last executing test programs:

6.954933979s ago: executing program 0 (id=6526):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20)
listen(0xffffffffffffffff, 0x0)
io_setup(0xb2, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{}], 0x1, 0x0, 0x0, 0x0)

3.358064769s ago: executing program 2 (id=6605):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x165000, 0x20)
flock(r0, 0x1)
fspick(0xffffffffffffffff, &(0x7f0000001680)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
poll(0x0, 0x0, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x4}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8044)

2.564479633s ago: executing program 0 (id=6611):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x8, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x4, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f00000001c0)='cpu<-0\t\t\t')
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)=@ipv6_delrule={0x38, 0x21, 0x1, 0x70bd27, 0x25dfdbff, {0xa, 0x14, 0x0, 0x7, 0x7, 0x0, 0x0, 0x6, 0x1000c}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x4, 0x1c64}, @FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)

2.459723051s ago: executing program 2 (id=6613):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x4}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x3}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x28000}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522ec, 0x0, {0x0, 0x0, 0x74, r3, {0x10, 0xf}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

2.312330103s ago: executing program 0 (id=6617):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f00000000c0)={0x1, 'vlan1\x00', {}, 0x5832})
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x100, 0x1ff, 0x1, 0x6, 0xfffffffffffffffa, 0x5, 0x2, 0x8}, &(0x7f0000000080)={0x7f, 0x3, 0xfffffffffffffff8, 0x8001, 0x28a0, 0x82, 0x7, 0x5}, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
stat(0x0, 0x0)

2.265708377s ago: executing program 2 (id=6618):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f00000000c0)={0x1, 'vlan1\x00', {}, 0x5832})
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x100, 0x1ff, 0x1, 0x6, 0xfffffffffffffffa, 0x5, 0x2, 0x8}, &(0x7f0000000080)={0x7f, 0x3, 0xfffffffffffffff8, 0x8001, 0x28a0, 0x82, 0x7, 0x5}, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
stat(0x0, 0x0)
write(r3, &(0x7f00000009c0)="3bf58d7d45d3", 0x6)
r4 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r5 = epoll_create1(0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', <r6=>0x0})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000576ff1e1db61ed87e00000095000000000000005ecc69612c3df19ff6d656"], &(0x7f00000000c0)='GPL\x00', 0xb, 0x65, &(0x7f00000001c0)=""/101, 0x41000, 0x23, '\x00', r6, @fallback=0x8, r7, 0x8, &(0x7f0000000240)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xe, 0x7, 0x80000001}, 0x10, 0x0, r2, 0x6, 0x0, &(0x7f00000002c0)=[{0x2, 0x2, 0x4, 0x8}, {0x3, 0x1, 0x3, 0xa}, {0x4, 0x3, 0x6, 0x8}, {0x1, 0x3, 0x2, 0x4}, {0x0, 0x1, 0x8, 0x7}, {0x5, 0x4, 0xa, 0xc}], 0x10, 0xffff34f0}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0xa0000004})
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7fffeffd)
listxattr(0x0, 0x0, 0x0)

2.146602336s ago: executing program 0 (id=6619):
socket$kcm(0x10, 0x2, 0x0)
r0 = open(0x0, 0x1c5142, 0x1)
sendfile(r0, r0, 0x0, 0x800000009)
setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x1, 0x4)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0xa40, 0x2e8, 0x2e8, 0xa40, 0x2e8, 0x3, 0x0, {[{{@ipv6={@empty, @private2, [], [], 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0xa8, 0xf0, 0x0, {0x0, 0x2000000000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@uncond, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='rxrpc_receive\x00', r0, 0x0, 0x513101e2}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000880)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xf}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4084}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000640)={'vxcan0\x00', <r4=>0x0})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000006c0)={0x7ff, <r5=>0x0}, 0x8)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x20000023896)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x12, 0x1a, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xfffffffffffffffb}, @exit, @ldst={0x1, 0x1, 0x6, 0x6, 0x6, 0x80}]}, &(0x7f0000000540)='GPL\x00', 0x6, 0x3e, &(0x7f00000005c0)=""/62, 0x40f00, 0x47, '\x00', r4, @fallback=0x2f, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x7, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r0, 0x3, &(0x7f0000000700)=[r0, r7, r0], &(0x7f0000000740)=[{0x2, 0x2, 0x3, 0x2}, {0x1, 0x2, 0xe, 0xc}, {0x1, 0x4, 0x4, 0x4}], 0x10, 0x4}, 0x94)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x80}, 0x2004810)
socket$inet6(0xa, 0xa, 0x88)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32=r8, @ANYBLOB="200001"], 0x38}}, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r0, 0x5521)

2.004898508s ago: executing program 3 (id=6622):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000a80)='./file1\x00', 0x2800810, &(0x7f00000025c0)=ANY=[@ANYBLOB="646f74732c747a3d5554432c646f74732c646f74732c6e6f646f74732c666c7573682c646f74732c6e6f646f74732c71756965742c00b3d27234e95eb4b44190021bbbe89ab824d38c571641668d362b4dff6e47bdf1638c7462a3bd66a53b404ae08c32af6843a2469c7210381b9d48047c77540b6447a8e50c44cb44f91e4264a37e0209c3a234f4803ba56b7a24536ee396f4838f4143b92ad909efb23eb22dce6477c2bb5b8f793b9e07c2120d566cf1f6ba51e4d01e8ef223a2ba72cfb3127844c045765149fb1219f433feb977426596e07082254e9930296256df143ff96377d8c28c533724fbd9fdad260e7d875d0f17374141abc60c8e3c07e4a7bc381791172c217f00964aaf6e213a252b9689ae38342862d27437921e13229d407e1a6037e3f16a2cdab8f9c76a66a72ccc67015c9435e200f9fbb9d78ce426b37310b9f127e7b1207c74eff7b853de7043a001de85931463c7fc7c78be9eb9b5f88c0067aabb3a5d1f94bcc90537c1c1ce509450160c"], 0x2, 0x15d, &(0x7f0000000f00)="$eJzs27+KE1EUB+AzJmrUJrVYDNhYBbWyVCSCOKAoKbRSiDaJBEwzWgWfxNaHEyRVCuGKzpLshoRl/8zO7ub7mhz4ccM9xZ3LGZj3dz6PhpPpp8mreXSyLNqPI49FFt24Eq2ozAIAuEwWKcXvlFK6PosbPyKl1PSOAIC6uf8BYPccev8/amhjAEBtzP8AsHvevH334klR9F/neSfi16wclIPqt8qfPS/69/P/uqtV87IctJb5gyrPD+ZX4+Ze/nBjfi3u3a3yf9nTl8VafiuG9bcPAAAAO6GXL22c73u9bXlV7Xs/sDa/t+N2+8zaAACOYPr12+jDePzxi0JxQYs/KaVjLP/+szoC56SL0y2yiDjZ/zT9ZALqtjr0Te8EAAAAAAAAAAAAAADYpt6vkVpNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb/Q0AAP//LjxONw==")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100)
preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

1.864617519s ago: executing program 3 (id=6623):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0}, 0x94)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r1 = fcntl$getown(0xffffffffffffffff, 0x9)
ptrace$poke(0x5, r1, 0x0, 0x1)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x3e, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4e260000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82)

1.23603295s ago: executing program 0 (id=6627):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000025ad9835850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000840)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xffd}}, {@nolazytime}, {@jqfmt_vfsold}, {@errors_remount}, {@minixdf}, {@errors_remount}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r1)
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r2, @ANYBLOB="1748000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

1.23512732s ago: executing program 2 (id=6628):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x8, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x4, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)=@ipv6_delrule={0x38, 0x21, 0x1, 0x70bd27, 0x25dfdbff, {0xa, 0x14, 0x0, 0x7, 0x7, 0x0, 0x0, 0x6, 0x1000c}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x4, 0x1c64}, @FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)

1.141218947s ago: executing program 3 (id=6632):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffeffd}, 0x18)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000844, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004801)
sendmmsg$sock(r1, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)='_', 0x1}], 0x1}}], 0x1, 0x40000)

1.126990579s ago: executing program 3 (id=6633):
creat(&(0x7f00000000c0)='./file0\x00', 0xce)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r0, &(0x7f00000023c0)=ANY=[@ANYBLOB='S'], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x50)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3, r1}, 0x38)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/28, 0x1c}], 0x1}}], 0x90}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x2, 0x8}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000004100)=@newtfilter={0x468, 0x28, 0x575ac7824d421509, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r8, {0xa}, {0x6}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x43c, 0x2, [@TCA_BPF_ACT={0x438, 0x1, [@m_police={0x434, 0x14, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1e71fdfe, 0x3, 0x5, 0x50, 0x9, 0x4, 0x1, 0x5d, 0xffff, 0x7ff, 0x0, 0x9, 0x200, 0xa9, 0x9, 0x1, 0x5, 0xfffffffe, 0x100, 0x8, 0x2, 0x15, 0xffff, 0x5, 0x0, 0x2, 0xe3ce, 0x1, 0x2, 0x7, 0x2, 0x80000000, 0x1, 0xe870, 0x5, 0x9, 0xfffffffd, 0x6, 0x0, 0xb, 0x80000000, 0x1, 0xfca5, 0x6, 0x8, 0xfffb, 0x4a8, 0x80000001, 0x4, 0x3, 0x5, 0x10000, 0x8, 0x3, 0xc, 0x5, 0x7, 0x80000000, 0x3, 0x800, 0x5, 0xa, 0x7, 0x3, 0x0, 0x7, 0xff, 0xd, 0x3, 0x7ff, 0x7fffffff, 0x3, 0xb18, 0x3, 0x3, 0x1000, 0x3, 0xfffffff7, 0x402, 0x6, 0x3, 0x400, 0xffffffff, 0x8001, 0x9, 0x7, 0x5, 0x5, 0x47c77d11, 0x0, 0xffff, 0x13ab59f8, 0x7ff, 0x7, 0x5, 0xc8874fe6, 0x9, 0x0, 0x4, 0x2, 0x0, 0x8, 0x3, 0x1, 0x5, 0x5, 0x18f, 0x5, 0x10, 0x7, 0xf73b, 0x2, 0x6, 0xf, 0x8, 0x85, 0x5, 0x5, 0x1, 0xf8, 0x3, 0x7, 0x0, 0xf, 0x3, 0x0, 0x2, 0x7, 0x0, 0x88, 0xb, 0x75ad9917, 0xce0, 0x5, 0x0, 0x0, 0x8000, 0x8, 0x838, 0x8, 0x7, 0x5, 0x8, 0x5, 0x2, 0x9, 0x200, 0xf4d, 0x5, 0xa5e6, 0xffff8001, 0x7, 0x8, 0x3, 0x8001, 0x3, 0x6, 0x5, 0x7f, 0xfffffffa, 0x2, 0x3ff, 0x7f4a, 0x0, 0x2, 0x9, 0x66, 0x5, 0x2, 0x0, 0xe, 0xb, 0x5, 0x1, 0x0, 0xf52, 0x8, 0x9, 0x3ff, 0x7, 0x11f, 0xf47, 0x2, 0x87, 0xece, 0x7, 0xffffffff, 0x3, 0x101, 0xf090, 0xa, 0x9, 0x6, 0x6, 0x80, 0x5, 0x3, 0x2, 0x7, 0xffffffff, 0x6, 0x8, 0x8, 0x4, 0x51ed, 0xe0, 0x7, 0x5, 0x7, 0x800000, 0x1, 0x0, 0x9, 0x6, 0xd, 0xfe44, 0x5, 0x6, 0x9, 0x5, 0x2, 0x0, 0x8, 0x2, 0xfffffffd, 0x0, 0x10001, 0x3, 0x7, 0x3ff, 0x4000000, 0x89, 0x80, 0x200, 0xd0bb, 0xfffffff9, 0x9, 0xc, 0x4, 0x4, 0x4, 0x5e, 0xf1, 0x7, 0xffffe87c, 0xc0, 0x10, 0x0, 0x9, 0x2, 0x9, 0x0, 0x0, 0x400, 0x6, 0x6]}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x468}}, 0x40)

952.211233ms ago: executing program 0 (id=6635):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f00000003c0)=""/67}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES64=r1], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r2}, &(0x7f00000004c0), &(0x7f0000000300)=r3}, 0x20)
syz_emit_ethernet(0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaa0800450000289d8800c4a60000059078ac141400640103020007000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c00000090780000"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000014c0)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0x7000000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='f2fs_sync_fs\x00', r5, 0x0, 0xffffffffffffffff}, 0x18)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
recvmsg(r6, &(0x7f0000000740)={&(0x7f0000000340)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000680)=""/104, 0x68}, {&(0x7f0000000280)=""/46, 0x2e}, {&(0x7f0000000780)=""/105, 0x69}], 0x3, &(0x7f0000001780)=""/4096, 0x1000}, 0x100)
bind$bt_hci(r6, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r7, 0x400448e3, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f00000002c0)={0x2, 0xfffc, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r9, 0x8)
r10 = accept4(r7, 0x0, 0x0, 0x800)
writev(r10, &(0x7f00000006c0)=[{&(0x7f0000000700)="dc", 0x1}], 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
close_range(r8, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

783.950616ms ago: executing program 2 (id=6636):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
writev(r0, 0x0, 0x0)

732.713281ms ago: executing program 3 (id=6637):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00'], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x10, "0062ba5d8200"})
r3 = syz_open_pts(r0, 0x20800)
dup3(r3, r0, 0x0)

706.064533ms ago: executing program 2 (id=6638):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
get_mempolicy(&(0x7f0000000240), &(0x7f0000000380), 0x5, &(0x7f0000c00000/0x400000)=nil, 0x4)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x408cd, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a320000000009"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
r3 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000440)='cpu&00\t&&')
dup(0xffffffffffffffff)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYRESOCT, @ANYRES32=r5, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$KDSETLED(r7, 0x4b32, 0x8e3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
gettid()
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xfffffffb}, 0x48, 0xffffffffffffffff)
connect$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r1, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0], <r8=>0x0, 0xbe, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000001c0), &(0x7f00000002c0), 0x8, 0xc5, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3c, '\x00', 0x0, 0x1b, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8}, 0x94)

705.665753ms ago: executing program 3 (id=6639):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/vlan/vlan1\x00')
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f00000000c0)={0x1, 'vlan1\x00', {}, 0x5832})
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x100, 0x1ff, 0x1, 0x6, 0xfffffffffffffffa, 0x5, 0x2, 0x8}, &(0x7f0000000080)={0x7f, 0x3, 0xfffffffffffffff8, 0x8001, 0x28a0, 0x82, 0x7, 0x5}, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
stat(0x0, 0x0)
write(r1, &(0x7f00000009c0)="3bf58d7d45d32c", 0x7)
r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r3 = epoll_create1(0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', <r4=>0x0})
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000576ff1e1db61ed87e00000095000000000000005ecc69612c3df19ff6d656"], &(0x7f00000000c0)='GPL\x00', 0xb, 0x65, &(0x7f00000001c0)=""/101, 0x41000, 0x23, '\x00', r4, @fallback=0x8, r5, 0x8, &(0x7f0000000240)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xe, 0x7, 0x80000001}, 0x10, 0x0, r0, 0x5, 0x0, &(0x7f00000002c0)=[{0x2, 0x2, 0x4, 0x8}, {0x3, 0x1, 0x3, 0xa}, {0x4, 0x3, 0x6, 0x8}, {0x0, 0x1, 0x8, 0x7}, {0x5, 0x4, 0xa, 0xc}], 0x10, 0xffff34f0}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0xa0000004})
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7fffeffd)

