last executing test programs:

3m35.0567265s ago: executing program 3 (id=435):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000100000000000000000000181200eb", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
unshare(0x20000400)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x170)
fgetxattr(r3, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)
r4 = socket$inet(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kfree\x00', r5, 0x0, 0x100003c}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x52e, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000090601020000000000000000000000000900020073797a31000000000500010007000000100007"], 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r4}, 0x8)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x8, &(0x7f0000000000)={0x1000000}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
nanosleep(&(0x7f0000000040), 0x0)
r8 = socket(0x1e, 0x5, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
listen(r8, 0x0)
r9 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2}, 0x1c)
copy_file_range(r0, 0x0, r2, &(0x7f0000000080)=0x3, 0xfffffffffffff2e3, 0x0)
sendmsg$tipc(r9, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x1, 0x2, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0)

3m34.843177997s ago: executing program 3 (id=442):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800714e1a34a7757a4e00000000fd00000000000000000095000002e0000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0], 0x1}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'team0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00', <r3=>0x0})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000600)={<r4=>0x0, @loopback, @loopback}, &(0x7f0000000640)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'team0\x00', <r5=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'gre0\x00', &(0x7f0000000780)={'ip_vti0\x00', <r6=>0x0, 0x1, 0x700, 0x4, 0x6, {{0x20, 0x4, 0x1, 0x1, 0x80, 0x68, 0x0, 0xff, 0x4, 0x0, @private=0xa010100, @empty, {[@timestamp={0x44, 0x10, 0xde, 0x0, 0x0, [0x1, 0x5, 0xfffffffa]}, @ra={0x94, 0x4, 0x1}, @generic={0x89, 0x8, "24d05b2d4d81"}, @ssrr={0x89, 0x2b, 0x96, [@broadcast, @multicast1, @dev={0xac, 0x14, 0x14, 0xb}, @multicast2, @multicast1, @multicast1, @private=0xa010100, @broadcast, @rand_addr=0x64010102, @rand_addr=0x64010101]}, @ssrr={0x89, 0x7, 0xcd, [@multicast1]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x14, 0xea, 0x0, 0x9, [0x1, 0xaecb, 0x6, 0x7f]}, @ra={0x94, 0x4, 0x1}]}}}}})
socket(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000010c0)=ANY=[@ANYBLOB="340000006800010025bd7000feffffff0a000000000000000c000880080001000d0000060007000800000008000500f4d4554a4b29f5bf2b4c9593ce08fa7b57dd61766a7a3303a5b84c8100c16e9665378f57ae20700b8e2e90c16ae84a5ad9f80ba33d2f7fc0c276de1c9138d1602a87ac20df42f401a9317197556a3dca1d6ea55f2e945643f00e4372f4426cdfe070983b5482c8b1775d4357279145436e4959db24321beb8c4d6ed4f21570eba200ba8bc15698d0b29ffa6179515e1eb9e209435e4aa1544f6e", @ANYRES32, @ANYBLOB], 0x34}}, 0x40040d0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xf}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c)
r10 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x5, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xfffc}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001380)=@newtfilter={0x40, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r11, {0xfff3, 0x4}, {}, {0xd, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8, 0x6, r10}, @TCA_BPF_FLAGS_GEN={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c021}, 0x2004c8d4)
r12 = socket$nl_route(0x10, 0x3, 0x0)
r13 = socket$netlink(0x10, 0x3, 0x8000000004)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'veth0_vlan\x00', <r14=>0x0})
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x3a, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e0000000040000280060001000000000004000480280003800c00010040000000060000000c0001000004000000000000d8fd010006000000090000000600050088a8000008000a00", @ANYRES32=r14, @ANYBLOB="08000500", @ANYRES32=r14], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000001080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1080000}, 0xc, &(0x7f0000001040)={&(0x7f00000013c0)=ANY=[@ANYRES64=r2, @ANYRES16=0x0, @ANYBLOB="00082801000000dbdf250100000008000100", @ANYRES16=r14, @ANYBLOB="6401028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000100004006c6f616462616c616e6365003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006163740008000000000000000000000000000000000000000000008260233a3ea099f40000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400060000003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="7400028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004001000000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400ff03000008000100", @ANYRES32=0x0, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400010000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000008000100", @ANYRES32=r3, @ANYBLOB="7401028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r4, @ANYBLOB="080007000000000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400040000007c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000004c0004000010050700180000ff0f05001000000003000109070000000600800004000000ff0f04080180000006001006b000000009000904faffffff09000902020000001000010e050000003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000b00040072616e646f6d000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="d26f4c0180", @ANYRES32=r5, @ANYBLOB="f00002803c000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000b00040072616e646f6d0000400001002400010071756575655f696400000000000000000000000000000000000000000000000005000300030000000800040000b0000008000600", @ANYRES32=0x0, @ANYBLOB="38000100000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r6, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400dcffffff08000100", @ANYRESOCT=r1, @ANYRES16=r5, @ANYRES32, @ANYRESDEC=r11, @ANYRES32=r9, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040008000000080007000000000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000800000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000700000008000600", @ANYRES32=r11, @ANYBLOB="08000100", @ANYRES32=r14, @ANYBLOB="44000280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000101000008000600", @ANYRES32, @ANYBLOB], 0x730}, 0x1, 0x0, 0x0, 0x24040085}, 0x20040811)
r15 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r15}, 0x10)

3m34.715177768s ago: executing program 3 (id=445):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000680)={[{@nolazytime}, {@lazytime}, {@journal_path={'journal_path', 0x3d, './bus'}}, {@bsdgroups}, {@lazytime}, {@noload}]}, 0x3, 0x45c, &(0x7f0000002400)="$eJzs3MtvG8UfAPDv+pG+m/yq/oA+gCBAlAJJk5bSAxcQSBxAQoJDOYYkrUrdBjVBIlUFBaFyRJU4cUEckfgLOMEFASckLhzgjipVqJcWTkYb76a2a+dVP0j9+UjrzuyuO/P1ztizM7EDGFij6UMSsTMifo+I4Vq28YTR2j+3blya/vvGpekkqtU3/kpK6eGbNy5N56fmz9uRZ0oRhU+SONCi3PnFi2enKpXZC1l+fOHcu+PzixefOXNu6vTs6dnzkydOHDs68dzxyWc7Emca1839H8wd3PfKW1dfmz559e2fvkny+Jvi6JDRlQ4+Xq12uLj+2lWXrrUMNoNirZtGean/D0cxbl+84Xj5475WDuiqarVava/94ctV4B6WRL9rAPRH/kGf3v/mW4+GHv8J11+o3QClcd/KttqRUhSyc8pN97edNBoRJy//82W6RXfmIQAAGnyXjn+ebjX+K0T9vNDubA1lJCL+FxF7IuJ4ROyNiP9HLJ17f0Q8sM7ymxdJ7hz/FK5tKLA1Ssd/z2drW43jv3z0FyPFLLdrKf5ycupMZfZI9pocivKWND+xQhnfv/TrZ+2O1Y//0i0tPx8LZvW4VtrS+JyZqYWpu4m53vWPIvaXWsWfLK8EJBGxLyL2b7CMM4e/Ptju2Orxr6AD60zVryKeqF3/y9EUfy5ZeX1yfGtUZo+M563iTj//cuX1duXfVfwdkF7/7S3b/3L8I0n9eu38ev73L55MH6/88Wnbe5qNtv+h5M2Gfe9PLSxcmIgYSl6tVbp+/2TTeZO3z0/jP/Ro6/6/J26/EgciIm3ED0bEQxHxcFb3R37bveqr8OOLj72z8fi7K41/Zu3XvzockTeExaHIEst7WieKZ3/4tqHQkdbx7257/Y8tpQ5le9by/reWeq23NQMAAMBmVYiInZEUxpbThcLYWO1v+PfG9kJlbn7hqVNz752fqX1HYCTKhXyma7huPnQiu63P85NN+aPZvPHnxW1L+bHpucpMv4OHAbejTf9P/Vnsd+2ArvN9LRhc+j8MLv0fBted/X9rX+oB9F6Lz/9t/agH0Hutxv8fruWJOztfF6C3mvq/ZT8YIOb/YHBtpP97z4B7Q2mln2we6mlVgN6Z3xarf0leYjMl8l+u6UYR5bS1HI6IxYtR6HukEl1M9PudCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDP+DQAA//+CSeFs")

3m34.626956535s ago: executing program 3 (id=448):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
r0 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0xfffffffffffffffc}, 0x18)
read(r1, 0x0, 0x0)
ptrace(0x10, r0)
socketpair$unix(0x1, 0x87318efabd48942d, 0x0, &(0x7f00000001c0))
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e22, @loopback}, {0x2, 0x4e26, @multicast1}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x100, 0x0, 0x0, 0x0, 0xfeff, &(0x7f0000000180)='virt_wifi0\x00', 0x3, 0x0, 0x1b8})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004900)='./file0\x00', 0x434002, 0xf8)
writev(r4, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1)

3m34.506428145s ago: executing program 3 (id=450):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x10000000000}, 0x69)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="18090000000000000000000000010000181200", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000540), &(0x7f0000000580)=r2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r1, &(0x7f0000000780)}, 0x20)

3m33.716496798s ago: executing program 3 (id=467):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x7f, 0x7, 0x0, 0x10040, 0x8f})
r1 = gettid()
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/176, 0xb0}], 0x1)
tkill(r1, 0x8)
writev(r0, &(0x7f0000000400)=[{0x0}], 0x1)

3m33.716343108s ago: executing program 32 (id=467):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x7f, 0x7, 0x0, 0x10040, 0x8f})
r1 = gettid()
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/176, 0xb0}], 0x1)
tkill(r1, 0x8)
writev(r0, &(0x7f0000000400)=[{0x0}], 0x1)

2.556549043s ago: executing program 2 (id=6405):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x4b5, &(0x7f0000000200)={0x0, 0x86e1, 0x1, 0x200008, 0x40}, &(0x7f0000010080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket$phonet(0x23, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', <r5=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r5}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000000800006b21000000000000", @ANYRES64=<r6=>0x0, @ANYRES64=0xea60, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r8, &(0x7f0000004200)='t', 0x1)
sendfile(r8, r7, 0x0, 0x3ffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="8f", 0x1}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000003e000701fcfffffffedbdf25017c0000060004"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
sendfile(r8, r7, 0x0, 0x7ffff000)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
r10 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff)
keyctl$chown(0x4, r10, 0xee01, 0xee00)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r7, @ANYRES64=0x0, @ANYRES32=r5, @ANYRESHEX=r6, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0)

1.47476166s ago: executing program 2 (id=6431):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCX25GCALLUSERDATA(0xffffffffffffffff, 0x89e4, &(0x7f00000004c0)={0x58, "336c4fb1bec3a6f5352f1954b827add8ec2fdb32bc577c76c73fb82945b41f764bff9c58acbce4fe07ef9334a056bd98341c6c953359d69e2e8aad7f38e238c25ee5e28b0c0c56d7b2b1090feffa3a592fe5e97afffe97e1955791f5f10091095f2b9eb61699cc5eca077b36196cbc6a3811a0b87998241f10e2b11392e0c5cb"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1, 0x0, 0x400007}, 0x18)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15)

1.387313357s ago: executing program 2 (id=6433):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = dup(r0)
ioctl$SIOCX25GCALLUSERDATA(r2, 0x89e4, &(0x7f00000004c0)={0x58, "336c4fb1bec3a6f5352f1954b827add8ec2fdb32bc577c76c73fb82945b41f764bff9c58acbce4fe07ef9334a056bd98341c6c953359d69e2e8aad7f38e238c25ee5e28b0c0c56d7b2b1090feffa3a592fe5e97afffe97e1955791f5f10091095f2b9eb61699cc5eca077b36196cbc6a3811a0b87998241f10e2b11392e0c5cb"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1, 0x0, 0x400007}, 0x18)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0xce)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x4, 0xfd, 0x0, 0x0, 0x1ff, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000240), 0x6}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffd, 0x0, 0xfffffffd, 0x0, 0x8}, 0x0, 0xafffffffffffffff, r3, 0xa)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)

1.024679326s ago: executing program 1 (id=6442):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x4b5, &(0x7f0000000200)={0x0, 0x86e1, 0x1, 0x200008, 0x40}, &(0x7f0000010080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket$phonet(0x23, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', <r5=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r5}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000000800006b21000000000000", @ANYRES64=<r6=>0x0, @ANYRES64=0xea60, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r8, &(0x7f0000004200)='t', 0x1)
sendfile(r8, r7, 0x0, 0x3ffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="8f", 0x1}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000003e000701fcfffffffedbdf25017c0000060004"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
sendfile(r8, r7, 0x0, 0x7ffff000)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
r10 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff)
keyctl$chown(0x4, r10, 0xee01, 0xee00)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r7, @ANYRES64=0x0, @ANYRES32=r5, @ANYRESHEX=r6, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0)

679.618055ms ago: executing program 4 (id=6459):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000230000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a00)=@newtaction={0x64, 0x30, 0xb, 0x5, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x8890}, 0x40)

642.035397ms ago: executing program 4 (id=6463):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x18)
writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

609.07408ms ago: executing program 4 (id=6465):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @remote}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x200000000000, 0x3}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000004180)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x8000, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x100, 0x0, 0x1}}}}}}}, 0x0)

578.366443ms ago: executing program 0 (id=6466):
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000040)={{0x2, 0x4e24, @broadcast}, {0x0, @random="0d85b46f8be5"}, 0x2e, {0x2, 0x4e20, @empty}, 'veth0_to_bridge\x00'})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000005c0), 0x4, 0x0)

515.640108ms ago: executing program 2 (id=6467):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0x2000000000a, 0x2)

512.703438ms ago: executing program 4 (id=6468):
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x800, 0x20, 0x0, 0x0, 0xc, 0x2, 0x9e8e, 0x5, 0x4, 0x0})

474.741061ms ago: executing program 0 (id=6469):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000010700000000000000000a00"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050)

450.600743ms ago: executing program 0 (id=6470):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000005000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)
writev(r1, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

429.872845ms ago: executing program 0 (id=6471):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff6f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001b40)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}]}, 0x38}}, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x9}, 0x1c)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="200028bd7000fedbdf250d000000050035000800000008003900a3f2000095d90901fe00fad47c77f7221ba469e10a9e49837f4a6733a868f294e79dbebcc9883cd65db912c393cae921a2"], 0x24}, 0x1, 0x0, 0x0, 0x2400c051}, 0x8801)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
syz_open_dev$tty20(0xc, 0x4, 0x1)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000540)=@gcm_256={{0x303}, "9d11b04b95df2000", "2c9e910757c2725daf795f705aff0000000000000093a0c9001c5c65f7107d0d", "ddfb5900", "633e2c1b40238e79"}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRESOCT=r3, @ANYRES64=r5, @ANYRES64=r4], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x18)
execve(0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "54164ace030000f5", "faad50724acb18aba4e3bc654d684ad9c694f3e96ca4b72643dd3689727968e9", "5cb6d03a", "29a78ab9b0a4e8ae"}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0900000004000000080000001000000000000000", @ANYRES32, @ANYBLOB="0000000dab33f200000000000000fff400000000", @ANYRES32=0x0, @ANYRESHEX=r5, @ANYBLOB="0000000000000000000000000000000000000000000025fef915375a"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x6, &(0x7f00000007c0)=ANY=[@ANYBLOB="8510000004002000183000000200000000000000000100005707f0ff1000000018000000ffffffff000000000b000000dcd1720ed0c686"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000680)={&(0x7f00000009c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000fedb0006801400068008000300ac1414aa080006000a00000008000400100000006ae42983db1c25f794577e3d55bc659e6fd4190be15c516f6578307fe930b2487cf2d2f2283b501f0eb646c14f3203e7834e5a7968d2fff1b82050faa987d57e1b8ba9131ccf4851d70cd441fd3273d48814b526e12cffd8905cf034527dc14a1d751d055f8ccdb182e4c6e9bf226d97f1be3749e460605493882b2664183aafdf08135dd72c7f552111b9c769535f4b32c1"], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x24000040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="ff000600", @ANYRES16=r2, @ANYBLOB="000426bd7000fcdbdf2501000000080001002e00000008000300", @ANYRES32=r7, @ANYBLOB="0000990000f84600240000"], 0x24}}, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x8, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)

