last executing test programs:

5.248754565s ago: executing program 3 (id=4067):
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x2, 0x4, 0x80, 0x5, 0x1000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

5.175739558s ago: executing program 3 (id=4068):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x5, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="1800d700000700000000000000007e0c0018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

5.175082668s ago: executing program 3 (id=4069):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffff7ffffdc}, 0x18)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x800)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'syztnl1\x00', 0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), 0x0}, 0x20)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
r4 = epoll_create(0x802)
epoll_pwait(r4, 0x0, 0x0, 0x7fffffff, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000300)={0x10000001})
ioctl$FS_IOC_GETFLAGS(r3, 0x5437, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)

5.11257762s ago: executing program 3 (id=4070):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
syz_open_dev$evdev(&(0x7f0000000640), 0x2, 0x80)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_extract_tcp_res$synack(&(0x7f0000000080)={0x41424344, <r2=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaae3aaaa48ffa4318cfae1d6f295d31800140600fc000000000000000000000000000001fe8000000000800000000000000000aafffe4001", @ANYRES32=0x41424344, @ANYRES32=r2, @ANYBLOB="50020000907800"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000900)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe8000000000000000000000000200000000bb00004e22", @ANYRES32=r2, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
write$tun(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="70000000ffffffffffff117a199afcf408004e0f017100680000fa069078e0000001e000000244247e91ac1414aa000026530a010102000000f6ac1414aa000000060a010102000004004e234e22", @ANYRES32=r2, @ANYRES32=0x41424344, @ANYBLOB="0001fccf90780008fe0dbc15d07f671e3322dd7c17fe06e2d4c3d9fe52f9895cb12260181d83d743855aba512205a7c0e10000001e128b83de1a2db8189039a3f575d3150b27b5882195a97e4231d1b2e9ef8c80317452a1f9dd5516839cea1cade03891d0df04e76670414bf0c120f301b3b3456c802f063e642882af5e796a984fa166b97699012665350ea0d2da498eee763f6019efd020ad77419cf12f66382fb2e3cd7322fae29917d27792dc619bd4feac3994f8fe468e228282244c8d78ee1457c9cc6c8d461e68d8a8153b70f7bbf89b5f4ebdc44244ab0ffa65379d2d3e429f23fa87f5a060c4104922ab86f1629a979d92c20d616a5355c796c1410749c69d02b2fb31d1f4d1dc236403a2ac5c9fec8ee56656f897f7a4c0ac0df7bf1fa70df13c00000000000000"], 0x183)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r3}, 0x10)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x201000, 0x1000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x68, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x34, 0x16, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x3ff, 0x6fb, 0xffffffff, 0x88a8}}, {0x14, 0x1, {0xe39, 0x616, 0xd, 0x8100}}]}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xffffffffffffffde, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r8, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00'}, 0x18)
write(r7, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc131b8e11e775ef7ff118fe916e4017771c3d08", 0x29)
sendfile(r7, r6, 0x0, 0x3ffff)

4.681943019s ago: executing program 3 (id=4079):
socket(0x2b, 0x80801, 0x1)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r0 = syz_io_uring_setup(0x2cea, &(0x7f0000000180)={0x0, 0x7a71, 0x40, 0x0, 0x385}, &(0x7f0000000080), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000280)={0x80, 0x44, '\x00', 0x1000000}, 0x1)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r7 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r7, 0x6, 0x9, &(0x7f0000002740)=r6, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_setup(0x4, &(0x7f0000000600)=<r8=>0x0)
r9 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r8, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r9, &(0x7f0000000000)="ff07", 0x2}])

4.201971079s ago: executing program 3 (id=4095):
socket(0x2b, 0x80801, 0x1)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = syz_io_uring_setup(0x2cea, &(0x7f0000000180)={0x0, 0x7a71, 0x40, 0x0, 0x385}, &(0x7f0000000080), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_NAPI(r2, 0x1b, &(0x7f0000000280)={0x80, 0x44, '\x00', 0x1000000}, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x101800, 0x0)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r8, 0x6, 0x9, &(0x7f0000002740)=r7, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_setup(0x4, &(0x7f0000000600)=<r9=>0x0)
r10 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r9, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r10, &(0x7f0000000000)="ff07", 0x2}])

3.609973505s ago: executing program 4 (id=4108):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xa8}}, 0x4)
sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)

3.598458095s ago: executing program 4 (id=4109):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8031, 0xffffffffffffffff, 0x28f42000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x2000000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r5, &(0x7f00000025c0), 0x0)