355.539461ms ago: executing program 4 (id=6644):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
socket$nl_generic(0x10, 0x3, 0x10)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000140)="89e7ee2c78dad9b4b473fec988ca58e8001d75d38e0d369bd7c50580", 0x1c}, {&(0x7f0000000380)="9c74dfbf7757d9c4135f04770d5606", 0xf}], 0x2)

316.317564ms ago: executing program 1 (id=6645):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000f00)={[{@usrquota}, {@barrier}, {@resuid}, {@min_batch_time={'min_batch_time', 0x3d, 0x101}}, {@errors_remount}, {@bh}]}, 0x6, 0x600, &(0x7f0000001200)="$eJzs3c9rHGUfAPDvzCZ5kzbvm/ZFxBbFgIcWpGlSi1UvtvVgDwUL9iDioaFJauj2B00KthZMwYOCgohXkV78B7xL795EUG+ehSpSUVDpyuzOtptkN92m2Z008/nAZp/nmdl9nu9OnswzM3l2Aiit8exHGrEr4s6pJGKsZdloNBaO5+vd/u3a6eyRRK32+q9JJHlZc/0kf96eZ4Yj4tujEf+vrK534crVs9PVWsN7EfsXz13cv3Dl6r75c9NnZs/Mnp868MLBQ5MvTh2c2pA4t+fPx46/9uTH77/9/Nx31X1JHI6Tg+/OxIo4Nsp4jMedPMTW8oGIOJQl2nwuj5oHCmGkd+1gfSr57+NgRDweY1Gp5xrGYv6jQhsH9FStElEDSirR/6GkmuOA5rF9d8fBJ3s8KumfW0caB0Cr4x9onBuJ4fqx0bbbScuRUePcxo4NqD+r459ruz/PHrHsPMSfd7fOwAbU08nS9Yh4ol38Sb1tO+qRZvGny9qRRMRkRAzl7XvlIdqQtKR7cR5mLeuNP42Iw/lzVn50nfWPr8j3O34AyunmkXxHvpTl7u3/srFHc/wTbcY/o232XetR9P6v8/ivub8frp8jT1eMw7Ixy4n2bzm4suCnD4992qn+1vFf9sjqb44F++HW9YjdK+L/IAs2H/9k8Sdttn+2yqnD3dXx6ve/HOu0rOj4azci9rQ9/rk3Ks1Sa1yf3D83X52dbPxsW8fX37z1Zaf6i44/2/7bOsTfsv3Tla/LPpOLXdbx1Ykb5zotG71v/OnPQ0njeHMoL3lnenHx0lTEUHI8X6Wl/MDabWmu03yPLP69z7Tv/8t+/68vf5+R5p/MLlx84+ztTsvWs/1bLibfqXXZhk6y+Gfuv/1X9f+s7JMu6/jjzctPdVq2VvwuFwMAAAAAAMCDSevXYJN04m46TScmGvNlH4ttafXCwuKzcxcun5+J2Fv/f8jBtHmle6yRT7L8VP7/sM38gRX55yJiZ0R8Vhmp5ydOX6jOFB08AAAAAAAAAAAAAAAAAAAAbBLb8/n/zftU/15pzP8HSqKXN5gDNjf9H8qr3v9X3eIJKAP7fygv/R/KS/+H8tL/obz0fygv/R/KS/+H8tL/AQAAAGBL2vn0zR+TiFh6aaT+yAzly8wIgq1tsOgGAIWpFN0AoDB3L/0b7EPpdDX+/yv/csDeNwcoQNKusD44qK3d+W+2fSUAAAAAAAAAAAAA0AN7dnWe/29uMGxtpv1BeT3E/H9fHQCPOF/9D+XlGB+43yz+4U4LzP8HAAAAAAAAAAAAgL4ZrT+SdCKfCzwaaToxEfHfiNgRg8ncfHV2MiL+FxE/VAb/k+Wnim40AAAAAAAAAAAAAAAAAAAAbDELV66ena5WZy+1Jv5eVbK1E827oPahrpfjAV8VSf8/lpGIKHyj9Cwx0FKSRCxlW35TNOzSQmyOZtQTBf9hAgAAAAAAAAAAAAAAAACAEmqZe9ze7i/63CIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6L979//vXaLoGAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR9O/AQAA//9/3EA1")
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x408)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5d371c61f550e9d86aabda45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b2267bd8f803ea38f10a6e9c4a49bf23525e08c12d229211fe4d88cf1440f29accfa50f327ac1fb20d7f164100111bd21fca713b2475f1c997f3000000000080c426bcec79c6bc83ce4e6cbb17c01be69db342192d0a716cc24710d23321441f475ec485d642b61c6bd907071dbbe37c0b78f60fd2ad0d13ca62d9d9aafb01c3920b64cb5e023810e2de4327f90c389ce36d90ff9f3cb9d8cd2260d05a8126943a3df17157470595c68ac8df7fea6d42ecb2cdb65b4f2aef0db2b2de949a6d4ec37f2fd693ae44944041a64fe6336aba1c66b1b95d2edbc40364a049616ae962d75eae619548aa86bd5f0bad56e7ad7de2ee5e6f3b42e3a27094b6b5face99456d9af1926b21d37faf7612d9752cf58e6424decd530b5419e117ec08647566b1bdd75d6a9a1e600aaf0f42ce94b4725d4c2da80150dc34e5975d6904f061ed9a7608959f2d24ee6ec4f2395d16e02f53c746f74b12013f738d76456c3407188eff97f31ca36e5d79e1f1c7c3b688ee21d37ba5ebf4afc2a61f16"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1fff430500001100630377fbac141414e000000162079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xe, 0x9, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x4}, [@map_idx={0x18, 0x1, 0x5, 0x0, 0xa}, @map_idx={0x18, 0x4, 0x5, 0x0, 0x10}, @alu={0x7, 0x1, 0x7, 0x2, 0x2, 0x2, 0xfffffffffffffffc}, @generic={0x8, 0x8, 0x8, 0x5, 0xfffffffa}]}, &(0x7f00000002c0)='GPL\x00', 0x9, 0xee, &(0x7f0000000800)=""/238, 0x41100, 0x8, '\x00', 0x0, @sk_skb=0x5, r0, 0x8, &(0x7f00000004c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x8, 0x2, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000540)=[r0, r0], &(0x7f0000000680)=[{0x1, 0x4, 0xd, 0x3}, {0x1, 0x4, 0xc, 0x5}, {0x1, 0x4, 0xb, 0x8}], 0x10, 0xff}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
r9 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000640)="10", 0x1, r9)
sendto$inet6(r4, &(0x7f0000000380)="e8b28fe2", 0x4, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)

302.507606ms ago: executing program 4 (id=6646):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r2)
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r3, @ANYBLOB="1748000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

272.269918ms ago: executing program 1 (id=6647):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

234.229071ms ago: executing program 1 (id=6648):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
writev(r0, 0x0, 0x0)

207.992213ms ago: executing program 4 (id=6649):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00'], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x10, "0062ba5d8200"})
r3 = syz_open_pts(r0, 0x20800)
dup3(r3, r0, 0x0)

189.331454ms ago: executing program 4 (id=6650):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x4}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x3}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x28000}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522ec, 0x0, {0x0, 0x0, 0x74, r3, {0x10, 0xf}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

129.190409ms ago: executing program 1 (id=6651):
socket$inet(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$nci(r0, &(0x7f0000005c40)=ANY=[@ANYBLOB="6103057fac0603f93677ff6fcad8cf254cac"], 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)

128.826869ms ago: executing program 1 (id=6652):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000140)="89e7ee2c78dad9b4b473fec988ca58e8001d75d38e0d369bd7c50580", 0x1c}, {&(0x7f0000000380)="9c74dfbf7757d9c4135f04770d5606", 0xf}], 0x2)

100.768602ms ago: executing program 4 (id=6653):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r2)
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r3, @ANYBLOB="1748000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

36.284797ms ago: executing program 1 (id=6654):
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f00000000c0)={0x1, 'vlan1\x00', {}, 0x5832})
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x100, 0x1ff, 0x1, 0x6, 0xfffffffffffffffa, 0x5, 0x2, 0x8}, &(0x7f0000000080)={0x7f, 0x3, 0xfffffffffffffff8, 0x8001, 0x28a0, 0x82, 0x7, 0x5}, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
stat(0x0, 0x0)

0s ago: executing program 4 (id=6655):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000140))
open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0xb10, 0x7}, 0x0, 0x2, 0xfffff7f0, 0x0, 0x12, 0x4, 0x1, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0xd8042, 0x0)
unshare(0x24040000)
unshare(0x2c020400)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000380)=""/4091, 0xffb}], 0x1)

kernel console output (not intermixed with test programs):

