R13: 00007f8cd0446038 R14: 00007f8cd0445fa0 R15: 00007fff9c0bab58
[  305.429797][T16331]  </TASK>
[  305.641193][   T29] kauditd_printk_skb: 737 callbacks suppressed
[  305.641207][   T29] audit: type=1326 audit(1763380392.558:42643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16330 comm="syz.4.4230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f8cd01ee0dc code=0x7ffc0000
[  305.670807][   T29] audit: type=1326 audit(1763380392.558:42644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16330 comm="syz.4.4230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8cd01ee17f code=0x7ffc0000
[  305.694247][   T29] audit: type=1326 audit(1763380392.558:42645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16330 comm="syz.4.4230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8cd01ee32a code=0x7ffc0000
[  305.717615][   T29] audit: type=1326 audit(1763380392.558:42646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16330 comm="syz.4.4230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  305.741172][   T29] audit: type=1326 audit(1763380392.558:42647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16330 comm="syz.4.4230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  305.789319][T16337] FAULT_INJECTION: forcing a failure.
[  305.789319][T16337] name failslab, interval 1, probability 0, space 0, times 0
[  305.802063][T16337] CPU: 1 UID: 0 PID: 16337 Comm: syz.4.4233 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  305.802092][T16337] Tainted: [W]=WARN
[  305.802155][T16337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  305.802237][T16337] Call Trace:
[  305.802243][T16337]  <TASK>
[  305.802249][T16337]  __dump_stack+0x1d/0x30
[  305.802272][T16337]  dump_stack_lvl+0xe8/0x140
[  305.802295][T16337]  dump_stack+0x15/0x1b
[  305.802316][T16337]  should_fail_ex+0x265/0x280
[  305.802365][T16337]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  305.802389][T16337]  should_failslab+0x8c/0xb0
[  305.802435][T16337]  kmem_cache_alloc_lru_noprof+0x55/0x490
[  305.802480][T16337]  ? shmem_alloc_inode+0x34/0x50
[  305.802502][T16337]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  305.802600][T16337]  shmem_alloc_inode+0x34/0x50
[  305.802678][T16337]  alloc_inode+0x40/0x170
[  305.802702][T16337]  new_inode+0x1d/0xe0
[  305.802770][T16337]  shmem_get_inode+0x244/0x750
[  305.802795][T16337]  __shmem_file_setup+0x113/0x210
[  305.802813][T16337]  shmem_file_setup+0x3b/0x50
[  305.802832][T16337]  __se_sys_memfd_create+0x2c3/0x590
[  305.802869][T16337]  __x64_sys_memfd_create+0x31/0x40
[  305.802895][T16337]  x64_sys_call+0x2ac2/0x3000
[  305.802959][T16337]  do_syscall_64+0xd2/0x200
[  305.802982][T16337]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  305.803066][T16337]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  305.803120][T16337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.803144][T16337] RIP: 0033:0x7f8cd01ef6c9
[  305.803207][T16337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.803223][T16337] RSP: 002b:00007f8ccec56e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  305.803240][T16337] RAX: ffffffffffffffda RBX: 000000000000056a RCX: 00007f8cd01ef6c9
[  305.803251][T16337] RDX: 00007f8ccec56ef0 RSI: 0000000000000000 RDI: 00007f8cd0272960
[  305.803263][T16337] RBP: 00002000000015c0 R08: 00007f8ccec56bb7 R09: 00007f8ccec56e40
[  305.803274][T16337] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000140
[  305.803288][T16337] R13: 00007f8ccec56ef0 R14: 00007f8ccec56eb0 R15: 0000200000000640
[  305.803308][T16337]  </TASK>
[  306.099455][   T29] audit: type=1326 audit(1763380393.018:42648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16339 comm="syz.4.4234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  306.123219][   T29] audit: type=1326 audit(1763380393.018:42649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16339 comm="syz.4.4234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  306.176541][   T29] audit: type=1326 audit(1763380393.068:42650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16339 comm="syz.4.4234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  306.200155][   T29] audit: type=1326 audit(1763380393.068:42651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16339 comm="syz.4.4234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8cd01ef703 code=0x7ffc0000
[  306.223592][   T29] audit: type=1326 audit(1763380393.068:42652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16339 comm="syz.4.4234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8cd01ef703 code=0x7ffc0000
[  306.281335][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  306.427773][T16368] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4244'.
[  306.527669][T16388] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4249'.
[  306.561363][T16392] FAULT_INJECTION: forcing a failure.
[  306.561363][T16392] name failslab, interval 1, probability 0, space 0, times 0
[  306.574071][T16392] CPU: 1 UID: 0 PID: 16392 Comm: syz.0.4253 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  306.574108][T16392] Tainted: [W]=WARN
[  306.574114][T16392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  306.574136][T16392] Call Trace:
[  306.574144][T16392]  <TASK>
[  306.574151][T16392]  __dump_stack+0x1d/0x30
[  306.574256][T16392]  dump_stack_lvl+0xe8/0x140
[  306.574279][T16392]  dump_stack+0x15/0x1b
[  306.574297][T16392]  should_fail_ex+0x265/0x280
[  306.574411][T16392]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  306.574460][T16392]  should_failslab+0x8c/0xb0
[  306.574490][T16392]  kmem_cache_alloc_lru_noprof+0x55/0x490
[  306.574578][T16392]  ? shmem_alloc_inode+0x34/0x50
[  306.574604][T16392]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  306.574625][T16392]  shmem_alloc_inode+0x34/0x50
[  306.574643][T16392]  alloc_inode+0x40/0x170
[  306.574727][T16392]  new_inode+0x1d/0xe0
[  306.574750][T16392]  shmem_get_inode+0x244/0x750
[  306.574776][T16392]  __shmem_file_setup+0x113/0x210
[  306.574869][T16392]  shmem_file_setup+0x3b/0x50
[  306.574890][T16392]  __se_sys_memfd_create+0x2c3/0x590
[  306.574983][T16392]  __x64_sys_memfd_create+0x31/0x40
[  306.575010][T16392]  x64_sys_call+0x2ac2/0x3000
[  306.575035][T16392]  do_syscall_64+0xd2/0x200
[  306.575055][T16392]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  306.575094][T16392]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  306.575130][T16392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.575198][T16392] RIP: 0033:0x7fc1ac17f6c9
[  306.575215][T16392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.575276][T16392] RSP: 002b:00007fc1aabdee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  306.575319][T16392] RAX: ffffffffffffffda RBX: 00000000000004f2 RCX: 00007fc1ac17f6c9
[  306.575334][T16392] RDX: 00007fc1aabdeef0 RSI: 0000000000000000 RDI: 00007fc1ac202960
[  306.575349][T16392] RBP: 0000200000000b00 R08: 00007fc1aabdebb7 R09: 00007fc1aabdee40
[  306.575364][T16392] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  306.575377][T16392] R13: 00007fc1aabdeef0 R14: 00007fc1aabdeeb0 R15: 0000200000000040
[  306.575467][T16392]  </TASK>
[  306.826085][   T23] hid_parser_main: 86 callbacks suppressed
[  306.826109][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.839499][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.846982][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.869183][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.876654][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.884163][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.891546][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.898950][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.906388][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.913753][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  306.940187][   T23] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  307.036111][T16424] loop3: detected capacity change from 0 to 1024
[  307.061210][T16424] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  307.074051][T16424] FAULT_INJECTION: forcing a failure.