3.196195582s ago: executing program 0 (id=4112):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
pipe2(0x0, 0x4080)
close(0xffffffffffffffff)
syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x4665, 0x800, 0x5, 0x20e}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000680))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x2, 0x4, 0x80, 0x5, 0x1000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400251}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000300)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000500)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x33, 0x4000, @fd_index=0x1, 0x5, 0x0, 0x0, 0x2, 0x1, {0x2}})

3.054275969s ago: executing program 0 (id=4113):
syz_emit_ethernet(0x4a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xffffffffffffffde, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00', r3}, 0x18)
write(r1, &(0x7f0000000a00)="c7885a8f24f458bed72116", 0xb)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

2.689272624s ago: executing program 4 (id=4115):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023892)
open(0x0, 0x66842, 0x90)
syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384)

2.542769891s ago: executing program 0 (id=4118):
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCAUSEDIAG(r0, 0x89ec, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0xe)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

1.789772513s ago: executing program 1 (id=4123):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="e3e1a036f195a33ab832c73abb05000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x6, &(0x7f00000007c0)=ANY=[@ANYBLOB="1100000000000000000004000000000018200000", @ANYRESOCT, @ANYRES8=r0], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x51, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
r1 = socket$kcm(0x2, 0x5, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000400)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0xfe, 0x7ffc9ffe}]})
pivot_root(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095", @ANYRES16=r1, @ANYRES64=r3], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000400)='itimer_state\x00', r5}, 0x18)
setitimer(0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x13d4, &(0x7f0000000940)={0x0, 0x7718, 0x800, 0x8002, 0x1bf}, &(0x7f0000000440)=<r7=>0x0, &(0x7f0000000680)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_setup(0x2439, &(0x7f0000001480)={0x0, 0x2001064, 0x1000, 0x7, 0x40227}, &(0x7f00000006c0)=<r9=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r9, r8, 0x0)
io_uring_enter(r6, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x14d7, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x2, 0x257}, &(0x7f00000001c0)=<r10=>0x0, &(0x7f00000000c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r13}, 0x18)
ioctl$SIOCSIFHWADDR(r1, 0x8931, &(0x7f0000000000)={'dummy0\x00'})
socket(0x2, 0x80805, 0x0)

1.733973956s ago: executing program 1 (id=4124):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
syz_open_dev$evdev(&(0x7f0000000640), 0x2, 0x80)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaae3aaaa48ffa4318cfae1d6f295d31800140600fc000000000000000000000000000001fe8000000000800000000000000000aafffe4001", @ANYRES32=0x41424344, @ANYRES32, @ANYBLOB="5002000090780000"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000900)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe8000000000000000000000000200000000bb00004e22", @ANYRES32, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
write$tun(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="70000000ffffffffffff117a199afcf408004e0f017100680000fa069078e0000001e000000244247e91ac1414aa000026530a010102000000f6ac1414aa000000060a010102000004004e234e22", @ANYRES32, @ANYRES32=0x41424344, @ANYBLOB="0001fccf90780008fe0dbc15d07f671e3322dd7c17fe06e2d4c3d9fe52f9895cb12260181d83d743855aba512205a7c0e10000001e128b83de1a2db8189039a3f575d3150b27b5882195a97e4231d1b2e9ef8c80317452a1f9dd5516839cea1cade03891d0df04e76670414bf0c120f301b3b3456c802f063e642882af5e796a984fa166b97699012665350ea0d2da498eee763f6019efd020ad77419cf12f66382fb2e3cd7322fae29917d27792dc619bd4feac3994f8fe468e228282244c8d78ee1457c9cc6c8d461e68d8a8153b70f7bbf89b5f4ebdc44244ab0ffa65379d2d3e429f23fa87f5a060c4104922ab86f1629a979d92c20d616a5355c796c1410749c69d02b2fb31d1f4d1dc236403a2ac5c9fec8ee56656f897f7a4c0ac0df7bf1fa70df13c00000000000000"], 0x183)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r2}, 0x10)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x201000, 0x1000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x68, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x34, 0x16, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x3ff, 0x6fb, 0xffffffff, 0x88a8}}, {0x14, 0x1, {0xe39, 0x616, 0xd, 0x8100}}]}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00', r6}, 0x18)
write(r5, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc131b8e11e775ef7ff118fe916e4017771c3d08", 0x29)
sendfile(r5, r4, 0x0, 0x3ffff)