6.731614][T20361] netlink: 'syz.1.5833': attribute type 1 has an invalid length.
[  356.740549][T20361] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  356.759720][T20361] can0: slcan on ttyS3.
[  356.811672][T20361] can0 (unregistered): slcan off ttyS3.
[  356.819504][T20365] can0: slcan on ttyS3.
[  356.901752][T20360] can0 (unregistered): slcan off ttyS3.
[  357.224109][T20384] netlink: 'syz.2.5842': attribute type 1 has an invalid length.
[  357.231910][T20384] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  357.260748][T20384] can0: slcan on ttyS3.
[  357.301763][T20384] can0 (unregistered): slcan off ttyS3.
[  357.313764][T20384] can0: slcan on ttyS3.
[  357.381673][T20383] can0 (unregistered): slcan off ttyS3.
[  357.699577][T20404] netlink: 'syz.2.5848': attribute type 4 has an invalid length.
[  357.746552][T20405] __nla_validate_parse: 2 callbacks suppressed
[  357.746567][T20405] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  357.775560][T20418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.784161][T20418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.793946][T20418] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5852'.
[  357.806965][T20420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5853'.
[  357.816979][T20420] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  357.824877][T20420] batman_adv: batadv0: Removing interface: batadv_slave_0
[  357.829428][T20422] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5854'.
[  357.853884][T20422] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  357.861417][T20422] batman_adv: batadv0: Removing interface: batadv_slave_0
[  357.869230][T20422] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  357.876651][T20422] batman_adv: batadv0: Removing interface: batadv_slave_1
[  357.899956][T20424] tipc: Started in network mode
[  357.904923][T20424] tipc: Node identity ea595c7ac04c, cluster identity 4711
[  357.912146][T20424] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  357.920684][T20424] tipc: Resetting bearer <eth:syzkaller0>
[  357.928434][T20423] tipc: Disabling bearer <eth:syzkaller0>
[  358.023069][T20426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5856'.
[  358.032560][T20426] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.046065][T20426] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.058495][T20432] FAULT_INJECTION: forcing a failure.
[  358.058495][T20432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.071691][T20432] CPU: 0 UID: 0 PID: 20432 Comm: syz.3.5859 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  358.071725][T20432] Tainted: [W]=WARN
[  358.071792][T20432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  358.071802][T20432] Call Trace:
[  358.071809][T20432]  <TASK>
[  358.071817][T20432]  __dump_stack+0x1d/0x30
[  358.071837][T20432]  dump_stack_lvl+0xe8/0x140
[  358.071853][T20432]  dump_stack+0x15/0x1b
[  358.071867][T20432]  should_fail_ex+0x265/0x280
[  358.071938][T20432]  should_fail+0xb/0x20
[  358.071952][T20432]  should_fail_usercopy+0x1a/0x20
[  358.071972][T20432]  _copy_from_user+0x1c/0xb0
[  358.072009][T20432]  ___sys_sendmsg+0xc1/0x1d0
[  358.072045][T20432]  __sys_sendmmsg+0x178/0x300
[  358.072069][T20432]  __x64_sys_sendmmsg+0x57/0x70
[  358.072089][T20432]  x64_sys_call+0x1c4a/0x2ff0
[  358.072110][T20432]  do_syscall_64+0xd2/0x200
[  358.072164][T20432]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  358.072185][T20432]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  358.072209][T20432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.072230][T20432] RIP: 0033:0x7f41f679ebe9
[  358.072246][T20432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.072269][T20432] RSP: 002b:00007f41f5207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  358.072288][T20432] RAX: ffffffffffffffda RBX: 00007f41f69c5fa0 RCX: 00007f41f679ebe9
[  358.072302][T20432] RDX: 0000000000000001 RSI: 0000200000000ac0 RDI: 0000000000000003
[  358.072312][T20432] RBP: 00007f41f5207090 R08: 0000000000000000 R09: 0000000000000000
[  358.072323][T20432] R10: 0000000020080058 R11: 0000000000000246 R12: 0000000000000001
[  358.072333][T20432] R13: 00007f41f69c6038 R14: 00007f41f69c5fa0 R15: 00007ffc86b23598
[  358.072351][T20432]  </TASK>
[  358.469761][T20446] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5863'.
[  358.486614][T20447] FAULT_INJECTION: forcing a failure.
[  358.486614][T20447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.500036][T20447] CPU: 1 UID: 0 PID: 20447 Comm: syz.1.5865 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  358.500073][T20447] Tainted: [W]=WARN
[  358.500132][T20447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  358.500143][T20447] Call Trace:
[  358.500149][T20447]  <TASK>
[  358.500156][T20447]  __dump_stack+0x1d/0x30
[  358.500177][T20447]  dump_stack_lvl+0xe8/0x140
[  358.500205][T20447]  dump_stack+0x15/0x1b
[  358.500221][T20447]  should_fail_ex+0x265/0x280
[  358.500259][T20447]  should_fail+0xb/0x20
[  358.500283][T20447]  should_fail_usercopy+0x1a/0x20
[  358.500306][T20447]  strncpy_from_user+0x25/0x230
[  358.500387][T20447]  ? kmem_cache_alloc_noprof+0x186/0x310
[  358.500414][T20447]  ? getname_flags+0x80/0x3b0
[  358.500442][T20447]  getname_flags+0xae/0x3b0
[  358.500548][T20447]  __x64_sys_rmdir+0x21/0x40
[  358.500568][T20447]  x64_sys_call+0x238c/0x2ff0
[  358.500589][T20447]  do_syscall_64+0xd2/0x200
[  358.500616][T20447]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  358.500649][T20447]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  358.500672][T20447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.500756][T20447] RIP: 0033:0x7f71473debe9
[  358.500773][T20447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.500789][T20447] RSP: 002b:00007f7145e3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[  358.500807][T20447] RAX: ffffffffffffffda RBX: 00007f7147605fa0 RCX: 00007f71473debe9
[  358.500821][T20447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  358.500833][T20447] RBP: 00007f7145e3f090 R08: 0000000000000000 R09: 0000000000000000
[  358.500851][T20447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  358.500864][T20447] R13: 00007f7147606038 R14: 00007f7147605fa0 R15: 00007ffec819a1e8
[  358.500881][T20447]  </TASK>
[  358.701933][T20450] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  358.710613][T20450] tipc: Resetting bearer <eth:syzkaller0>
[  358.783001][T20449] tipc: Disabling bearer <eth:syzkaller0>
[  358.864083][T20461] netlink: 'syz.1.5870': attribute type 10 has an invalid length.
[  358.872474][T20461] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5870'.
[  358.890462][T20463] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  358.899325][T20463] tipc: Resetting bearer <eth:syzkaller0>
[  358.906628][T20462] tipc: Disabling bearer <eth:syzkaller0>
[  358.920431][T20461] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5870'.
[  358.937226][T20461] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5870'.
[  358.950998][T20461] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5870'.
[  359.043318][   T29] kauditd_printk_skb: 144 callbacks suppressed
[  359.043333][   T29] audit: type=1400 audit(1755188280.676:5945): avc:  denied  { append } for  pid=20468 comm="syz.2.5874" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  359.182842][   T29] audit: type=1400 audit(1755188280.816:5946): avc:  denied  { tracepoint } for  pid=20477 comm="syz.3.5877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  359.213446][   T29] audit: type=1326 audit(1755188280.846:5947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.240670][   T29] audit: type=1326 audit(1755188280.866:5948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.264543][   T29] audit: type=1326 audit(1755188280.866:5949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.288553][   T29] audit: type=1326 audit(1755188280.866:5950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.312265][   T29] audit: type=1326 audit(1755188280.866:5951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.336137][   T29] audit: type=1326 audit(1755188280.866:5952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.359940][   T29] audit: type=1326 audit(1755188280.866:5953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.384236][   T29] audit: type=1326 audit(1755188280.866:5954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20477 comm="syz.3.5877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f41f679ebe9 code=0x7ffc0000
[  359.510623][T20493] gretap0: entered promiscuous mode
[  359.533859][T20493] block device autoloading is deprecated and will be removed.
[  359.620712][T20503] loop3: detected capacity change from 0 to 512
[  359.632433][T20503] EXT4-fs: Ignoring removed mblk_io_submit option
[  359.639310][T20503] /dev/loop3: Can't open blockdev
[  359.782709][T20512] IPVS: stopping master sync thread 20514 ...
[  359.788892][T20514] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  359.888993][T20532] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  359.898176][T20532] tipc: Resetting bearer <eth:syzkaller0>
[  359.906569][T20531] tipc: Disabling bearer <eth:syzkaller0>
[  360.017256][T20541] netlink: 'syz.1.5899': attribute type 1 has an invalid length.
[  360.026894][T20541] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  360.053182][T20539] can0: slcan on ttyS3.
[  360.102134][T20539] can0 (unregistered): slcan off ttyS3.
[  360.108838][T20549] FAULT_INJECTION: forcing a failure.
[  360.108838][T20549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.110937][T20539] can0: slcan on ttyS3.
[  360.121951][T20549] CPU: 1 UID: 0 PID: 20549 Comm: syz.4.5903 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  360.121985][T20549] Tainted: [W]=WARN
[  360.121990][T20549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  360.122050][T20549] Call Trace:
[  360.122057][T20549]  <TASK>
[  360.122072][T20549]  __dump_stack+0x1d/0x30
[  360.122125][T20549]  dump_stack_lvl+0xe8/0x140
[  360.122144][T20549]  dump_stack+0x15/0x1b
[  360.122160][T20549]  should_fail_ex+0x265/0x280
[  360.122242][T20549]  should_fail+0xb/0x20
[  360.122258][T20549]  should_fail_usercopy+0x1a/0x20
[  360.122279][T20549]  strncpy_from_user+0x25/0x230
[  360.122305][T20549]  ? kmem_cache_alloc_noprof+0x186/0x310
[  360.122374][T20549]  ? getname_flags+0x80/0x3b0
[  360.122457][T20549]  getname_flags+0xae/0x3b0
[  360.122482][T20549]  user_path_at+0x28/0x130
[  360.122536][T20549]  do_sys_truncate+0x5c/0x130
[  360.122558][T20549]  __x64_sys_truncate+0x31/0x40
[  360.122579][T20549]  x64_sys_call+0x1a2f/0x2ff0
[  360.122601][T20549]  do_syscall_64+0xd2/0x200
[  360.122626][T20549]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  360.122681][T20549]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  360.122826][T20549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.122846][T20549] RIP: 0033:0x7f3fff2eebe9
[  360.122887][T20549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.122903][T20549] RSP: 002b:00007f3ffdd57038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  360.122930][T20549] RAX: ffffffffffffffda RBX: 00007f3fff515fa0 RCX: 00007f3fff2eebe9
[  360.122942][T20549] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000200000000100
[  360.122954][T20549] RBP: 00007f3ffdd57090 R08: 0000000000000000 R09: 0000000000000000
[  360.122966][T20549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.122979][T20549] R13: 00007f3fff516038 R14: 00007f3fff515fa0 R15: 00007ffcb4a1c4e8
[  360.123038][T20549]  </TASK>
[  360.399577][T20556] netlink: 'syz.0.5906': attribute type 1 has an invalid length.
[  360.621816][T20507] can0 (unregistered): slcan off ttyS3.
[  362.076921][T20622] FAULT_INJECTION: forcing a failure.
[  362.076921][T20622] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.090209][T20622] CPU: 0 UID: 0 PID: 20622 Comm: syz.0.5930 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  362.090293][T20622] Tainted: [W]=WARN
[  362.090299][T20622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  362.090311][T20622] Call Trace:
[  362.090318][T20622]  <TASK>
[  362.090327][T20622]  __dump_stack+0x1d/0x30
[  362.090348][T20622]  dump_stack_lvl+0xe8/0x140
[  362.090469][T20622]  dump_stack+0x15/0x1b
[  362.090486][T20622]  should_fail_ex+0x265/0x280
[  362.090506][T20622]  should_fail+0xb/0x20
[  362.090521][T20622]  should_fail_usercopy+0x1a/0x20
[  362.090583][T20622]  _copy_from_user+0x1c/0xb0
[  362.090618][T20622]  __sys_sendto+0x19e/0x330
[  362.090656][T20622]  __x64_sys_sendto+0x76/0x90
[  362.090687][T20622]  x64_sys_call+0x2d05/0x2ff0
[  362.090711][T20622]  do_syscall_64+0xd2/0x200
[  362.090733][T20622]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  362.090756][T20622]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  362.090779][T20622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.090799][T20622] RIP: 0033:0x7f786d3cebe9
[  362.090898][T20622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.090936][T20622] RSP: 002b:00007f786be37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  362.090956][T20622] RAX: ffffffffffffffda RBX: 00007f786d5f5fa0 RCX: 00007f786d3cebe9
[  362.090997][T20622] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  362.091009][T20622] RBP: 00007f786be37090 R08: 0000200000b63fe4 R09: 000000000000001c
[  362.091022][T20622] R10: 0000000022004005 R11: 0000000000000246 R12: 0000000000000001
[  362.091035][T20622] R13: 00007f786d5f6038 R14: 00007f786d5f5fa0 R15: 00007ffe86479d98
[  362.091052][T20622]  </TASK>
[  362.573344][T20640] netlink: 'syz.4.5937': attribute type 1 has an invalid length.
[  362.573361][T20640] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  362.575863][T20640] can0: slcan on ttyS3.
[  362.652121][T20640] can0 (unregistered): slcan off ttyS3.
[  362.654927][T20640] can0: slcan on ttyS3.
[  362.701816][   T10] usb usb8-port1: attempt power cycle
[  362.718239][T20645] netlink: 'syz.0.5938': attribute type 1 has an invalid length.
[  362.726131][T20645] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  362.811578][T20645] can0 (unregistered): slcan off ttyS3.
[  362.820473][T20645] can0: slcan on ttyS3.
[  362.901761][T20644] can0 (unregistered): slcan off ttyS3.
[  363.395136][T20659] __nla_validate_parse: 22 callbacks suppressed
[  363.395154][T20659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5943'.
[  363.410567][T20659] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5943'.
[  363.523887][T20661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5944'.
[  363.700770][T20668] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  363.707886][T20668] syzkaller0: entered promiscuous mode
[  363.713527][T20668] syzkaller0: entered allmulticast mode
[  363.721435][T20668] tipc: Resetting bearer <eth:syzkaller0>
[  363.730619][T20668] tipc: Disabling bearer <eth:syzkaller0>
[  364.052994][T20683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5950'.
[  364.107955][   T29] kauditd_printk_skb: 247 callbacks suppressed
[  364.107968][   T29] audit: type=1400 audit(1755188285.736:6202): avc:  denied  { module_request } for  pid=20686 comm="syz.4.5952" kmod="netdev-team0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  364.139616][   T29] audit: type=1400 audit(1755188285.766:6203): avc:  denied  { recv } for  pid=2981 comm="klogd" saddr=10.128.0.163 src=30036 daddr=10.128.1.175 dest=45042 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  364.168545][   T29] audit: type=1400 audit(1755188285.766:6204): avc:  denied  { sys_module } for  pid=20686 comm="syz.4.5952" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  364.192356][   T29] audit: type=1400 audit(1755188285.826:6205): avc:  denied  { read write } for  pid=20689 comm="syz.0.5953" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  364.192860][T20691] FAULT_INJECTION: forcing a failure.
[  364.192860][T20691] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  364.230458][T20691] CPU: 1 UID: 0 PID: 20691 Comm: syz.0.5953 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  364.230563][T20691] Tainted: [W]=WARN
[  364.230614][T20691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  364.230625][T20691] Call Trace:
[  364.230632][T20691]  <TASK>
[  364.230639][T20691]  __dump_stack+0x1d/0x30
[  364.230660][T20691]  dump_stack_lvl+0xe8/0x140
[  364.230679][T20691]  dump_stack+0x15/0x1b
[  364.230692][T20691]  should_fail_ex+0x265/0x280
[  364.230713][T20691]  should_fail_alloc_page+0xf2/0x100
[  364.230774][T20691]  __alloc_frozen_pages_noprof+0xff/0x360
[  364.230807][T20691]  alloc_pages_mpol+0xb3/0x250
[  364.230837][T20691]  vma_alloc_folio_noprof+0x1aa/0x300
[  364.230876][T20691]  handle_mm_fault+0xec2/0x2c20
[  364.230905][T20691]  do_user_addr_fault+0x636/0x1090
[  364.230935][T20691]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  364.230991][T20691]  exc_page_fault+0x62/0xa0
[  364.231009][T20691]  asm_exc_page_fault+0x26/0x30
[  364.231047][T20691] RIP: 0033:0x7f786d37c20b
[  364.231061][T20691] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[  364.231077][T20691] RSP: 002b:00007f786be34e10 EFLAGS: 00010246
[  364.231093][T20691] RAX: 00007f786be36f30 RBX: 00007f786d5c7640 RCX: 0000000000000000
[  364.231106][T20691] RDX: 00007f786be36f78 RSI: 00007f786d42eca8 RDI: 00007f786be34e30
[  364.231128][T20691] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  364.231189][T20691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.231199][T20691] R13: 00007f786d5f6038 R14: 00007f786d5f5fa0 R15: 00007ffe86479d98
[  364.231213][T20691]  </TASK>
[  364.231222][T20691] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  364.233698][T20695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5955'.