386.390508ms ago: executing program 4 (id=6472):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe00}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mq_open(0x0, 0x42, 0x0, 0x0)

374.949299ms ago: executing program 5 (id=6473):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000005000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x18)
writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

346.044921ms ago: executing program 0 (id=6474):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000230000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a00)=@newtaction={0x64, 0x30, 0xb, 0x5, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x8890}, 0x40)

345.456611ms ago: executing program 2 (id=6475):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)

314.319494ms ago: executing program 4 (id=6476):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000000), 0xd, 0x20000800, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xe}, 0x3}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb889311002e9fdf229515b6c60000000006e43f77103a22e2f2ccd803f12f907864010101ac1414aa00004ea701ef8ac48eb41c", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

313.722084ms ago: executing program 5 (id=6477):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r2, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9d01c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5b", 0xdd7, 0x6, 0x0)
mq_timedreceive(r2, &(0x7f000001d600)=""/102389, 0x18ff5, 0x0, 0x0)

302.007965ms ago: executing program 0 (id=6478):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = dup(r0)
ioctl$SIOCX25GCALLUSERDATA(r2, 0x89e4, &(0x7f00000004c0)={0x58, "336c4fb1bec3a6f5352f1954b827add8ec2fdb32bc577c76c73fb82945b41f764bff9c58acbce4fe07ef9334a056bd98341c6c953359d69e2e8aad7f38e238c25ee5e28b0c0c56d7b2b1090feffa3a592fe5e97afffe97e1955791f5f10091095f2b9eb61699cc5eca077b36196cbc6a3811a0b87998241f10e2b11392e0c5cb"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1, 0x0, 0x400007}, 0x18)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0xce)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x4, 0xfd, 0x0, 0x0, 0x1ff, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000240), 0x6}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffd, 0x0, 0xfffffffd, 0x0, 0x8}, 0x0, 0xafffffffffffffff, r3, 0xa)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)

273.284848ms ago: executing program 2 (id=6479):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), &(0x7f0000000840)=r0}, 0x20)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000000), 0xd, 0x20000800, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xe}, 0x3}, 0x1c)

258.698598ms ago: executing program 5 (id=6480):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000010700000000000000000a00"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050)

225.030331ms ago: executing program 5 (id=6481):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000005c0), 0x4, 0x0)

201.556573ms ago: executing program 5 (id=6482):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2, 0x96)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xe7c)

103.059811ms ago: executing program 1 (id=6483):
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x800, 0x20, 0x0, 0x0, 0xc, 0x2, 0x9e8e, 0x5, 0x4, 0x0})

102.285901ms ago: executing program 1 (id=6484):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b0000000700000008000000a6ad6a1a05"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = io_uring_setup(0x21a4, &(0x7f0000000000)={0x0, 0x75f, 0x10, 0x1, 0x11cd})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000a00)=""/4077, 0xfed}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
chmod(0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a00)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000fcdbdf250300000030000180080007"], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0x11, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x7}}]}, 0x88}, 0x1, 0x7}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC=r2], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f000000028000", 0x2b}], 0x1}, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0x10, 0x492f, 0x7f, 0x1, 0x1}, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r9, 0x0, 0x2004}, 0x18)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r8}, 0x38)

37.723717ms ago: executing program 1 (id=6485):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x70bd27, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

18.986208ms ago: executing program 1 (id=6486):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @remote}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x200000000000, 0x3}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000004180)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x8000, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x100, 0x0, 0x1}}}}}}}, 0x0)

758.459µs ago: executing program 5 (id=6487):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe00}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mq_open(0x0, 0x42, 0x0, 0x0)

0s ago: executing program 1 (id=6488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8924, 0x0)

kernel console output (not intermixed with test programs):