1.679971757s ago: executing program 2 (id=4125):
socket(0x2b, 0x80801, 0x1)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = syz_io_uring_setup(0x2cea, &(0x7f0000000180)={0x0, 0x7a71, 0x40, 0x0, 0x385}, &(0x7f0000000080), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_NAPI(r2, 0x1b, &(0x7f0000000280)={0x80, 0x44, '\x00', 0x1000000}, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x101800, 0x0)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r9 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r9, 0x6, 0x9, &(0x7f0000002740)=r8, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_setup(0x4, &(0x7f0000000600)=<r10=>0x0)
r11 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r10, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r11, &(0x7f0000000000)="ff07", 0x2}])

1.638499579s ago: executing program 4 (id=4126):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8031, 0xffffffffffffffff, 0x28f42000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x2000000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r5, &(0x7f00000025c0), 0x0)

1.62903312s ago: executing program 0 (id=4127):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
syz_open_dev$evdev(&(0x7f0000000640), 0x2, 0x80)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_extract_tcp_res$synack(&(0x7f0000000080)={0x41424344, <r2=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaae3aaaa48ffa4318cfae1d6f295d31800140600fc000000000000000000000000000001fe8000000000800000000000000000aafffe4001", @ANYRES32=r2, @ANYBLOB="5002000090780000"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000900)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe8000000000000000000000000200000000bb00004e22", @ANYRES32=r2, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
write$tun(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="70000000ffffffffffff117a199afcf408004e0f017100680000fa069078e0000001e000000244247e91ac1414aa000026530a010102000000f6ac1414aa000000060a010102000004004e234e22", @ANYRES32=r2, @ANYRES32=0x41424344, @ANYBLOB="0001fccf90780008fe0dbc15d07f671e3322dd7c17fe06e2d4c3d9fe52f9895cb12260181d83d743855aba512205a7c0e10000001e128b83de1a2db8189039a3f575d3150b27b5882195a97e4231d1b2e9ef8c80317452a1f9dd5516839cea1cade03891d0df04e76670414bf0c120f301b3b3456c802f063e642882af5e796a984fa166b97699012665350ea0d2da498eee763f6019efd020ad77419cf12f66382fb2e3cd7322fae29917d27792dc619bd4feac3994f8fe468e228282244c8d78ee1457c9cc6c8d461e68d8a8153b70f7bbf89b5f4ebdc44244ab0ffa65379d2d3e429f23fa87f5a060c4104922ab86f1629a979d92c20d616a5355c796c1410749c69d02b2fb31d1f4d1dc236403a2ac5c9fec8ee56656f897f7a4c0ac0df7bf1fa70df13c00000000000000"], 0x183)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r3}, 0x10)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x201000, 0x1000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x68, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x34, 0x16, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x3ff, 0x6fb, 0xffffffff, 0x88a8}}, {0x14, 0x1, {0xe39, 0x616, 0xd, 0x8100}}]}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xffffffffffffffde, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r8, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00'}, 0x18)
write(r7, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc131b8e11e775ef7ff118fe916e4017771c3d08", 0x29)
sendfile(r7, r6, 0x0, 0x3ffff)