[  364.423131][   T29] audit: type=1400 audit(1755188285.826:6206): avc:  denied  { open } for  pid=20689 comm="syz.0.5953" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  364.448325][   T29] audit: type=1400 audit(1755188285.866:6207): avc:  denied  { create } for  pid=20694 comm="syz.4.5955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  364.469611][   T29] audit: type=1400 audit(1755188285.866:6208): avc:  denied  { write } for  pid=20694 comm="syz.4.5955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  364.505563][   T29] audit: type=1400 audit(1755188286.056:6209): avc:  denied  { open } for  pid=20697 comm="syz.0.5956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  364.525547][   T29] audit: type=1400 audit(1755188286.056:6210): avc:  denied  { perfmon } for  pid=20697 comm="syz.0.5956" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  364.546671][   T29] audit: type=1400 audit(1755188286.056:6211): avc:  denied  { kernel } for  pid=20697 comm="syz.0.5956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  364.600749][T20698] netlink: 'syz.0.5956': attribute type 1 has an invalid length.
[  364.608972][T20698] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  364.627600][T20698] can0: slcan on ttyS3.
[  364.631984][   T10] usb usb8-port1: unable to enumerate USB device
[  364.682390][T20703] netlink: 'syz.4.5957': attribute type 1 has an invalid length.
[  364.690156][T20703] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  364.740785][T20710] loop3: detected capacity change from 0 to 1024
[  364.781709][T20698] can0 (unregistered): slcan off ttyS3.
[  364.790051][T20702] can0: slcan on ttyS3.
[  364.904293][T20710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  364.961635][T20710] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.001770][T20701] can0 (unregistered): slcan off ttyS3.
[  365.816738][T20748] hub 8-0:1.0: USB hub found
[  365.821465][T20748] hub 8-0:1.0: 8 ports detected
[  366.096184][T20755] FAULT_INJECTION: forcing a failure.
[  366.096184][T20755] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  366.109405][T20755] CPU: 1 UID: 0 PID: 20755 Comm: syz.3.5975 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  366.109489][T20755] Tainted: [W]=WARN
[  366.109521][T20755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  366.109531][T20755] Call Trace:
[  366.109538][T20755]  <TASK>
[  366.109563][T20755]  __dump_stack+0x1d/0x30
[  366.109582][T20755]  dump_stack_lvl+0xe8/0x140
[  366.109600][T20755]  dump_stack+0x15/0x1b
[  366.109616][T20755]  should_fail_ex+0x265/0x280
[  366.109716][T20755]  should_fail+0xb/0x20
[  366.109729][T20755]  should_fail_usercopy+0x1a/0x20
[  366.109822][T20755]  _copy_from_user+0x1c/0xb0
[  366.109844][T20755]  __sys_bpf+0x178/0x7b0
[  366.109898][T20755]  __x64_sys_bpf+0x41/0x50
[  366.109921][T20755]  x64_sys_call+0x2aea/0x2ff0
[  366.110031][T20755]  do_syscall_64+0xd2/0x200
[  366.110054][T20755]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  366.110090][T20755]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  366.110149][T20755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.110166][T20755] RIP: 0033:0x7f41f679ebe9
[  366.110179][T20755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.110192][T20755] RSP: 002b:00007f41f5207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  366.110314][T20755] RAX: ffffffffffffffda RBX: 00007f41f69c5fa0 RCX: 00007f41f679ebe9
[  366.110324][T20755] RDX: 0000000000000070 RSI: 0000200000000440 RDI: 0000000000000005
[  366.110334][T20755] RBP: 00007f41f5207090 R08: 0000000000000000 R09: 0000000000000000
[  366.110344][T20755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  366.110354][T20755] R13: 00007f41f69c6038 R14: 00007f41f69c5fa0 R15: 00007ffc86b23598
[  366.110371][T20755]  </TASK>
[  366.372826][T20765] netlink: 'syz.1.5980': attribute type 1 has an invalid length.
[  366.381813][T20765] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  366.400063][T20767] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  366.413776][T20765] can0: slcan on ttyS3.
[  366.461645][T20765] can0 (unregistered): slcan off ttyS3.
[  366.469988][T20765] can0: slcan on ttyS3.
[  366.581915][T20764] can0 (unregistered): slcan off ttyS3.
[  366.854155][T20792] netlink: 'syz.3.5988': attribute type 1 has an invalid length.
[  366.862211][T20792] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  366.881637][T20792] can0: slcan on ttyS3.
[  366.921552][T20792] can0 (unregistered): slcan off ttyS3.
[  366.931177][T20792] can0: slcan on ttyS3.
[  366.941383][T20792] loop3: detected capacity change from 0 to 512
[  366.949429][T20792] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  366.967843][T20792] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002]
[  366.976110][T20792] System zones: 1-12
[  366.980206][T20792] EXT4-fs (loop3): orphan cleanup on readonly fs
[  366.990736][T20792] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5988: bg 0: block 361: padding at end of block bitmap is not set
[  367.005967][T20792] EXT4-fs (loop3): Remounting filesystem read-only
[  367.013244][T20792] EXT4-fs (loop3): 1 truncate cleaned up
[  367.019938][T20792] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  367.101643][T20791] can0 (unregistered): slcan off ttyS3.
[  367.132806][T11800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  367.154501][T20805] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  367.851742][ T1064] usb usb8-port1: attempt power cycle
[  367.890977][T20832] FAULT_INJECTION: forcing a failure.
[  367.890977][T20832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.904146][T20832] CPU: 1 UID: 0 PID: 20832 Comm: syz.1.6001 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  367.904179][T20832] Tainted: [W]=WARN
[  367.904185][T20832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  367.904194][T20832] Call Trace:
[  367.904200][T20832]  <TASK>
[  367.904257][T20832]  __dump_stack+0x1d/0x30
[  367.904278][T20832]  dump_stack_lvl+0xe8/0x140
[  367.904297][T20832]  dump_stack+0x15/0x1b
[  367.904310][T20832]  should_fail_ex+0x265/0x280
[  367.904328][T20832]  should_fail+0xb/0x20
[  367.904341][T20832]  should_fail_usercopy+0x1a/0x20
[  367.904383][T20832]  _copy_to_user+0x20/0xa0
[  367.904410][T20832]  simple_read_from_buffer+0xb5/0x130
[  367.904432][T20832]  proc_fail_nth_read+0x10e/0x150
[  367.904454][T20832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.904504][T20832]  vfs_read+0x1a5/0x770
[  367.904523][T20832]  ? __rcu_read_unlock+0x4f/0x70
[  367.904544][T20832]  ? __fget_files+0x184/0x1c0
[  367.904637][T20832]  ksys_read+0xda/0x1a0
[  367.904657][T20832]  __x64_sys_read+0x40/0x50
[  367.904748][T20832]  x64_sys_call+0x27bc/0x2ff0
[  367.904765][T20832]  do_syscall_64+0xd2/0x200
[  367.904787][T20832]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  367.904824][T20832]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  367.904846][T20832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.904900][T20832] RIP: 0033:0x7f71473dd5fc
[  367.904915][T20832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  367.904931][T20832] RSP: 002b:00007f7145e3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  367.904947][T20832] RAX: ffffffffffffffda RBX: 00007f7147605fa0 RCX: 00007f71473dd5fc
[  367.904959][T20832] RDX: 000000000000000f RSI: 00007f7145e3f0a0 RDI: 0000000000000004
[  367.904971][T20832] RBP: 00007f7145e3f090 R08: 0000000000000000 R09: 0000000000000000
[  367.904984][T20832] R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000001
[  367.904997][T20832] R13: 00007f7147606038 R14: 00007f7147605fa0 R15: 00007ffec819a1e8
[  367.905132][T20832]  </TASK>
[  368.177807][T20836] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6003'.
[  368.187042][T20836] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6003'.
[  368.206471][T10987] syz_tun (unregistering): left allmulticast mode
[  368.223375][T20836] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6003'.
[  368.232558][T20836] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6003'.
[  368.260542][T20836] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6003'.
[  368.336619][ T2129] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.394903][T20841] lo speed is unknown, defaulting to 1000
[  368.490407][ T2129] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.551724][T20841] chnl_net:caif_netlink_parms(): no params data found
[  368.595878][ T2129] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.653628][T20841] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.660982][T20841] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.686036][T20841] bridge_slave_0: entered allmulticast mode
[  368.700069][T20841] bridge_slave_0: entered promiscuous mode
[  368.728964][ T2129] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.748418][T20878] __nla_validate_parse: 1 callbacks suppressed
[  368.748435][T20878] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6011'.
[  368.766659][T20841] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.775050][T20841] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.782914][T20841] bridge_slave_1: entered allmulticast mode
[  368.792365][T20841] bridge_slave_1: entered promiscuous mode
[  368.822607][T20841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.846410][T20841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.864321][ T2129] bridge_slave_1: left allmulticast mode
[  368.869997][ T2129] bridge_slave_1: left promiscuous mode
[  368.875748][ T2129] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.898380][ T2129] bridge_slave_0: left allmulticast mode
[  368.904193][ T2129] bridge_slave_0: left promiscuous mode
[  368.909959][ T2129] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.969277][ T2129] bond1 (unregistering): (slave gretap1): Releasing backup interface
[  368.984690][ T2129] bond3 (unregistering): (slave gretap2): Releasing active interface
[  369.106525][ T2129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  369.116566][ T2129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  369.132337][ T2129] bond0 (unregistering): Released all slaves
[  369.141867][   T29] kauditd_printk_skb: 205 callbacks suppressed
[  369.141879][   T29] audit: type=1326 audit(1755188290.776:6417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.212309][ T2129] bond1 (unregistering): (slave bond2): Releasing backup interface
[  369.227488][ T2129] bond1 (unregistering): Released all slaves
[  369.230993][   T29] audit: type=1326 audit(1755188290.806:6418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.247346][ T2129] bond2 (unregistering): Released all slaves
[  369.257035][   T29] audit: type=1326 audit(1755188290.806:6419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.257060][   T29] audit: type=1326 audit(1755188290.806:6420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.285595][ T2129] bond3 (unregistering): Released all slaves
[  369.287555][   T29] audit: type=1326 audit(1755188290.806:6421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.341252][   T29] audit: type=1326 audit(1755188290.806:6422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.364854][   T29] audit: type=1326 audit(1755188290.806:6423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71473dd550 code=0x7ffc0000
[  369.388606][   T29] audit: type=1326 audit(1755188290.806:6424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f71473e0417 code=0x7ffc0000
[  369.412730][   T29] audit: type=1326 audit(1755188290.806:6425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20887 comm="syz.1.6016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f71473debe9 code=0x7ffc0000
[  369.436532][   T29] audit: type=1400 audit(1755188290.806:6426): avc:  denied  { create } for  pid=20887 comm="syz.1.6016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  369.481283][T20889] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6015'.
[  369.492582][T20841] team0: Port device team_slave_0 added
[  369.499337][T20841] team0: Port device team_slave_1 added
[  369.523305][ T2129] tipc: Left network mode
[  369.528176][T20841] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.535174][T20841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.561614][T20841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.572839][T20841] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.580011][T20841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.606563][T20841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.670345][ T2129] veth1_macvtap: left promiscuous mode
[  369.676720][ T2129] veth0_macvtap: left promiscuous mode
[  369.682449][ T2129] veth1_vlan: left promiscuous mode
[  369.687744][ T2129] veth0_vlan: left promiscuous mode
[  369.727348][T20901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6020'.
[  369.829737][T20841] hsr_slave_0: entered promiscuous mode
[  369.844261][T20841] hsr_slave_1: entered promiscuous mode
[  369.853996][T20841] debugfs: 'hsr0' already exists in 'hsr'
[  369.859752][T20841] Cannot create hsr debugfs directory
[  369.951904][ T1064] usb usb8-port1: unable to enumerate USB device
[  370.143376][T20928] FAULT_INJECTION: forcing a failure.
[  370.143376][T20928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.156881][T20928] CPU: 0 UID: 0 PID: 20928 Comm: syz.4.6033 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  370.156911][T20928] Tainted: [W]=WARN
[  370.156918][T20928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.156956][T20928] Call Trace:
[  370.156963][T20928]  <TASK>
[  370.156970][T20928]  __dump_stack+0x1d/0x30
[  370.156991][T20928]  dump_stack_lvl+0xe8/0x140
[  370.157010][T20928]  dump_stack+0x15/0x1b
[  370.157084][T20928]  should_fail_ex+0x265/0x280
[  370.157178][T20928]  should_fail+0xb/0x20
[  370.157250][T20928]  should_fail_usercopy+0x1a/0x20
[  370.157270][T20928]  _copy_from_user+0x1c/0xb0
[  370.157331][T20928]  io_submit_one+0x52/0x11d0
[  370.157362][T20928]  __se_sys_io_submit+0xfb/0x280
[  370.157452][T20928]  __x64_sys_io_submit+0x43/0x50
[  370.157471][T20928]  x64_sys_call+0x2d5d/0x2ff0
[  370.157488][T20928]  do_syscall_64+0xd2/0x200
[  370.157509][T20928]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  370.157612][T20928]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  370.157698][T20928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.157714][T20928] RIP: 0033:0x7f3fff2eebe9
[  370.157790][T20928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.157806][T20928] RSP: 002b:00007f3ffdd57038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  370.157823][T20928] RAX: ffffffffffffffda RBX: 00007f3fff515fa0 RCX: 00007f3fff2eebe9
[  370.157843][T20928] RDX: 0000200000000100 RSI: 0000000000000001 RDI: 00007f400004e000
[  370.157853][T20928] RBP: 00007f3ffdd57090 R08: 0000000000000000 R09: 0000000000000000
[  370.157864][T20928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.157949][T20928] R13: 00007f3fff516038 R14: 00007f3fff515fa0 R15: 00007ffcb4a1c4e8
[  370.157966][T20928]  </TASK>
[  370.160297][ T2129] IPVS: stop unused estimator thread 0...
[  370.208076][T20935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6038'.
[  370.370341][T20940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6036'.
[  370.495268][T20954] netlink: 'syz.4.6043': attribute type 1 has an invalid length.
[  370.503345][T20954] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  370.525267][T20954] can0: slcan on ttyS3.
[  370.581682][T20954] can0 (unregistered): slcan off ttyS3.
[  370.685515][T20953] can0: slcan on ttyS3.
[  370.838810][T20841] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  370.848906][T20841] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  370.859957][T20841] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  370.869887][T20841] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  370.901546][T20952] can0 (unregistered): slcan off ttyS3.
[  370.921175][T20841] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.932697][T20841] 8021q: adding VLAN 0 to HW filter on device team0
[  370.942689][ T2129] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.949814][ T2129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.960556][ T5177] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.968679][ T5177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.031174][T20841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.067826][T20978] FAULT_INJECTION: forcing a failure.
[  371.067826][T20978] name failslab, interval 1, probability 0, space 0, times 0
[  371.080765][T20978] CPU: 0 UID: 0 PID: 20978 Comm: syz.2.6045 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  371.080799][T20978] Tainted: [W]=WARN
[  371.080805][T20978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  371.080817][T20978] Call Trace:
[  371.080823][T20978]  <TASK>
[  371.080831][T20978]  __dump_stack+0x1d/0x30
[  371.080926][T20978]  dump_stack_lvl+0xe8/0x140
[  371.080945][T20978]  dump_stack+0x15/0x1b
[  371.080961][T20978]  should_fail_ex+0x265/0x280
[  371.081061][T20978]  should_failslab+0x8c/0xb0
[  371.081080][T20978]  kmem_cache_alloc_noprof+0x50/0x310
[  371.081102][T20978]  ? fcntl_setlease+0x82/0x300
[  371.081121][T20978]  fcntl_setlease+0x82/0x300
[  371.081193][T20978]  ? __rcu_read_unlock+0x4f/0x70
[  371.081214][T20978]  do_fcntl+0x524/0xdf0
[  371.081241][T20978]  ? selinux_file_fcntl+0x1b4/0x1e0
[  371.081260][T20978]  __se_sys_fcntl+0xb1/0x120
[  371.081336][T20978]  __x64_sys_fcntl+0x43/0x50
[  371.081358][T20978]  x64_sys_call+0x29a0/0x2ff0
[  371.081375][T20978]  do_syscall_64+0xd2/0x200
[  371.081395][T20978]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  371.081492][T20978]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  371.081514][T20978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.081592][T20978] RIP: 0033:0x7fc7964cebe9
[  371.081606][T20978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.081623][T20978] RSP: 002b:00007fc794f2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  371.081716][T20978] RAX: ffffffffffffffda RBX: 00007fc7966f5fa0 RCX: 00007fc7964cebe9
[  371.081729][T20978] RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000004