irqentry_exit_to_user_mode+0x7e/0xa0
[  226.278156][T17599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.278177][T17599] RIP: 0033:0x7ff31110ebe9
[  226.278194][T17599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.278213][T17599] RSP: 002b:00007ff30fb77038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  226.278234][T17599] RAX: ffffffffffffffda RBX: 00007ff311345fa0 RCX: 00007ff31110ebe9
[  226.278277][T17599] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  226.278362][T17599] RBP: 00007ff30fb77090 R08: 0000200000003700 R09: 0000000000000000
[  226.278374][T17599] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  226.278387][T17599] R13: 00007ff311346038 R14: 00007ff311345fa0 R15: 00007ffd5a578ee8
[  226.278481][T17599]  </TASK>
[  226.515782][T17606] smc: net device bond0 applied user defined pnetid SYZ0
[  226.536119][T17606] smc: net device bond0 erased user defined pnetid SYZ0
[  226.574550][T17620] netlink: 'syz.0.5257': attribute type 13 has an invalid length.
[  226.576522][T17615] loop1: detected capacity change from 0 to 1024
[  226.589526][T17620] gretap0: refused to change device tx_queue_len
[  226.596565][T17620] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  226.618065][T17615] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.668763][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.716850][T17631] loop1: detected capacity change from 0 to 512
[  226.735687][T17636] FAULT_INJECTION: forcing a failure.
[  226.735687][T17636] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.748904][T17636] CPU: 1 UID: 0 PID: 17636 Comm: syz.4.5263 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  226.748943][T17636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  226.748955][T17636] Call Trace:
[  226.748960][T17636]  <TASK>
[  226.748967][T17636]  __dump_stack+0x1d/0x30
[  226.748987][T17636]  dump_stack_lvl+0xe8/0x140
[  226.749005][T17636]  dump_stack+0x15/0x1b
[  226.749023][T17636]  should_fail_ex+0x265/0x280
[  226.749078][T17636]  should_fail+0xb/0x20
[  226.749097][T17636]  should_fail_usercopy+0x1a/0x20
[  226.749121][T17636]  _copy_from_user+0x1c/0xb0
[  226.749156][T17636]  do_sock_getsockopt+0xf1/0x240
[  226.749242][T17636]  __x64_sys_getsockopt+0x11e/0x1a0
[  226.749285][T17636]  x64_sys_call+0x2bc6/0x2ff0
[  226.749308][T17636]  do_syscall_64+0xd2/0x200
[  226.749335][T17636]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  226.749413][T17636]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  226.749517][T17636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.749540][T17636] RIP: 0033:0x7ff31110ebe9
[  226.749557][T17636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.749610][T17636] RSP: 002b:00007ff30fb77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  226.749628][T17636] RAX: ffffffffffffffda RBX: 00007ff311345fa0 RCX: 00007ff31110ebe9
[  226.749641][T17636] RDX: 0000000000000484 RSI: 0000000000000000 RDI: 0000000000000004
[  226.749653][T17636] RBP: 00007ff30fb77090 R08: 0000200000000440 R09: 0000000000000000
[  226.749666][T17636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.749722][T17636] R13: 00007ff311346038 R14: 00007ff311345fa0 R15: 00007ffd5a578ee8
[  226.749738][T17636]  </TASK>
[  226.876591][T17652] netlink: 'syz.2.5269': attribute type 13 has an invalid length.
[  226.989002][T17654] loop1: detected capacity change from 0 to 512
[  226.996062][T17652] gretap0: refused to change device tx_queue_len
[  227.003624][T17652] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  227.043236][T17654] EXT4-fs: Ignoring removed nomblk_io_submit option
[  227.066019][T17662] netlink: 'syz.0.5272': attribute type 1 has an invalid length.
[  227.069655][T17654] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  227.083860][T17654] EXT4-fs (loop1): Unsupported encryption level 255
[  227.106377][T17667] 9pnet_fd: Insufficient options for proto=fd
[  227.123628][T17662] veth5: entered promiscuous mode
[  227.137307][T17662] 8021q: adding VLAN 0 to HW filter on device bond3
[  227.166087][   T29] kauditd_printk_skb: 350 callbacks suppressed
[  227.166105][   T29] audit: type=1400 audit(1756514327.948:16442): avc:  denied  { read write } for  pid=12162 comm="syz-executor" name="loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  227.196841][   T29] audit: type=1400 audit(1756514327.948:16443): avc:  denied  { open } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  227.221551][   T29] audit: type=1400 audit(1756514327.948:16444): avc:  denied  { ioctl } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  227.394398][T17694] audit: audit_backlog=65 > audit_backlog_limit=64
[  227.397379][   T29] audit: type=1400 audit(1756514328.038:16445): avc:  denied  { create } for  pid=17672 comm="syz.2.5280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  227.401092][T17694] audit: audit_lost=7 audit_rate_limit=0 audit_backlog_limit=64
[  227.421932][   T29] audit: type=1400 audit(1756514328.048:16446): avc:  denied  { create } for  pid=17674 comm="syz.5.5281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  227.429759][T17694] audit: backlog limit exceeded
[  227.450067][   T29] audit: type=1400 audit(1756514328.048:16447): avc:  denied  { write } for  pid=17674 comm="syz.5.5281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  227.450150][   T29] audit: type=1400 audit(1756514328.048:16448): avc:  denied  { nlmsg_write } for  pid=17674 comm="syz.5.5281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  227.531689][T17692] loop1: detected capacity change from 0 to 512
[  227.547552][T17692] EXT4-fs (loop1): orphan cleanup on readonly fs
[  227.560312][T17692] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5287: bg 0: block 248: padding at end of block bitmap is not set
[  227.575447][T17692] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5287: Failed to acquire dquot type 1
[  227.624956][T17705] 9pnet_fd: Insufficient options for proto=fd
[  227.637926][T17692] EXT4-fs (loop1): 1 truncate cleaned up
[  227.675577][T17708] loop5: detected capacity change from 0 to 1024
[  227.818944][T17726] FAULT_INJECTION: forcing a failure.
[  227.818944][T17726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.832072][T17726] CPU: 1 UID: 0 PID: 17726 Comm: syz.2.5298 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  227.832101][T17726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  227.832122][T17726] Call Trace:
[  227.832130][T17726]  <TASK>
[  227.832140][T17726]  __dump_stack+0x1d/0x30
[  227.832165][T17726]  dump_stack_lvl+0xe8/0x140
[  227.832184][T17726]  dump_stack+0x15/0x1b
[  227.832202][T17726]  should_fail_ex+0x265/0x280
[  227.832226][T17726]  should_fail+0xb/0x20
[  227.832246][T17726]  should_fail_usercopy+0x1a/0x20
[  227.832311][T17726]  _copy_to_user+0x20/0xa0
[  227.832341][T17726]  simple_read_from_buffer+0xb5/0x130
[  227.832364][T17726]  proc_fail_nth_read+0x10e/0x150
[  227.832460][T17726]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.832572][T17726]  vfs_read+0x1a8/0x770
[  227.832593][T17726]  ? __rcu_read_unlock+0x4f/0x70
[  227.832616][T17726]  ? __fget_files+0x184/0x1c0
[  227.832644][T17726]  ksys_read+0xda/0x1a0
[  227.832668][T17726]  __x64_sys_read+0x40/0x50
[  227.832756][T17726]  x64_sys_call+0x27bc/0x2ff0
[  227.832781][T17726]  do_syscall_64+0xd2/0x200
[  227.832810][T17726]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  227.832904][T17726]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  227.832991][T17726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.833010][T17726] RIP: 0033:0x7fb68450d5fc
[  227.833026][T17726] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  227.833068][T17726] RSP: 002b:00007fb682f77030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  227.833092][T17726] RAX: ffffffffffffffda RBX: 00007fb684745fa0 RCX: 00007fb68450d5fc
[  227.833107][T17726] RDX: 000000000000000f RSI: 00007fb682f770a0 RDI: 0000000000000006
[  227.833121][T17726] RBP: 00007fb682f77090 R08: 0000000000000000 R09: 0000000000000000
[  227.833135][T17726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.833149][T17726] R13: 00007fb684746038 R14: 00007fb684745fa0 R15: 00007ffd33e914c8
[  227.833205][T17726]  </TASK>
[  228.109444][T17734] loop5: detected capacity change from 0 to 1024
[  228.185536][T17734] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[  228.481245][T17767] netlink: '+}[@': attribute type 1 has an invalid length.
[  228.495944][T17767] 8021q: adding VLAN 0 to HW filter on device bond4
[  228.537975][T17767] bond4: (slave dummy0): making interface the new active one
[  228.545814][T17772] loop1: detected capacity change from 0 to 1024
[  228.546559][T17767] bond4: (slave dummy0): Enslaving as an active interface with an up link
[  228.564873][T17767] +}[@ calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  228.811132][T17801] loop1: detected capacity change from 0 to 512
[  228.826163][T17801] EXT4-fs (loop1): orphan cleanup on readonly fs
[  228.838184][T17801] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5328: bg 0: block 248: padding at end of block bitmap is not set
[  228.857476][T17801] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5328: Failed to acquire dquot type 1
[  228.876657][T17801] EXT4-fs (loop1): 1 truncate cleaned up
[  228.922256][T17808] loop5: detected capacity change from 0 to 1024
[  229.017662][T17820] loop5: detected capacity change from 0 to 164
[  229.026659][T17820] ISOFS: unable to read i-node block
[  229.032016][T17820] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  229.074623][T17824] netlink: 'syz.1.5336': attribute type 13 has an invalid length.
[  229.085634][T17824] gretap0: refused to change device tx_queue_len
[  229.092842][T17824] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  229.137853][T17827] loop1: detected capacity change from 0 to 512
[  229.163999][T17827] EXT4-fs (loop1): orphan cleanup on readonly fs
[  229.173566][T17827] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5337: bg 0: block 248: padding at end of block bitmap is not set
[  229.190816][T17827] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5337: Failed to acquire dquot type 1
[  229.203182][T17827] EXT4-fs (loop1): 1 truncate cleaned up
[  229.266349][T17833] netlink: 'syz.2.5339': attribute type 1 has an invalid length.
[  229.361835][T17843] loop1: detected capacity change from 0 to 1024
[  229.450169][T17854] netlink: 'syz.0.5348': attribute type 13 has an invalid length.
[  229.513396][T17854] gretap0: refused to change device tx_queue_len
[  229.520430][T17854] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  229.582206][T17871] netlink: 'syz.4.5350': attribute type 1 has an invalid length.
[  229.602077][T17873] netlink: 'syz.1.5357': attribute type 1 has an invalid length.
[  229.706731][T17887] loop5: detected capacity change from 0 to 1024
[  229.717170][T17891] loop1: detected capacity change from 0 to 512
[  229.724124][T17891] EXT4-fs: Ignoring removed nomblk_io_submit option
[  229.770926][T17891] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  229.778346][T17904] ipvlan2: entered promiscuous mode
[  229.780858][T17891] EXT4-fs (loop1): Unsupported encryption level 255
[  229.786746][T17904] bridge0: port 4(ipvlan2) entered blocking state
[  229.799182][T17904] bridge0: port 4(ipvlan2) entered disabled state
[  229.811420][T17904] ipvlan2: entered allmulticast mode
[  229.829706][T17904] ipvlan2: left allmulticast mode
[  229.850507][T17906] netlink: 'syz.2.5370': attribute type 1 has an invalid length.
[  229.936383][T17912] FAULT_INJECTION: forcing a failure.
[  229.936383][T17912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.949701][T17912] CPU: 1 UID: 0 PID: 17912 Comm: syz.1.5374 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  229.949737][T17912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  229.949747][T17912] Call Trace:
[  229.949753][T17912]  <TASK>
[  229.949760][T17912]  __dump_stack+0x1d/0x30
[  229.949840][T17912]  dump_stack_lvl+0xe8/0x140
[  229.949860][T17912]  dump_stack+0x15/0x1b
[  229.949878][T17912]  should_fail_ex+0x265/0x280
[  229.949901][T17912]  should_fail+0xb/0x20
[  229.949921][T17912]  should_fail_usercopy+0x1a/0x20
[  229.949960][T17912]  _copy_from_user+0x1c/0xb0
[  229.949991][T17912]  get_timespec64+0x4c/0x100
[  229.950014][T17912]  __se_sys_ppoll+0x75/0x200
[  229.950059][T17912]  ? fput+0x8f/0xc0
[  229.950135][T17912]  __x64_sys_ppoll+0x67/0x80
[  229.950160][T17912]  x64_sys_call+0x1d52/0x2ff0
[  229.950182][T17912]  do_syscall_64+0xd2/0x200
[  229.950205][T17912]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  229.950261][T17912]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  229.950289][T17912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.950313][T17912] RIP: 0033:0x7ff1ddc0ebe9
[  229.950330][T17912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.950358][T17912] RSP: 002b:00007ff1dc677038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  229.950411][T17912] RAX: ffffffffffffffda RBX: 00007ff1dde45fa0 RCX: 00007ff1ddc0ebe9
[  229.950425][T17912] RDX: 0000200000001000 RSI: 0000000000000001 RDI: 0000200000000f80
[  229.950437][T17912] RBP: 00007ff1dc677090 R08: 0000000000000000 R09: 0000000000000000
[  229.950486][T17912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  229.950500][T17912] R13: 00007ff1dde46038 R14: 00007ff1dde45fa0 R15: 00007ffccefde3a8
[  229.950519][T17912]  </TASK>
[  230.263540][T17935] loop5: detected capacity change from 0 to 1024
[  230.296094][T17941] hsr_slave_0: left promiscuous mode
[  230.303006][T17941] hsr_slave_1: left promiscuous mode
[  230.596939][T17997] loop5: detected capacity change from 0 to 1024
[  230.766218][T18026] loop1: detected capacity change from 0 to 1024
[  230.899512][T18047] FAULT_INJECTION: forcing a failure.
[  230.899512][T18047] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.912777][T18047] CPU: 0 UID: 0 PID: 18047 Comm: syz.0.5422 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  230.912809][T18047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  230.912823][T18047] Call Trace:
[  230.912831][T18047]  <TASK>
[  230.912839][T18047]  __dump_stack+0x1d/0x30
[  230.912861][T18047]  dump_stack_lvl+0xe8/0x140
[  230.912882][T18047]  dump_stack+0x15/0x1b
[  230.912936][T18047]  should_fail_ex+0x265/0x280
[  230.912956][T18047]  should_fail+0xb/0x20
[  230.912972][T18047]  should_fail_usercopy+0x1a/0x20
[  230.912993][T18047]  _copy_to_iter+0x251/0xe70
[  230.913022][T18047]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  230.913089][T18047]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  230.913115][T18047]  __skb_datagram_iter+0xc6/0x690
[  230.913212][T18047]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  230.913239][T18047]  skb_copy_datagram_iter+0x3d/0x110
[  230.913327][T18047]  netlink_recvmsg+0x1a8/0x550
[  230.913355][T18047]  ? __pfx_netlink_recvmsg+0x10/0x10
[  230.913379][T18047]  sock_recvmsg+0x136/0x170
[  230.913445][T18047]  ____sys_recvmsg+0xf5/0x280
[  230.913474][T18047]  ___sys_recvmsg+0x11f/0x370
[  230.913514][T18047]  __x64_sys_recvmsg+0xd1/0x160
[  230.913540][T18047]  x64_sys_call+0x2b42/0x2ff0
[  230.913577][T18047]  do_syscall_64+0xd2/0x200
[  230.913692][T18047]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  230.913717][T18047]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  230.913742][T18047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.913766][T18047] RIP: 0033:0x7fa1b008ebe9
[  230.913823][T18047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.913872][T18047] RSP: 002b:00007fa1aeaef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  230.913961][T18047] RAX: ffffffffffffffda RBX: 00007fa1b02c5fa0 RCX: 00007fa1b008ebe9
[  230.914079][T18047] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  230.914093][T18047] RBP: 00007fa1aeaef090 R08: 0000000000000000 R09: 0000000000000000
[  230.914107][T18047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.914121][T18047] R13: 00007fa1b02c6038 R14: 00007fa1b02c5fa0 R15: 00007ffc0e065b18
[  230.914140][T18047]  </TASK>
[  231.285469][T18069] loop5: detected capacity change from 0 to 512
[  231.326448][T18069] EXT4-fs (loop5): orphan cleanup on readonly fs
[  231.327557][T18071] __nla_validate_parse: 38 callbacks suppressed
[  231.327571][T18071] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5429'.
[  231.345293][T18069] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5431: bg 0: block 248: padding at end of block bitmap is not set
[  231.366254][T18069] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.5431: Failed to acquire dquot type 1
[  231.409449][T18069] EXT4-fs (loop5): 1 truncate cleaned up
[  231.606974][T18084] loop5: detected capacity change from 0 to 512
[  231.632334][T18092] netlink: 444 bytes leftover after parsing attributes in process `syz.0.5440'.
[  231.750927][T18084] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #3: comm syz.5.5437: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  231.780617][T18084] EXT4-fs error (device loop5): ext4_quota_enable:7131: comm syz.5.5437: Bad quota inode: 3, type: 0
[  231.801220][T18084] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  231.837601][T18068] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5430'.
[  231.881530][T18084] EXT4-fs (loop5): mount failed
[  232.113213][T18122] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61458 sclass=netlink_route_socket pid=18122 comm=syz.1.5454
[  232.140745][T18124] netlink: 444 bytes leftover after parsing attributes in process `syz.0.5455'.
[  232.185463][T18126] loop1: detected capacity change from 0 to 1024
[  232.278248][T18138] validate_nla: 5 callbacks suppressed
[  232.278267][T18138] netlink: 'syz.1.5458': attribute type 13 has an invalid length.
[  232.299948][T18138] gretap0: refused to change device tx_queue_len
[  232.309546][T18138] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  232.340689][   T29] kauditd_printk_skb: 633 callbacks suppressed
[  232.340751][   T29] audit: type=1400 audit(1756514333.128:17074): avc:  denied  { create } for  pid=18139 comm="syz.0.5459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  232.470200][T18148] netlink: 'syz.2.5463': attribute type 1 has an invalid length.
[  232.478092][T18148] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5463'.
[  232.555218][T18156] netlink: 444 bytes leftover after parsing attributes in process `syz.4.5467'.
[  232.586997][   T29] audit: type=1326 audit(1756514333.368:17075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18151 comm="syz.0.5465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1b008ebe9 code=0x7ffc0000
[  232.610912][   T29] audit: type=1326 audit(1756514333.368:17076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18151 comm="syz.0.5465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1b008ebe9 code=0x7ffc0000