1.299463424s ago: executing program 1 (id=4128):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000300)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCAUSEDIAG(r0, 0x89ec, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x2e3, &(0x7f0000000280)="$eJzs3M9LG2kYwPEnMYkxoslh2WUXFh92L7uXQbP3paEolAYq1pT+gNJRJ23INJFMsKSU2p56Lf0jehCP3oTWf8BLbz310puXQg/1UDol8yNGjdXGH/HH9wPyvvq8T+Z9Z1Sed2Bm4+bLh+WiYxTNukSTKhERkU2RjEQlFAnaqNdPSLtn8u/g5/d/Xr91+2ounx+fUp3ITf+XVdXhkTePngwEw1b7ZT1zd+NT9uP6r+u/b3ybflBytORopVpXU2eqH+rmjG3pXMkpG6qTtmU6lpYqjlXz41U/XrSr8/MNNStzQ6n5muU4alYaWrYaWq9qvdZQ875ZqqhhGDqUEuynsDQ1Zea6TJ494sngmNRqObNPRAZ2RQpLPZkQAADoqaD+b1X70WZJ3039H+tY/y//tVYfvLEyHNT/q4lm/S/SVv/f2/qsbfV/UkSOvf7fXRGdL6774/ih6n+cEc36PxX8/Xqe31ke9TrU/wAAAAAAAAAAAAAAAAAAAAAAnAWbrpt2XTcdtuFXv4gkvSdI/O97PU8cD67/xbb14o7YsIj9YqGwUPDbYMCaiNhiyaik5av3+xBo9hOi3iBtyshbezHIX1wo9HmRXFFKXv6YpCWzM991J67kx8fUtz0/Lqn2/Kyk5ZfO+dmd+fFmm5B//m7LNyQt72alKrbMBU/GhflPx1QvX8vvOP6ANw4AAAAAgPPA0JbW/r2/PW7sjvv7Yz/e2l93vD/g769HO+7vY/JHrFerBgAAAADgYnEaj8umbVu1c9cJV3jQrPC9xnuMiUhkr9ARdMKDn4JTFz/QGYt2NdWRxE9elI6d8LbRXmNksptPdtMihz2Hv716/eXorsX/K8l9VtptJ7HfSuMn9x8IAAAAwEnZKvrDn1zq7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiATuLFcr1eIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBafA8AAP//ohEIjg==")
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ipvlan0\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001440)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {0xb9}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x80000001, 0x20000000, 0x81, 0x3ff}, 0xb, 0x2}, [{0x6, 0x7fffffff, 0x9, 0xffffffff, 0x6a3, 0x1}, {0x6, 0x8, 0x3, 0x8, 0x8, 0x1}, {0x364b, 0x612e1579, 0x7, 0x3, 0x6, 0x7}, {0x4, 0x3, 0x2, 0x1ff, 0x7, 0x800003}, {0x2, 0x7, 0x67, 0x43e4dbe5, 0x0, 0x2000000}, {0xffffffff, 0x9, 0x18f, 0x3, 0x80000001}, {0x101, 0xfcb, 0x9, 0x7, 0x1, 0xf4d}, {0x80000001, 0x50000, 0x3, 0xff, 0x10, 0x80000001}, {0x3, 0x4, 0x471, 0x9, 0x4, 0x10}, {0x5, 0x7ff, 0x6, 0xcc6e, 0x3, 0x100}, {0x10001, 0x6, 0x1, 0x400, 0xb0a, 0x9}, {0x89a, 0x327a, 0xffff, 0x9, 0x4, 0x4}, {0xfffffffb, 0x6, 0x8, 0x2, 0xa760, 0x8}, {0x1004, 0x101, 0x5, 0xffff, 0x7}, {0x3, 0x5, 0x2, 0x2, 0x80000001, 0x7}, {0x1, 0x2, 0x3, 0x687, 0x1, 0x2000000}, {0x5, 0x7, 0x28632380, 0x0, 0x401, 0x101}, {0x5, 0xfffffffa, 0xde6, 0x6, 0x1871, 0x16000}, {0x655, 0x965, 0x0, 0xfb40, 0x7d60, 0x6}, {0x3ff, 0x3, 0x9, 0x4, 0x1, 0x14eb6124}, {0x0, 0x5f1b7e47, 0x100, 0x8, 0xea4, 0xe}, {0x1000, 0x6, 0xfffffffe, 0x9, 0x0, 0x80000001}, {0x7, 0x5, 0x5, 0x5, 0x40}, {0x4, 0x2, 0x7, 0x5, 0x2bb, 0x84a3}, {0xff, 0x9, 0x6, 0x5, 0x6, 0x69}, {0x2, 0x1, 0x27, 0x1, 0x6, 0x2}, {0x9, 0x0, 0x1800, 0x3, 0x7fff, 0x3}, {0x1, 0x0, 0x5, 0x6, 0xffffffff, 0xd}, {0x9, 0x6, 0x80000001, 0xa, 0x5, 0x10}, {0xb, 0x7fff, 0xf573, 0xb, 0x0, 0xbf}, {0xfffffffe, 0x2, 0x6, 0x0, 0x20, 0xf1ab}, {0x7fff, 0x80000001, 0xa77b, 0x4, 0x40, 0x9}, {0x3c, 0xe, 0xc9, 0xb1, 0x4, 0x71}, {0x3, 0xbb0f, 0x3, 0x0, 0x7f, 0x4}, {0x7, 0xfff, 0xc7d, 0xfd4, 0x1af3, 0xd}, {0x3, 0x1ec6, 0x3d9, 0x264, 0x5, 0x2}, {0x8, 0x5, 0xfffffffd, 0x9, 0xfffffffe, 0xd}, {0x99, 0x5, 0x30a2, 0x1, 0x3ac0abda, 0xfffffffa}, {0x2e, 0x200, 0xffffff2b, 0x2, 0x3, 0x7}, {0x7, 0xfffff001, 0x8, 0x40, 0x2, 0x8000000}, {0x9, 0x80000001, 0x7ff, 0x388, 0x2, 0x3}, {0x2, 0x400, 0xffffffff, 0xa, 0x4, 0x3aa30000}, {0x8, 0xf, 0x4, 0x6, 0x9}, {0x7, 0x6, 0xc5ec, 0x1, 0x1, 0x2}, {0xfffffb5c, 0x6, 0x4, 0x8, 0x72, 0x1}, {0x3, 0xa9, 0x3, 0x8, 0x6, 0x37}, {0x9, 0x1, 0x1, 0xa, 0x8000, 0x3}, {0x0, 0x6, 0x8, 0xaef, 0x8, 0x1}, {0x1, 0xda3d, 0xfffffff8, 0xfffffffd, 0x6, 0x5}, {0x1, 0xffffffff, 0x1, 0x3e, 0xe, 0x65}, {0x400, 0x5, 0x6, 0x2, 0x500, 0x8}, {0x18, 0xfffffffe, 0xe, 0x7, 0x800, 0x80000}, {0x0, 0xd, 0x8, 0x9, 0xfffffffd, 0x8}, {0x5, 0x7, 0x8, 0x0, 0x9, 0x6}, {0x6, 0x0, 0x2, 0x1, 0x1, 0x6}, {0x5, 0xffff68aa, 0x0, 0x10040, 0x7, 0x9}, {0x8, 0x0, 0x4, 0x0, 0x867, 0x2}, {0x5, 