[  371.081741][T20978] RBP: 00007fc794f2f090 R08: 0000000000000000 R09: 0000000000000000
[  371.081753][T20978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  371.081766][T20978] R13: 00007fc7966f6038 R14: 00007fc7966f5fa0 R15: 00007ffc5741c608
[  371.081784][T20978]  </TASK>
[  371.331866][T20841] veth0_vlan: entered promiscuous mode
[  371.339732][T20841] veth1_vlan: entered promiscuous mode
[  371.365207][T20841] veth0_macvtap: entered promiscuous mode
[  371.375331][T20841] veth1_macvtap: entered promiscuous mode
[  371.387633][T20841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  371.400659][T20841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  371.413590][ T5177] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.431779][ T5177] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.438669][T20993] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  371.455469][ T5177] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.459421][T20992] IPVS: stopping master sync thread 20993 ...
[  371.472137][ T5177] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  371.534708][T20996] C: renamed from team_slave_0 (while UP)
[  371.551406][T20996] netlink: 'syz.0.6002': attribute type 1 has an invalid length.
[  371.560322][T20996] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  371.586769][T20996] can0: slcan on ttyS3.
[  371.598035][T20998] netlink: 'syz.3.6051': attribute type 1 has an invalid length.
[  371.605865][T20998] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  371.636028][T21005] netlink: 'syz.2.6053': attribute type 1 has an invalid length.
[  371.644451][T20996] can0 (unregistered): slcan off ttyS3.
[  371.663465][T21005] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.681156][T21009] can0: slcan on ttyS3.
[  371.691807][T20998] loop3: detected capacity change from 0 to 512
[  371.705032][T12271] syz_tun (unregistering): left allmulticast mode
[  371.713103][T20998] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  371.730162][T21005] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.739526][T20998] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002]
[  371.747827][T20998] System zones: 1-12
[  371.753081][T21005] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  371.760571][T20998] EXT4-fs (loop3): orphan cleanup on readonly fs
[  371.766399][T21005] bond0: (slave vxcan3): Error -95 calling set_mac_address
[  371.778759][T20998] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6051: bg 0: block 361: padding at end of block bitmap is not set
[  371.802056][T20998] EXT4-fs (loop3): Remounting filesystem read-only
[  371.804261][T21017] gretap1: entered promiscuous mode
[  371.808967][T20998] EXT4-fs (loop3): 1 truncate cleaned up
[  371.815700][T21017] bond0: (slave gretap1): making interface the new active one
[  371.821791][T21020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6055'.
[  371.827775][T21017] bond0: (slave gretap1): Enslaving as an active interface with an up link
[  371.841950][T20998] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  371.848696][T21021] macvlan3: entered promiscuous mode
[  371.863121][T21021] macvlan3: entered allmulticast mode
[  371.876998][T21021] bond0: entered promiscuous mode
[  371.882895][T21021] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  371.892412][T21021] bond0: (slave macvlan3): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  371.904490][T21021] bond0: left promiscuous mode
[  371.927101][ T5177] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.939517][T21010] lo speed is unknown, defaulting to 1000
[  371.953155][T21025] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6056'.
[  372.007260][T21010] chnl_net:caif_netlink_parms(): no params data found
[  372.032464][T20997] can0 (unregistered): slcan off ttyS3.
[  372.041954][ T5177] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.077616][T21010] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.085003][T21010] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.094714][T21010] bridge_slave_0: entered allmulticast mode
[  372.109791][T21010] bridge_slave_0: entered promiscuous mode
[  372.116611][T21010] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.123895][T21010] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.131084][T21010] bridge_slave_1: entered allmulticast mode
[  372.137788][T21010] bridge_slave_1: entered promiscuous mode
[  372.144255][T11800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  372.181130][ T5177] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.214283][T21010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  372.226569][T21010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  372.243332][ T5177] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.277395][T21010] team0: Port device team_slave_0 added
[  372.285507][T21010] team0: Port device team_slave_1 added
[  372.309285][T21010] batman_adv: batadv0: Adding interface: batadv_slave_0
[  372.316459][T21010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.343299][T21010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  372.358651][T21043] lo speed is unknown, defaulting to 1000
[  372.367941][T21010] batman_adv: batadv0: Adding interface: batadv_slave_1
[  372.375049][T21010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.401659][T21010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  372.459070][T21051] loop3: detected capacity change from 0 to 512
[  372.470863][T21051] EXT4-fs: Ignoring removed i_version option
[  372.480898][ T5177] bridge_slave_1: left allmulticast mode
[  372.484353][T21051] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  372.487087][ T5177] bridge_slave_1: left promiscuous mode
[  372.500662][T21053] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6066'.
[  372.503178][ T5177] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.521642][ T5177] bridge_slave_0: left allmulticast mode
[  372.521741][ T3384] usb usb8-port1: attempt power cycle
[  372.527440][ T5177] bridge_slave_0: left promiscuous mode
[  372.539435][ T5177] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.548808][T21051] EXT4-fs (loop3): 1 truncate cleaned up
[  372.555162][T21051] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  372.644302][ T5177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  372.654793][ T5177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  372.664552][ T5177] bond0 (unregistering): Released all slaves
[  372.695735][T21010] hsr_slave_0: entered promiscuous mode
[  372.703673][T11800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.713829][T21010] hsr_slave_1: entered promiscuous mode
[  372.719836][T21010] debugfs: 'hsr0' already exists in 'hsr'
[  372.725751][T21010] Cannot create hsr debugfs directory
[  372.738428][ T5177] tipc: Left network mode
[  372.758486][T21064] loop3: detected capacity change from 0 to 1024
[  372.765237][ T5177] veth1_macvtap: left promiscuous mode
[  372.770883][ T5177] veth0_macvtap: left promiscuous mode
[  372.772558][T21064] EXT4-fs: Ignoring removed bh option
[  372.782503][ T5177] veth1_vlan: left promiscuous mode
[  372.784328][T21064] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  372.788252][ T5177] veth0_vlan: left promiscuous mode
[  372.818613][T21064] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.6068: inode #2304: comm syz.3.6068: iget: illegal inode #
[  372.847665][T21064] EXT4-fs (loop3): Remounting filesystem read-only
[  372.854271][T21064] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  372.883094][T21064] EXT4-fs (loop3): mount failed
[  372.951072][T21074] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  372.970578][T21073] IPVS: stopping master sync thread 21074 ...
[  373.129646][T21083] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6076'.
[  373.354265][T21010] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  373.365084][T21010] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  373.384746][T21010] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  373.396847][T21010] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  373.455878][T21010] 8021q: adding VLAN 0 to HW filter on device bond0
[  373.469537][T21010] 8021q: adding VLAN 0 to HW filter on device team0
[  373.485500][ T2129] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.492731][ T2129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.513345][ T2129] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.520612][ T2129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.587578][T21010] 8021q: adding VLAN 0 to HW filter on device batadv0
[  373.708209][T21010] veth0_vlan: entered promiscuous mode
[  373.716501][T21010] veth1_vlan: entered promiscuous mode
[  373.733677][T21010] veth0_macvtap: entered promiscuous mode
[  373.741360][T21010] veth1_macvtap: entered promiscuous mode
[  373.753605][T21010] batman_adv: batadv0: Interface activated: batadv_slave_0
[  373.766994][T21010] batman_adv: batadv0: Interface activated: batadv_slave_1
[  373.778088][ T5177] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  373.793662][ T5177] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  373.794631][T21125] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6083'.
[  373.813713][ T2129] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  373.831297][ T2129] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.036542][T21148] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  374.036658][T21146] IPVS: stopping master sync thread 21148 ...
[  374.073992][T21150] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.6092'.
[  374.086163][T21150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  374.095017][T21150] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  374.108666][T21152] syzkaller0: entered promiscuous mode
[  374.114408][T21152] syzkaller0: entered allmulticast mode
[  374.158574][   T29] kauditd_printk_skb: 217 callbacks suppressed
[  374.158586][   T29] audit: type=1400 audit(1755188551.779:6644): avc:  denied  { write } for  pid=21149 comm="syz.4.6092" lport=48971 faddr=fc01::1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  374.188286][   T29] audit: type=1400 audit(1755188551.779:6645): avc:  denied  { ioctl } for  pid=21149 comm="syz.4.6092" path="/dev/input/event0" dev="devtmpfs" ino=242 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  374.227407][   T29] audit: type=1400 audit(1755188551.849:6646): avc:  denied  { read write } for  pid=11800 comm="syz-executor" name="loop3" dev="devtmpfs" ino=1414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  374.253490][   T29] audit: type=1400 audit(1755188551.849:6647): avc:  denied  { open } for  pid=11800 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=1414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  374.263059][T21159] netlink: 'syz.3.6095': attribute type 4 has an invalid length.
[  374.281151][   T29] audit: type=1400 audit(1755188551.859:6648): avc:  denied  { ioctl } for  pid=11800 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=1414 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  374.337418][T21159] syzkaller0: entered promiscuous mode
[  374.343439][T21159] syzkaller0: entered allmulticast mode
[  374.350301][   T29] audit: type=1400 audit(1755188551.980:6649): avc:  denied  { relabelfrom } for  pid=21161 comm="syz.0.6097" name="NETLINK" dev="sockfs" ino=66995 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  374.377896][   T29] audit: type=1400 audit(1755188551.980:6650): avc:  denied  { relabelto } for  pid=21161 comm="syz.0.6097" name="NETLINK" dev="sockfs" ino=66995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_route_socket permissive=1
[  374.429338][   T29] audit: type=1400 audit(1755188552.050:6651): avc:  denied  { read } for  pid=21163 comm="syz.2.6098" dev="nsfs" ino=4026532396 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  374.450901][   T29] audit: type=1400 audit(1755188552.050:6652): avc:  denied  { open } for  pid=21163 comm="syz.2.6098" path="net:[4026532396]" dev="nsfs" ino=4026532396 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  374.474712][   T29] audit: type=1400 audit(1755188552.050:6653): avc:  denied  { create } for  pid=21163 comm="syz.2.6098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  374.541205][ T3384] usb usb8-port1: unable to enumerate USB device
[  374.775354][T21180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  374.785442][T21180] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.007546][T21195] loop3: detected capacity change from 0 to 512
[  375.014462][T21195] EXT4-fs: Ignoring removed mblk_io_submit option
[  375.021393][T21195] EXT4-fs: Ignoring removed bh option
[  375.027284][T21195] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  375.040035][T21195] EXT4-fs (loop3): 1 truncate cleaned up
[  375.046391][T21195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.103991][T11800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.297176][T21201] hub 8-0:1.0: USB hub found
[  375.302232][T21201] hub 8-0:1.0: 8 ports detected
[  375.662539][T21213] netlink: 'syz.2.6118': attribute type 1 has an invalid length.
[  375.666312][T21222] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  375.670917][T21213] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  375.671256][T21221] IPVS: stopping master sync thread 21222 ...
[  375.684822][T21213] can0: slcan on ttyS3.
[  375.761406][T21213] can0 (unregistered): slcan off ttyS3.
[  375.770132][T21226] can0: slcan on ttyS3.
[  375.830914][T21212] can0 (unregistered): slcan off ttyS3.
[  375.904602][T21230] $Hÿ: left promiscuous mode
[  375.909639][T21230] bond_slave_1: left promiscuous mode
[  375.947269][T21230] macvtap0: left promiscuous mode
[  375.972770][T21230] gretap1: left promiscuous mode
[  376.391153][T21234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.399805][T21234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  377.001261][T21254] netlink: 'syz.2.6134': attribute type 1 has an invalid length.
[  377.009061][T21254] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  377.026602][T21254] can0: slcan on ttyS3.
[  377.070274][T21254] can0 (unregistered): slcan off ttyS3.
[  377.081865][T21254] can0: slcan on ttyS3.
[  377.097625][T21256] TCP: TCP_TX_DELAY enabled
[  377.169725][T21253] can0 (unregistered): slcan off ttyS3.
[  377.169836][ T3384] usb usb8-port1: attempt power cycle
[  377.747584][T21303] netlink: 'syz.2.6151': attribute type 1 has an invalid length.
[  377.755400][T21303] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  377.909594][T21307] can0: slcan on ttyS3.
[  378.009567][T21295] can0 (unregistered): slcan off ttyS3.
[  378.018054][T21295] can0: slcan on ttyS3.
[  378.139347][T21294] can0 (unregistered): slcan off ttyS3.
[  378.210624][T21326] SELinux: failed to load policy
[  378.229540][T21326] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6163'.
[  378.296306][T21331] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6164'.
[  378.313078][T21330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6165'.
[  378.332868][T21330] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  378.340377][T21330] batman_adv: batadv0: Removing interface: batadv_slave_0
[  378.940453][T21350] netlink: 'syz.0.6173': attribute type 1 has an invalid length.
[  378.951427][T21350] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  378.973255][T21350] can0: slcan on ttyS3.
[  379.008817][T21350] can0 (unregistered): slcan off ttyS3.
[  379.018490][T21350] can0: slcan on ttyS3.
[  379.069145][ T3384] usb usb8-port1: unable to enumerate USB device
[  379.120921][T21349] can0 (unregistered): slcan off ttyS3.
[  379.140785][T21354] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6175'.
[  379.244931][   T29] kauditd_printk_skb: 256 callbacks suppressed
[  379.244946][   T29] audit: type=1326 audit(1755188556.872:6910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21355 comm=77DEA305FF07 exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ab646ebe9 code=0x0
[  379.313364][   T29] audit: type=1400 audit(1755188556.942:6911): avc:  denied  { allowed } for  pid=21358 comm="syz.3.6177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  379.346822][   T29] audit: type=1400 audit(1755188556.962:6912): avc:  denied  { recv } for  pid=316 comm="kworker/u8:6" saddr=10.128.0.163 src=30036 daddr=10.128.1.175 dest=45042 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  379.373207][   T29] audit: type=1400 audit(1755188556.962:6913): avc:  denied  { create } for  pid=21358 comm="syz.3.6177" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  379.394757][   T29] audit: type=1400 audit(1755188556.972:6914): avc:  denied  { map } for  pid=21358 comm="syz.3.6177" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=67456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  379.419287][   T29] audit: type=1400 audit(1755188556.972:6915): avc:  denied  { read write } for  pid=21358 comm="syz.3.6177" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=67456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  379.444349][   T29] audit: type=1326 audit(1755188556.972:6916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21355 comm="syz.0.6176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  379.468281][   T29] audit: type=1326 audit(1755188556.972:6917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21355 comm="syz.0.6176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  379.492458][   T29] audit: type=1400 audit(1755188556.972:6918): avc:  denied  { map_create } for  pid=21358 comm="syz.3.6177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  379.511833][   T29] audit: type=1400 audit(1755188556.972:6919): avc:  denied  { perfmon } for  pid=21358 comm="syz.3.6177" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  379.680590][T12511] syz_tun (unregistering): left allmulticast mode
[  379.792300][T21371] lo speed is unknown, defaulting to 1000