[  232.632045][T18154] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5466'.
[  232.634677][   T29] audit: type=1326 audit(1756514333.368:17077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18151 comm="syz.0.5465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fa1b008ebe9 code=0x7ffc0000
[  232.667217][   T29] audit: type=1326 audit(1756514333.368:17078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18151 comm="syz.0.5465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1b008ebe9 code=0x7ffc0000
[  232.692228][   T29] audit: type=1400 audit(1756514333.378:17079): avc:  denied  { create } for  pid=18149 comm="syz.1.5464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  232.712047][   T29] audit: type=1400 audit(1756514333.378:17080): avc:  denied  { setopt } for  pid=18149 comm="syz.1.5464" lport=252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  232.726182][T18154] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5466'.
[  232.746003][T18154] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5466'.
[  232.783401][   T29] audit: type=1326 audit(1756514333.568:17081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18168 comm="syz.4.5470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff31110ebe9 code=0x7ffc0000
[  232.807083][   T29] audit: type=1326 audit(1756514333.568:17082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18168 comm="syz.4.5470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff31110ebe9 code=0x7ffc0000
[  232.841926][T18172] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5471'.
[  232.859520][   T29] audit: type=1326 audit(1756514333.568:17083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18168 comm="syz.4.5470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff31110ebe9 code=0x7ffc0000
[  232.962339][T18177] FAULT_INJECTION: forcing a failure.
[  232.962339][T18177] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.975568][T18177] CPU: 1 UID: 0 PID: 18177 Comm: syz.1.5473 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  232.975599][T18177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  232.975611][T18177] Call Trace:
[  232.975618][T18177]  <TASK>
[  232.975671][T18177]  __dump_stack+0x1d/0x30
[  232.975762][T18177]  dump_stack_lvl+0xe8/0x140
[  232.975784][T18177]  dump_stack+0x15/0x1b
[  232.975802][T18177]  should_fail_ex+0x265/0x280
[  232.975896][T18177]  should_fail+0xb/0x20
[  232.975915][T18177]  should_fail_usercopy+0x1a/0x20
[  232.975937][T18177]  _copy_to_user+0x20/0xa0
[  232.975972][T18177]  simple_read_from_buffer+0xb5/0x130
[  232.975996][T18177]  proc_fail_nth_read+0x10e/0x150
[  232.976092][T18177]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.976117][T18177]  vfs_read+0x1a8/0x770
[  232.976138][T18177]  ? __rcu_read_unlock+0x4f/0x70
[  232.976177][T18177]  ? __fget_files+0x184/0x1c0
[  232.976251][T18177]  ksys_read+0xda/0x1a0
[  232.976276][T18177]  __x64_sys_read+0x40/0x50
[  232.976356][T18177]  x64_sys_call+0x27bc/0x2ff0
[  232.976380][T18177]  do_syscall_64+0xd2/0x200
[  232.976408][T18177]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  232.976433][T18177]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  232.976471][T18177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.976566][T18177] RIP: 0033:0x7ff1ddc0d5fc
[  232.976583][T18177] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  232.976602][T18177] RSP: 002b:00007ff1dc677030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  232.976628][T18177] RAX: ffffffffffffffda RBX: 00007ff1dde45fa0 RCX: 00007ff1ddc0d5fc
[  232.976642][T18177] RDX: 000000000000000f RSI: 00007ff1dc6770a0 RDI: 0000000000000006
[  232.976655][T18177] RBP: 00007ff1dc677090 R08: 0000000000000000 R09: 00000000fffffdcf
[  232.976735][T18177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.976748][T18177] R13: 00007ff1dde46038 R14: 00007ff1dde45fa0 R15: 00007ffccefde3a8
[  232.976832][T18177]  </TASK>
[  233.218571][T18183] netlink: 'syz.1.5476': attribute type 1 has an invalid length.
[  233.230001][T18185] 9pnet_fd: Insufficient options for proto=fd
[  233.244203][T18187] netlink: 'syz.4.5478': attribute type 1 has an invalid length.
[  233.345313][T18194] veth11: entered promiscuous mode
[  233.368818][T18187] 8021q: adding VLAN 0 to HW filter on device bond7
[  233.427574][T18206] FAULT_INJECTION: forcing a failure.
[  233.427574][T18206] name failslab, interval 1, probability 0, space 0, times 0
[  233.440487][T18206] CPU: 1 UID: 0 PID: 18206 Comm: syz.4.5485 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  233.440527][T18206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  233.440541][T18206] Call Trace:
[  233.440546][T18206]  <TASK>
[  233.440587][T18206]  __dump_stack+0x1d/0x30
[  233.440610][T18206]  dump_stack_lvl+0xe8/0x140
[  233.440630][T18206]  dump_stack+0x15/0x1b
[  233.440647][T18206]  should_fail_ex+0x265/0x280
[  233.440669][T18206]  should_failslab+0x8c/0xb0
[  233.440697][T18206]  kmem_cache_alloc_node_noprof+0x57/0x320
[  233.440767][T18206]  ? __alloc_skb+0x101/0x320
[  233.440787][T18206]  __alloc_skb+0x101/0x320
[  233.440802][T18206]  ? audit_log_start+0x365/0x6c0
[  233.440834][T18206]  audit_log_start+0x380/0x6c0
[  233.440914][T18206]  audit_seccomp+0x48/0x100
[  233.440942][T18206]  ? __seccomp_filter+0x68c/0x10d0
[  233.440964][T18206]  __seccomp_filter+0x69d/0x10d0
[  233.440987][T18206]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  233.441016][T18206]  ? vfs_write+0x7e8/0x960
[  233.441106][T18206]  ? __rcu_read_unlock+0x4f/0x70
[  233.441128][T18206]  ? __fget_files+0x184/0x1c0
[  233.441165][T18206]  __secure_computing+0x82/0x150
[  233.441187][T18206]  syscall_trace_enter+0xcf/0x1e0
[  233.441329][T18206]  do_syscall_64+0xac/0x200
[  233.441358][T18206]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  233.441409][T18206]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  233.441437][T18206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.441460][T18206] RIP: 0033:0x7ff31110ebe9
[  233.441477][T18206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.441496][T18206] RSP: 002b:00007ff30fb77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  233.441526][T18206] RAX: ffffffffffffffda RBX: 00007ff311345fa0 RCX: 00007ff31110ebe9
[  233.441605][T18206] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000000000000009
[  233.441619][T18206] RBP: 00007ff30fb77090 R08: 00000000088000cc R09: 0000000000000000
[  233.441633][T18206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  233.441717][T18206] R13: 00007ff311346038 R14: 00007ff311345fa0 R15: 00007ffd5a578ee8
[  233.441737][T18206]  </TASK>
[  234.273153][T18269] netlink: 'syz.4.5509': attribute type 1 has an invalid length.
[  234.298954][T18272] loop1: detected capacity change from 0 to 512
[  234.308278][T18272] EXT4-fs: Ignoring removed nobh option
[  234.389404][T18281] loop5: detected capacity change from 0 to 1024
[  234.579171][T18314] loop1: detected capacity change from 0 to 512
[  234.592995][T18314] EXT4-fs (loop1): orphan cleanup on readonly fs
[  234.610886][T18314] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5525: bg 0: block 248: padding at end of block bitmap is not set
[  234.639471][T18314] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5525: Failed to acquire dquot type 1
[  234.682735][T18314] EXT4-fs (loop1): 1 truncate cleaned up
[  234.892152][T18352] loop5: detected capacity change from 0 to 512
[  234.921643][T18352] EXT4-fs (loop5): orphan cleanup on readonly fs
[  234.940693][T18352] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5541: bg 0: block 248: padding at end of block bitmap is not set
[  234.949257][T18354] netlink: 'syz.1.5540': attribute type 1 has an invalid length.
[  234.976034][T18352] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.5541: Failed to acquire dquot type 1
[  234.988486][T18352] EXT4-fs (loop5): 1 truncate cleaned up
[  235.106374][T18373] loop1: detected capacity change from 0 to 512
[  235.115139][T18373] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.143681][T18373] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  235.153696][T18373] EXT4-fs (loop1): Unsupported encryption level 255
[  235.280358][T18388] usb usb7: usbfs: process 18388 (syz.2.5556) did not claim interface 0 before use
[  235.482007][T18420] netlink: 'syz.4.5572': attribute type 1 has an invalid length.
[  235.635821][T18438] loop5: detected capacity change from 0 to 512
[  235.643635][T18438] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.671756][T18438] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  235.681706][T18438] EXT4-fs (loop5): Unsupported encryption level 255
[  236.000286][T18442] chnl_net:caif_netlink_parms(): no params data found
[  236.043028][T18442] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.050310][T18442] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.057977][T18442] bridge_slave_0: entered allmulticast mode
[  236.064299][T18442] bridge_slave_0: entered promiscuous mode
[  236.071539][T18442] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.078899][T18442] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.086120][T18442] bridge_slave_1: entered allmulticast mode
[  236.092744][T18442] bridge_slave_1: entered promiscuous mode
[  236.120866][T18480] loop5: detected capacity change from 0 to 512
[  236.128274][T18480] EXT4-fs: Ignoring removed nomblk_io_submit option
[  236.135558][T18480] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  236.145612][T18480] EXT4-fs (loop5): Unsupported encryption level 255
[  236.154491][T18442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.166690][T18442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.199666][T18442] team0: Port device team_slave_0 added
[  236.214676][T18442] team0: Port device team_slave_1 added
[  236.254257][T18442] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.261332][T18442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.287383][T18442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.306634][T18442] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.313665][T18442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.339731][T18442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.402351][T18442] hsr_slave_0: entered promiscuous mode
[  236.417665][T18442] hsr_slave_1: entered promiscuous mode
[  236.451511][T18504] loop5: detected capacity change from 0 to 1024
[  236.489059][T18504] EXT4-fs mount: 36 callbacks suppressed
[  236.489078][T18504] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.505870][T18512] __nla_validate_parse: 30 callbacks suppressed
[  236.505887][T18512] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5604'.
[  236.539313][T18518] loop1: detected capacity change from 0 to 512
[  236.541684][T18512] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5604'.
[  236.554762][T18512] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5604'.
[  236.575837][T18518] EXT4-fs (loop1): orphan cleanup on readonly fs
[  236.582981][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.584313][T18518] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5607: bg 0: block 248: padding at end of block bitmap is not set
[  236.608237][T18518] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5607: Failed to acquire dquot type 1
[  236.621494][T18518] EXT4-fs (loop1): 1 truncate cleaned up
[  236.628892][T18518] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  236.652661][T18442] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.665017][T18522] FAULT_INJECTION: forcing a failure.
[  236.665017][T18522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.678260][T18522] CPU: 1 UID: 0 PID: 18522 Comm: syz.5.5608 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  236.678289][T18522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  236.678302][T18522] Call Trace:
[  236.678327][T18522]  <TASK>
[  236.678336][T18522]  __dump_stack+0x1d/0x30
[  236.678358][T18522]  dump_stack_lvl+0xe8/0x140
[  236.678376][T18522]  dump_stack+0x15/0x1b
[  236.678392][T18522]  should_fail_ex+0x265/0x280
[  236.678497][T18522]  should_fail+0xb/0x20
[  236.678516][T18522]  should_fail_usercopy+0x1a/0x20
[  236.678540][T18522]  _copy_from_user+0x1c/0xb0
[  236.678595][T18522]  memdup_user+0x5e/0xd0
[  236.678620][T18522]  strndup_user+0x68/0xb0
[  236.678647][T18522]  __se_sys_mount+0x4d/0x2e0
[  236.678667][T18522]  ? fput+0x8f/0xc0
[  236.678777][T18522]  ? ksys_write+0x192/0x1a0
[  236.678796][T18522]  __x64_sys_mount+0x67/0x80
[  236.678875][T18522]  x64_sys_call+0x2b4d/0x2ff0
[  236.678899][T18522]  do_syscall_64+0xd2/0x200
[  236.678924][T18522]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  236.679017][T18522]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  236.679115][T18522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.679134][T18522] RIP: 0033:0x7f395961ebe9
[  236.679149][T18522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.679166][T18522] RSP: 002b:00007f3958087038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  236.679241][T18522] RAX: ffffffffffffffda RBX: 00007f3959855fa0 RCX: 00007f395961ebe9
[  236.679256][T18522] RDX: 0000200000000300 RSI: 0000200000000080 RDI: 0000000000000000
[  236.679318][T18522] RBP: 00007f3958087090 R08: 0000200000000580 R09: 0000000000000000
[  236.679330][T18522] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  236.679392][T18522] R13: 00007f3959856038 R14: 00007f3959855fa0 R15: 00007ffe33511068
[  236.679409][T18522]  </TASK>
[  236.885436][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.900810][T18442] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.948174][T18442] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.961745][T18526] netlink: 92 bytes leftover after parsing attributes in process `syz.4.5611'.
[  236.987985][T18534] usb usb7: usbfs: process 18534 (syz.4.5615) did not claim interface 0 before use
[  237.020992][T18540] usb usb7: usbfs: process 18540 (syz.4.5617) did not claim interface 0 before use
[  237.042503][T18442] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.075386][T18544] FAULT_INJECTION: forcing a failure.
[  237.075386][T18544] name failslab, interval 1, probability 0, space 0, times 0
[  237.088203][T18544] CPU: 0 UID: 0 PID: 18544 Comm: syz.1.5620 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  237.088232][T18544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  237.088287][T18544] Call Trace:
[  237.088293][T18544]  <TASK>
[  237.088301][T18544]  __dump_stack+0x1d/0x30
[  237.088344][T18544]  dump_stack_lvl+0xe8/0x140
[  237.088364][T18544]  dump_stack+0x15/0x1b
[  237.088380][T18544]  should_fail_ex+0x265/0x280
[  237.088553][T18544]  should_failslab+0x8c/0xb0
[  237.088581][T18544]  kmem_cache_alloc_noprof+0x50/0x310
[  237.088609][T18544]  ? io_submit_one+0xb8/0x11d0
[  237.088640][T18544]  io_submit_one+0xb8/0x11d0
[  237.088678][T18544]  __se_sys_io_submit+0xfb/0x280
[  237.088707][T18544]  __x64_sys_io_submit+0x43/0x50
[  237.088732][T18544]  x64_sys_call+0x2d5d/0x2ff0
[  237.088753][T18544]  do_syscall_64+0xd2/0x200
[  237.088856][T18544]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  237.088880][T18544]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  237.088906][T18544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.088966][T18544] RIP: 0033:0x7ff1ddc0ebe9
[  237.089043][T18544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.089062][T18544] RSP: 002b:00007ff1dc677038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  237.089118][T18544] RAX: ffffffffffffffda RBX: 00007ff1dde45fa0 RCX: 00007ff1ddc0ebe9
[  237.089132][T18544] RDX: 0000200000000040 RSI: 0000000000000001 RDI: 00007ff1de982000
[  237.089145][T18544] RBP: 00007ff1dc677090 R08: 0000000000000000 R09: 0000000000000000
[  237.089159][T18544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.089172][T18544] R13: 00007ff1dde46038 R14: 00007ff1dde45fa0 R15: 00007ffccefde3a8
[  237.089190][T18544]  </TASK>
[  237.311234][T18442] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  237.331803][T18442] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  237.339671][T18556] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5622'.
[  237.353712][T18556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5622'.
[  237.362876][T18556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5622'.
[  237.392492][T18442] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  237.412617][T18572] usb usb7: usbfs: process 18572 (syz.1.5626) did not claim interface 0 before use
[  237.422593][T18442] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  237.446493][   T29] kauditd_printk_skb: 705 callbacks suppressed
[  237.446555][   T29] audit: type=1400 audit(1756514338.228:17781): avc:  denied  { module_request } for  pid=18545 comm="syz.5.5621" kmod="block-major-0-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  237.478695][   T29] audit: type=1400 audit(1756514338.268:17782): avc:  denied  { create } for  pid=18442 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  237.499822][   T29] audit: type=1400 audit(1756514338.268:17783): avc:  denied  { write } for  pid=18442 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  237.525968][   T29] audit: type=1400 audit(1756514338.268:17784): avc:  denied  { read } for  pid=18442 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  237.546678][   T29] audit: type=1400 audit(1756514338.318:17785): avc:  denied  { read write } for  pid=12162 comm="syz-executor" name="loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  237.562210][T18581] FAULT_INJECTION: forcing a failure.
[  237.562210][T18581] name failslab, interval 1, probability 0, space 0, times 0
[  237.571190][   T29] audit: type=1400 audit(1756514338.318:17786): avc:  denied  { open } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  237.583970][T18581] CPU: 1 UID: 0 PID: 18581 Comm: syz.1.5628 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  237.584001][T18581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  237.584022][T18581] Call Trace:
[  237.584062][T18581]  <TASK>
[  237.584070][T18581]  __dump_stack+0x1d/0x30
[  237.584092][T18581]  dump_stack_lvl+0xe8/0x140
[  237.584112][T18581]  dump_stack+0x15/0x1b
[  237.584128][T18581]  should_fail_ex+0x265/0x280
[  237.584187][T18581]  should_failslab+0x8c/0xb0
[  237.584211][T18581]  kmem_cache_alloc_noprof+0x50/0x310
[  237.584312][T18581]  ? audit_log_start+0x365/0x6c0
[  237.584373][T18581]  audit_log_start+0x365/0x6c0
[  237.584403][T18581]  audit_seccomp+0x48/0x100
[  237.584482][T18581]  ? __seccomp_filter+0x68c/0x10d0
[  237.584503][T18581]  __seccomp_filter+0x69d/0x10d0
[  237.584538][T18581]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  237.584563][T18581]  ? vfs_write+0x7e8/0x960