0x7, 0x4, 0x9, 0x7, 0x7}, {0x0, 0x9f1f, 0xffffff01, 0x8, 0x9ea, 0x4}, {0x7ff, 0x2, 0xfff, 0x6, 0xfffffff8, 0x50000}, {0x7f, 0x9, 0x2, 0x6cd, 0x1ff, 0xeaa}, {0x52, 0x6, 0x800, 0x28, 0xfff, 0xa24}, {0x3, 0xa, 0x6, 0x800, 0x3, 0x4942}, {0x1, 0x38f, 0x14, 0x5, 0xffffffff, 0x2}, {0x0, 0x6, 0x3, 0x9, 0xfd6a, 0x3}, {0x1000, 0x8, 0x6, 0xfffffffd, 0x6, 0x3}, {0x10, 0x800, 0xbd, 0xfff, 0x1, 0x7}, {0x6, 0x8, 0x2, 0x6, 0xa4, 0x4f08}, {0xec3a, 0x401, 0x8, 0x1c9, 0x7f, 0xfffffffb}, {0x40, 0x7, 0x7, 0x401, 0xb}, {0x9, 0x800, 0x5, 0xfffffffc, 0x3, 0x8}, {0x101, 0x2, 0xa7f, 0x4, 0xc, 0xfffffffd}, {0x9, 0x63ea, 0xffff8cd9, 0x4, 0x2, 0xfffffffb}, {0x200, 0x4, 0xb, 0x9e2c, 0xe, 0x1000}, {0x9, 0x9, 0x7ff, 0x0, 0x576}, {0x2, 0x9, 0xc, 0x8, 0x2, 0x6}, {0x0, 0x7, 0x4, 0x9, 0x2, 0xa2b7}, {0x7, 0x6, 0x1, 0x5, 0xb, 0x3}, {0x7fff, 0x100, 0x3, 0x8, 0x6, 0xe1920}, {0x4, 0x3b61, 0x2, 0x6891, 0xf, 0x800}, {0x3, 0x3, 0x8, 0x5, 0x240, 0x9}, {0x3, 0x8, 0x4, 0x6, 0x9, 0xb4}, {0x6, 0x7f, 0xff, 0x10, 0x0, 0xc}, {0xc, 0x800, 0x10000, 0x0, 0xfffffffb}, {0x4, 0x8, 0x4, 0x0, 0x31, 0x9}, {0x0, 0x9, 0xcd8, 0x0, 0x7}, {0xd6, 0x448, 0x4, 0x8, 0xb}, {0x10001, 0x21, 0x6, 0x1, 0x6, 0x2000000}, {0xb, 0x2, 0x7, 0x800, 0x4f3e, 0x8}, {0x9, 0x7d, 0x101, 0x1, 0x5f, 0x6}, {0xfffffff9, 0xcf3, 0x9, 0x2, 0x9, 0x2}, {0x8001, 0x1000, 0x8, 0x6, 0x1, 0x84b5}, {0x7, 0xffffff80, 0xcb, 0x784, 0x5, 0xb5ee}, {0x6, 0x0, 0x7, 0xfffffffc, 0x0, 0x2}, {0xa, 0x3, 0x6, 0x3, 0x8, 0x80000000}, {0x8, 0xe, 0x4, 0xffffffff, 0x8, 0xb3}, {0x5, 0x6, 0x400, 0x73, 0x0, 0x4}, {0x3, 0x9, 0x6, 0x6, 0x1000, 0x100}, {0xffff, 0x0, 0x30f0, 0x2, 0x8, 0xffffffff}, {0x8, 0x0, 0x7, 0x5, 0x6, 0xb63}, {0x4, 0xada, 0x6, 0x3, 0x6, 0x75333cdc}, {0x0, 0x6, 0x1, 0xffffffff, 0x4f38, 0x9}, {0x6, 0x3ff, 0xa34, 0x2, 0x7, 0x4}, {0xffff249d, 0x9, 0x9, 0x7ff, 0x7, 0x1}, {0x9fa3, 0x0, 0x3, 0x6, 0x1, 0x9}, {0x6, 0x4, 0x86, 0x8000000, 0x2000008, 0x7fffffff}, {0x10000, 0x4, 0x10, 0xc348, 0x8001, 0x4}, {0x1000, 0x4d77, 0x70, 0x7fffffff, 0x2, 0xd2}, {0x40, 0xffff9014, 0x6c200, 0x5, 0x6, 0x7}, {0xfff, 0x4, 0xbb23, 0x7, 0x2, 0x5}, {0x86, 0x22cd, 0x8, 0x5, 0x7, 0xfffffffa}, {0x5, 0xb, 0x8, 0x8, 0x8, 0x100}, {0x101, 0x400, 0xada, 0x6, 0x80000800, 0x124a}, {0x4, 0xc6e, 0xac, 0x4, 0x65, 0x1}, {0x10001, 0x4, 0x5, 0x4, 0x5}, {0xdd, 0x81, 0x1, 0x5, 0x652a6abe, 0x2}, {0xfffffeff, 0x2, 0x7, 0x4, 0x8000, 0x4}, {0xdb, 0x0, 0x8, 0x10000, 0x8, 0x5}, {0x4, 0x9, 0xb, 0x0, 0x0, 0x20fa}, {0xa, 0x2, 0x3, 0x6, 0x8, 0xb9}, {0xfffff54e, 0xfff, 0xe, 0x1, 0x0, 0x4}, {0xff, 0x9, 0x6, 0x1a5d1526, 0xfffffffd, 0x3}, {0x7fff, 0x1000, 0x324, 0x4, 0x80000000, 0x80000000}, {0xffff, 0x8, 0x8, 0x9, 0xffff, 0x3}, {0x7, 0x1, 0xa2f2, 0xa0, 0x8, 0x8}, {0x6, 0x2, 0x1000, 0x0, 0x2d1a, 0xc00}, {0x5, 0x3, 0x101, 0xe, 0x491f, 0x9}, {0x2, 0x8, 0x3, 0x4, 0x8}], [{0x2, 0x1}, {0x4, 0x1}, {0xa}, {0x3, 0x1}, {}, {0x5}, {0x3}, {0x4}, {0x5}, {0x4, 0x1}, {0x3, 0x1}, {}, {0x5}, {0x6}, {0x3}, {0x5, 0x1}, {0x0, 0x1}, {}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x5}, {0x4}, {0x3}, {0x3}, {}, {0x4}, {0x5, 0x2}, {0x4}, {0x3}, {0x0, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x3}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x5}, {0x4}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x1, 0x1}, {0x5}, {0x3}, {}, {}, {}, {0x3, 0x1}, {0x0, 0x5f52890cc5ecaef4}, {0x1, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2}, {0x0, 0x1}, {}, {}, {}, {0x3}, {}, {0x4}, {0x4}, {0x4, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x7}, {0x2, 0x1}, {0x0, 0x3}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x1}, {}, {0x2}, {0x5, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {}, {0x5, 0x1}, {0x0, 0x1}, {0x2, 0x6d8294d27eb69e37}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2}, {0x4}, {0x0, 0x1}, {0x2}, {0x5}, {0x4, 0x1}, {0x4}, {0x3, 0x1}, {0x3}, {0x1}, {}, {0x5}, {0x4, 0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)