[  379.924964][T21371] chnl_net:caif_netlink_parms(): no params data found
[  380.272150][  T316] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.330772][T21399] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6185'.
[  380.343296][  T316] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.358344][T21371] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.365662][T21371] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.374906][T21371] bridge_slave_0: entered allmulticast mode
[  380.381519][T21371] bridge_slave_0: entered promiscuous mode
[  380.393015][T21371] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.400284][T21371] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.408744][T21371] bridge_slave_1: entered allmulticast mode
[  380.415322][T21371] bridge_slave_1: entered promiscuous mode
[  380.423233][  T316] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.434601][T21402] netlink: 'syz.1.6187': attribute type 1 has an invalid length.
[  380.443457][T21402] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  380.479367][T21401] can0: slcan on ttyS3.
[  380.480456][T21371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  380.494561][T21371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  380.509249][  T316] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.534301][T21371] team0: Port device team_slave_0 added
[  380.541702][T21371] team0: Port device team_slave_1 added
[  380.556569][T21371] batman_adv: batadv0: Adding interface: batadv_slave_0
[  380.563693][T21371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  380.589641][T21371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  380.601152][T21371] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.608374][T21371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  380.634541][T21371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.635412][T21401] can0 (unregistered): slcan off ttyS3.
[  380.681795][T21402] can0: slcan on ttyS3.
[  380.696527][  T316] bridge_slave_1: left allmulticast mode
[  380.702391][  T316] bridge_slave_1: left promiscuous mode
[  380.708316][  T316] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.716261][  T316] bridge_slave_0: left allmulticast mode
[  380.722407][  T316] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.882118][  T316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  380.892259][  T316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  380.901967][  T316] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  380.910947][  T316] bond0 (unregistering): Released all slaves
[  380.921098][T21371] hsr_slave_0: entered promiscuous mode
[  380.927375][T21371] hsr_slave_1: entered promiscuous mode
[  380.933845][T21371] debugfs: 'hsr0' already exists in 'hsr'
[  380.939854][T21371] Cannot create hsr debugfs directory
[  380.960315][  T316] tipc: Left network mode
[  380.976878][  T316] veth1_macvtap: left promiscuous mode
[  380.983447][  T316] veth0_macvtap: left promiscuous mode
[  380.989815][  T316] veth1_vlan: left promiscuous mode
[  380.995125][  T316] veth0_vlan: left promiscuous mode
[  381.000751][T21400] can0 (unregistered): slcan off ttyS3.
[  381.095726][T21422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.119685][    T9] lo speed is unknown, defaulting to 1000
[  381.125466][    T9] infiniband syz0: ib_query_port failed (-19)
[  381.126630][T21422] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.372717][T21438] SELinux: failed to load policy
[  381.410564][  T316] IPVS: stop unused estimator thread 0...
[  381.470269][T21443] netlink: 'syz.2.6204': attribute type 1 has an invalid length.
[  381.478195][T21443] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  381.496150][T21442] can0: slcan on ttyS3.
[  381.541305][T21371] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  381.550478][T21371] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  381.559585][T21371] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  381.568604][T21371] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  381.578376][T21442] can0 (unregistered): slcan off ttyS3.
[  381.587300][T21443] can0: slcan on ttyS3.
[  381.607200][T21371] 8021q: adding VLAN 0 to HW filter on device bond0
[  381.621181][T21371] 8021q: adding VLAN 0 to HW filter on device team0
[  381.631331][  T316] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.638543][  T316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  381.647646][T21441] can0 (unregistered): slcan off ttyS3.
[  381.650636][  T316] bridge0: port 2(bridge_slave_1) entered blocking state
[  381.660260][  T316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  381.677534][T21371] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  381.688103][T21371] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  381.737486][T21456] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  381.748972][T21453] IPVS: stopping master sync thread 21456 ...
[  381.798603][T21371] 8021q: adding VLAN 0 to HW filter on device batadv0
[  381.908409][T21371] veth0_vlan: entered promiscuous mode
[  381.928466][T21371] veth1_vlan: entered promiscuous mode
[  381.946672][T21371] veth0_macvtap: entered promiscuous mode
[  381.956968][T21371] veth1_macvtap: entered promiscuous mode
[  381.977052][T21371] batman_adv: batadv0: Interface activated: batadv_slave_0
[  381.990900][T21371] batman_adv: batadv0: Interface activated: batadv_slave_1
[  382.014851][ T2129] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  382.032441][ T2129] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  382.050543][ T2129] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  382.062074][ T2129] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  382.109769][T21483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.129158][T21483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.412631][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6222'.
[  382.414708][T21495] chnl_net:caif_netlink_parms(): no params data found
[  382.453542][T21511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  382.461125][T21511] batman_adv: batadv0: Removing interface: batadv_slave_0
[  382.473612][T21511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  382.481139][T21511] batman_adv: batadv0: Removing interface: batadv_slave_1
[  382.502882][T21495] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.510116][T21495] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.517793][T21495] bridge_slave_0: entered allmulticast mode
[  382.524236][T21495] bridge_slave_0: entered promiscuous mode
[  382.537942][T21495] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.545047][T21495] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.552374][T21495] bridge_slave_1: entered allmulticast mode
[  382.559907][T21495] bridge_slave_1: entered promiscuous mode
[  382.583405][T21495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  382.600808][T21495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  382.624031][T21495] team0: Port device team_slave_0 added
[  382.631245][T21495] team0: Port device team_slave_1 added
[  382.646510][T21495] batman_adv: batadv0: Adding interface: batadv_slave_0
[  382.653511][T21495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  382.679604][T21495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  382.691147][T21495] batman_adv: batadv0: Adding interface: batadv_slave_1
[  382.698212][T21495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  382.724279][T21495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  382.735783][T21523] FAULT_INJECTION: forcing a failure.
[  382.735783][T21523] name failslab, interval 1, probability 0, space 0, times 0
[  382.748498][T21523] CPU: 1 UID: 0 PID: 21523 Comm: syz.0.6226 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  382.748532][T21523] Tainted: [W]=WARN
[  382.748539][T21523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  382.748550][T21523] Call Trace:
[  382.748556][T21523]  <TASK>
[  382.748574][T21523]  __dump_stack+0x1d/0x30
[  382.748621][T21523]  dump_stack_lvl+0xe8/0x140
[  382.748636][T21523]  dump_stack+0x15/0x1b
[  382.748649][T21523]  should_fail_ex+0x265/0x280
[  382.748666][T21523]  ? sg_read+0x3ce/0xcb0
[  382.748760][T21523]  should_failslab+0x8c/0xb0
[  382.748778][T21523]  __kmalloc_cache_noprof+0x4c/0x320
[  382.748804][T21523]  ? kstrtouint+0x76/0xc0
[  382.748837][T21523]  sg_read+0x3ce/0xcb0
[  382.748874][T21523]  ? __pfx_sg_read+0x10/0x10
[  382.748888][T21523]  vfs_read+0x1a5/0x770
[  382.748899][T21523]  ? __rcu_read_unlock+0x4f/0x70
[  382.748910][T21523]  ? __fget_files+0x184/0x1c0
[  382.748925][T21523]  ksys_read+0xda/0x1a0
[  382.748968][T21523]  __x64_sys_read+0x40/0x50
[  382.748980][T21523]  x64_sys_call+0x27bc/0x2ff0
[  382.748991][T21523]  do_syscall_64+0xd2/0x200
[  382.749005][T21523]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  382.749066][T21523]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  382.749079][T21523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.749091][T21523] RIP: 0033:0x7f3ab646ebe9
[  382.749101][T21523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.749157][T21523] RSP: 002b:00007f3ab4ecf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  382.749169][T21523] RAX: ffffffffffffffda RBX: 00007f3ab6695fa0 RCX: 00007f3ab646ebe9
[  382.749236][T21523] RDX: 00000000ffffffbf RSI: 0000000000000000 RDI: 0000000000000004
[  382.749243][T21523] RBP: 00007f3ab4ecf090 R08: 0000000000000000 R09: 0000000000000000
[  382.749249][T21523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.749256][T21523] R13: 00007f3ab6696038 R14: 00007f3ab6695fa0 R15: 00007ffc00787308
[  382.749266][T21523]  </TASK>
[  382.758197][T21495] hsr_slave_0: entered promiscuous mode
[  382.969792][T21495] hsr_slave_1: entered promiscuous mode
[  382.975587][T21495] debugfs: 'hsr0' already exists in 'hsr'
[  382.981340][T21495] Cannot create hsr debugfs directory
[  383.026248][T21537] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  383.046852][T21536] IPVS: stopping master sync thread 21537 ...
[  383.089930][T21495] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.157908][T21541] netlink: 'syz.0.6233': attribute type 1 has an invalid length.
[  383.166425][T21541] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  383.184856][T21495] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.197745][T21541] can0: slcan on ttyS3.
[  383.256804][T21541] can0 (unregistered): slcan off ttyS3.
[  383.264431][T21495] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.278917][T21546] can0: slcan on ttyS3.
[  383.330594][T21495] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.393305][T21495] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  383.402962][T21495] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  383.412293][T21552] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  383.412510][T21551] IPVS: stopping master sync thread 21552 ...
[  383.423202][T21495] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  383.430661][T21540] can0 (unregistered): slcan off ttyS3.
[  383.444262][T21495] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  383.493738][T21495] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.508839][T21495] 8021q: adding VLAN 0 to HW filter on device team0
[  383.522105][  T110] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.529232][  T110] bridge0: port 1(bridge_slave_0) entered forwarding state
[  383.547017][  T110] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.554482][  T110] bridge0: port 2(bridge_slave_1) entered forwarding state
[  383.580516][T21495] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  383.591098][T21495] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  383.669818][T21495] 8021q: adding VLAN 0 to HW filter on device batadv0
[  383.845704][T21495] veth0_vlan: entered promiscuous mode
[  383.898130][T21495] veth1_vlan: entered promiscuous mode
[  383.914900][T21495] veth0_macvtap: entered promiscuous mode
[  383.923423][T21495] veth1_macvtap: entered promiscuous mode
[  383.939954][T21495] batman_adv: batadv0: Interface activated: batadv_slave_0
[  383.953840][T21495] batman_adv: batadv0: Interface activated: batadv_slave_1
[  383.965828][ T2129] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  383.975889][ T2129] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  383.994445][ T2129] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.026166][ T2129] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  384.077557][T21596] C: renamed from team_slave_0 (while UP)
[  384.085111][T21596] netlink: 'syz.4.6248': attribute type 1 has an invalid length.
[  384.097678][T21596] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  384.125344][T21596] can0: slcan on ttyS3.
[  384.128129][T21606] netlink: 'syz.1.6251': attribute type 64 has an invalid length.
[  384.137835][T21607] IPVS: stopping master sync thread 21608 ...
[  384.144049][T21608] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  384.206222][T21596] can0 (unregistered): slcan off ttyS3.
[  384.214748][T21612] can0: slcan on ttyS3.
[  384.265877][   T29] kauditd_printk_skb: 307 callbacks suppressed
[  384.265937][   T29] audit: type=1400 audit(1755189073.889:7227): avc:  denied  { read write } for  pid=21371 comm="syz-executor" name="loop3" dev="devtmpfs" ino=1414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  384.296524][   T29] audit: type=1400 audit(1755189073.889:7228): avc:  denied  { open } for  pid=21371 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=1414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  384.328589][   T29] audit: type=1400 audit(1755189073.929:7229): avc:  denied  { ioctl } for  pid=21371 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=1414 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  384.333198][T21617] syzkaller0: entered promiscuous mode
[  384.353719][   T29] audit: type=1400 audit(1755189073.959:7230): avc:  denied  { create } for  pid=21618 comm="syz.3.6256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  384.356274][   T29] audit: type=1400 audit(1755189073.959:7231): avc:  denied  { create } for  pid=21618 comm="syz.3.6256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  384.359467][T21617] syzkaller0: entered allmulticast mode
[  384.379089][   T29] audit: type=1400 audit(1755189073.959:7232): avc:  denied  { ioctl } for  pid=21616 comm="syz.0.6255" path="socket:[68594]" dev="sockfs" ino=68594 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  384.436048][T21595] can0 (unregistered): slcan off ttyS3.
[  384.446914][   T29] audit: type=1400 audit(1755189074.069:7233): avc:  denied  { ioctl } for  pid=21618 comm="syz.3.6256" path="socket:[68595]" dev="sockfs" ino=68595 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  384.481098][T21623] loop3: detected capacity change from 0 to 512
[  384.488014][   T29] audit: type=1400 audit(1755189074.109:7234): avc:  denied  { create } for  pid=21618 comm="syz.3.6256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  384.507848][   T29] audit: type=1400 audit(1755189074.109:7235): avc:  denied  { setopt } for  pid=21618 comm="syz.3.6256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  384.528240][T21623] EXT4-fs: Ignoring removed mblk_io_submit option
[  384.536227][T21623] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  384.596258][T21623] EXT4-fs (loop3): 1 truncate cleaned up
[  384.613866][T21623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  384.626265][   T29] audit: type=1400 audit(1755189074.239:7236): avc:  denied  { read write } for  pid=21630 comm="syz.4.6260" name="uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  384.688827][T21642] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  384.696292][T21641] IPVS: stopping master sync thread 21642 ...
[  384.917402][T21654] netlink: 'syz.1.6268': attribute type 1 has an invalid length.
[  384.926565][T21654] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  384.944308][T21654] can0: slcan on ttyS3.
[  384.996088][T21654] can0 (unregistered): slcan off ttyS3.
[  385.004047][T21663] can0: slcan on ttyS3.
[  385.076480][T21653] can0 (unregistered): slcan off ttyS3.
[  385.198712][T21668] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  385.268250][T21667] tipc: Resetting bearer <eth:syzkaller0>
[  385.286437][T21667] tipc: Disabling bearer <eth:syzkaller0>
[  385.785189][T21685] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6277'.
[  386.357106][T21687] FAULT_INJECTION: forcing a failure.
[  386.357106][T21687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.357158][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.370605][T21687] CPU: 1 UID: 0 PID: 21687 Comm: syz.1.6278 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  386.370675][T21687] Tainted: [W]=WARN
[  386.370682][T21687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  386.370695][T21687] Call Trace:
[  386.370701][T21687]  <TASK>
[  386.370710][T21687]  __dump_stack+0x1d/0x30
[  386.370755][T21687]  dump_stack_lvl+0xe8/0x140
[  386.370774][T21687]  dump_stack+0x15/0x1b
[  386.370789][T21687]  should_fail_ex+0x265/0x280
[  386.370810][T21687]  should_fail+0xb/0x20
[  386.370826][T21687]  should_fail_usercopy+0x1a/0x20
[  386.370914][T21687]  _copy_to_user+0x20/0xa0
[  386.370940][T21687]  simple_read_from_buffer+0xb5/0x130
[  386.370962][T21687]  proc_fail_nth_read+0x10e/0x150
[  386.371146][T21687]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  386.371169][T21687]  vfs_read+0x1a5/0x770
[  386.371189][T21687]  ? __fput+0x555/0x650
[  386.371214][T21687]  ? __rcu_read_unlock+0x4f/0x70
[  386.371296][T21687]  ? __fget_files+0x184/0x1c0
[  386.371320][T21687]  ksys_read+0xda/0x1a0
[  386.371341][T21687]  __x64_sys_read+0x40/0x50
[  386.371371][T21687]  x64_sys_call+0x27bc/0x2ff0
[  386.371447][T21687]  do_syscall_64+0xd2/0x200
[  386.371526][T21687]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  386.371570][T21687]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  386.371659][T21687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.371744][T21687] RIP: 0033:0x7f71473dd5fc