[  237.584643][T18581]  ? __rcu_read_unlock+0x4f/0x70
[  237.584663][T18581]  ? __fget_files+0x184/0x1c0
[  237.584689][T18581]  __secure_computing+0x82/0x150
[  237.584709][T18581]  syscall_trace_enter+0xcf/0x1e0
[  237.584732][T18581]  do_syscall_64+0xac/0x200
[  237.584832][T18581]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  237.584854][T18581]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  237.584879][T18581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.584920][T18581] RIP: 0033:0x7ff1ddc0ebe9
[  237.584936][T18581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.584954][T18581] RSP: 002b:00007ff1dc677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  237.584973][T18581] RAX: ffffffffffffffda RBX: 00007ff1dde45fa0 RCX: 00007ff1ddc0ebe9
[  237.584986][T18581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  237.585058][T18581] RBP: 00007ff1dc677090 R08: 0000000000000000 R09: 0000000000000000
[  237.585070][T18581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.585081][T18581] R13: 00007ff1dde46038 R14: 00007ff1dde45fa0 R15: 00007ffccefde3a8
[  237.585099][T18581]  </TASK>
[  237.585107][T18581] audit: audit_lost=9 audit_rate_limit=0 audit_backlog_limit=64
[  237.608499][   T29] audit: type=1400 audit(1756514338.318:17787): avc:  denied  { ioctl } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  237.618350][T18581] audit: out of memory in audit_log_start
[  237.857234][   T29] audit: type=1400 audit(1756514338.338:17788): avc:  denied  { prog_load } for  pid=18579 comm="syz.1.5628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  237.971621][T18442] 8021q: adding VLAN 0 to HW filter on device bond0
[  238.000181][T18442] 8021q: adding VLAN 0 to HW filter on device team0
[  238.035523][  T586] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.042689][  T586] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.080867][  T586] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.088021][  T586] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.135213][T18633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5647'.
[  238.144869][T18633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5647'.
[  238.149565][T18624] loop1: detected capacity change from 0 to 1024
[  238.173394][T18636] loop5: detected capacity change from 0 to 512
[  238.227426][T18624] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.242729][T18636] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.266359][T18636] ext4 filesystem being mounted at /330/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.317944][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.329241][T18648] FAULT_INJECTION: forcing a failure.
[  238.329241][T18648] name failslab, interval 1, probability 0, space 0, times 0
[  238.336178][T18442] 8021q: adding VLAN 0 to HW filter on device batadv0
[  238.342045][T18648] CPU: 0 UID: 0 PID: 18648 Comm: syz.0.5650 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  238.342122][T18648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  238.342134][T18648] Call Trace:
[  238.342141][T18648]  <TASK>
[  238.342148][T18648]  __dump_stack+0x1d/0x30
[  238.342169][T18648]  dump_stack_lvl+0xe8/0x140
[  238.342188][T18648]  dump_stack+0x15/0x1b
[  238.342205][T18648]  should_fail_ex+0x265/0x280
[  238.342235][T18648]  should_failslab+0x8c/0xb0
[  238.342259][T18648]  kmem_cache_alloc_node_noprof+0x57/0x320
[  238.342285][T18648]  ? __alloc_skb+0x101/0x320
[  238.342336][T18648]  __alloc_skb+0x101/0x320
[  238.342354][T18648]  netlink_alloc_large_skb+0xba/0xf0
[  238.342455][T18648]  netlink_sendmsg+0x3cf/0x6b0
[  238.342478][T18648]  ? __pfx_netlink_sendmsg+0x10/0x10
[  238.342499][T18648]  __sock_sendmsg+0x145/0x180
[  238.342538][T18648]  ____sys_sendmsg+0x31e/0x4e0
[  238.342561][T18648]  ___sys_sendmsg+0x17b/0x1d0
[  238.342594][T18648]  __x64_sys_sendmsg+0xd4/0x160
[  238.342620][T18648]  x64_sys_call+0x191e/0x2ff0
[  238.342640][T18648]  do_syscall_64+0xd2/0x200
[  238.342705][T18648]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  238.342728][T18648]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  238.342831][T18648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.342851][T18648] RIP: 0033:0x7fa1b008ebe9
[  238.342867][T18648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.342884][T18648] RSP: 002b:00007fa1aeaef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  238.342905][T18648] RAX: ffffffffffffffda RBX: 00007fa1b02c5fa0 RCX: 00007fa1b008ebe9
[  238.342918][T18648] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  238.342930][T18648] RBP: 00007fa1aeaef090 R08: 0000000000000000 R09: 0000000000000000
[  238.343010][T18648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.343022][T18648] R13: 00007fa1b02c6038 R14: 00007fa1b02c5fa0 R15: 00007ffc0e065b18
[  238.343098][T18648]  </TASK>
[  238.551797][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.671939][T18668] loop1: detected capacity change from 0 to 512
[  238.700703][T18671] FAULT_INJECTION: forcing a failure.
[  238.700703][T18671] name failslab, interval 1, probability 0, space 0, times 0
[  238.713675][T18671] CPU: 0 UID: 0 PID: 18671 Comm: syz.5.5659 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  238.713705][T18671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  238.713719][T18671] Call Trace:
[  238.713725][T18671]  <TASK>
[  238.713732][T18671]  __dump_stack+0x1d/0x30
[  238.713755][T18671]  dump_stack_lvl+0xe8/0x140
[  238.713809][T18671]  dump_stack+0x15/0x1b
[  238.713827][T18671]  should_fail_ex+0x265/0x280
[  238.713850][T18671]  should_failslab+0x8c/0xb0
[  238.713955][T18671]  kmem_cache_alloc_noprof+0x50/0x310
[  238.714014][T18671]  ? audit_log_start+0x365/0x6c0
[  238.714089][T18671]  audit_log_start+0x365/0x6c0
[  238.714171][T18671]  audit_seccomp+0x48/0x100
[  238.714200][T18671]  ? __seccomp_filter+0x68c/0x10d0
[  238.714224][T18671]  __seccomp_filter+0x69d/0x10d0
[  238.714301][T18671]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  238.714328][T18671]  ? vfs_write+0x7e8/0x960
[  238.714354][T18671]  __secure_computing+0x82/0x150
[  238.714373][T18671]  syscall_trace_enter+0xcf/0x1e0
[  238.714393][T18671]  do_syscall_64+0xac/0x200
[  238.714427][T18671]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  238.714452][T18671]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  238.714488][T18671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.714563][T18671] RIP: 0033:0x7f395961ebe9
[  238.714577][T18671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.714595][T18671] RSP: 002b:00007f3958086f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  238.714616][T18671] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f395961ebe9
[  238.714631][T18671] RDX: 00007f3958086f20 RSI: 0000000000000058 RDI: 00007f3958086f20
[  238.714679][T18671] RBP: 00007f3958087090 R08: 0000000000000000 R09: 0000000000000058
[  238.714693][T18671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.714704][T18671] R13: 00007f3959856038 R14: 00007f3959855fa0 R15: 00007ffe33511068
[  238.714724][T18671]  </TASK>
[  238.930013][T18442] veth0_vlan: entered promiscuous mode
[  238.950069][T18668] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.963824][T18442] veth1_vlan: entered promiscuous mode
[  238.965991][T18668] ext4 filesystem being mounted at /448/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.038312][T18442] veth0_macvtap: entered promiscuous mode
[  239.059716][T18442] veth1_macvtap: entered promiscuous mode
[  239.106706][T18442] batman_adv: batadv0: Interface activated: batadv_slave_0
[  239.124444][T18442] batman_adv: batadv0: Interface activated: batadv_slave_1
[  239.132731][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.145517][T10066] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  239.156581][T18709] loop5: detected capacity change from 0 to 512
[  239.163061][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  239.197356][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  239.198272][T18717] loop1: detected capacity change from 0 to 512
[  239.206228][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  239.246349][T18709] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.266949][T18717] EXT4-fs (loop1): orphan cleanup on readonly fs
[  239.268871][T18709] ext4 filesystem being mounted at /335/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  239.292730][T18717] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5673: bg 0: block 248: padding at end of block bitmap is not set
[  239.322152][T18709] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.5670: corrupted inode contents
[  239.322335][T18709] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.5670: mark_inode_dirty error
[  239.322556][T18709] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.5670: corrupted inode contents
[  239.322725][T18709] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.5670: mark_inode_dirty error
[  239.325789][T18709] EXT4-fs error (device loop5): ext4_lookup:1784: inode #18: comm syz.5.5670: 'file0' linked to parent dir
[  239.327479][T18717] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5673: Failed to acquire dquot type 1
[  239.359320][T18717] EXT4-fs (loop1): 1 truncate cleaned up
[  239.360716][T18717] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  239.406258][T18731] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5676'.
[  239.469476][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.554533][T18709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  239.565915][T18709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.566113][T18748] FAULT_INJECTION: forcing a failure.
[  239.566113][T18748] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  239.587531][T18748] CPU: 1 UID: 0 PID: 18748 Comm: syz.2.5683 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  239.587560][T18748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  239.587587][T18748] Call Trace:
[  239.587593][T18748]  <TASK>
[  239.587601][T18748]  __dump_stack+0x1d/0x30
[  239.587644][T18748]  dump_stack_lvl+0xe8/0x140
[  239.587786][T18748]  dump_stack+0x15/0x1b
[  239.587804][T18748]  should_fail_ex+0x265/0x280
[  239.587826][T18748]  should_fail_alloc_page+0xf2/0x100
[  239.587849][T18748]  __alloc_frozen_pages_noprof+0xff/0x360
[  239.587891][T18748]  alloc_pages_mpol+0xb3/0x250
[  239.587925][T18748]  alloc_pages_noprof+0x90/0x130
[  239.587970][T18748]  pte_alloc_one+0x2d/0x120
[  239.588055][T18748]  __pte_alloc+0x32/0x2b0
[  239.588082][T18748]  handle_mm_fault+0x1c55/0x2c20
[  239.588170][T18748]  do_user_addr_fault+0x636/0x1090
[  239.588280][T18748]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  239.588303][T18748]  exc_page_fault+0x62/0xa0
[  239.588435][T18748]  asm_exc_page_fault+0x26/0x30
[  239.588520][T18748] RIP: 0033:0x7f0429210c46
[  239.588535][T18748] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[  239.588556][T18748] RSP: 002b:00007f0427db64a0 EFLAGS: 00010246
[  239.588642][T18748] RAX: 0000000000000001 RBX: 00007f0427db6540 RCX: 0000000000000101
[  239.588655][T18748] RDX: 0000000000000010 RSI: 0000000000000001 RDI: 00007f0427db65e0
[  239.588666][T18748] RBP: 0000000000000102 R08: 00007f041f997000 R09: 0000000000000000
[  239.588678][T18748] R10: 0000000000000000 R11: 00007f0427db6550 R12: 0000000000000001
[  239.588690][T18748] R13: 00007f04293eda20 R14: 0000000000000000 R15: 00007f0427db65e0
[  239.588706][T18748]  </TASK>
[  239.588717][T18748] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  239.864721][T18758] 9pnet_fd: Insufficient options for proto=fd
[  239.871426][T18756] netlink: 'syz.4.5687': attribute type 1 has an invalid length.
[  239.902451][T18756] 8021q: adding VLAN 0 to HW filter on device bond8
[  240.262166][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.462584][T18783] loop1: detected capacity change from 0 to 512
[  240.504309][T18783] EXT4-fs (loop1): orphan cleanup on readonly fs
[  240.530661][T18783] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5697: bg 0: block 248: padding at end of block bitmap is not set
[  240.567307][T18783] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5697: Failed to acquire dquot type 1
[  240.582005][T18783] EXT4-fs (loop1): 1 truncate cleaned up
[  240.585343][T18794] 9pnet_fd: Insufficient options for proto=fd
[  240.596235][T18783] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  240.676197][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.608143][T18880] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  241.608143][T18880]    program syz.4.5737 not setting count and/or reply_len properly
[  241.642875][T18879] 9pnet_fd: Insufficient options for proto=fd
[  241.653205][T18880] pimreg: entered allmulticast mode
[  241.662555][T18880] pimreg: left allmulticast mode
[  241.690957][T18882] loop1: detected capacity change from 0 to 164
[  241.718927][T18882] ISOFS: unable to read i-node block
[  241.724359][T18882] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  241.748673][T18885] __nla_validate_parse: 20 callbacks suppressed
[  241.748690][T18885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5741'.
[  242.342587][T18926] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 649
[  242.431232][T18939] loop1: detected capacity change from 0 to 512
[  242.442020][T18939] EXT4-fs: Ignoring removed nobh option
[  242.452731][T18939] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.452912][T18926] syzkaller0: entered promiscuous mode
[  242.470900][T18926] syzkaller0: entered allmulticast mode
[  242.476609][   T29] kauditd_printk_skb: 597 callbacks suppressed
[  242.476622][   T29] audit: type=1400 audit(1756514343.268:18380): avc:  denied  { mount } for  pid=18936 comm="syz.1.5763" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  242.481392][T18940] 9pnet_fd: Insufficient options for proto=fd
[  242.536718][   T29] audit: type=1400 audit(1756514343.318:18381): avc:  denied  { unmount } for  pid=12162 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  242.565270][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.605108][   T29] audit: type=1400 audit(1756514343.388:18382): avc:  denied  { read write } for  pid=12162 comm="syz-executor" name="loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  242.629718][   T29] audit: type=1400 audit(1756514343.388:18383): avc:  denied  { open } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  242.654234][   T29] audit: type=1400 audit(1756514343.388:18384): avc:  denied  { ioctl } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  242.692097][   T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.701921][   T29] audit: type=1400 audit(1756514343.448:18385): avc:  denied  { read } for  pid=18950 comm="syz.2.5768" dev="nsfs" ino=4026533489 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  242.712492][T18961] loop5: detected capacity change from 0 to 512
[  242.723888][   T29] audit: type=1400 audit(1756514343.448:18386): avc:  denied  { open } for  pid=18950 comm="syz.2.5768" path="net:[4026533489]" dev="nsfs" ino=4026533489 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  242.753773][   T29] audit: type=1400 audit(1756514343.448:18387): avc:  denied  { read write } for  pid=18950 comm="syz.2.5768" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  242.777913][   T29] audit: type=1400 audit(1756514343.448:18388): avc:  denied  { open } for  pid=18950 comm="syz.2.5768" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  242.801943][   T29] audit: type=1400 audit(1756514343.478:18389): avc:  denied  { map_create } for  pid=18953 comm="syz.5.5770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  242.834513][T18956] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5766'.
[  242.855638][T18961] EXT4-fs (loop5): orphan cleanup on readonly fs
[  242.883728][T18961] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5771: bg 0: block 248: padding at end of block bitmap is not set
[  242.907191][   T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.931641][T18969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5774'.
[  242.931908][T18971] loop1: detected capacity change from 0 to 128
[  242.943751][T18961] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.5771: Failed to acquire dquot type 1
[  242.973537][T18971] syz.1.5773: attempt to access beyond end of device
[  242.973537][T18971] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128
[  242.983956][T18977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5777'.
[  243.005458][T18971] syz.1.5773: attempt to access beyond end of device
[  243.005458][T18971] loop1: rw=2049, sector=144, nr_sectors = 2 limit=128
[  243.005750][T18961] EXT4-fs (loop5): 1 truncate cleaned up
[  243.018972][T18971] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  243.032802][T18971] syz.1.5773: attempt to access beyond end of device
[  243.032802][T18971] loop1: rw=2049, sector=146, nr_sectors = 104 limit=128
[  243.037696][T18977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5777'.
[  243.058105][T18979] syz.1.5773: attempt to access beyond end of device
[  243.058105][T18979] loop1: rw=2049, sector=144, nr_sectors = 2 limit=128
[  243.059924][T18961] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  243.071724][T18979] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  243.103580][   T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.110585][T18982] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5778'.
[  243.125296][T18982] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5778'.
[  243.134441][T18982] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5778'.
[  243.156663][T18928] chnl_net:caif_netlink_parms(): no params data found
[  243.173288][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.210216][   T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.300684][T18928] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.308150][T18928] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.316130][T18928] bridge_slave_0: entered allmulticast mode
[  243.322965][T18928] bridge_slave_0: entered promiscuous mode
[  243.334306][T18928] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.341489][T18928] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.348860][T18928] bridge_slave_1: entered allmulticast mode
[  243.355336][T18928] bridge_slave_1: entered promiscuous mode
[  243.386960][T19006] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5786'.
[  243.435870][T19008] usb usb7: usbfs: process 19008 (syz.2.5787) did not claim interface 0 before use
[  243.463783][T18928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.474379][   T51] bridge_slave_1: left allmulticast mode
[  243.480187][   T51] bridge_slave_1: left promiscuous mode
[  243.485890][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.502390][   T51] bridge_slave_0: left allmulticast mode