[  307.074051][T16424] name failslab, interval 1, probability 0, space 0, times 0
[  307.086742][T16424] CPU: 1 UID: 0 PID: 16424 Comm: syz.3.4265 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  307.086850][T16424] Tainted: [W]=WARN
[  307.086856][T16424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  307.086869][T16424] Call Trace:
[  307.086889][T16424]  <TASK>
[  307.086897][T16424]  __dump_stack+0x1d/0x30
[  307.086922][T16424]  dump_stack_lvl+0xe8/0x140
[  307.086945][T16424]  dump_stack+0x15/0x1b
[  307.086963][T16424]  should_fail_ex+0x265/0x280
[  307.086994][T16424]  should_failslab+0x8c/0xb0
[  307.087052][T16424]  __kmalloc_noprof+0xa5/0x570
[  307.087127][T16424]  ? ext4_find_extent+0x16b/0x7a0
[  307.087194][T16424]  ext4_find_extent+0x16b/0x7a0
[  307.087215][T16424]  ? xas_load+0x413/0x430
[  307.087236][T16424]  ? css_rstat_updated+0xb7/0x240
[  307.087312][T16424]  ext4_ext_map_blocks+0x11f/0x38a0
[  307.087338][T16424]  ? __rcu_read_unlock+0x4f/0x70
[  307.087368][T16424]  ? obj_cgroup_charge_account+0x122/0x1a0
[  307.087458][T16424]  ? __rcu_read_unlock+0x4f/0x70
[  307.087483][T16424]  ? __memcg_slab_post_alloc_hook+0x44c/0x580
[  307.087511][T16424]  ? kmem_cache_alloc_lru_noprof+0x2c1/0x490
[  307.087555][T16424]  ? xas_create+0x950/0xbe0
[  307.087623][T16424]  ext4_map_query_blocks+0xa8/0x480
[  307.087662][T16424]  ext4_map_blocks+0x330/0xd00
[  307.087690][T16424]  ? __pfx_workingset_update_node+0x10/0x10
[  307.087745][T16424]  ? obj_cgroup_charge_account+0x122/0x1a0
[  307.087843][T16424]  _ext4_get_block+0x10a/0x350
[  307.087879][T16424]  ext4_get_block_unwritten+0x2a/0xb0
[  307.087916][T16424]  ext4_block_write_begin+0x5e8/0xc00
[  307.088012][T16424]  ? __pfx_ext4_get_block_unwritten+0x10/0x10
[  307.088080][T16424]  ? folio_mapping+0xb9/0xe0
[  307.088106][T16424]  ext4_write_begin+0x647/0xeb0
[  307.088136][T16424]  ext4_da_write_begin+0x1fb/0x6e0
[  307.088229][T16424]  ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0
[  307.088261][T16424]  generic_perform_write+0x184/0x490
[  307.088284][T16424]  ext4_buffered_write_iter+0x1ee/0x3c0
[  307.088337][T16424]  ? ext4_file_write_iter+0xfe/0xf60
[  307.088360][T16424]  ext4_file_write_iter+0x387/0xf60
[  307.088461][T16424]  ? path_openat+0x1bf8/0x2170
[  307.088491][T16424]  do_iter_readv_writev+0x4a1/0x540
[  307.088525][T16424]  vfs_writev+0x2df/0x8b0
[  307.088626][T16424]  __se_sys_pwritev2+0xfc/0x1c0
[  307.088731][T16424]  __x64_sys_pwritev2+0x67/0x80
[  307.088757][T16424]  x64_sys_call+0x2c59/0x3000
[  307.088820][T16424]  do_syscall_64+0xd2/0x200
[  307.088843][T16424]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  307.088910][T16424]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  307.088991][T16424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.089064][T16424] RIP: 0033:0x7f3cafa2f6c9
[  307.089085][T16424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.089106][T16424] RSP: 002b:00007f3cae48f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  307.089127][T16424] RAX: ffffffffffffffda RBX: 00007f3cafc85fa0 RCX: 00007f3cafa2f6c9
[  307.089139][T16424] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000007
[  307.089151][T16424] RBP: 00007f3cae48f090 R08: 0000000000000000 R09: 0000000000000000
[  307.089198][T16424] R10: 0000000000005405 R11: 0000000000000246 R12: 0000000000000001
[  307.089210][T16424] R13: 00007f3cafc86038 R14: 00007f3cafc85fa0 R15: 00007ffe4b90f278
[  307.089226][T16424]  </TASK>
[  307.448967][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.500979][T16433] loop3: detected capacity change from 0 to 1024
[  307.577249][T16433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  307.661817][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.733144][T16453] loop3: detected capacity change from 0 to 512
[  307.777761][T16453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  307.801313][T16453] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  307.804371][T16458] loop1: detected capacity change from 0 to 1024
[  307.854604][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.884153][T16458] EXT4-fs: Ignoring removed bh option
[  307.901381][T16458] EXT4-fs: inline encryption not supported
[  307.911212][T16458] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  307.922185][T16458] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  307.925420][T16467] loop3: detected capacity change from 0 to 764
[  307.937309][T16458] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.4276: lblock 2 mapped to illegal pblock 2 (length 1)
[  307.951549][T16458] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.4276: lblock 0 mapped to illegal pblock 48 (length 1)
[  307.970291][T16467] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  307.985161][T16458] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.4276: Failed to acquire dquot type 0
[  308.006042][T16458] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  308.025641][T16458] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.4276: mark_inode_dirty error
[  308.044792][T16467] Symlink component flag not implemented
[  308.046321][T16458] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  308.053216][T16467] Symlink component flag not implemented (7)
[  308.065128][T16458] EXT4-fs (loop1): 1 orphan inode deleted
[  308.072812][T16458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.085835][ T3733] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:29: lblock 1 mapped to illegal pblock 1 (length 1)
[  308.106553][ T3733] EXT4-fs error (device loop1): ext4_release_dquot:6981: comm kworker/u8:29: Failed to release dquot type 0
[  308.214113][T16481] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  308.241968][T16484] loop0: detected capacity change from 0 to 512
[  308.248977][T16484] EXT4-fs: Ignoring removed oldalloc option
[  308.268162][T16484] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.268768][T16486] __nla_validate_parse: 2 callbacks suppressed
[  308.268780][T16486] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4285'.
[  308.293130][T16484] ext4 filesystem being mounted at /307/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  308.343172][T16484] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4284: bg 0: block 217: padding at end of block bitmap is not set
[  308.389488][T16484] EXT4-fs (loop0): Remounting filesystem read-only
[  308.445814][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.520585][T16499] loop0: detected capacity change from 0 to 1024
[  308.556104][T16499] EXT4-fs: Ignoring removed bh option
[  308.571732][T16499] EXT4-fs: inline encryption not supported
[  308.591915][T16499] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  308.628692][T16499] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  308.640878][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.647438][T16499] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 2: comm syz.0.4287: lblock 2 mapped to illegal pblock 2 (length 1)
[  308.684778][T16499] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 48: comm syz.0.4287: lblock 0 mapped to illegal pblock 48 (length 1)
[  308.709568][T16499] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.4287: Failed to acquire dquot type 0
[  308.727728][T16499] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  308.737679][T16499] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.4287: mark_inode_dirty error
[  308.749146][T16499] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  308.759501][T16499] EXT4-fs (loop0): 1 orphan inode deleted
[  308.765805][T16499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.778687][ T3756] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:49: lblock 1 mapped to illegal pblock 1 (length 1)
[  308.828684][ T3756] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:49: Failed to release dquot type 0
[  308.864266][T16499] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 48: comm syz.0.4287: lblock 0 mapped to illegal pblock 48 (length 1)
[  308.906198][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.025019][T16524] netlink: 'syz.4.4295': attribute type 4 has an invalid length.
[  309.634946][T16542] loop3: detected capacity change from 0 to 512
[  309.647998][T16542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.660535][T16542] ext4 filesystem being mounted at /199/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  309.715695][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.913004][T16558] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4306'.
[  309.963150][T16562] netlink: 'syz.1.4307': attribute type 1 has an invalid length.
[  309.988088][T16562] bond1: entered promiscuous mode
[  309.998563][T16562] 8021q: adding VLAN 0 to HW filter on device bond1
[  310.024898][T16562] 8021q: adding VLAN 0 to HW filter on device bond1
[  310.037040][T16562] bond1: (slave xfrm1): The slave device specified does not support setting the MAC address
[  310.047251][T16562] bond1: (slave xfrm1): Setting fail_over_mac to active for active-backup mode
[  310.058183][T16562] bond1: (slave xfrm1): making interface the new active one
[  310.065547][T16562] xfrm1: entered promiscuous mode
[  310.072290][T16562] bond1: (slave xfrm1): Enslaving as an active interface with an up link
[  310.103212][T16567] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4308'.
[  310.140053][T16552] loop9: detected capacity change from 0 to 7
[  310.146737][T16552] Buffer I/O error on dev loop9, logical block 0, async page read
[  310.154708][T16552] Buffer I/O error on dev loop9, logical block 0, async page read
[  310.162541][T16552]  loop9: unable to read partition table
[  310.168467][T16552] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  310.168467][T16552] 
) failed (rc=-5)
[  310.309479][T16576] loop1: detected capacity change from 0 to 512
[  310.340599][T16576] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.366325][T16576] ext4 filesystem being mounted at /222/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  310.417160][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.484332][T16585] loop1: detected capacity change from 0 to 1024
[  310.509833][T16585] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.573151][T16585] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.4312: Allocating blocks 449-513 which overlap fs metadata
[  310.652959][T16592] loop3: detected capacity change from 0 to 128
[  310.653641][T16584] EXT4-fs (loop1): pa ffff8881071e24d0: logic 48, phys. 177, len 21
[  310.653664][T16584] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  310.659653][T16592] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  310.661254][T16592] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  310.664364][   T29] kauditd_printk_skb: 720 callbacks suppressed
[  310.664375][   T29] audit: type=1400 audit(1763380397.578:43364): avc:  denied  { write } for  pid=16591 comm="syz.3.4315" path="/205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  310.671255][   T29] audit: type=1400 audit(1763380397.588:43365): avc:  denied  { ioctl } for  pid=16591 comm="syz.3.4315" path="/205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop3" ino=12 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  310.687264][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.693607][   T29] audit: type=1400 audit(1763380397.608:43366): avc:  denied  { setattr } for  pid=16591 comm="syz.3.4315" name="file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  310.747291][T13239] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  310.781863][T16596] loop1: detected capacity change from 0 to 2048
[  310.862509][T16599] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4317'.
[  310.878173][   T29] audit: type=1326 audit(1763380397.728:43367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1ac176567 code=0x7ffc0000
[  310.956866][   T29] audit: type=1326 audit(1763380397.728:43368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1ac11b789 code=0x7ffc0000
[  310.956930][   T29] audit: type=1326 audit(1763380397.728:43369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1ac176567 code=0x7ffc0000
[  310.956956][   T29] audit: type=1326 audit(1763380397.728:43370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1ac11b789 code=0x7ffc0000
[  310.956979][   T29] audit: type=1326 audit(1763380397.728:43371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1ac176567 code=0x7ffc0000
[  310.957005][   T29] audit: type=1326 audit(1763380397.728:43372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1ac11b789 code=0x7ffc0000
[  310.957109][   T29] audit: type=1326 audit(1763380397.728:43373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16597 comm="syz.0.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1ac176567 code=0x7ffc0000
[  311.067495][T16596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.278069][T16611] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4321'.