1.187559449s ago: executing program 0 (id=4129):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r2, 0x0, 0xee01)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan0\x00', <r3=>0x0})
clock_gettime(0x0, &(0x7f00000003c0)={<r4=>0x0, <r5=>0x0})
r6 = fsopen(&(0x7f0000000000)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='fd', &(0x7f00000000c0)='1', 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000600)={&(0x7f0000000380)={0x1d, r3}, 0x10, &(0x7f0000000400)={&(0x7f0000000580)={0x5, 0x824, 0x0, {0x77359400}, {r4, r5/1000+10000}, {0x4, 0x0, 0x0, 0x1}, 0x1, @canfd={{0x1, 0x1, 0x0, 0x1}, 0x3c, 0x3, 0x0, 0x0, "03b81b35f029628799cb57d4932c9aebcae15eafce525a1c31a435144ce7c83f76ea934a6d69e745d6e3838f548e283d3b2d0ba394c108e6e80abc2fadbc0955"}}, 0x80}, 0x1, 0x0, 0x0, 0x20008000}, 0x8014)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18)
setfsgid(0xee01)
faccessat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0], 0x0, 0x4e, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0xd, 0x8, 0x8, &(0x7f0000000280)}}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
readlink(0x0, 0x0, 0x0)
socket$inet(0xa, 0x801, 0x84)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r7, 0x29, 0x41, &(0x7f0000000780)=ANY=[@ANYBLOB="080000000000000000000000000000000000000000000000000000000000000004"], &(0x7f0000000080)=0x2c)