[  243.508184][   T51] bridge_slave_0: left promiscuous mode
[  243.513907][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.544404][T19016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5790'.
[  243.630246][T19032] loop5: detected capacity change from 0 to 512
[  243.654388][T19032] EXT4-fs: Ignoring removed nobh option
[  243.676848][T19032] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.878989][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.889263][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.899075][   T51] bond0 (unregistering): Released all slaves
[  243.907323][   T51] bond1 (unregistering): Released all slaves
[  243.915385][   T51] bond2 (unregistering): Released all slaves
[  243.923581][   T51] bond3 (unregistering): Released all slaves
[  243.932262][T18928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.967429][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.978220][T18928] team0: Port device team_slave_0 added
[  243.996698][T18928] team0: Port device team_slave_1 added
[  244.054741][   T51] hsr_slave_0: left promiscuous mode
[  244.060770][   T51] hsr_slave_1: left promiscuous mode
[  244.066745][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.074244][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.083209][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.090990][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  244.103030][   T51] veth1_macvtap: left promiscuous mode
[  244.108745][   T51] veth0_macvtap: left promiscuous mode
[  244.114401][   T51] veth1_vlan: left promiscuous mode
[  244.120532][   T51] veth0_vlan: left promiscuous mode
[  244.204456][   T51] team0 (unregistering): Port device team_slave_1 removed
[  244.213704][   T51] team0 (unregistering): Port device team_slave_0 removed
[  244.265891][T18928] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.272995][T18928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.298948][T18928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.299219][T19065] loop1: detected capacity change from 0 to 1024
[  244.314164][T18928] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.323016][T18928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.349073][T18928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.393316][T19065] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.414226][T18928] hsr_slave_0: entered promiscuous mode
[  244.422024][T18928] hsr_slave_1: entered promiscuous mode
[  244.433418][T18928] debugfs: 'hsr0' already exists in 'hsr'
[  244.437448][T19075] netlink: 'syz.5.5806': attribute type 1 has an invalid length.
[  244.439281][T18928] Cannot create hsr debugfs directory
[  244.484326][T19075] veth7: entered promiscuous mode
[  244.505819][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.523939][T19075] 8021q: adding VLAN 0 to HW filter on device bond5
[  244.751879][ T3391] hid_parser_main: 33 callbacks suppressed
[  244.751898][ T3391] hid-generic 0000:3000000:0000.000D: unknown main item tag 0x4
[  244.765677][ T3391] hid-generic 0000:3000000:0000.000D: unknown main item tag 0x2
[  244.790367][ T3391] hid-generic 0000:3000000:0000.000D: unknown main item tag 0x3
[  244.832594][ T3391] hid-generic 0000:3000000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  244.860853][T19124] netlink: 'syz.2.5820': attribute type 1 has an invalid length.
[  244.926706][T19124] veth3: entered promiscuous mode
[  244.943234][T19124] 8021q: adding VLAN 0 to HW filter on device bond1
[  245.059392][T18928] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  245.075488][T18928] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  245.089992][T18928] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  245.099605][T18928] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  245.206137][T18928] 8021q: adding VLAN 0 to HW filter on device bond0
[  245.235886][T18928] 8021q: adding VLAN 0 to HW filter on device team0
[  245.268317][T10066] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.275405][T10066] bridge0: port 1(bridge_slave_0) entered forwarding state
[  245.296599][T18928] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  245.307574][T18928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  245.330712][T19178] SELinux: failed to load policy
[  245.392589][T10066] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.399776][T10066] bridge0: port 2(bridge_slave_1) entered forwarding state
[  245.520585][T18928] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.539897][T19186] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=19186 comm=syz.4.5830
[  245.735954][T18928] veth0_vlan: entered promiscuous mode
[  245.780620][T18928] veth1_vlan: entered promiscuous mode
[  245.812826][T18928] veth0_macvtap: entered promiscuous mode
[  245.827581][T18928] veth1_macvtap: entered promiscuous mode
[  245.840562][T18928] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.851671][T18928] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.869109][T10066] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  245.881163][T19240] loop1: detected capacity change from 0 to 512
[  245.889608][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  245.907576][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  245.925509][T19240] EXT4-fs (loop1): orphan cleanup on readonly fs
[  245.932202][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  245.941663][T19240] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5841: bg 0: block 248: padding at end of block bitmap is not set
[  245.957770][T19240] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.5841: Failed to acquire dquot type 1
[  245.976556][T19240] EXT4-fs (loop1): 1 truncate cleaned up
[  245.983371][T19240] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  246.068608][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.182504][T19264] loop1: detected capacity change from 0 to 1024
[  246.200431][T19264] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.229573][T19264] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[  246.265673][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.903572][T19304] usb usb7: usbfs: process 19304 (syz.1.5866) did not claim interface 0 before use
[  246.968351][T19311] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  246.968351][T19311]    program syz.2.5867 not setting count and/or reply_len properly
[  246.991578][T19311] pimreg: entered allmulticast mode
[  246.999096][T19311] pimreg: left allmulticast mode
[  247.012429][T19314] usb usb7: usbfs: process 19314 (syz.1.5870) did not claim interface 0 before use
[  247.244656][T19343] __nla_validate_parse: 18 callbacks suppressed
[  247.244746][T19343] netlink: 232 bytes leftover after parsing attributes in process `syz.0.5880'.
[  247.262485][T19344] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  247.262485][T19344]    program syz.1.5877 not setting count and/or reply_len properly
[  247.264181][T19307] chnl_net:caif_netlink_parms(): no params data found
[  247.316481][T19346] usb usb7: usbfs: process 19346 (syz.5.5881) did not claim interface 0 before use
[  247.336997][T19344] pimreg: entered allmulticast mode
[  247.358313][T19344] pimreg: left allmulticast mode
[  247.380739][T19307] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.388070][T19307] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.395498][T19307] bridge_slave_0: entered allmulticast mode
[  247.404255][T19307] bridge_slave_0: entered promiscuous mode
[  247.412188][T19307] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.419313][T19307] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.426824][T19307] bridge_slave_1: entered allmulticast mode
[  247.435383][T19307] bridge_slave_1: entered promiscuous mode
[  247.463332][T19307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.484693][T19307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.493859][   T29] kauditd_printk_skb: 735 callbacks suppressed
[  247.493875][   T29] audit: type=1400 audit(1756514348.278:19121): avc:  denied  { read write } for  pid=13857 comm="syz-executor" name="loop5" dev="devtmpfs" ino=1661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  247.524874][   T29] audit: type=1400 audit(1756514348.278:19122): avc:  denied  { open } for  pid=13857 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=1661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  247.532478][T19361] loop5: detected capacity change from 0 to 512
[  247.549354][   T29] audit: type=1400 audit(1756514348.278:19123): avc:  denied  { ioctl } for  pid=13857 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=1661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  247.584144][   T29] audit: type=1400 audit(1756514348.378:19124): avc:  denied  { mounton } for  pid=19360 comm="syz.5.5886" path="/374/bus" dev="tmpfs" ino=1987 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  247.598353][T19361] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.619654][   T29] audit: type=1400 audit(1756514348.418:19125): avc:  denied  { mount } for  pid=19360 comm="syz.5.5886" name="/" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  247.619668][T19361] ext4 filesystem being mounted at /374/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  247.628649][T19361] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.5886: corrupted inode contents
[  247.642245][   T29] audit: type=1400 audit(1756514348.418:19126): avc:  denied  { add_name } for  pid=19360 comm="syz.5.5886" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  247.655557][T19361] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.5886: mark_inode_dirty error
[  247.663826][   T29] audit: type=1400 audit(1756514348.418:19127): avc:  denied  { create } for  pid=19360 comm="syz.5.5886" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  247.689665][T19361] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.5886: corrupted inode contents
[  247.710384][T19307] team0: Port device team_slave_0 added
[  247.736470][T19307] team0: Port device team_slave_1 added
[  247.740105][T19361] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.5886: mark_inode_dirty error
[  247.755255][   T29] audit: type=1400 audit(1756514348.548:19128): avc:  denied  { create } for  pid=19360 comm="syz.5.5886" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  247.755644][T19366] EXT4-fs error (device loop5): ext4_lookup:1784: inode #18: comm syz.5.5886: 'file0' linked to parent dir
[  247.776352][   T29] audit: type=1400 audit(1756514348.548:19129): avc:  denied  { add_name } for  pid=19360 comm="syz.5.5886" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  247.808057][   T29] audit: type=1400 audit(1756514348.588:19130): avc:  denied  { read } for  pid=19360 comm="syz.5.5886" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  247.833655][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.860252][T19307] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.867328][T19307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.893510][T19307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.910639][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.922708][T19307] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.929785][T19307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.955981][T19307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  247.985083][T19307] hsr_slave_0: entered promiscuous mode
[  247.991596][T19307] hsr_slave_1: entered promiscuous mode
[  247.997559][T19307] debugfs: 'hsr0' already exists in 'hsr'
[  248.003296][T19307] Cannot create hsr debugfs directory
[  248.013082][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.046042][T19361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.056879][T19361] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.104646][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.123210][T19381] usb usb7: usbfs: process 19381 (syz.0.5891) did not claim interface 0 before use
[  248.202549][T19383] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5892'.
[  248.216297][T19383] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5892'.
[  248.225362][T19383] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5892'.
[  248.235401][   T12] bridge0: port 3(batadv0) entered disabled state
[  248.260810][   T12] bridge_slave_1: left allmulticast mode
[  248.266927][   T12] bridge_slave_1: left promiscuous mode
[  248.272638][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.288429][   T12] bridge_slave_0: left allmulticast mode
[  248.294133][   T12] bridge_slave_0: left promiscuous mode
[  248.299896][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.343066][T19392] netlink: 'syz.2.5896': attribute type 1 has an invalid length.
[  248.351000][T19392] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5896'.
[  248.439195][T19394] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5897'.
[  248.452987][T19394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5897'.
[  248.462125][T19394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5897'.
[  248.594442][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.686269][T19405] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5902'.
[  248.710768][T19407] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  248.710768][T19407]    program syz.5.5900 not setting count and/or reply_len properly
[  248.899316][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.909752][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.920255][   T12] bond0 (unregistering): Released all slaves
[  248.929576][   T12] bond1 (unregistering): (slave veth3): Releasing backup interface
[  248.938916][   T12] bond1 (unregistering): Released all slaves
[  248.946944][   T12] bond2 (unregistering): Released all slaves
[  248.955077][   T12] bond3 (unregistering): Released all slaves
[  248.963850][   T12] bond4 (unregistering): (slave veth9): Releasing backup interface
[  248.973276][   T12] bond4 (unregistering): Released all slaves
[  248.981667][   T12] bond5 (unregistering): Released all slaves
[  248.990549][   T12] bond6 (unregistering): Released all slaves
[  248.999098][   T12] bond7 (unregistering): Released all slaves
[  249.007540][   T12] bond8 (unregistering): Released all slaves
[  249.034488][T19409] pimreg: entered allmulticast mode
[  249.042386][T19411] pimreg: left allmulticast mode
[  249.061000][T19414] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5903'.
[  249.205917][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.213593][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.266147][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.273665][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.290086][   T12] veth1_macvtap: left promiscuous mode
[  249.297032][   T12] veth0_macvtap: left promiscuous mode
[  249.302703][   T12] veth1_vlan: left promiscuous mode
[  249.308852][   T12] veth0_vlan: left promiscuous mode
[  249.533870][T19422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.575272][T19422] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.789874][   T12] team0 (unregistering): Port device team_slave_1 removed
[  249.799308][   T12] team0 (unregistering): Port device team_slave_0 removed
[  250.126843][T19307] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  250.152243][T19307] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  250.167490][T19307] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  250.174687][T19490] 9pnet_fd: Insufficient options for proto=fd
[  250.187418][T19307] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  250.188456][T19492] loop5: detected capacity change from 0 to 1024
[  250.271796][T19492] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.279090][T19307] 8021q: adding VLAN 0 to HW filter on device bond0
[  250.297251][T19307] 8021q: adding VLAN 0 to HW filter on device team0
[  250.309060][T10073] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.316153][T10073] bridge0: port 1(bridge_slave_0) entered forwarding state
[  250.355490][T19525] netlink: 'syz.2.5930': attribute type 1 has an invalid length.
[  250.366911][  T586] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.374011][  T586] bridge0: port 2(bridge_slave_1) entered forwarding state
[  250.424751][T19537] netlink: 'syz.0.5933': attribute type 1 has an invalid length.
[  250.443502][T19525] 8021q: adding VLAN 0 to HW filter on device bond2
[  250.476817][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.491347][T19537] 8021q: adding VLAN 0 to HW filter on device bond1
[  250.579436][T19557] usb usb7: usbfs: process 19557 (syz.0.5940) did not claim interface 0 before use
[  250.617003][T19555] 9pnet_fd: Insufficient options for proto=fd
[  250.623522][T19560] 9pnet_fd: Insufficient options for proto=fd
[  250.646148][T19307] 8021q: adding VLAN 0 to HW filter on device batadv0
[  250.701375][T19574] FAULT_INJECTION: forcing a failure.
[  250.701375][T19574] name failslab, interval 1, probability 0, space 0, times 0
[  250.714168][T19574] CPU: 0 UID: 0 PID: 19574 Comm: syz.2.5944 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  250.714194][T19574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  250.714268][T19574] Call Trace:
[  250.714276][T19574]  <TASK>
[  250.714284][T19574]  __dump_stack+0x1d/0x30
[  250.714310][T19574]  dump_stack_lvl+0xe8/0x140
[  250.714336][T19574]  dump_stack+0x15/0x1b
[  250.714352][T19574]  should_fail_ex+0x265/0x280
[  250.714372][T19574]  should_failslab+0x8c/0xb0
[  250.714394][T19574]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  250.714423][T19574]  ? proc_alloc_inode+0x34/0x90
[  250.714530][T19574]  ? __pfx_proc_alloc_inode+0x10/0x10
[  250.714555][T19574]  proc_alloc_inode+0x34/0x90
[  250.714582][T19574]  alloc_inode+0x40/0x170
[  250.714602][T19574]  new_inode+0x1d/0xe0
[  250.714679][T19574]  proc_pid_make_inode+0x1f/0xd0
[  250.714696][T19574]  proc_ns_dir_lookup+0x486/0x560
[  250.714725][T19574]  ? __pfx_proc_ns_dir_lookup+0x10/0x10
[  250.714749][T19574]  path_openat+0xcf0/0x2170
[  250.714776][T19574]  do_filp_open+0x109/0x230
[  250.714874][T19574]  ? __pfx_kfree_link+0x10/0x10
[  250.714899][T19574]  do_sys_openat2+0xa6/0x110
[  250.714929][T19574]  __x64_sys_openat+0xf2/0x120
[  250.715023][T19574]  x64_sys_call+0x2e9c/0x2ff0
[  250.715045][T19574]  do_syscall_64+0xd2/0x200
[  250.715146][T19574]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  250.715216][T19574]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  250.715240][T19574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.715260][T19574] RIP: 0033:0x7f042934d550
[  250.715276][T19574] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  250.715315][T19574] RSP: 002b:00007f0427db6f70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  250.715336][T19574] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f042934d550