[  311.416250][T16620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  311.455227][T16620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  311.971798][T16637] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4329'.
[  312.012653][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.045981][T16641] loop0: detected capacity change from 0 to 512
[  312.052877][T16641] EXT4-fs: Ignoring removed bh option
[  312.061310][T16641] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  312.072747][T16641] EXT4-fs (loop0): 1 truncate cleaned up
[  312.078826][T16641] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.103972][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.137334][T16658] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4336'.
[  312.423346][T16678] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4343'.
[  312.984419][T16694] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4347'.
[  313.400718][T16705] loop1: detected capacity change from 0 to 512
[  313.442294][T16709] loop0: detected capacity change from 0 to 512
[  313.449508][T16705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.472364][T16709] EXT4-fs: Ignoring removed nobh option
[  313.482281][T16705] ext4 filesystem being mounted at /230/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  313.528318][T16709] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.4350: corrupted inode contents
[  313.529089][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.557421][T16709] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #3: comm syz.0.4350: mark_inode_dirty error
[  313.569416][T16709] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.4350: corrupted inode contents
[  313.581602][T16709] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.4350: mark_inode_dirty error
[  313.593201][T16709] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.4350: Failed to acquire dquot type 0
[  313.610933][T16709] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4350: corrupted inode contents
[  313.623072][T16709] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #16: comm syz.0.4350: mark_inode_dirty error
[  313.634872][T16709] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4350: corrupted inode contents
[  313.651019][T16709] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.4350: mark_inode_dirty error
[  313.662675][T16709] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4350: corrupted inode contents
[  313.674797][T16709] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[  313.684366][T16709] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4350: corrupted inode contents
[  313.696496][T16709] EXT4-fs error (device loop0): ext4_truncate:4637: inode #16: comm syz.0.4350: mark_inode_dirty error
[  313.708203][T16709] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[  313.718022][T16709] EXT4-fs (loop0): 1 truncate cleaned up
[  313.723914][T16709] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.736901][T16709] ext4 filesystem being mounted at /324/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  313.805053][T16721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4354'.
[  314.059851][T16733] netlink: 'syz.5.4358': attribute type 4 has an invalid length.
[  314.295616][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.578919][T16739] SELinux:  policydb magic number 0x280 does not match expected magic number 0xf97cff8c
[  314.599458][T16739] SELinux: failed to load policy
[  314.617508][T16739] netlink: 84 bytes leftover after parsing attributes in process `syz.0.4359'.
[  314.626745][T16741] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4360'.
[  314.635815][T16741] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4360'.
[  314.645931][T16739] loop0: detected capacity change from 0 to 512
[  314.662409][T16739] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.4359: error while reading EA inode 32 err=-116
[  314.688263][T16739] EXT4-fs (loop0): Remounting filesystem read-only
[  314.702063][T16739] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  314.722353][T16739] EXT4-fs (loop0): 1 orphan inode deleted
[  314.735729][T16739] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  314.758279][T16739] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.802189][T16744] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4361'.
[  314.885145][T16752] netlink: 'syz.4.4364': attribute type 4 has an invalid length.
[  314.979934][T16765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.988903][T16765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  315.093791][T16772] serio: Serial port ttyS3
[  315.155180][T16770] FAULT_INJECTION: forcing a failure.
[  315.155180][T16770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.168368][T16770] CPU: 0 UID: 0 PID: 16770 Comm: syz.4.4369 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  315.168402][T16770] Tainted: [W]=WARN
[  315.168410][T16770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  315.168447][T16770] Call Trace:
[  315.168453][T16770]  <TASK>
[  315.168459][T16770]  __dump_stack+0x1d/0x30
[  315.168490][T16770]  dump_stack_lvl+0xe8/0x140
[  315.168510][T16770]  dump_stack+0x15/0x1b
[  315.168528][T16770]  should_fail_ex+0x265/0x280
[  315.168625][T16770]  should_fail+0xb/0x20
[  315.168652][T16770]  should_fail_usercopy+0x1a/0x20
[  315.168697][T16770]  _copy_from_iter+0xd2/0xe80
[  315.168717][T16770]  ? __build_skb_around+0x1ab/0x200
[  315.168743][T16770]  ? __alloc_skb+0x223/0x320
[  315.168769][T16770]  netlink_sendmsg+0x471/0x6b0
[  315.168845][T16770]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.168867][T16770]  __sock_sendmsg+0x145/0x180
[  315.168892][T16770]  ____sys_sendmsg+0x31e/0x4e0
[  315.168912][T16770]  ___sys_sendmsg+0x17b/0x1d0
[  315.168976][T16770]  __x64_sys_sendmsg+0xd4/0x160
[  315.169056][T16770]  x64_sys_call+0x191e/0x3000
[  315.169159][T16770]  do_syscall_64+0xd2/0x200
[  315.169182][T16770]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  315.169212][T16770]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  315.169243][T16770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.169278][T16770] RIP: 0033:0x7f8cd01ef6c9
[  315.169293][T16770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.169310][T16770] RSP: 002b:00007f8ccec57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.169328][T16770] RAX: ffffffffffffffda RBX: 00007f8cd0445fa0 RCX: 00007f8cd01ef6c9
[  315.169369][T16770] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000007
[  315.169384][T16770] RBP: 00007f8ccec57090 R08: 0000000000000000 R09: 0000000000000000
[  315.169397][T16770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.169411][T16770] R13: 00007f8cd0446038 R14: 00007f8cd0445fa0 R15: 00007fff9c0bab58
[  315.169451][T16770]  </TASK>
[  315.289159][T16778] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4371'.
[  315.387723][T16777] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=16777 comm=syz.5.4371
[  315.456238][T16780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4372'.
[  315.465350][T16780] hsr_slave_0: left promiscuous mode
[  315.471321][T16780] hsr_slave_1: left promiscuous mode
[  315.520489][T16781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4372'.
[  315.531592][T16781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4372'.
[  315.541153][T16781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4372'.
[  315.572286][T16783] loop3: detected capacity change from 0 to 512
[  315.597889][T16783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  315.610411][T16783] ext4 filesystem being mounted at /213/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  315.641356][T16787] team0 (unregistering): Port device team_slave_0 removed
[  315.649777][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.679503][   T29] kauditd_printk_skb: 8152 callbacks suppressed
[  315.679517][   T29] audit: type=1326 audit(1763380402.598:51524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.683574][T16794] loop1: detected capacity change from 0 to 512
[  315.685787][   T29] audit: type=1326 audit(1763380402.598:51525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.685819][   T29] audit: type=1326 audit(1763380402.598:51526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.742005][T16795] pim6reg: entered allmulticast mode
[  315.762695][   T29] audit: type=1326 audit(1763380402.598:51527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.762725][   T29] audit: type=1326 audit(1763380402.598:51528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.776444][T16795] pim6reg: left allmulticast mode
[  315.791687][   T29] audit: type=1326 audit(1763380402.598:51529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.843757][   T29] audit: type=1326 audit(1763380402.598:51530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.848938][T16794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  315.867321][   T29] audit: type=1326 audit(1763380402.598:51531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.880835][T16794] ext4 filesystem being mounted at /236/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  315.903281][   T29] audit: type=1326 audit(1763380402.598:51532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.937037][   T29] audit: type=1326 audit(1763380402.598:51533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16793 comm="syz.1.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0ea36ff6c9 code=0x7ffc0000
[  315.977383][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.999106][T16787] loop0: detected capacity change from 0 to 512
[  316.018003][T16805] loop3: detected capacity change from 0 to 2048
[  316.030498][T16805] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.047419][T16787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.073307][T16787] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.112388][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.122099][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.134386][T16814] hub 1-0:1.0: USB hub found
[  316.144674][T16814] hub 1-0:1.0: 8 ports detected
[  316.171566][T16818] loop3: detected capacity change from 0 to 512
[  316.178297][T16818] EXT4-fs: Ignoring removed bh option
[  316.184127][T16818] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  316.202685][T16820] loop0: detected capacity change from 0 to 512
[  316.211669][T16818] EXT4-fs (loop3): 1 truncate cleaned up
[  316.219120][T16820] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.221053][T16818] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.235925][T16820] ext4 filesystem being mounted at /329/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  316.296612][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.423371][T16848] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  316.512417][T16856] loop3: detected capacity change from 0 to 512
[  316.592458][T16862] FAULT_INJECTION: forcing a failure.