[  386.371760][T21687] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  386.371777][T21687] RSP: 002b:00007f7145e3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  386.371874][T21687] RAX: ffffffffffffffda RBX: 00007f7147605fa0 RCX: 00007f71473dd5fc
[  386.371887][T21687] RDX: 000000000000000f RSI: 00007f7145e3f0a0 RDI: 0000000000000004
[  386.371899][T21687] RBP: 00007f7145e3f090 R08: 0000000000000000 R09: 0000000000000000
[  386.371923][T21687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.371935][T21687] R13: 00007f7147606038 R14: 00007f7147605fa0 R15: 00007ffec819a1e8
[  386.371952][T21687]  </TASK>
[  386.651795][T21701] loop3: detected capacity change from 0 to 512
[  386.658740][T21701] EXT4-fs: Ignoring removed mblk_io_submit option
[  386.679273][T21701] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  386.713510][T21708] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6286'.
[  386.735341][T21701] EXT4-fs (loop3): 1 truncate cleaned up
[  386.741408][T21701] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  386.766794][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.856408][T21721] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  386.868022][T21718] IPVS: stopping master sync thread 21721 ...
[  386.991164][   T36] usb usb8-port1: attempt power cycle
[  387.018016][T21744] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6300'.
[  387.032142][T21744] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  387.039722][T21744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  387.066305][T21744] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  387.073901][T21744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  387.259340][T21763] netlink: 'syz.1.6306': attribute type 1 has an invalid length.
[  387.284436][T21763] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  387.332216][T21767] netlink: 'syz.3.6304': attribute type 21 has an invalid length.
[  387.433761][T21778] loop3: detected capacity change from 0 to 512
[  387.440898][T21778] EXT4-fs: Ignoring removed mblk_io_submit option
[  387.447976][T21778] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  387.460978][T21778] EXT4-fs (loop3): 1 truncate cleaned up
[  387.467655][T21778] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  387.494772][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.589226][T21789] C: renamed from team_slave_0 (while UP)
[  387.603701][T21789] netlink: 'syz.3.6312': attribute type 1 has an invalid length.
[  387.612947][T21789] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  387.636676][T21789] can0: slcan on ttyS3.
[  387.694492][T21784] can0 (unregistered): slcan off ttyS3.
[  387.718887][T21784] can0: slcan on ttyS3.
[  387.737061][T21784] loop3: detected capacity change from 0 to 512
[  388.003895][T21784] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  388.041919][T21784] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002]
[  388.050161][T21784] System zones: 1-12
[  388.055957][T21784] EXT4-fs (loop3): orphan cleanup on readonly fs
[  388.063338][T21784] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6312: bg 0: block 361: padding at end of block bitmap is not set
[  388.079309][T21784] EXT4-fs (loop3): Remounting filesystem read-only
[  388.086680][T21784] EXT4-fs (loop3): 1 truncate cleaned up
[  388.093073][T21784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  388.255332][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  388.403829][T21814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.416359][T21817] loop3: detected capacity change from 0 to 512
[  388.445597][T21814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.454055][T21817] EXT4-fs: Ignoring removed mblk_io_submit option
[  388.465708][T21817] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  388.505331][T21817] EXT4-fs (loop3): 1 truncate cleaned up
[  388.511480][T21817] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  388.547073][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.643959][T21787] can0 (unregistered): slcan off ttyS3.
[  388.816392][T21831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6328'.
[  388.825371][T21831] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  388.832994][T21831] batman_adv: batadv0: Removing interface: batadv_slave_0
[  388.844075][   T36] usb usb8-port1: unable to enumerate USB device
[  389.020472][T21854] tipc: Started in network mode
[  389.025560][T21854] tipc: Node identity 3a7624e53d93, cluster identity 4711
[  389.032974][T21854] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  389.044305][T21853] tipc: Resetting bearer <eth:syzkaller0>
[  389.060022][T21853] tipc: Disabling bearer <eth:syzkaller0>
[  389.239026][T21875] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  389.254336][T21874] IPVS: stopping master sync thread 21875 ...
[  389.308402][T21887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  389.314581][T21889] FAULT_INJECTION: forcing a failure.
[  389.314581][T21889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.317559][T21887] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.330479][T21889] CPU: 1 UID: 0 PID: 21889 Comm: syz.2.6347 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  389.330587][T21889] Tainted: [W]=WARN
[  389.330594][T21889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  389.330606][T21889] Call Trace:
[  389.330615][T21889]  <TASK>
[  389.330625][T21889]  __dump_stack+0x1d/0x30
[  389.330654][T21889]  dump_stack_lvl+0xe8/0x140
[  389.330673][T21889]  dump_stack+0x15/0x1b
[  389.330689][T21889]  should_fail_ex+0x265/0x280
[  389.330709][T21889]  should_fail+0xb/0x20
[  389.330726][T21889]  should_fail_usercopy+0x1a/0x20
[  389.330807][T21889]  strncpy_from_user+0x25/0x230
[  389.330833][T21889]  ? _parse_integer_limit+0x170/0x190
[  389.330973][T21889]  ? copy_from_kernel_nofault_allowed+0x62/0xc0
[  389.331080][T21889]  strncpy_from_user_nofault+0x68/0xf0
[  389.331102][T21889]  bpf_probe_read_user_str+0x2a/0x70
[  389.331184][T21889]  bpf_prog_b1bc9f7c1f89903c+0x41/0x47
[  389.331202][T21889]  bpf_trace_run3+0x10c/0x1d0
[  389.331223][T21889]  ? refill_obj_stock+0x254/0x2e0
[  389.331252][T21889]  ? __dentry_kill+0x3d1/0x4b0
[  389.331276][T21889]  ? _atomic_dec_and_lock+0x6d/0xd0
[  389.331346][T21889]  ? __dentry_kill+0x3d1/0x4b0
[  389.331383][T21889]  __traceiter_kmem_cache_free+0x35/0x60
[  389.331406][T21889]  ? __dentry_kill+0x3d1/0x4b0
[  389.331427][T21889]  kmem_cache_free+0x257/0x300
[  389.331455][T21889]  __dentry_kill+0x3d1/0x4b0
[  389.331546][T21889]  ? lock_for_kill+0x61/0x140
[  389.331569][T21889]  dput+0x5e/0xd0
[  389.331632][T21889]  __fput+0x444/0x650
[  389.331726][T21889]  fput_close_sync+0x6e/0x120
[  389.331754][T21889]  __x64_sys_close+0x56/0xf0
[  389.331770][T21889]  x64_sys_call+0x2738/0x2ff0
[  389.331790][T21889]  do_syscall_64+0xd2/0x200
[  389.331814][T21889]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  389.331876][T21889]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  389.331896][T21889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.331928][T21889] RIP: 0033:0x7f64668aebe9
[  389.331944][T21889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.331960][T21889] RSP: 002b:00007f646530f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  389.331979][T21889] RAX: ffffffffffffffda RBX: 00007f6466ad5fa0 RCX: 00007f64668aebe9
[  389.332059][T21889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  389.332071][T21889] RBP: 00007f646530f090 R08: 0000000000000000 R09: 0000000000000000
[  389.332083][T21889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.332095][T21889] R13: 00007f6466ad6038 R14: 00007f6466ad5fa0 R15: 00007ffd99ecca58
[  389.332114][T21889]  </TASK>
[  389.670401][T21899] loop3: detected capacity change from 0 to 512
[  389.674715][T21904] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  389.677559][T21899] EXT4-fs: Ignoring removed i_version option
[  389.688331][T21903] IPVS: stopping master sync thread 21904 ...
[  389.694582][T21899] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  389.715567][   T29] kauditd_printk_skb: 85 callbacks suppressed
[  389.715582][   T29] audit: type=1400 audit(1755189847.349:7322): avc:  denied  { create } for  pid=21906 comm="syz.0.6355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  389.756817][   T29] audit: type=1400 audit(1755189847.379:7323): avc:  denied  { bind } for  pid=21906 comm="syz.0.6355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  389.776811][   T29] audit: type=1400 audit(1755189847.379:7324): avc:  denied  { listen } for  pid=21906 comm="syz.0.6355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  389.807105][T21899] EXT4-fs (loop3): 1 truncate cleaned up
[  389.813649][T21899] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  389.828190][T21916] syzkaller0: entered promiscuous mode
[  389.834411][T21916] syzkaller0: entered allmulticast mode
[  389.889581][   T29] audit: type=1400 audit(1755190103.520:7325): avc:  denied  { mounton } for  pid=21898 comm="syz.3.6353" path="/19/bus/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  389.918877][   T29] audit: type=1400 audit(1755190103.550:7326): avc:  denied  { create } for  pid=21925 comm="syz.2.6360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  389.940871][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  389.949202][   T29] audit: type=1400 audit(1755190103.550:7327): avc:  denied  { bind } for  pid=21925 comm="syz.2.6360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  389.969850][   T29] audit: type=1400 audit(1755190103.550:7328): avc:  denied  { write } for  pid=21925 comm="syz.2.6360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  389.996748][   T29] audit: type=1400 audit(1755190103.631:7329): avc:  denied  { read } for  pid=21928 comm="syz.0.6362" name="event2" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  390.020418][   T29] audit: type=1400 audit(1755190103.631:7330): avc:  denied  { open } for  pid=21928 comm="syz.0.6362" path="/dev/input/event2" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  390.201751][T21958] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  390.201830][T21957] IPVS: stopping master sync thread 21958 ...
[  390.344492][T21979] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6380'.
[  390.384658][T21988] loop3: detected capacity change from 0 to 512
[  390.392531][T21988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  390.408152][T21988] EXT4-fs (loop3): 1 truncate cleaned up
[  390.415183][T21988] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  390.429955][T21992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.446439][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.446516][T21992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.742575][T22025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6395'.
[  390.818806][T22026] hub 8-0:1.0: USB hub found
[  390.823644][T22026] hub 8-0:1.0: 8 ports detected
[  391.391026][T22056] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6406'.
[  391.527156][T22062] netlink: 'syz.1.6409': attribute type 1 has an invalid length.
[  391.544014][T22062] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  391.563396][T22062] can0: slcan on ttyS3.
[  391.622933][T22062] can0 (unregistered): slcan off ttyS3.
[  391.633416][T22073] can0: slcan on ttyS3.
[  391.732653][T22060] can0 (unregistered): slcan off ttyS3.
[  392.170943][T22088] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6420'.
[  392.782586][   T36] usb usb8-port1: attempt power cycle
[  392.955760][T22115] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6431'.
[  393.748755][T22133] loop3: detected capacity change from 0 to 512
[  393.756005][T22133] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  393.769698][T22133] EXT4-fs (loop3): 1 truncate cleaned up
[  393.776192][T22133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.854364][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.872031][   T29] audit: type=1326 audit(1755191643.516:7331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22136 comm="syz.3.6440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6835febe9 code=0x7ffc0000
[  393.902485][T22139] loop3: detected capacity change from 0 to 512
[  393.910657][T22139] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  393.939388][T22139] EXT4-fs (loop3): 1 truncate cleaned up
[  393.949606][T22139] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.985364][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6442'.
[  394.079070][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.123139][T22159] loop3: detected capacity change from 0 to 512
[  394.130242][T22159] EXT4-fs: Ignoring removed mblk_io_submit option
[  394.137670][T22159] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  394.149870][T22159] EXT4-fs (loop3): 1 truncate cleaned up
[  394.156168][T22159] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  394.181672][T22166] FAULT_INJECTION: forcing a failure.
[  394.181672][T22166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  394.195024][T22166] CPU: 0 UID: 0 PID: 22166 Comm: syz.1.6453 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  394.195056][T22166] Tainted: [W]=WARN
[  394.195063][T22166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  394.195076][T22166] Call Trace:
[  394.195083][T22166]  <TASK>
[  394.195092][T22166]  __dump_stack+0x1d/0x30
[  394.195178][T22166]  dump_stack_lvl+0xe8/0x140
[  394.195193][T22166]  dump_stack+0x15/0x1b
[  394.195208][T22166]  should_fail_ex+0x265/0x280
[  394.195230][T22166]  should_fail+0xb/0x20
[  394.195274][T22166]  should_fail_usercopy+0x1a/0x20
[  394.195306][T22166]  _copy_to_user+0x20/0xa0
[  394.195358][T22166]  simple_read_from_buffer+0xb5/0x130
[  394.195434][T22166]  proc_fail_nth_read+0x10e/0x150
[  394.195458][T22166]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  394.195484][T22166]  vfs_read+0x1a5/0x770
[  394.195504][T22166]  ? __rcu_read_unlock+0x4f/0x70
[  394.195561][T22166]  ? __fget_files+0x184/0x1c0
[  394.195632][T22166]  ksys_read+0xda/0x1a0
[  394.195649][T22166]  __x64_sys_read+0x40/0x50
[  394.195668][T22166]  x64_sys_call+0x27bc/0x2ff0
[  394.195690][T22166]  do_syscall_64+0xd2/0x200
[  394.195780][T22166]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  394.195802][T22166]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  394.195824][T22166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.195906][T22166] RIP: 0033:0x7f71473dd5fc
[  394.195921][T22166] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  394.195938][T22166] RSP: 002b:00007f7145e3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  394.195958][T22166] RAX: ffffffffffffffda RBX: 00007f7147605fa0 RCX: 00007f71473dd5fc
[  394.195969][T22166] RDX: 000000000000000f RSI: 00007f7145e3f0a0 RDI: 0000000000000004
[  394.195980][T22166] RBP: 00007f7145e3f090 R08: 0000000000000000 R09: 0000000000000000
[  394.195993][T22166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  394.196018][T22166] R13: 00007f7147606038 R14: 00007f7147605fa0 R15: 00007ffec819a1e8
[  394.196109][T22166]  </TASK>
[  394.691118][   T36] usb usb8-port1: unable to enumerate USB device
[  395.289353][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.316935][T22187] loop3: detected capacity change from 0 to 1024
[  395.324243][T22187] EXT4-fs: Ignoring removed bh option
[  395.330163][T22187] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  395.353898][T22187] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.6461: inode #2304: comm syz.3.6461: iget: illegal inode #
[  395.367353][T22187] EXT4-fs (loop3): Remounting filesystem read-only
[  395.374041][T22187] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  395.404553][T22187] EXT4-fs (loop3): mount failed
[  395.496107][T22198] syzkaller0: entered promiscuous mode
[  395.501951][T22198] syzkaller0: entered allmulticast mode
[  395.668443][T22210] loop3: detected capacity change from 0 to 512
[  395.691257][T22210] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  395.725648][T22210] EXT4-fs (loop3): 1 truncate cleaned up
[  395.732550][T22210] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.784423][   T29] kauditd_printk_skb: 88 callbacks suppressed
[  395.784437][   T29] audit: type=1400 audit(1755191901.426:7420): avc:  denied  { ioctl } for  pid=22216 comm="syz.2.6473" path="socket:[71099]" dev="sockfs" ino=71099 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  395.855243][T22217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6473'.
[  395.867855][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.883739][T22217] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.899871][T22217] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.910377][   T29] audit: type=1326 audit(1755191901.546:7421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  395.934726][   T29] audit: type=1326 audit(1755191901.556:7422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  395.974999][   T29] audit: type=1326 audit(1755191901.596:7423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  395.998648][   T29] audit: type=1326 audit(1755191901.596:7424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  396.022598][   T29] audit: type=1326 audit(1755191901.596:7425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  396.046501][   T29] audit: type=1326 audit(1755191901.606:7426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  396.070450][   T29] audit: type=1326 audit(1755191901.606:7427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  396.095069][   T29] audit: type=1326 audit(1755191901.606:7428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22211 comm="syz.0.6471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f3ab646ebe9 code=0x7ffc0000