[  250.715349][T19574] RDX: 0000000000000000 RSI: 00007f04293d1f06 RDI: 00000000ffffff9c
[  250.715363][T19574] RBP: 00007f04293d1f06 R08: 0000000000000000 R09: 0000000000000000
[  250.715376][T19574] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  250.715388][T19574] R13: 00007f0429586038 R14: 00007f0429585fa0 R15: 00007ffe6b0d57b8
[  250.715466][T19574]  </TASK>
[  250.789755][T19307] veth0_vlan: entered promiscuous mode
[  250.827502][T19584] netlink: 'syz.2.5946': attribute type 1 has an invalid length.
[  250.896398][T19307] veth1_vlan: entered promiscuous mode
[  250.975636][T19584] 8021q: adding VLAN 0 to HW filter on device bond3
[  250.996854][T19307] veth0_macvtap: entered promiscuous mode
[  251.005007][T19307] veth1_macvtap: entered promiscuous mode
[  251.033564][T19307] batman_adv: batadv0: Interface activated: batadv_slave_0
[  251.048269][T19307] batman_adv: batadv0: Interface activated: batadv_slave_1
[  251.071771][  T586] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.090249][  T586] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.100612][  T586] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.114397][  T586] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.195199][T19605] 9pnet_fd: Insufficient options for proto=fd
[  251.534768][T19619] usb usb7: usbfs: process 19619 (syz.4.5959) did not claim interface 0 before use
[  252.229330][T19686] loop5: detected capacity change from 0 to 128
[  252.256703][T19684] syz.5.5991: attempt to access beyond end of device
[  252.256703][T19684] loop5: rw=2049, sector=138, nr_sectors = 8 limit=128
[  252.304632][T19690] loop1: detected capacity change from 0 to 512
[  252.313777][T19690] EXT4-fs: Ignoring removed nobh option
[  252.324501][T19663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.342841][T19663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.343964][T19690] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.461498][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.503622][   T29] kauditd_printk_skb: 597 callbacks suppressed
[  252.503642][   T29] audit: type=1400 audit(1756514353.288:19728): avc:  denied  { add_name } for  pid=19698 comm="syz.0.5994" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  252.535346][   T29] audit: type=1400 audit(1756514353.288:19729): avc:  denied  { create } for  pid=19698 comm="syz.0.5994" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  252.556123][   T29] audit: type=1400 audit(1756514353.288:19730): avc:  denied  { associate } for  pid=19698 comm="syz.0.5994" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  252.755240][   T29] audit: type=1400 audit(1756514353.408:19731): avc:  denied  { create } for  pid=19700 comm="syz.1.5995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  252.768340][T19708] __nla_validate_parse: 20 callbacks suppressed
[  252.768357][T19708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5998'.
[  252.775357][   T29] audit: type=1400 audit(1756514353.408:19732): avc:  denied  { setopt } for  pid=19700 comm="syz.1.5995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  252.788275][T19706] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5996'.
[  252.790649][   T29] audit: type=1400 audit(1756514353.418:19733): avc:  denied  { map } for  pid=19700 comm="syz.1.5995" path="socket:[64910]" dev="sockfs" ino=64910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  252.843002][   T29] audit: type=1400 audit(1756514353.418:19734): avc:  denied  { read write } for  pid=19700 comm="syz.1.5995" path="socket:[64910]" dev="sockfs" ino=64910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  252.867275][   T29] audit: type=1400 audit(1756514353.458:19735): avc:  denied  { unmount } for  pid=13857 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  252.887523][   T29] audit: type=1400 audit(1756514353.538:19736): avc:  denied  { write } for  pid=19707 comm="syz.1.5998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  252.899250][T19703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5996'.
[  252.911028][   T29] audit: type=1326 audit(1756514353.638:19737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19709 comm="syz.5.5999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f395961ebe9 code=0x7ffc0000
[  252.917264][T19703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5996'.
[  253.030859][T19718] usb usb7: usbfs: process 19718 (syz.5.6003) did not claim interface 0 before use
[  253.101765][T19714] 9pnet_fd: Insufficient options for proto=fd
[  253.163303][T19738] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6013'.
[  253.311704][T19758] loop1: detected capacity change from 0 to 1024
[  253.340934][T19758] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.357745][T19764] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  253.357745][T19764]    program syz.4.6023 not setting count and/or reply_len properly
[  253.383388][T19758] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[  253.480552][T19767] loop5: detected capacity change from 0 to 512
[  253.487641][T19767] EXT4-fs: Ignoring removed nobh option
[  253.498386][T19764] pimreg: entered allmulticast mode
[  253.505927][T19764] pimreg: left allmulticast mode
[  253.542781][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.589551][T19767] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.646501][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.834405][T19778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6028'.
[  253.922107][T19785] netlink: 'syz.2.6032': attribute type 1 has an invalid length.
[  253.956077][T19785] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6032'.
[  253.971598][T19785] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6032'.
[  253.981263][T19785] 8021q: adding VLAN 0 to HW filter on device bond4
[  254.002606][T19793] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6035'.
[  254.174575][T19806] 9pnet_fd: Insufficient options for proto=fd
[  254.219705][T19813] loop5: detected capacity change from 0 to 512
[  254.244918][T19818] netlink: 'syz.0.6047': attribute type 1 has an invalid length.
[  254.254329][T19813] EXT4-fs: Ignoring removed nobh option
[  254.261444][T19818] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6047'.
[  254.282188][T19818] 8021q: adding VLAN 0 to HW filter on device bond2
[  254.305756][T19813] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.448758][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.320203][T19858] usb usb7: usbfs: process 19858 (syz.0.6062) did not claim interface 0 before use
[  255.546310][T19885] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  255.546310][T19885]    program syz.0.6071 not setting count and/or reply_len properly
[  255.584843][T19885] pimreg: entered allmulticast mode
[  255.592026][T19885] pimreg: left allmulticast mode
[  255.680135][T19874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  255.689380][T19874] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.730584][T19903] 9pnet_fd: Insufficient options for proto=fd
[  255.821005][T19914] loop1: detected capacity change from 0 to 512
[  255.829399][T19914] EXT4-fs: Ignoring removed nobh option
[  255.846959][T19914] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.874485][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.961748][T19929] 9pnet_fd: Insufficient options for proto=fd
[  256.034668][T19939] loop1: detected capacity change from 0 to 512
[  256.043884][T19939] EXT4-fs: Ignoring removed nobh option
[  256.061316][T19939] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.128212][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.195395][T19954] loop1: detected capacity change from 0 to 512
[  256.228136][T19954] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.246075][T19954] ext4 filesystem being mounted at /535/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  256.261496][T19954] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.6105: corrupted inode contents
[  256.273892][T19954] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #2: comm syz.1.6105: mark_inode_dirty error
[  256.294747][T19964] 9pnet_fd: Insufficient options for proto=fd
[  256.301517][T19954] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.6105: corrupted inode contents
[  256.315304][T19954] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.6105: mark_inode_dirty error
[  256.333677][T19954] EXT4-fs error (device loop1): ext4_lookup:1784: inode #18: comm syz.1.6105: 'file0' linked to parent dir
[  256.564775][T19954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  256.580536][T19954] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  256.718120][T20019] netlink: 'syz.2.6132': attribute type 1 has an invalid length.
[  256.972513][T20026] veth5: entered promiscuous mode
[  257.062967][T20031] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  257.062967][T20031]    program syz.5.6134 not setting count and/or reply_len properly
[  257.147338][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.351984][T20052] netlink: 'syz.4.6145': attribute type 1 has an invalid length.
[  257.415739][T20052] veth3: entered promiscuous mode
[  257.432619][T20052] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  257.528571][   T29] kauditd_printk_skb: 642 callbacks suppressed
[  257.528590][   T29] audit: type=1326 audit(1756514358.318:20380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20060 comm="syz.0.6148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54d60debe9 code=0x7ffc0000
[  257.609770][   T29] audit: type=1400 audit(1756514358.348:20381): avc:  denied  { create } for  pid=20040 comm="syz.1.6140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  257.630593][   T29] audit: type=1400 audit(1756514358.348:20382): avc:  denied  { write } for  pid=20040 comm="syz.1.6140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  257.652055][   T29] audit: type=1326 audit(1756514358.358:20383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20060 comm="syz.0.6148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f54d60debe9 code=0x7ffc0000
[  257.675695][   T29] audit: type=1326 audit(1756514358.358:20384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20060 comm="syz.0.6148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54d60debe9 code=0x7ffc0000
[  257.699552][   T29] audit: type=1326 audit(1756514358.358:20385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20060 comm="syz.0.6148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f54d60debe9 code=0x7ffc0000
[  257.723255][   T29] audit: type=1326 audit(1756514358.358:20386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20060 comm="syz.0.6148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54d60debe9 code=0x7ffc0000
[  257.747033][   T29] audit: type=1400 audit(1756514358.378:20387): avc:  denied  { create } for  pid=20062 comm="syz.0.6150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  257.766981][   T29] audit: type=1400 audit(1756514358.378:20388): avc:  denied  { setopt } for  pid=20062 comm="syz.0.6150" lport=252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  257.787881][   T29] audit: type=1326 audit(1756514358.398:20389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20057 comm="syz.4.6147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc01737ebe9 code=0x7ffc0000
[  257.790093][T20065] __nla_validate_parse: 34 callbacks suppressed
[  257.790109][T20065] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6149'.
[  257.848203][T20068] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6149'.
[  257.857259][T20068] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6149'.
[  257.906701][T20078] netlink: 'syz.0.6155': attribute type 1 has an invalid length.
[  257.980316][T20086] netlink: 'syz.5.6157': attribute type 1 has an invalid length.
[  257.995549][T20078] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6155'.
[  258.065447][T20093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6155'.
[  258.077603][T20090] veth9: entered promiscuous mode
[  258.084450][T20090] bond6: (slave veth9): Enslaving as a backup interface with a down link
[  258.093344][T20086] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6157'.
[  258.132673][T20093] 8021q: adding VLAN 0 to HW filter on device bond3
[  258.208650][T20103] netlink: 232 bytes leftover after parsing attributes in process `syz.2.6166'.
[  258.229836][T20107] FAULT_INJECTION: forcing a failure.
[  258.229836][T20107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.242960][T20107] CPU: 1 UID: 0 PID: 20107 Comm: syz.5.6168 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  258.242994][T20107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  258.243008][T20107] Call Trace:
[  258.243014][T20107]  <TASK>
[  258.243022][T20107]  __dump_stack+0x1d/0x30
[  258.243072][T20107]  dump_stack_lvl+0xe8/0x140
[  258.243089][T20107]  dump_stack+0x15/0x1b
[  258.243104][T20107]  should_fail_ex+0x265/0x280
[  258.243212][T20107]  should_fail+0xb/0x20
[  258.243232][T20107]  should_fail_usercopy+0x1a/0x20
[  258.243255][T20107]  _copy_from_user+0x1c/0xb0
[  258.243284][T20107]  ___sys_sendmsg+0xc1/0x1d0
[  258.243346][T20107]  __x64_sys_sendmsg+0xd4/0x160
[  258.243373][T20107]  x64_sys_call+0x191e/0x2ff0
[  258.243396][T20107]  do_syscall_64+0xd2/0x200
[  258.243423][T20107]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  258.243450][T20107]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  258.243474][T20107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.243565][T20107] RIP: 0033:0x7f395961ebe9
[  258.243583][T20107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.243603][T20107] RSP: 002b:00007f3958087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  258.243626][T20107] RAX: ffffffffffffffda RBX: 00007f3959855fa0 RCX: 00007f395961ebe9
[  258.243640][T20107] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000006
[  258.243732][T20107] RBP: 00007f3958087090 R08: 0000000000000000 R09: 0000000000000000
[  258.243745][T20107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  258.243759][T20107] R13: 00007f3959856038 R14: 00007f3959855fa0 R15: 00007ffe33511068
[  258.243778][T20107]  </TASK>
[  258.447281][T20112] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  258.447281][T20112]    program syz.4.6165 not setting count and/or reply_len properly
[  258.645135][T20134] 9pnet_fd: Insufficient options for proto=fd
[  258.751657][T20148] loop5: detected capacity change from 0 to 512
[  258.758682][T20148] EXT4-fs: Ignoring removed nobh option
[  258.773920][T20148] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.816391][T20158] loop1: detected capacity change from 0 to 164
[  258.823730][T20156] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6190'.
[  258.835234][T20158] ISOFS: unable to read i-node block
[  258.840582][T20158] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  258.846743][T20156] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6190'.
[  258.858808][T20156] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6190'.
[  258.869738][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.942655][T20161] hub 2-0:1.0: USB hub found
[  258.953187][T20161] hub 2-0:1.0: 8 ports detected
[  258.958672][T20169] FAULT_INJECTION: forcing a failure.
[  258.958672][T20169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.971875][T20169] CPU: 0 UID: 0 PID: 20169 Comm: syz.5.6196 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  258.971901][T20169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  258.971912][T20169] Call Trace:
[  258.971919][T20169]  <TASK>
[  258.971927][T20169]  __dump_stack+0x1d/0x30
[  258.971950][T20169]  dump_stack_lvl+0xe8/0x140
[  258.971979][T20169]  dump_stack+0x15/0x1b
[  258.972016][T20169]  should_fail_ex+0x265/0x280
[  258.972109][T20169]  should_fail+0xb/0x20
[  258.972128][T20169]  should_fail_usercopy+0x1a/0x20
[  258.972152][T20169]  strncpy_from_user+0x25/0x230
[  258.972225][T20169]  ? __kmalloc_cache_noprof+0x189/0x320
[  258.972256][T20169]  __se_sys_memfd_create+0x1ff/0x590
[  258.972331][T20169]  __x64_sys_memfd_create+0x31/0x40
[  258.972427][T20169]  x64_sys_call+0x2abe/0x2ff0
[  258.972445][T20169]  do_syscall_64+0xd2/0x200
[  258.972512][T20169]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  258.972608][T20169]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  258.972635][T20169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.972657][T20169] RIP: 0033:0x7f395961ebe9
[  258.972673][T20169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.972689][T20169] RSP: 002b:00007f3958086e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  258.972737][T20169] RAX: ffffffffffffffda RBX: 000000000000070a RCX: 00007f395961ebe9
[  258.972749][T20169] RDX: 00007f3958086ef0 RSI: 0000000000000000 RDI: 00007f39596a27e8
[  258.972762][T20169] RBP: 00002000000232c0 R08: 00007f3958086bb7 R09: 00007f3958086e40
[  258.972776][T20169] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0
[  258.972789][T20169] R13: 00007f3958086ef0 R14: 00007f3958086eb0 R15: 00002000000000c0
[  258.972844][T20169]  </TASK>
[  259.282072][T20187] loop5: detected capacity change from 0 to 512
[  259.301427][T20187] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  259.344187][T20187] EXT4-fs (loop5): 1 truncate cleaned up
[  259.359091][T20187] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.425148][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.459390][T20204] loop1: detected capacity change from 0 to 128
[  259.473292][T20207] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  259.473292][T20207]    program syz.4.6211 not setting count and/or reply_len properly
[  259.520916][T20204] syz.1.6214: attempt to access beyond end of device
[  259.520916][T20204] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128
[  259.552575][T20204] syz.1.6214: attempt to access beyond end of device
[  259.552575][T20204] loop1: rw=2049, sector=144, nr_sectors = 2 limit=128
[  259.566510][T20204] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  259.619675][T20218] netlink: 'syz.5.6216': attribute type 1 has an invalid length.
[  259.898374][T20234] 9pnet_fd: Insufficient options for proto=fd
[  260.438732][T20315] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  260.438732][T20315]    program syz.0.6262 not setting count and/or reply_len properly
[  260.462174][T20312] loop5: detected capacity change from 0 to 128
[  260.486829][T20312] syz.5.6265: attempt to access beyond end of device
[  260.486829][T20312] loop5: rw=2049, sector=138, nr_sectors = 8 limit=128
[  260.503000][T20312] syz.5.6265: attempt to access beyond end of device
[  260.503000][T20312] loop5: rw=2049, sector=146, nr_sectors = 8 limit=128
[  260.518055][T20312] syz.5.6265: attempt to access beyond end of device
[  260.518055][T20312] loop5: rw=2049, sector=152, nr_sectors = 2 limit=128