[  316.592458][T16862] name failslab, interval 1, probability 0, space 0, times 0
[  316.605248][T16862] CPU: 0 UID: 0 PID: 16862 Comm: syz.0.4397 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  316.605283][T16862] Tainted: [W]=WARN
[  316.605291][T16862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  316.605305][T16862] Call Trace:
[  316.605312][T16862]  <TASK>
[  316.605319][T16862]  __dump_stack+0x1d/0x30
[  316.605340][T16862]  dump_stack_lvl+0xe8/0x140
[  316.605378][T16862]  dump_stack+0x15/0x1b
[  316.605394][T16862]  should_fail_ex+0x265/0x280
[  316.605425][T16862]  should_failslab+0x8c/0xb0
[  316.605455][T16862]  kmem_cache_alloc_noprof+0x50/0x480
[  316.605620][T16862]  ? __kernfs_iattrs+0x69/0x1a0
[  316.605671][T16862]  __kernfs_iattrs+0x69/0x1a0
[  316.605700][T16862]  kernfs_vfs_user_xattr_set+0xa7/0x220
[  316.605727][T16862]  ? __pfx_kernfs_vfs_user_xattr_set+0x10/0x10
[  316.605829][T16862]  __vfs_removexattr+0x2c7/0x2f0
[  316.605907][T16862]  __vfs_removexattr_locked+0x18a/0x1d0
[  316.605937][T16862]  vfs_removexattr+0x75/0x170
[  316.605966][T16862]  path_removexattrat+0x2c6/0x570
[  316.606010][T16862]  __x64_sys_removexattr+0x38/0x50
[  316.606042][T16862]  x64_sys_call+0x2433/0x3000
[  316.606066][T16862]  do_syscall_64+0xd2/0x200
[  316.606109][T16862]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  316.606134][T16862]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  316.606164][T16862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.606191][T16862] RIP: 0033:0x7fc1ac17f6c9
[  316.606206][T16862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.606222][T16862] RSP: 002b:00007fc1aabdf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[  316.606239][T16862] RAX: ffffffffffffffda RBX: 00007fc1ac3d5fa0 RCX: 00007fc1ac17f6c9
[  316.606254][T16862] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000200000000340
[  316.606267][T16862] RBP: 00007fc1aabdf090 R08: 0000000000000000 R09: 0000000000000000
[  316.606280][T16862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.606293][T16862] R13: 00007fc1ac3d6038 R14: 00007fc1ac3d5fa0 R15: 00007ffdc63b5498
[  316.606388][T16862]  </TASK>
[  316.910711][T16868] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  317.053194][T16883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16883 comm=syz.5.4403
[  317.133174][T16889] can0: slcan on ptm2.
[  317.143078][T16891] loop0: detected capacity change from 0 to 512
[  317.156363][T16891] EXT4-fs: Ignoring removed nobh option
[  317.178595][T16891] ext4 filesystem being mounted at /336/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  317.196399][T16889] can0 (unregistered): slcan off ptm2.
[  317.202313][T16889] Falling back ldisc for ptm2.
[  317.209378][T16894] FAULT_INJECTION: forcing a failure.
[  317.209378][T16894] name failslab, interval 1, probability 0, space 0, times 0
[  317.222124][T16894] CPU: 0 UID: 0 PID: 16894 Comm: syz.5.4408 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  317.222203][T16894] Tainted: [W]=WARN
[  317.222209][T16894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  317.222220][T16894] Call Trace:
[  317.222226][T16894]  <TASK>
[  317.222233][T16894]  __dump_stack+0x1d/0x30
[  317.222253][T16894]  dump_stack_lvl+0xe8/0x140
[  317.222272][T16894]  dump_stack+0x15/0x1b
[  317.222343][T16894]  should_fail_ex+0x265/0x280
[  317.222374][T16894]  should_failslab+0x8c/0xb0
[  317.222457][T16894]  kmem_cache_alloc_lru_noprof+0x55/0x490
[  317.222489][T16894]  ? __d_alloc+0x3d/0x340
[  317.222523][T16894]  __d_alloc+0x3d/0x340
[  317.222618][T16894]  d_alloc_pseudo+0x1e/0x80
[  317.222672][T16894]  alloc_file_pseudo+0x71/0x160
[  317.222696][T16894]  anon_inode_getfile+0xa0/0x120
[  317.222716][T16894]  bpf_link_prime+0xfc/0x1d0
[  317.222886][T16894]  bpf_raw_tp_link_attach+0x2ff/0x400
[  317.222976][T16894]  bpf_raw_tracepoint_open+0x164/0x2c0
[  317.222996][T16894]  ? security_bpf+0x2b/0x90
[  317.223020][T16894]  __sys_bpf+0x6ae/0x7c0
[  317.223043][T16894]  __x64_sys_bpf+0x41/0x50
[  317.223118][T16894]  x64_sys_call+0x2aee/0x3000
[  317.223176][T16894]  do_syscall_64+0xd2/0x200
[  317.223237][T16894]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  317.223265][T16894]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  317.223347][T16894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.223372][T16894] RIP: 0033:0x7fdb7c1cf6c9
[  317.223389][T16894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.223429][T16894] RSP: 002b:00007fdb7ac0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  317.223446][T16894] RAX: ffffffffffffffda RBX: 00007fdb7c426090 RCX: 00007fdb7c1cf6c9
[  317.223458][T16894] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011
[  317.223469][T16894] RBP: 00007fdb7ac0e090 R08: 0000000000000000 R09: 0000000000000000
[  317.223484][T16894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.223498][T16894] R13: 00007fdb7c426128 R14: 00007fdb7c426090 R15: 00007ffe58837308
[  317.223528][T16894]  </TASK>
[  317.536472][T16900] 9pnet: Could not find request transport: f
[  317.566730][T16900] netlink: 'syz.5.4411': attribute type 1 has an invalid length.
[  317.610645][T16910] lo speed is unknown, defaulting to 1000
[  317.630961][T16910] lo speed is unknown, defaulting to 1000
[  317.637319][T16910] lo speed is unknown, defaulting to 1000
[  317.644007][T16910] infiniband s{z2: RDMA CMA: cma_listen_on_dev, error -98
[  317.661825][T16910] lo speed is unknown, defaulting to 1000
[  317.669323][T16910] lo speed is unknown, defaulting to 1000
[  317.687991][T16910] lo speed is unknown, defaulting to 1000
[  317.694439][T16910] lo speed is unknown, defaulting to 1000
[  317.720801][T16910] lo speed is unknown, defaulting to 1000
[  317.727037][T16910] lo speed is unknown, defaulting to 1000
[  318.429151][T16973] loop0: detected capacity change from 0 to 512
[  318.465424][T16973] ext4 filesystem being mounted at /338/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  318.562893][T16980] lo speed is unknown, defaulting to 1000
[  318.613016][ T3415] hid_parser_main: 22 callbacks suppressed
[  318.613056][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.626300][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.633678][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.661609][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.669075][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.676498][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.683929][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.691370][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.698744][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.706111][ T3415] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  318.717297][T16984] loop0: detected capacity change from 0 to 2048
[  318.724024][ T3415] hid-generic 0000:0000:0000.0023: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  318.832672][T16993] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  318.841328][T16999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.859913][T16999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.869558][T16993] ip6tnl1: entered promiscuous mode
[  318.874758][T16993] ip6tnl1: entered allmulticast mode
[  318.946902][T17003] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  319.009980][T17008] __nla_validate_parse: 6 callbacks suppressed
[  319.010051][T17008] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4441'.
[  319.034371][T17008] tap0: tun_chr_ioctl cmd 1074025675
[  319.039716][T17008] tap0: persist enabled
[  319.044279][T17008] tap0: tun_chr_ioctl cmd 1074025675
[  319.049681][T17008] tap0: persist disabled
[  319.258429][T17020] loop3: detected capacity change from 0 to 512
[  319.267805][T17020] ext4 filesystem being mounted at /232/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  319.656366][T17030] FAULT_INJECTION: forcing a failure.
[  319.656366][T17030] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.669459][T17030] CPU: 1 UID: 0 PID: 17030 Comm: syz.4.4447 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  319.669558][T17030] Tainted: [W]=WARN
[  319.669625][T17030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  319.669637][T17030] Call Trace:
[  319.669644][T17030]  <TASK>
[  319.669653][T17030]  __dump_stack+0x1d/0x30
[  319.669678][T17030]  dump_stack_lvl+0xe8/0x140
[  319.669697][T17030]  dump_stack+0x15/0x1b
[  319.669713][T17030]  should_fail_ex+0x265/0x280
[  319.669766][T17030]  should_fail+0xb/0x20
[  319.669796][T17030]  should_fail_usercopy+0x1a/0x20
[  319.669818][T17030]  _copy_to_user+0x20/0xa0
[  319.669846][T17030]  sk_getsockopt+0x15f4/0x1a30
[  319.669916][T17030]  ? selinux_socket_getsockopt+0x175/0x1b0
[  319.669942][T17030]  ? should_fail_ex+0xdb/0x280
[  319.669971][T17030]  do_sock_getsockopt+0x14d/0x240
[  319.670073][T17030]  __x64_sys_getsockopt+0x11e/0x1a0
[  319.670105][T17030]  x64_sys_call+0x2bca/0x3000
[  319.670125][T17030]  do_syscall_64+0xd2/0x200
[  319.670143][T17030]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  319.670206][T17030]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  319.670316][T17030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.670365][T17030] RIP: 0033:0x7f8cd01ef6c9
[  319.670382][T17030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.670426][T17030] RSP: 002b:00007f8ccec57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  319.670444][T17030] RAX: ffffffffffffffda RBX: 00007f8cd0445fa0 RCX: 00007f8cd01ef6c9
[  319.670458][T17030] RDX: 000000000000000c RSI: 0000000000000001 RDI: 0000000000000003
[  319.670473][T17030] RBP: 00007f8ccec57090 R08: 0000200000000400 R09: 0000000000000000
[  319.670487][T17030] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  319.670502][T17030] R13: 00007f8cd0446038 R14: 00007f8cd0445fa0 R15: 00007fff9c0bab58
[  319.670521][T17030]  </TASK>
[  319.908053][T17037] loop0: detected capacity change from 0 to 512
[  319.915067][T17037] EXT4-fs (loop0): unable to read superblock
[  320.003601][T17044] loop3: detected capacity change from 0 to 8192
[  320.019073][T17044] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.075738][T17060] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4458'.