1.186959418s ago: executing program 2 (id=4130):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="070000000400000008020000d900000000000000", @ANYRES32, @ANYBLOB="fcffffff00000000000000000000000000000000dc84c9efdd54cb763e8bcb581ae14b10765f5c281c528eca23d5fa2632b0b8109d46557a3fd8d3285e2371cb12f57cee156ecb4d1b403179be863d4874e00245d4dc2c226b481ebcf8db6863b24e008d30a5d0fa3707bf857c3be2df82ec0c4a3321754a8c3d6ae3b6443dcc942e43b4ceb3609116d12ec1011405cac7c0db97d2eb7f2e86f379458da4798b991e6b84a0abf45b5d1f447c8e82ab8ca4bdf8ebe483cf6672eb3d496d817647e60b8a01ec122e67b77813fcafd7b1ca737d393a995654f26d8e77e1ef3cae39c6728002c1a38cb2f90349c84524", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="1800d700000700000000000000007e0c0018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
modify_ldt$write(0x1, &(0x7f00000003c0)={0x23, 0x1800, 0x400}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x5, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000", @ANYRESOCT=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffcf7}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x9, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r8, 0x0, 0x8000000000}, 0x18)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4a0, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3d0, 0xffffffff, 0xffffffff, 0x3d0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0xff, 0xff, 0xff], [0xff000000, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1e8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0xc9, 0x7a3, 0x6, 'snmp_trap\x00', {0x369bc443}}}}, {{@ipv6={@remote, @local, [0xffffff00, 0xffffffff, 0x0, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffffff, 0xff000000], 'netpci0\x00', 'bridge_slave_1\x00', {}, {0xff}, 0x2b, 0x2, 0x5, 0x5}, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x29, 0x1, 0x1, 'syz0\x00'}}, @inet=@rpfilter={{0x28}, {0x1c}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
syz_usb_connect(0x0, 0x36, &(0x7f00000008c0)=ANY=[@ANYRES64=r7, @ANYRES32=r1], 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40085507, &(0x7f0000000100)=0xb)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0xa, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94)