[  260.531545][T20312] Buffer I/O error on dev loop5, logical block 76, lost async page write
[  260.540870][T20312] syz.5.6265: attempt to access beyond end of device
[  260.540870][T20312] loop5: rw=2049, sector=170, nr_sectors = 8 limit=128
[  260.555002][T20312] syz.5.6265: attempt to access beyond end of device
[  260.555002][T20312] loop5: rw=2049, sector=176, nr_sectors = 2 limit=128
[  260.568469][T20312] Buffer I/O error on dev loop5, logical block 88, lost async page write
[  260.577763][T20312] syz.5.6265: attempt to access beyond end of device
[  260.577763][T20312] loop5: rw=2049, sector=178, nr_sectors = 8 limit=128
[  260.591878][T20312] syz.5.6265: attempt to access beyond end of device
[  260.591878][T20312] loop5: rw=2049, sector=184, nr_sectors = 2 limit=128
[  260.605345][T20312] Buffer I/O error on dev loop5, logical block 92, lost async page write
[  260.615373][T20312] syz.5.6265: attempt to access beyond end of device
[  260.615373][T20312] loop5: rw=2049, sector=202, nr_sectors = 8 limit=128
[  260.631007][T20312] Buffer I/O error on dev loop5, logical block 104, lost async page write
[  260.641630][T20312] Buffer I/O error on dev loop5, logical block 108, lost async page write
[  260.651491][T20312] Buffer I/O error on dev loop5, logical block 120, lost async page write
[  260.661287][T20312] Buffer I/O error on dev loop5, logical block 124, lost async page write
[  260.677724][T20312] Buffer I/O error on dev loop5, logical block 80, lost async page write
[  260.687990][T20312] Buffer I/O error on dev loop5, logical block 84, lost async page write
[  260.706788][T20327] netlink: 'syz.2.6270': attribute type 1 has an invalid length.
[  260.754525][T20327] veth5: entered promiscuous mode
[  260.768698][T20327] bond6: (slave veth5): Enslaving as a backup interface with a down link
[  260.929762][T20337] loop5: detected capacity change from 0 to 512
[  261.198740][T20337] EXT4-fs (loop5): orphan cleanup on readonly fs
[  261.207489][T20337] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.6273: bg 0: block 248: padding at end of block bitmap is not set
[  261.235909][T20337] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.6273: Failed to acquire dquot type 1
[  261.262198][T20337] EXT4-fs (loop5): 1 truncate cleaned up
[  261.271910][T20337] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  261.313134][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.572951][T20370] netlink: 'syz.4.6288': attribute type 1 has an invalid length.
[  261.610815][T20370] veth5: entered promiscuous mode
[  261.618293][T20374] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  261.618293][T20374]    program syz.2.6287 not setting count and/or reply_len properly
[  261.636945][T20370] bond2: (slave veth5): Enslaving as a backup interface with a down link
[  261.767872][T20386] vlan2: entered allmulticast mode
[  261.773063][T20386] bridge0: entered allmulticast mode
[  262.315063][T20396] loop1: detected capacity change from 0 to 512
[  262.330806][T20396] EXT4-fs: Ignoring removed nobh option
[  262.360574][T20396] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.393525][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.599676][   T29] kauditd_printk_skb: 627 callbacks suppressed
[  262.599694][   T29] audit: type=1400 audit(1756514363.388:21015): avc:  denied  { read write } for  pid=12162 comm="syz-executor" name="loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  262.653018][   T29] audit: type=1400 audit(1756514363.388:21016): avc:  denied  { open } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  262.677711][   T29] audit: type=1400 audit(1756514363.388:21017): avc:  denied  { ioctl } for  pid=12162 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=1128 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  262.703720][   T29] audit: type=1400 audit(1756514363.428:21018): avc:  denied  { prog_load } for  pid=20413 comm="syz.1.6305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  262.703744][   T29] audit: type=1400 audit(1756514363.428:21019): avc:  denied  { bpf } for  pid=20413 comm="syz.1.6305" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  262.703763][   T29] audit: type=1400 audit(1756514363.428:21020): avc:  denied  { map_create } for  pid=20413 comm="syz.1.6305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  262.703816][   T29] audit: type=1400 audit(1756514363.428:21021): avc:  denied  { map_read map_write } for  pid=20413 comm="syz.1.6305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  262.783269][   T29] audit: type=1400 audit(1756514363.428:21022): avc:  denied  { create } for  pid=20413 comm="syz.1.6305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  262.803017][   T29] audit: type=1400 audit(1756514363.438:21023): avc:  denied  { write } for  pid=20413 comm="syz.1.6305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  262.895275][   T29] audit: type=1400 audit(1756514363.468:21024): avc:  denied  { read } for  pid=20413 comm="syz.1.6305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  263.082702][T20434] __nla_validate_parse: 33 callbacks suppressed
[  263.082718][T20434] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6314'.
[  263.098119][T20434] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6314'.
[  263.178681][T20440] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6316'.
[  263.199170][T20440] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6316'.
[  263.208207][T20440] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6316'.
[  263.277253][T20446] usb usb7: usbfs: process 20446 (syz.5.6319) did not claim interface 0 before use
[  263.516391][T20465] loop5: detected capacity change from 0 to 128
[  263.933336][T20481] loop1: detected capacity change from 0 to 512
[  263.977840][T20481] EXT4-fs (loop1): orphan cleanup on readonly fs
[  263.991051][T20481] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.6334: bg 0: block 248: padding at end of block bitmap is not set
[  264.030632][T20481] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.6334: Failed to acquire dquot type 1
[  264.101406][T20485] 9pnet_fd: Insufficient options for proto=fd
[  264.109267][T20481] EXT4-fs (loop1): 1 truncate cleaned up
[  264.129920][T20481] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  264.191117][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.201387][T20496] loop5: detected capacity change from 0 to 512
[  264.221722][T20496] EXT4-fs: Ignoring removed nobh option
[  264.245734][T20502] loop1: detected capacity change from 0 to 128
[  264.257317][T20496] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  264.290217][T20505] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  264.290217][T20505]    program syz.0.6343 not setting count and/or reply_len properly
[  264.323868][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.338835][T20505] pimreg: entered allmulticast mode
[  264.346097][T20505] pimreg: left allmulticast mode
[  264.404899][T20507] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6344'.
[  264.416303][T20507] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6344'.
[  264.425333][T20507] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6344'.
[  264.490571][T20511] 9pnet_fd: Insufficient options for proto=fd
[  264.599582][T20522] loop5: detected capacity change from 0 to 128
[  264.621455][T20522] bio_check_eod: 25 callbacks suppressed
[  264.621535][T20522] syz.5.6351: attempt to access beyond end of device
[  264.621535][T20522] loop5: rw=2049, sector=138, nr_sectors = 8 limit=128
[  264.658739][T20528] loop1: detected capacity change from 0 to 512
[  264.666830][T20522] syz.5.6351: attempt to access beyond end of device
[  264.666830][T20522] loop5: rw=2049, sector=146, nr_sectors = 8 limit=128
[  264.685749][T20528] EXT4-fs: Ignoring removed nobh option
[  264.692492][T20522] syz.5.6351: attempt to access beyond end of device
[  264.692492][T20522] loop5: rw=2049, sector=152, nr_sectors = 2 limit=128
[  264.705979][T20522] buffer_io_error: 7 callbacks suppressed
[  264.705995][T20522] Buffer I/O error on dev loop5, logical block 76, lost async page write
[  264.727346][T20522] syz.5.6351: attempt to access beyond end of device
[  264.727346][T20522] loop5: rw=2049, sector=170, nr_sectors = 8 limit=128
[  264.743501][T20528] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  264.756300][T20522] syz.5.6351: attempt to access beyond end of device
[  264.756300][T20522] loop5: rw=2049, sector=176, nr_sectors = 2 limit=128
[  264.769997][T20522] Buffer I/O error on dev loop5, logical block 88, lost async page write
[  264.791924][T20522] syz.5.6351: attempt to access beyond end of device
[  264.791924][T20522] loop5: rw=2049, sector=178, nr_sectors = 8 limit=128
[  264.808139][T12162] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.829614][T20522] syz.5.6351: attempt to access beyond end of device
[  264.829614][T20522] loop5: rw=2049, sector=184, nr_sectors = 2 limit=128
[  264.843294][T20522] Buffer I/O error on dev loop5, logical block 92, lost async page write
[  264.862537][T20540] netlink: 'syz.1.6358': attribute type 1 has an invalid length.
[  264.880202][T20522] syz.5.6351: attempt to access beyond end of device
[  264.880202][T20522] loop5: rw=2049, sector=202, nr_sectors = 8 limit=128
[  264.909748][T20543] 9pnet_fd: Insufficient options for proto=fd
[  264.920742][T20540] veth7: entered promiscuous mode
[  264.933359][T20540] bond3: (slave veth7): Enslaving as a backup interface with a down link
[  264.952376][T20522] syz.5.6351: attempt to access beyond end of device
[  264.952376][T20522] loop5: rw=2049, sector=208, nr_sectors = 2 limit=128
[  264.965920][T20522] Buffer I/O error on dev loop5, logical block 104, lost async page write
[  264.986463][T20544] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6358'.
[  265.045654][T20522] syz.5.6351: attempt to access beyond end of device
[  265.045654][T20522] loop5: rw=2049, sector=210, nr_sectors = 8 limit=128
[  265.108438][T20522] Buffer I/O error on dev loop5, logical block 108, lost async page write
[  265.134480][T20522] Buffer I/O error on dev loop5, logical block 120, lost async page write
[  265.140813][T20557] usb usb7: usbfs: process 20557 (syz.1.6365) did not claim interface 0 before use
[  265.152665][T20555] netlink: 'syz.4.6366': attribute type 1 has an invalid length.
[  265.167724][T20522] Buffer I/O error on dev loop5, logical block 124, lost async page write
[  265.237350][T20563] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6367'.
[  265.278127][T20522] Buffer I/O error on dev loop5, logical block 80, lost async page write
[  265.287462][T20522] Buffer I/O error on dev loop5, logical block 84, lost async page write
[  265.299357][T20522] Buffer I/O error on dev loop5, logical block 112, lost async page write
[  265.343591][T20555] 8021q: adding VLAN 0 to HW filter on device bond3
[  265.425377][T20568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.442969][T20568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.528784][T20574] loop5: detected capacity change from 0 to 128
[  265.800291][T20585] loop5: detected capacity change from 0 to 512
[  265.806992][T20585] EXT4-fs: Ignoring removed nobh option
[  265.819549][T20585] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.848977][T13857] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.884291][T20590] loop5: detected capacity change from 0 to 128
[  266.032834][T20600] netlink: 'syz.1.6382': attribute type 1 has an invalid length.
[  266.060196][T20600] veth9: entered promiscuous mode
[  266.093656][T20600] bond4: (slave veth9): Enslaving as a backup interface with a down link
[  266.175500][T20615] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  266.175500][T20615]    program syz.5.6386 not setting count and/or reply_len properly
[  266.211189][T20615] pimreg: entered allmulticast mode
[  266.224970][T20615] pimreg: left allmulticast mode
[  266.559653][T20635] netlink: 'syz.2.6397': attribute type 1 has an invalid length.
[  266.591298][T20635] veth7: entered promiscuous mode
[  266.599513][T20635] bond7: (slave veth7): Enslaving as a backup interface with a down link
[  267.103608][T20665] netlink: 'syz.0.6410': attribute type 1 has an invalid length.
[  267.129278][T20667] 9pnet_fd: Insufficient options for proto=fd
[  267.154376][T20665] veth3: entered promiscuous mode
[  267.171984][T20672] loop5: detected capacity change from 0 to 128
[  267.172862][T20665] bond4: (slave veth3): Enslaving as a backup interface with a down link
[  267.254350][T20678] usb usb7: usbfs: process 20678 (syz.1.6416) did not claim interface 0 before use
[  267.435188][T20696] netlink: 'syz.0.6425': attribute type 1 has an invalid length.
[  267.436585][T20691] loop1: detected capacity change from 0 to 2048
[  267.557655][T20700] veth5: entered promiscuous mode
[  267.650384][   T29] kauditd_printk_skb: 490 callbacks suppressed
[  267.650426][   T29] audit: type=1400 audit(1756514368.438:21513): avc:  denied  { create } for  pid=20701 comm="syz.5.6427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  267.677618][   T29] audit: type=1400 audit(1756514368.438:21514): avc:  denied  { read } for  pid=20701 comm="syz.5.6427" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  267.701135][   T29] audit: type=1400 audit(1756514368.438:21515): avc:  denied  { open } for  pid=20701 comm="syz.5.6427" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  267.726225][   T29] audit: type=1400 audit(1756514368.438:21516): avc:  denied  { ioctl } for  pid=20701 comm="syz.5.6427" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  267.810460][   T29] audit: type=1326 audit(1756514368.598:21517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20711 comm="syz.2.6431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042934ebe9 code=0x7ffc0000
[  267.834897][   T29] audit: type=1326 audit(1756514368.598:21518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20711 comm="syz.2.6431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042934ebe9 code=0x7ffc0000
[  267.870754][T20714] usb usb7: usbfs: process 20714 (syz.0.6432) did not claim interface 0 before use
[  267.921006][   T29] audit: type=1326 audit(1756514368.658:21519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20711 comm="syz.2.6431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f042934ebe9 code=0x7ffc0000
[  267.944755][   T29] audit: type=1326 audit(1756514368.658:21520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20711 comm="syz.2.6431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042934ebe9 code=0x7ffc0000
[  267.968471][   T29] audit: type=1326 audit(1756514368.658:21521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20711 comm="syz.2.6431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042934ebe9 code=0x7ffc0000
[  267.992349][   T29] audit: type=1326 audit(1756514368.658:21522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20711 comm="syz.2.6431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f042934ebe9 code=0x7ffc0000
[  268.021905][T20715] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  268.021905][T20715]    program syz.5.6429 not setting count and/or reply_len properly
[  268.048382][T20725] loop1: detected capacity change from 0 to 128
[  268.051459][T20715] pimreg: entered allmulticast mode
[  268.078537][T20715] pimreg: left allmulticast mode
[  268.131673][T20727] __nla_validate_parse: 7 callbacks suppressed
[  268.131688][T20727] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6437'.
[  268.150513][T20729] netlink: 'syz.4.6438': attribute type 1 has an invalid length.
[  268.152223][T20727] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6437'.
[  268.167698][T20727] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6437'.
[  268.177384][T20729] veth7: entered promiscuous mode
[  268.183857][T20729] bond4: (slave veth7): Enslaving as a backup interface with a down link
[  268.528156][T20768] 9pnet_fd: Insufficient options for proto=fd
[  268.720465][T20787] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6464'.
[  268.730294][T20787] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6464'.
[  268.812675][T20795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6469'.
[  268.869922][T20800] usb usb7: usbfs: process 20800 (syz.4.6468) did not claim interface 0 before use
[  269.038729][T20819] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6480'.
[  269.095795][T20824] loop5: detected capacity change from 0 to 128
[  269.161582][T20826] usb usb7: usbfs: process 20826 (syz.1.6483) did not claim interface 0 before use
[  269.194542][T20828] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6484'.
[  269.203605][T20828] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6484'.
[  269.289614][ T2994] ==================================================================
[  269.297747][ T2994] BUG: KCSAN: data-race in set_nlink / set_nlink
[  269.304090][ T2994] 
[  269.306419][ T2994] read to 0xffff888119d415f0 of 4 bytes by task 3294 on cpu 0:
[  269.313960][ T2994]  set_nlink+0x29/0xb0
[  269.318035][ T2994]  kernfs_iop_permission+0x1e2/0x220
[  269.323323][ T2994]  inode_permission+0x1ca/0x310
[  269.328181][ T2994]  link_path_walk+0x162/0x900
[  269.332860][ T2994]  path_openat+0x1de/0x2170
[  269.337365][ T2994]  do_filp_open+0x109/0x230
[  269.341869][ T2994]  do_sys_openat2+0xa6/0x110
[  269.346464][ T2994]  __x64_sys_openat+0xf2/0x120
[  269.351236][ T2994]  x64_sys_call+0x2e9c/0x2ff0
[  269.355917][ T2994]  do_syscall_64+0xd2/0x200
[  269.360424][ T2994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.366315][ T2994] 
[  269.368635][ T2994] write to 0xffff888119d415f0 of 4 bytes by task 2994 on cpu 1:
[  269.376262][ T2994]  set_nlink+0x99/0xb0
[  269.380340][ T2994]  kernfs_iop_permission+0x1e2/0x220
[  269.385639][ T2994]  inode_permission+0x1ca/0x310
[  269.390503][ T2994]  link_path_walk+0x162/0x900
[  269.395192][ T2994]  path_lookupat+0x63/0x2a0
[  269.399699][ T2994]  filename_lookup+0x147/0x340
[  269.404475][ T2994]  vfs_statx+0x9d/0x390
[  269.408645][ T2994]  vfs_fstatat+0x115/0x170
[  269.413066][ T2994]  __se_sys_newfstatat+0x55/0x260
[  269.418097][ T2994]  __x64_sys_newfstatat+0x55/0x70
[  269.423133][ T2994]  x64_sys_call+0x135a/0x2ff0
[  269.427813][ T2994]  do_syscall_64+0xd2/0x200
[  269.432319][ T2994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.438217][ T2994] 
[  269.440540][ T2994] value changed: 0x00000009 -> 0x00000008
[  269.446600][ T2994] 
[  269.448918][ T2994] Reported by Kernel Concurrency Sanitizer on:
[  269.455070][ T2994] CPU: 1 UID: 0 PID: 2994 Comm: udevd Not tainted syzkaller #0 PREEMPT(voluntary) 
[  269.464354][ T2994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  269.474408][ T2994] ==================================================================