[  320.090537][T17044] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.114562][T17066] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  320.167692][T17044] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.228519][T17044] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.307749][ T3708] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  320.345768][ T3708] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  320.376418][ T3708] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  320.384614][ T3708] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  320.456066][T17090] lo speed is unknown, defaulting to 1000
[  320.471229][T17092] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4464'.
[  320.503547][T17092] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  320.512133][ T1030] hid-generic 0000:0000:0000.0024: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  320.535751][T17090] loop3: detected capacity change from 0 to 2048
[  320.553736][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.563827][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.573833][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.583805][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.595762][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.618666][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.632510][T17098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4465'.
[  320.687418][   T29] kauditd_printk_skb: 992 callbacks suppressed
[  320.687430][   T29] audit: type=1326 audit(2000000000.630:52526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  320.724541][T17108] loop3: detected capacity change from 0 to 512
[  320.775456][   T29] audit: type=1326 audit(2000000000.630:52527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3cafa2f703 code=0x7ffc0000
[  320.798889][   T29] audit: type=1326 audit(2000000000.630:52528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3cafa2e17f code=0x7ffc0000
[  320.799589][T17108] ext4 filesystem being mounted at /239/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  320.822328][   T29] audit: type=1326 audit(2000000000.630:52529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f3cafa2f757 code=0x7ffc0000
[  320.822358][   T29] audit: type=1326 audit(2000000000.630:52530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17105 comm="syz.4.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  320.879572][   T29] audit: type=1326 audit(2000000000.630:52531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17105 comm="syz.4.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  320.903401][   T29] audit: type=1326 audit(2000000000.630:52532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17105 comm="syz.4.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8cd01ef6c9 code=0x7ffc0000
[  320.926944][   T29] audit: type=1326 audit(2000000000.660:52533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3cafa2df10 code=0x7ffc0000
[  320.950494][   T29] audit: type=1326 audit(2000000000.660:52534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3cafa2f2cb code=0x7ffc0000
[  320.974033][   T29] audit: type=1326 audit(2000000000.670:52535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17107 comm="syz.3.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3cafa2e32a code=0x7ffc0000
[  321.018744][T17113] can0: slcan on ptm0.
[  321.043391][T17116] netlink: 'syz.1.4472': attribute type 4 has an invalid length.
[  321.069668][T17113] can0 (unregistered): slcan off ptm0.
[  321.087728][T17113] Falling back ldisc for ptm0.
[  321.164607][T17130] loop0: detected capacity change from 0 to 512
[  321.178196][T17130] EXT4-fs: Ignoring removed nobh option
[  321.187762][T17130] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.4476: corrupted inode contents
[  321.226455][T17130] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #3: comm syz.0.4476: mark_inode_dirty error
[  321.247414][T17130] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.4476: corrupted inode contents
[  321.266284][T17130] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.4476: mark_inode_dirty error
[  321.288123][T17130] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.4476: Failed to acquire dquot type 0
[  321.306716][T17139] FAULT_INJECTION: forcing a failure.
[  321.306716][T17139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.319889][T17139] CPU: 1 UID: 0 PID: 17139 Comm: syz.1.4479 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  321.319928][T17139] Tainted: [W]=WARN
[  321.319934][T17139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  321.319944][T17139] Call Trace:
[  321.319984][T17139]  <TASK>
[  321.319990][T17139]  __dump_stack+0x1d/0x30
[  321.320012][T17139]  dump_stack_lvl+0xe8/0x140
[  321.320029][T17139]  dump_stack+0x15/0x1b
[  321.320044][T17139]  should_fail_ex+0x265/0x280
[  321.320073][T17139]  should_fail+0xb/0x20
[  321.320145][T17139]  should_fail_usercopy+0x1a/0x20
[  321.320162][T17139]  _copy_from_iter+0xd2/0xe80
[  321.320182][T17139]  ? __build_skb_around+0x1ab/0x200
[  321.320230][T17139]  ? __alloc_skb+0x223/0x320
[  321.320279][T17139]  netlink_sendmsg+0x471/0x6b0
[  321.320372][T17139]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.320390][T17139]  __sock_sendmsg+0x145/0x180
[  321.320412][T17139]  ____sys_sendmsg+0x31e/0x4e0
[  321.320429][T17139]  ___sys_sendmsg+0x17b/0x1d0
[  321.320473][T17139]  __x64_sys_sendmsg+0xd4/0x160
[  321.320491][T17139]  x64_sys_call+0x191e/0x3000
[  321.320510][T17139]  do_syscall_64+0xd2/0x200
[  321.320529][T17139]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  321.320553][T17139]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  321.320648][T17139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.320682][T17139] RIP: 0033:0x7f0ea36ff6c9
[  321.320696][T17139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.320711][T17139] RSP: 002b:00007f0ea2167038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  321.320728][T17139] RAX: ffffffffffffffda RBX: 00007f0ea3955fa0 RCX: 00007f0ea36ff6c9
[  321.320738][T17139] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000005
[  321.320796][T17139] RBP: 00007f0ea2167090 R08: 0000000000000000 R09: 0000000000000000
[  321.320807][T17139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.320847][T17139] R13: 00007f0ea3956038 R14: 00007f0ea3955fa0 R15: 00007ffc09ee3198
[  321.320863][T17139]  </TASK>
[  321.600782][T17130] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4476: corrupted inode contents
[  321.616918][T17130] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #16: comm syz.0.4476: mark_inode_dirty error
[  321.647215][T17130] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4476: corrupted inode contents
[  321.671651][T17130] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.4476: mark_inode_dirty error
[  321.699000][T17130] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4476: corrupted inode contents
[  321.725927][T17130] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[  321.734953][T17130] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.4476: corrupted inode contents
[  321.748598][T17130] EXT4-fs error (device loop0): ext4_truncate:4637: inode #16: comm syz.0.4476: mark_inode_dirty error
[  321.774194][T17130] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[  321.784331][T17130] EXT4-fs (loop0): 1 truncate cleaned up
[  321.790709][T17130] ext4 filesystem being mounted at /346/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  321.821106][T17134] loop3: detected capacity change from 0 to 2048
[  321.889744][T17134] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #2: comm syz.3.4474: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  321.997636][T17134] EXT4-fs (loop3): get root inode failed
[  322.003308][T17134] EXT4-fs (loop3): mount failed
[  322.021243][T17163] netlink: 'syz.4.4486': attribute type 4 has an invalid length.
[  322.205412][T17181] lo speed is unknown, defaulting to 1000
[  322.226331][ T3395] hid-generic 0000:0000:0000.0025: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  322.329596][T17189] loop1: detected capacity change from 0 to 512
[  322.362946][T17194] loop0: detected capacity change from 0 to 512
[  322.380424][T17189] ext4 filesystem being mounted at /249/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  322.398091][T17194] ext4 filesystem being mounted at /351/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  322.540373][T17210] netlink: 'syz.0.4501': attribute type 4 has an invalid length.
[  322.574846][T17214] loop1: detected capacity change from 0 to 512
[  322.601584][T17214] EXT4-fs: Ignoring removed nobh option
[  322.621932][T17212] syzkaller0: entered promiscuous mode
[  322.627432][T17212] syzkaller0: entered allmulticast mode
[  322.636146][T17214] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.4503: corrupted inode contents
[  322.648595][T17197] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.656154][T17214] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #3: comm syz.1.4503: mark_inode_dirty error
[  322.673137][T17214] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.4503: corrupted inode contents
[  322.685505][T17214] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.4503: mark_inode_dirty error
[  322.697448][T17214] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.4503: Failed to acquire dquot type 0
[  322.709156][T17214] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.4503: corrupted inode contents
[  322.721192][T17214] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #16: comm syz.1.4503: mark_inode_dirty error
[  322.732809][T17214] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.4503: corrupted inode contents
[  322.733719][T17197] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.754566][T17214] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.4503: mark_inode_dirty error
[  322.767363][T17214] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.4503: corrupted inode contents
[  322.779396][T17214] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem
[  322.789421][T17214] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.4503: corrupted inode contents
[  322.812153][T17214] EXT4-fs error (device loop1): ext4_truncate:4637: inode #16: comm syz.1.4503: mark_inode_dirty error
[  322.823562][T17214] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem
[  322.832967][T17214] EXT4-fs (loop1): 1 truncate cleaned up
[  322.840096][T17197] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.850450][T17214] ext4 filesystem being mounted at /252/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  322.897483][T17197] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.941652][T17230] serio: Serial port ttyS3
[  322.961541][ T3772] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  322.972214][ T3772] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  322.987312][ T3772] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  323.012867][ T3772] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  323.049940][T17239] netlink: 'syz.3.4512': attribute type 4 has an invalid length.