[  396.118674][   T29] audit: type=1400 audit(1755191901.606:7429): avc:  denied  { shutdown } for  pid=22211 comm="syz.0.6471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  396.147659][T22220] loop3: detected capacity change from 0 to 512
[  396.157720][T22220] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  396.171304][T22220] EXT4-fs (loop3): 1 truncate cleaned up
[  396.177309][T22220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  396.204142][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.326003][T22233] netlink: 152 bytes leftover after parsing attributes in process `syz.4.6479'.
[  396.789619][T22261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6489'.
[  396.842573][T22261] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  396.892879][T22261] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.074006][T22279] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6496'.
[  397.122015][T22283] FAULT_INJECTION: forcing a failure.
[  397.122015][T22283] name failslab, interval 1, probability 0, space 0, times 0
[  397.134899][T22283] CPU: 1 UID: 0 PID: 22283 Comm: syz.2.6493 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  397.134932][T22283] Tainted: [W]=WARN
[  397.134939][T22283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  397.135016][T22283] Call Trace:
[  397.135023][T22283]  <TASK>
[  397.135032][T22283]  __dump_stack+0x1d/0x30
[  397.135054][T22283]  dump_stack_lvl+0xe8/0x140
[  397.135071][T22283]  dump_stack+0x15/0x1b
[  397.135127][T22283]  should_fail_ex+0x265/0x280
[  397.135148][T22283]  should_failslab+0x8c/0xb0
[  397.135245][T22283]  kmem_cache_alloc_node_noprof+0x57/0x320
[  397.135274][T22283]  ? __alloc_skb+0x101/0x320
[  397.135302][T22283]  __alloc_skb+0x101/0x320
[  397.135398][T22283]  tipc_buf_acquire+0x2c/0xb0
[  397.135429][T22283]  tipc_named_withdraw+0x13b/0x360
[  397.135450][T22283]  tipc_nametbl_withdraw+0x114/0x200
[  397.135498][T22283]  tipc_sk_withdraw+0x1ca/0x2e0
[  397.135590][T22283]  tipc_sk_bind+0x175/0x1b0
[  397.135644][T22283]  tipc_bind+0x5e/0x190
[  397.135666][T22283]  __sys_bind+0x1ce/0x2a0
[  397.135696][T22283]  __x64_sys_bind+0x3f/0x50
[  397.135754][T22283]  x64_sys_call+0x2b6e/0x2ff0
[  397.135781][T22283]  do_syscall_64+0xd2/0x200
[  397.135805][T22283]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  397.135906][T22283]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  397.135996][T22283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.136013][T22283] RIP: 0033:0x7f64668aebe9
[  397.136029][T22283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.136069][T22283] RSP: 002b:00007f646530f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  397.136088][T22283] RAX: ffffffffffffffda RBX: 00007f6466ad5fa0 RCX: 00007f64668aebe9
[  397.136100][T22283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  397.136114][T22283] RBP: 00007f646530f090 R08: 0000000000000000 R09: 0000000000000000
[  397.136147][T22283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.136159][T22283] R13: 00007f6466ad6038 R14: 00007f6466ad5fa0 R15: 00007ffd99ecca58
[  397.136178][T22283]  </TASK>
[  397.136186][T22283] tipc: Withdrawal distribution failure
[  397.394886][T22298] loop0: detected capacity change from 0 to 512
[  397.403656][T22298] EXT4-fs: Ignoring removed i_version option
[  397.417051][T22298] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  397.428967][T22298] EXT4-fs (loop0): 1 truncate cleaned up
[  397.436677][T22298] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  397.491565][T20841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.504679][T22302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6505'.
[  397.515773][T22313] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  397.533837][T22313] syzkaller0: entered promiscuous mode
[  397.539411][T22313] syzkaller0: entered allmulticast mode
[  398.688158][T22351] tipc: Started in network mode
[  398.693107][T22351] tipc: Node identity be370b84d4c7, cluster identity 4711
[  398.700562][T22351] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  398.732951][T22350] tipc: Disabling bearer <eth:syzkaller0>
[  398.865597][T22363] macvlan1: entered promiscuous mode
[  398.942273][T22363] ipvlan0: entered promiscuous mode
[  398.987816][T22363] ipvlan0: left promiscuous mode
[  399.007526][T22363] macvlan1: left promiscuous mode
[  399.053410][T22375] loop3: detected capacity change from 0 to 2048
[  399.060393][T22381] IPVS: stopping master sync thread 22382 ...
[  399.087741][T22375] Alternate GPT is invalid, using primary GPT.
[  399.094246][T22375]  loop3: p2 p3 p7
[  399.153431][T22390] tipc: Started in network mode
[  399.158488][T22390] tipc: Node identity 7e86d81c9ef4, cluster identity 4711
[  399.165741][T22390] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  399.174935][T22389] tipc: Disabling bearer <eth:syzkaller0>
[  399.329680][T22404] loop3: detected capacity change from 0 to 512
[  399.355524][T22404] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  399.374604][T22404] EXT4-fs (loop3): 1 truncate cleaned up
[  399.389580][T22404] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  399.407188][T22415] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  399.418318][T22414] IPVS: stopping master sync thread 22415 ...
[  399.455916][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.475185][T22421] loop3: detected capacity change from 0 to 512
[  399.481851][T22421] EXT4-fs: Ignoring removed mblk_io_submit option
[  399.489342][T22421] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  399.501188][T22421] EXT4-fs (loop3): 1 truncate cleaned up
[  399.503760][T22423] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  399.507361][T22421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  399.526874][T22422] tipc: Disabling bearer <eth:syzkaller0>
[  399.541765][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.663262][T22443] loop3: detected capacity change from 0 to 512
[  399.677629][T22443] EXT4-fs: Ignoring removed i_version option
[  399.684443][T22443] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  399.696968][T22443] EXT4-fs (loop3): 1 truncate cleaned up
[  399.703473][T22443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  399.741262][T22445] C: renamed from team_slave_0 (while UP)
[  399.749114][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.749669][T22445] netlink: 'syz.2.6558': attribute type 1 has an invalid length.
[  399.767764][T22445] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  399.796139][T22445] can0: slcan on ttyS3.
[  399.852890][T22454] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6562'.
[  399.861960][T22445] can0 (unregistered): slcan off ttyS3.
[  399.871357][T22455] can0: slcan on ttyS3.
[  399.940307][T22444] can0 (unregistered): slcan off ttyS3.
[  400.194990][T22481] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6571'.
[  400.292069][T22487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6574'.
[  400.818097][ T3384] usb usb8-port1: attempt power cycle
[  400.919295][T22496] FAULT_INJECTION: forcing a failure.
[  400.919295][T22496] name failslab, interval 1, probability 0, space 0, times 0
[  400.932150][T22496] CPU: 0 UID: 0 PID: 22496 Comm: syz.1.6578 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  400.932194][T22496] Tainted: [W]=WARN
[  400.932199][T22496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  400.932209][T22496] Call Trace:
[  400.932216][T22496]  <TASK>
[  400.932223][T22496]  __dump_stack+0x1d/0x30
[  400.932241][T22496]  dump_stack_lvl+0xe8/0x140
[  400.932259][T22496]  dump_stack+0x15/0x1b
[  400.932275][T22496]  should_fail_ex+0x265/0x280
[  400.932363][T22496]  should_failslab+0x8c/0xb0
[  400.932387][T22496]  kmem_cache_alloc_node_noprof+0x57/0x320
[  400.932416][T22496]  ? __alloc_skb+0x101/0x320
[  400.932462][T22496]  __alloc_skb+0x101/0x320
[  400.932492][T22496]  netlink_alloc_large_skb+0xba/0xf0
[  400.932523][T22496]  netlink_sendmsg+0x3cf/0x6b0
[  400.932577][T22496]  ? __pfx_netlink_sendmsg+0x10/0x10
[  400.932598][T22496]  __sock_sendmsg+0x145/0x180
[  400.932624][T22496]  ____sys_sendmsg+0x31e/0x4e0
[  400.932647][T22496]  ___sys_sendmsg+0x17b/0x1d0
[  400.932745][T22496]  __x64_sys_sendmsg+0xd4/0x160
[  400.932765][T22496]  x64_sys_call+0x191e/0x2ff0
[  400.932782][T22496]  do_syscall_64+0xd2/0x200
[  400.932805][T22496]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  400.932884][T22496]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  400.932903][T22496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.932924][T22496] RIP: 0033:0x7f71473debe9
[  400.932957][T22496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.933045][T22496] RSP: 002b:00007f7145e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  400.933065][T22496] RAX: ffffffffffffffda RBX: 00007f7147605fa0 RCX: 00007f71473debe9
[  400.933122][T22496] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  400.933132][T22496] RBP: 00007f7145e3f090 R08: 0000000000000000 R09: 0000000000000000
[  400.933143][T22496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.933153][T22496] R13: 00007f7147606038 R14: 00007f7147605fa0 R15: 00007ffec819a1e8
[  400.933170][T22496]  </TASK>
[  401.158140][   T29] kauditd_printk_skb: 129 callbacks suppressed
[  401.158168][   T29] audit: type=1326 audit(1755192930.795:7559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.187904][   T29] audit: type=1326 audit(1755192930.795:7560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.211621][   T29] audit: type=1326 audit(1755192930.795:7561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.235328][   T29] audit: type=1326 audit(1755192930.795:7562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.258946][   T29] audit: type=1326 audit(1755192930.795:7563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.282683][   T29] audit: type=1326 audit(1755192930.795:7564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.306476][   T29] audit: type=1326 audit(1755192930.795:7565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.330415][   T29] audit: type=1326 audit(1755192930.795:7566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.354010][   T29] audit: type=1326 audit(1755192930.795:7567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.377504][   T29] audit: type=1326 audit(1755192930.795:7568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22498 comm="syz.2.6579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64668aebe9 code=0x7ffc0000
[  401.451517][T22510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6583'.
[  401.538001][T22518] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  401.550687][T22517] IPVS: stopping master sync thread 22518 ...
[  401.764962][T22536] loop3: detected capacity change from 0 to 512
[  401.773188][T22536] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  401.794095][T22536] EXT4-fs (loop3): 1 truncate cleaned up
[  401.800408][T22536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  401.838375][T22540] FAULT_INJECTION: forcing a failure.
[  401.838375][T22540] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.851554][T22540] CPU: 0 UID: 0 PID: 22540 Comm: syz.4.6594 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  401.851620][T22540] Tainted: [W]=WARN
[  401.851627][T22540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  401.851639][T22540] Call Trace:
[  401.851691][T22540]  <TASK>
[  401.851699][T22540]  __dump_stack+0x1d/0x30
[  401.851719][T22540]  dump_stack_lvl+0xe8/0x140
[  401.851734][T22540]  dump_stack+0x15/0x1b
[  401.851748][T22540]  should_fail_ex+0x265/0x280
[  401.851851][T22540]  should_fail+0xb/0x20
[  401.851869][T22540]  should_fail_usercopy+0x1a/0x20
[  401.851891][T22540]  _copy_from_user+0x1c/0xb0
[  401.851918][T22540]  tls_setsockopt+0x3ec/0xce0
[  401.851978][T22540]  sock_common_setsockopt+0x69/0x80
[  401.852006][T22540]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  401.852089][T22540]  __sys_setsockopt+0x184/0x200
[  401.852109][T22540]  __x64_sys_setsockopt+0x64/0x80
[  401.852129][T22540]  x64_sys_call+0x20ec/0x2ff0
[  401.852150][T22540]  do_syscall_64+0xd2/0x200
[  401.852197][T22540]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  401.852271][T22540]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  401.852295][T22540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.852317][T22540] RIP: 0033:0x7f5a0e4febe9
[  401.852333][T22540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.852349][T22540] RSP: 002b:00007f5a0cf5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  401.852415][T22540] RAX: ffffffffffffffda RBX: 00007f5a0e725fa0 RCX: 00007f5a0e4febe9
[  401.852429][T22540] RDX: 0000000000000001 RSI: 000000000000011a RDI: 0000000000000003
[  401.852441][T22540] RBP: 00007f5a0cf5f090 R08: 0000000000000028 R09: 0000000000000000
[  401.852454][T22540] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  401.852467][T22540] R13: 00007f5a0e726038 R14: 00007f5a0e725fa0 R15: 00007fff8c0b9958
[  401.852486][T22540]  </TASK>
[  402.087070][T22542] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6595'.
[  402.172814][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.216610][T22547] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  402.228764][T22546] IPVS: stopping master sync thread 22547 ...
[  402.271011][T22551] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6599'.
[  402.524807][T22569] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6603'.
[  403.176840][ T3384] usb usb8-port1: unable to enumerate USB device
[  403.343119][T22594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6613'.
[  403.396532][T22594] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  403.403995][T22594] batman_adv: batadv0: Removing interface: batadv_slave_0
[  403.470987][T22603] loop3: detected capacity change from 0 to 1024
[  403.483473][T22603] EXT4-fs: Ignoring removed bh option
[  403.490325][T22603] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  403.500770][T22605] loop0: detected capacity change from 0 to 512
[  403.509683][T22605] EXT4-fs: Ignoring removed mblk_io_submit option
[  403.517095][T22605] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  403.529586][T22603] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.6616: inode #2304: comm syz.3.6616: iget: illegal inode #
[  403.550898][T22603] EXT4-fs (loop3): Remounting filesystem read-only
[  403.556009][T22605] EXT4-fs (loop0): 1 truncate cleaned up
[  403.557568][T22603] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  403.579165][T22605] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  403.622349][T20841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.648818][T22603] EXT4-fs (loop3): mount failed
[  403.792635][T22622] loop3: detected capacity change from 0 to 128
[  404.574163][T22644] loop0: detected capacity change from 0 to 512
[  404.597961][T22644] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  404.676016][T22644] EXT4-fs (loop0): 1 truncate cleaned up
[  404.682085][T22644] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  404.862852][T22657] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6633'.
[  404.881753][T20841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.101994][T22675] loop3: detected capacity change from 0 to 512
[  405.109450][T22675] EXT4-fs: Ignoring removed mblk_io_submit option
[  405.118527][T22675] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  405.136324][T22675] EXT4-fs (loop3): 1 truncate cleaned up
[  405.142426][T22675] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  405.651971][T22705] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6650'.
[  405.682266][T22714] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  405.693049][T22713] tipc: Disabling bearer <eth:syzkaller0>
[  405.799156][   T41] ==================================================================
[  405.807500][   T41] BUG: KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
[  405.816975][   T41] 
[  405.819353][   T41] write to 0xffff88811a946d90 of 14 bytes by task 22675 on cpu 0:
[  405.827159][   T41]  copy_folio_from_iter_atomic+0x7fc/0x1170
[  405.833078][   T41]  generic_perform_write+0x2c2/0x490
[  405.838440][   T41]  ext4_buffered_write_iter+0x1ee/0x3c0
[  405.843982][   T41]  ext4_file_write_iter+0xdbf/0xf00
[  405.849220][   T41]  iter_file_splice_write+0x669/0x9e0
[  405.854749][   T41]  direct_splice_actor+0x156/0x2a0
[  405.859848][   T41]  splice_direct_to_actor+0x312/0x680
[  405.865252][   T41]  do_splice_direct+0xda/0x150
[  405.870087][   T41]  do_sendfile+0x380/0x650
[  405.874526][   T41]  __x64_sys_sendfile64+0x105/0x150
[  405.879919][   T41]  x64_sys_call+0x2bb0/0x2ff0
[  405.884580][   T41]  do_syscall_64+0xd2/0x200
[  405.889075][   T41]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.894954][   T41] 
[  405.897264][   T41] read to 0xffff88811a946c00 of 1024 bytes by task 41 on cpu 1:
[  405.904925][   T41]  copy_folio_from_iter_atomic+0x7fc/0x1170
[  405.910821][   T41]  generic_perform_write+0x2c2/0x490
[  405.916218][   T41]  shmem_file_write_iter+0xc5/0xf0
[  405.921321][   T41]  lo_rw_aio+0x69d/0x760
[  405.925559][   T41]  loop_process_work+0x52d/0xa60
[  405.930501][   T41]  loop_workfn+0x31/0x40
[  405.934911][   T41]  process_scheduled_works+0x4cb/0x9d0
[  405.940485][   T41]  worker_thread+0x582/0x770
[  405.945064][   T41]  kthread+0x489/0x510
[  405.949115][   T41]  ret_from_fork+0xda/0x150
[  405.953606][   T41]  ret_from_fork_asm+0x1a/0x30
[  405.958442][   T41] 
[  405.960748][   T41] Reported by Kernel Concurrency Sanitizer on:
[  405.966881][   T41] CPU: 1 UID: 0 PID: 41 Comm: kworker/u8:2 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  405.980845][   T41] Tainted: [W]=WARN
[  405.984628][   T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  405.994671][   T41] Workqueue: loop3 loop_workfn
[  405.999438][   T41] ==================================================================
[  406.055867][T21371] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.