[  323.079027][T17242] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  323.189403][T17257] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17257 comm=syz.5.4519
[  323.221462][T17262] loop3: detected capacity change from 0 to 512
[  323.237898][T17262] ext4 filesystem being mounted at /246/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  323.321766][T17270] loop3: detected capacity change from 0 to 8192
[  323.342984][T17272] lo speed is unknown, defaulting to 1000
[  323.351280][T17270] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  323.398808][T17270] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  323.467848][T17270] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  323.567908][T17270] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  323.719883][T17287] netlink: 'syz.0.4527': attribute type 4 has an invalid length.
[  323.828295][T17290] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  324.092298][ T3772] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.120512][ T3772] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.140656][ T3772] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.157526][ T3772] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.221540][T17297] loop3: detected capacity change from 0 to 512
[  324.236492][T17297] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  324.283331][T17303] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  324.300144][T17301] loop3: detected capacity change from 0 to 512
[  324.328495][T17301] ext4 filesystem being mounted at /250/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  324.422943][T17315] lo speed is unknown, defaulting to 1000
[  324.428531][T17317] netlink: 'syz.1.4538': attribute type 4 has an invalid length.
[  324.464882][ T3646] hid_parser_main: 86 callbacks suppressed
[  324.464897][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.478170][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.485542][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.531404][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.538911][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.546321][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.553739][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.561135][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.568545][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.575967][ T3646] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  324.654763][ T3646] hid-generic 0000:0000:0000.0026: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  324.695669][T17327] loop0: detected capacity change from 0 to 512
[  324.727582][T17327] ext4 filesystem being mounted at /359/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.755896][T17328] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #4: comm syz.0.4541: corrupted inode contents
[  324.791223][T17328] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #4: comm syz.0.4541: mark_inode_dirty error
[  324.816015][T17328] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #4: comm syz.0.4541: corrupted inode contents
[  324.860326][T17328] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #4: comm syz.0.4541: mark_inode_dirty error
[  324.882601][T17328] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.4541: Failed to acquire dquot type 1
[  324.910822][T17327] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #4: comm syz.0.4541: corrupted inode contents
[  324.942990][T17327] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #4: comm syz.0.4541: mark_inode_dirty error
[  324.950159][T17341] loop3: detected capacity change from 0 to 512
[  324.958945][T17327] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #4: comm syz.0.4541: corrupted inode contents
[  324.982041][T17341] ext4 filesystem being mounted at /252/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  324.995323][T17327] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #4: comm syz.0.4541: mark_inode_dirty error
[  325.016563][T17327] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.4541: Failed to acquire dquot type 1
[  325.084410][T17353] __nla_validate_parse: 63 callbacks suppressed
[  325.084422][T17353] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4550'.
[  325.092965][T17355] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4552'.
[  325.139096][T17361] serio: Serial port ttyS3
[  325.166574][T17363] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  325.284979][T17375] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4560'.
[  325.300056][T17375] tap0: tun_chr_ioctl cmd 1074025675
[  325.305467][T17375] tap0: persist enabled
[  325.311370][T17375] tap0: tun_chr_ioctl cmd 1074025675
[  325.316700][T17375] tap0: persist disabled
[  325.352896][T17381] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4563'.
[  325.876392][T17409] lo speed is unknown, defaulting to 1000
[  325.908424][T17411] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  325.923533][ T3415] hid-generic 0000:0000:0000.0027: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  325.955648][T17415] loop0: detected capacity change from 0 to 512
[  325.956351][   T29] kauditd_printk_skb: 1144 callbacks suppressed
[  325.956364][   T29] audit: type=1326 audit(2000000005.890:53671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  325.991905][   T29] audit: type=1326 audit(2000000005.890:53672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  325.992009][T17409] loop3: detected capacity change from 0 to 2048
[  326.015357][   T29] audit: type=1326 audit(2000000005.890:53673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.015386][   T29] audit: type=1326 audit(2000000005.890:53674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.015409][   T29] audit: type=1326 audit(2000000005.890:53675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.015449][   T29] audit: type=1326 audit(2000000005.890:53676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.065276][T17415] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  326.069175][   T29] audit: type=1326 audit(2000000005.890:53677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.150001][   T29] audit: type=1326 audit(2000000005.890:53678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.173609][   T29] audit: type=1326 audit(2000000005.890:53679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.197171][   T29] audit: type=1326 audit(2000000005.890:53680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.0.4573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc1ac17f6c9 code=0x7ffc0000
[  326.257656][T17424] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  326.288391][T17427] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4576'.
[  326.300363][T17427] tap0: tun_chr_ioctl cmd 1074025675
[  326.305727][T17427] tap0: persist enabled
[  326.318343][T17427] tap0: tun_chr_ioctl cmd 1074025675
[  326.323649][T17427] tap0: persist disabled
[  326.341947][T17430] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4578'.
[  326.367518][T17434] FAULT_INJECTION: forcing a failure.
[  326.367518][T17434] name failslab, interval 1, probability 0, space 0, times 0
[  326.380135][T17434] CPU: 0 UID: 0 PID: 17434 Comm: syz.5.4577 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  326.380223][T17434] Tainted: [W]=WARN
[  326.380229][T17434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  326.380241][T17434] Call Trace:
[  326.380247][T17434]  <TASK>
[  326.380253][T17434]  __dump_stack+0x1d/0x30
[  326.380273][T17434]  dump_stack_lvl+0xe8/0x140
[  326.380401][T17434]  dump_stack+0x15/0x1b
[  326.380422][T17434]  should_fail_ex+0x265/0x280
[  326.380452][T17434]  should_failslab+0x8c/0xb0
[  326.380518][T17434]  __kmalloc_noprof+0xa5/0x570
[  326.380544][T17434]  ? sctp_make_abort_user+0x17b/0x3a0
[  326.380595][T17434]  sctp_make_abort_user+0x17b/0x3a0
[  326.380615][T17434]  sctp_sendmsg_check_sflags+0x17e/0x1e0
[  326.380640][T17434]  sctp_sendmsg+0x10bb/0x18d0
[  326.380686][T17434]  ? __pfx_sctp_sendmsg+0x10/0x10
[  326.380708][T17434]  inet_sendmsg+0xc5/0xd0
[  326.380742][T17434]  __sock_sendmsg+0x102/0x180
[  326.380764][T17434]  ____sys_sendmsg+0x31e/0x4e0
[  326.380783][T17434]  ___sys_sendmsg+0x17b/0x1d0
[  326.380811][T17434]  __x64_sys_sendmsg+0xd4/0x160
[  326.380883][T17434]  x64_sys_call+0x191e/0x3000
[  326.380909][T17434]  do_syscall_64+0xd2/0x200
[  326.380963][T17434]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  326.381131][T17434]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  326.381165][T17434]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.381186][T17434] RIP: 0033:0x7fdb7c1cf6c9
[  326.381200][T17434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.381217][T17434] RSP: 002b:00007fdb7ac0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  326.381312][T17434] RAX: ffffffffffffffda RBX: 00007fdb7c426090 RCX: 00007fdb7c1cf6c9
[  326.381324][T17434] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  326.381335][T17434] RBP: 00007fdb7ac0e090 R08: 0000000000000000 R09: 0000000000000000
[  326.381382][T17434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.381442][T17434] R13: 00007fdb7c426128 R14: 00007fdb7c426090 R15: 00007ffe58837308
[  326.381459][T17434]  </TASK>
[  326.641589][T17443] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  326.692720][T17448] 9pnet: Could not find request transport: f
[  326.701873][T17448] netlink: 'syz.0.4584': attribute type 1 has an invalid length.
[  326.709709][T17448] netlink: 228 bytes leftover after parsing attributes in process `syz.0.4584'.
[  326.741229][T17454] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  326.751866][T17453] netlink: 'syz.0.4586': attribute type 4 has an invalid length.
[  326.773787][T17436] loop9: detected capacity change from 0 to 7
[  326.780365][T17436] Buffer I/O error on dev loop9, logical block 0, async page read
[  326.788396][T17436] Buffer I/O error on dev loop9, logical block 0, async page read
[  326.796331][T17436]  loop9: unable to read partition table
[  326.802014][T17436] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  326.802014][T17436] 
) failed (rc=-5)
[  326.853016][T17461] 9pnet: Could not find request transport: f
[  326.863180][T17461] netlink: 'syz.3.4589': attribute type 1 has an invalid length.
[  326.871004][T17461] netlink: 228 bytes leftover after parsing attributes in process `syz.3.4589'.
[  326.939014][T17474] loop0: detected capacity change from 0 to 512
[  326.949792][T17474] EXT4-fs: Ignoring removed nomblk_io_submit option
[  326.959916][T17474] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  326.967849][T17474] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=4002e118, mo2=0002]
[  326.976966][T17474] EXT4-fs (loop0): orphan cleanup on readonly fs
[  326.983404][T17474] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  326.998013][T17474] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  327.004966][T17474] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4593: bg 0: block 40: padding at end of block bitmap is not set
[  327.019346][T17474] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  327.031369][T17474] EXT4-fs (loop0): 1 truncate cleaned up
[  327.037487][T17474] EXT4-fs mount: 33 callbacks suppressed
[  327.037501][T17474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  327.066340][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.097243][T17485] loop0: detected capacity change from 0 to 2048
[  327.108568][T17485] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  327.117871][T17488] netlink: 'syz.3.4598': attribute type 4 has an invalid length.
[  327.137964][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.148881][T17492] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  327.182035][T17498] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  327.199166][T17501] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  327.284008][T17504] loop3: detected capacity change from 0 to 512
[  327.308446][T17504] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  327.320969][T17504] ext4 filesystem being mounted at /268/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  327.349401][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.527227][T17522] netlink: 'syz.1.4610': attribute type 4 has an invalid length.
[  327.626666][T17528] serio: Serial port ttyS3
[  327.703065][T17532] 9pnet: Could not find request transport: f
[  327.712870][T17532] netlink: 'syz.1.4614': attribute type 1 has an invalid length.
[  327.720636][T17532] netlink: 228 bytes leftover after parsing attributes in process `syz.1.4614'.
[  328.643021][T17567] loop0: detected capacity change from 0 to 512
[  328.687249][T17567] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.722028][T17567] ext4 filesystem being mounted at /374/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  328.745059][T17574] serio: Serial port ttyS3
[  328.759832][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.806076][T17581] 9pnet: Could not find request transport: f
[  328.819098][T17590] loop9: detected capacity change from 0 to 7
[  328.827605][T17590] Buffer I/O error on dev loop9, logical block 0, async page read
[  328.837638][T17581] netlink: 'syz.0.4627': attribute type 1 has an invalid length.
[  328.845378][T17581] netlink: 228 bytes leftover after parsing attributes in process `syz.0.4627'.
[  328.854441][T17590] Buffer I/O error on dev loop9, logical block 0, async page read
[  328.862391][T17590]  loop9: unable to read partition table
[  328.868874][T17590] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  328.868874][T17590] 
) failed (rc=-5)
[  329.058275][   T36] hid-generic 0000:0000:0000.0028: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  329.072902][T17608] syzkaller0: entered promiscuous mode
[  329.078451][T17608] syzkaller0: entered allmulticast mode
[  329.128968][T17611] loop0: detected capacity change from 0 to 2048
[  329.157670][T17611] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  329.220694][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  329.245513][T17624] 9pnet: Could not find request transport: f
[  329.264028][T17624] netlink: 'syz.5.4643': attribute type 1 has an invalid length.
[  329.287737][T17622] loop3: detected capacity change from 0 to 128
[  329.308694][T17622] FAT-fs (loop3): Directory bread(block 32) failed
[  329.315523][T17622] FAT-fs (loop3): Directory bread(block 33) failed
[  329.322952][T17622] FAT-fs (loop3): Directory bread(block 34) failed
[  329.322979][T17589] loop9: detected capacity change from 0 to 7
[  329.336971][T17622] FAT-fs (loop3): Directory bread(block 35) failed
[  329.336962][T17589] Buffer I/O error on dev loop9, logical block 0, async page read
[  329.337024][T17589] Buffer I/O error on dev loop9, logical block 0, async page read
[  329.337039][T17589]  loop9: unable to read partition table
[  329.337052][T17589] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  329.337052][T17589] 
) failed (rc=-5)
[  329.380055][T17622] FAT-fs (loop3): Directory bread(block 36) failed
[  329.387353][T17622] FAT-fs (loop3): Directory bread(block 37) failed
[  329.394405][T17622] FAT-fs (loop3): Directory bread(block 38) failed
[  329.401385][T17622] FAT-fs (loop3): Directory bread(block 39) failed
[  329.409511][T17622] FAT-fs (loop3): Directory bread(block 40) failed
[  329.416504][T17622] FAT-fs (loop3): Directory bread(block 41) failed
[  329.635340][T17667] serio: Serial port ttyS3
[  329.655855][T17666] lo speed is unknown, defaulting to 1000
[  329.683005][ T3394] hid_parser_main: 86 callbacks suppressed
[  329.683101][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.696324][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.703738][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.724795][T17672] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  329.737381][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.744842][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.752228][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.759718][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.767113][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.774523][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.781919][ T3394] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  329.817570][ T3394] hid-generic 0000:0000:0000.0029: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  329.865367][T17683] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  329.963897][T17689] hsr_slave_0: left promiscuous mode
[  329.969789][T17689] hsr_slave_1: left promiscuous mode
[  330.019285][T17687] loop3: detected capacity change from 0 to 1024
[  330.029766][T17687] EXT4-fs: Ignoring removed nomblk_io_submit option
[  330.055787][T17687] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  330.092268][T17693] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.103277][T17687] __nla_validate_parse: 2 callbacks suppressed
[  330.103291][T17687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4662'.
[  330.121066][T17687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4662'.
[  330.146734][T17687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4662'.
[  330.155728][T17687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4662'.
[  330.177461][T17693] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.196031][T17705] serio: Serial port ttyS3
[  330.227919][T17693] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.307911][T17693] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.388954][ T3708] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.406483][ T3708] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.420971][ T3708] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.430719][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.456217][ T3708] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.480457][T17714] netlink: 'syz.1.4671': attribute type 4 has an invalid length.
[  330.483777][T17718] loop3: detected capacity change from 0 to 512
[  330.520241][T17718] EXT4-fs (loop3): 1 orphan inode deleted
[  330.538036][T17718] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  330.567307][T17718] ext4 filesystem being mounted at /280/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  330.598219][T17718] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.4670: iget: bad i_size value: 360287970189639690
[  330.699424][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.718128][T17732] tipc: Withdrawal distribution failure
[  330.767896][T17734] loop3: detected capacity change from 0 to 2048
[  330.821586][T17734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  330.898806][T13239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.971876][T17747] loop3: detected capacity change from 0 to 1024
[  331.010374][T17747] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.032896][T17747] ext4 filesystem being mounted at /283/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.053337][   T29] kauditd_printk_skb: 1126 callbacks suppressed
[  331.053350][   T29] audit: type=1400 audit(2000000001.230:54806): avc:  denied  { create } for  pid=17745 comm="syz.3.4680" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  331.088001][T17747] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.176475][   T29] audit: type=1400 audit(2000000001.310:54807): avc:  denied  { setopt } for  pid=17745 comm="syz.3.4680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  331.196146][   T29] audit: type=1400 audit(2000000001.310:54808): avc:  denied  { write } for  pid=17745 comm="syz.3.4680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  331.215705][   T29] audit: type=1400 audit(2000000001.310:54809): avc:  denied  { read } for  pid=17745 comm="syz.3.4680" lport=59724 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  331.277617][T17756] FAULT_INJECTION: forcing a failure.
[  331.277617][T17756] name failslab, interval 1, probability 0, space 0, times 0
[  331.290263][T17756] CPU: 1 UID: 0 PID: 17756 Comm: syz.4.4682 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  331.290320][T17756] Tainted: [W]=WARN
[  331.290328][T17756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.290342][T17756] Call Trace:
[  331.290425][T17756]  <TASK>
[  331.290434][T17756]  __dump_stack+0x1d/0x30
[  331.290458][T17756]  dump_stack_lvl+0xe8/0x140
[  331.290481][T17756]  dump_stack+0x15/0x1b
[  331.290502][T17756]  should_fail_ex+0x265/0x280
[  331.290531][T17756]  should_failslab+0x8c/0xb0
[  331.290558][T17756]  __kvmalloc_node_noprof+0x12e/0x670
[  331.290629][T17756]  ? io_alloc_cache_init+0x36/0xb0
[  331.290708][T17756]  io_alloc_cache_init+0x36/0xb0
[  331.290792][T17756]  io_rsrc_cache_init+0x43/0x50
[  331.290852][T17756]  io_ring_ctx_alloc+0x31c/0x670
[  331.290882][T17756]  io_uring_create+0x134/0x630
[  331.290933][T17756]  __se_sys_io_uring_setup+0x1f7/0x210
[  331.290983][T17756]  __x64_sys_io_uring_setup+0x31/0x40
[  331.291015][T17756]  x64_sys_call+0x2b25/0x3000
[  331.291042][T17756]  do_syscall_64+0xd2/0x200
[  331.291067][T17756]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  331.291097][T17756]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  331.291231][T17756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.291252][T17756] RIP: 0033:0x7f8cd01ef6c9
[  331.291268][T17756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.291289][T17756] RSP: 002b:00007f8ccec36038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  331.291346][T17756] RAX: ffffffffffffffda RBX: 00007f8cd0446090 RCX: 00007f8cd01ef6c9
[  331.291361][T17756] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007
[  331.291374][T17756] RBP: 00007f8ccec36090 R08: 0000000000000000 R09: 0000000000000000
[  331.291388][T17756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  331.291411][T17756] R13: 00007f8cd0446128 R14: 00007f8cd0446090 R15: 00007fff9c0bab58
[  331.291431][T17756]  </TASK>
[  331.538092][T17767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4686'.
[  331.548307][T17767] usb usb1: usbfs: interface 0 claimed by hub while '+}[K' sets config #0
[  331.575329][T17765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4685'.
[  331.598290][T17770] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4687'.
[  331.616462][T17765] hsr_slave_0: left promiscuous mode
[  331.622360][T17765] hsr_slave_1: left promiscuous mode
[  331.645197][T17771] loop0: detected capacity change from 0 to 1024
[  331.654105][T17771] EXT4-fs: Ignoring removed nomblk_io_submit option
[  331.678578][T17771] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.688259][T17773] FAULT_INJECTION: forcing a failure.
[  331.688259][T17773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.703735][T17773] CPU: 0 UID: 0 PID: 17773 Comm: syz.1.4688 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  331.703768][T17773] Tainted: [W]=WARN
[  331.703776][T17773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.703809][T17773] Call Trace:
[  331.703816][T17773]  <TASK>
[  331.703825][T17773]  __dump_stack+0x1d/0x30
[  331.703850][T17773]  dump_stack_lvl+0xe8/0x140
[  331.703872][T17773]  dump_stack+0x15/0x1b
[  331.703918][T17773]  should_fail_ex+0x265/0x280
[  331.703950][T17773]  should_fail+0xb/0x20
[  331.704059][T17773]  should_fail_usercopy+0x1a/0x20
[  331.704083][T17773]  strncpy_from_user+0x25/0x230
[  331.704112][T17773]  ? kmem_cache_alloc_noprof+0x242/0x480
[  331.704212][T17773]  ? getname_flags+0x80/0x3b0
[  331.704245][T17773]  getname_flags+0xae/0x3b0
[  331.704304][T17773]  __x64_sys_link+0x40/0x70
[  331.704333][T17773]  x64_sys_call+0x12a7/0x3000
[  331.704354][T17773]  do_syscall_64+0xd2/0x200
[  331.704384][T17773]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  331.704414][T17773]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  331.704523][T17773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.704547][T17773] RIP: 0033:0x7f0ea36ff6c9
[  331.704564][T17773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.704604][T17773] RSP: 002b:00007f0ea2167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  331.704625][T17773] RAX: ffffffffffffffda RBX: 00007f0ea3955fa0 RCX: 00007f0ea36ff6c9
[  331.704639][T17773] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000000
[  331.704652][T17773] RBP: 00007f0ea2167090 R08: 0000000000000000 R09: 0000000000000000
[  331.704665][T17773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.704718][T17773] R13: 00007f0ea3956038 R14: 00007f0ea3955fa0 R15: 00007ffc09ee3198
[  331.704787][T17773]  </TASK>
[  331.896138][T17765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4685'.
[  331.907283][T17765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4685'.
[  331.937884][T17765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4685'.
[  331.961389][   T29] audit: type=1326 audit(2000000002.140:54810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17780 comm="syz.3.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  331.984971][   T29] audit: type=1326 audit(2000000002.140:54811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17780 comm="syz.3.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  332.008584][   T29] audit: type=1326 audit(2000000002.140:54812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17780 comm="syz.3.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  332.032065][   T29] audit: type=1326 audit(2000000002.140:54813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17780 comm="syz.3.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  332.055598][   T29] audit: type=1326 audit(2000000002.140:54814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17780 comm="syz.3.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  332.079341][   T29] audit: type=1326 audit(2000000002.140:54815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17780 comm="syz.3.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f3cafa2f6c9 code=0x7ffc0000
[  332.110192][T17782] netlink: 'syz.1.4689': attribute type 39 has an invalid length.
[  332.215840][T12641] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.301593][T17800] serio: Serial port ttyS3
[  332.404754][T17790] loop9: detected capacity change from 0 to 7
[  332.411230][T17790] Buffer I/O error on dev loop9, logical block 0, async page read
[  332.419626][T17790] Buffer I/O error on dev loop9, logical block 0, async page read
[  332.427554][T17790]  loop9: unable to read partition table
[  332.433644][T17790] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  332.433644][T17790] 
) failed (rc=-5)
[  332.661775][T17827] lo speed is unknown, defaulting to 1000
[  332.685306][ T3415] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  332.740249][T17832] SELinux:  policydb version 83886100 does not match my version range 15-35
[  332.749146][T17832] SELinux: failed to load policy
[  333.110755][T17842] 9pnet: Could not find request transport: f
[  333.200968][T17842] netlink: 'syz.0.4710': attribute type 1 has an invalid length.
[  333.248912][T17848] 9pnet: Could not find request transport: f
[  333.259212][T17848] netlink: 'syz.0.4712': attribute type 1 has an invalid length.
[  333.286700][T17853] FAULT_INJECTION: forcing a failure.
[  333.286700][T17853] name failslab, interval 1, probability 0, space 0, times 0
[  333.299447][T17853] CPU: 1 UID: 0 PID: 17853 Comm: syz.1.4713 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  333.299515][T17853] Tainted: [W]=WARN
[  333.299523][T17853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  333.299537][T17853] Call Trace:
[  333.299544][T17853]  <TASK>
[  333.299552][T17853]  __dump_stack+0x1d/0x30
[  333.299577][T17853]  dump_stack_lvl+0xe8/0x140
[  333.299605][T17853]  dump_stack+0x15/0x1b
[  333.299625][T17853]  should_fail_ex+0x265/0x280
[  333.299661][T17853]  should_failslab+0x8c/0xb0
[  333.299768][T17853]  kmem_cache_alloc_noprof+0x50/0x480
[  333.299848][T17853]  ? alloc_empty_file+0x76/0x200
[  333.300002][T17853]  alloc_empty_file+0x76/0x200
[  333.300036][T17853]  path_openat+0x68/0x2170
[  333.300065][T17853]  ? kstrtoull+0x111/0x140
[  333.300169][T17853]  do_filp_open+0x109/0x230
[  333.300202][T17853]  do_sys_openat2+0xa6/0x110
[  333.300226][T17853]  __x64_sys_openat+0xf2/0x120
[  333.300291][T17853]  x64_sys_call+0x2eab/0x3000
[  333.300317][T17853]  do_syscall_64+0xd2/0x200
[  333.300339][T17853]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  333.300386][T17853]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  333.300421][T17853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.300446][T17853] RIP: 0033:0x7f0ea36ff6c9
[  333.300462][T17853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.300483][T17853] RSP: 002b:00007f0ea2167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  333.300523][T17853] RAX: ffffffffffffffda RBX: 00007f0ea3955fa0 RCX: 00007f0ea36ff6c9
[  333.300538][T17853] RDX: 0000000000800000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  333.300553][T17853] RBP: 00007f0ea2167090 R08: 0000000000000000 R09: 0000000000000000
[  333.300567][T17853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.300582][T17853] R13: 00007f0ea3956038 R14: 00007f0ea3955fa0 R15: 00007ffc09ee3198
[  333.300603][T17853]  </TASK>
[  333.571352][T17862] lo speed is unknown, defaulting to 1000
[  333.617182][ T3395] hid-generic 0000:0000:0000.002B: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  333.646637][T17870] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  333.657885][T17862] loop1: detected capacity change from 0 to 2048
[  333.692715][T17862] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  333.752837][T12816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  333.767997][T12816] ==================================================================
[  333.776076][T12816] BUG: KCSAN: data-race in __lru_add_drain_all / folio_add_lru
[  333.783616][T12816] 
[  333.785929][T12816] read-write to 0xffff888237d25ee8 of 1 bytes by task 17878 on cpu 1:
[  333.794066][T12816]  folio_add_lru+0xa5/0x1f0
[  333.798556][T12816]  shmem_get_folio_gfp+0x7ab/0xd60
[  333.803672][T12816]  shmem_fault+0xf6/0x250
[  333.807986][T12816]  __do_fault+0xbc/0x200
[  333.812213][T12816]  handle_mm_fault+0xd69/0x2be0
[  333.817045][T12816]  __get_user_pages+0x102a/0x1ed0
[  333.822052][T12816]  faultin_page_range+0x107/0x4e0
[  333.827060][T12816]  madvise_do_behavior+0x197/0x970
[  333.832161][T12816]  do_madvise+0x10e/0x190
[  333.836478][T12816]  __x64_sys_madvise+0x64/0x80
[  333.841231][T12816]  x64_sys_call+0x1f1a/0x3000
[  333.845894][T12816]  do_syscall_64+0xd2/0x200
[  333.850384][T12816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.856265][T12816] 
[  333.858570][T12816] read to 0xffff888237d25ee8 of 1 bytes by task 12816 on cpu 0:
[  333.866176][T12816]  __lru_add_drain_all+0x17e/0x450
[  333.871270][T12816]  lru_add_drain_all+0x10/0x20
[  333.876015][T12816]  invalidate_bdev+0x47/0x70
[  333.880590][T12816]  ext4_put_super+0x624/0x7d0
[  333.885253][T12816]  generic_shutdown_super+0xe6/0x210
[  333.890522][T12816]  kill_block_super+0x2a/0x70
[  333.895183][T12816]  ext4_kill_sb+0x42/0x80
[  333.899493][T12816]  deactivate_locked_super+0x75/0x1c0
[  333.904844][T12816]  deactivate_super+0x97/0xa0
[  333.909502][T12816]  cleanup_mnt+0x269/0x2e0
[  333.913905][T12816]  __cleanup_mnt+0x19/0x20
[  333.918309][T12816]  task_work_run+0x131/0x1a0
[  333.922885][T12816]  exit_to_user_mode_loop+0xed/0x110
[  333.928154][T12816]  do_syscall_64+0x1d6/0x200
[  333.932729][T12816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.938605][T12816] 
[  333.940906][T12816] value changed: 0x0e -> 0x13
[  333.945555][T12816] 
[  333.947856][T12816] Reported by Kernel Concurrency Sanitizer on:
[  333.953993][T12816] CPU: 0 UID: 0 PID: 12816 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  333.965531][T12816] Tainted: [W]=WARN
[  333.969313][T12816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  333.979356][T12816] ==================================================================
[  334.013932][T17887] 9pnet: Could not find request transport: f