696.09121ms ago: executing program 0 (id=4131):
syz_emit_ethernet(0x4a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xffffffffffffffde, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00', r3}, 0x18)
write(r1, &(0x7f0000000a00)="c7885a8f24f4", 0x6)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

665.549301ms ago: executing program 4 (id=4132):
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x2, 0x4, 0x80, 0x5, 0x1000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
connect$unix(r2, 0x0, 0x0)

603.039504ms ago: executing program 4 (id=4133):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffff00208500000070000000850000002a00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x10)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r0, 0xa)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x96)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
close(r2)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r7)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
socket$unix(0x1, 0x1, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x18)
recvmmsg(r8, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0)

509.443308ms ago: executing program 2 (id=4134):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="e3e1a036f195a33ab832c73abb05000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x6, &(0x7f00000007c0)=ANY=[@ANYBLOB="1100000000000000000004000000000018200000", @ANYRESOCT, @ANYRES8=r0], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x51, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
r1 = socket$kcm(0x2, 0x5, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000400)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0xfe, 0x7ffc9ffe}]})
pivot_root(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095", @ANYRES16=r1, @ANYRES64=r3], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000400)='itimer_state\x00', r5}, 0x18)
setitimer(0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x13d4, &(0x7f0000000940)={0x0, 0x7718, 0x800, 0x8002, 0x1bf}, &(0x7f0000000440)=<r7=>0x0, &(0x7f0000000680)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_setup(0x2439, &(0x7f0000001480)={0x0, 0x2001064, 0x1000, 0x7, 0x40227}, &(0x7f00000006c0)=<r9=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r9, r8, 0x0)
io_uring_enter(r6, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x14d7, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x2, 0x257}, &(0x7f00000001c0)=<r10=>0x0, &(0x7f00000000c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r13}, 0x18)
ioctl$SIOCSIFHWADDR(r1, 0x8931, &(0x7f0000000000)={'dummy0\x00'})
socket(0x2, 0x80805, 0x0)

417.344902ms ago: executing program 1 (id=4135):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x390, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x2f8, 0x178, 0x178, 0x2f8, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x128, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f1c098b60204ed02d82cf440fef5497b80c29d381d41116000"}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3f0)

387.571093ms ago: executing program 1 (id=4136):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x5, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="1800d700000700000000000000007e0c0018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

370.007974ms ago: executing program 1 (id=4137):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023892)
open(0x0, 0x66842, 0x90)
syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384)

353.767814ms ago: executing program 2 (id=4138):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f'], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="070000000400000008020000d900000000000000", @ANYRES32, @ANYBLOB="fcffffff00000000000000000000000000000000dc84c9efdd54cb763e8bcb581ae14b10765f5c281c528eca23d5fa2632b0b8109d46557a3fd8d3285e2371cb12f57cee156ecb4d1b403179be863d4874e00245d4dc2c226b481ebcf8db6863b24e008d30a5d0fa3707bf857c3be2df82ec0c4a3321754a8c3d6ae3b6443dcc942e43b4ceb3609116d12ec1011405cac7c0db97d2eb7f2e86f379458da4798b991e6b84a0abf45b5d1f447c8e82ab8ca4bdf8ebe483cf6672eb3d496d817647e60b8a01ec122e67b77813fcafd7b1ca737d393a995654f26d8e77e1ef3cae39c6728002c1a38cb2f90349c84524", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="1800d700000700000000000000007e0c0018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
modify_ldt$write(0x1, &(0x7f00000003c0)={0x23, 0x1800, 0x400}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

333.548915ms ago: executing program 2 (id=4139):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
syz_open_dev$evdev(&(0x7f0000000640), 0x2, 0x80)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaae3aaaa48ffa4318cfae1d6f295d31800140600fc000000000000000000000000000001fe8000000000800000000000000000aafffe4001", @ANYRES32=0x41424344, @ANYRES32, @ANYBLOB="5002000090780000"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000900)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe8000000000000000000000000200000000bb00004e22", @ANYRES32, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
write$tun(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="70000000ffffffffffff117a199afcf408004e0f017100680000fa069078e0000001e000000244247e91ac1414aa000026530a010102000000f6ac1414aa000000060a010102000004004e234e22", @ANYRES32, @ANYRES32=0x41424344, @ANYBLOB="0001fccf90780008fe0dbc15d07f671e3322dd7c17fe06e2d4c3d9fe52f9895cb12260181d83d743855aba512205a7c0e10000001e128b83de1a2db8189039a3f575d3150b27b5882195a97e4231d1b2e9ef8c80317452a1f9dd5516839cea1cade03891d0df04e76670414bf0c120f301b3b3456c802f063e642882af5e796a984fa166b97699012665350ea0d2da498eee763f6019efd020ad77419cf12f66382fb2e3cd7322fae29917d27792dc619bd4feac3994f8fe468e228282244c8d78ee1457c9cc6c8d461e68d8a8153b70f7bbf89b5f4ebdc44244ab0ffa65379d2d3e429f23fa87f5a060c4104922ab86f1629a979d92c20d616a5355c796c1410749c69d02b2fb31d1f4d1dc236403a2ac5c9fec8ee56656f897f7a4c0ac0df7bf1fa70df13c00000000000000"], 0x183)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r2}, 0x10)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x201000, 0x1000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x68, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x34, 0x16, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x3ff, 0x6fb, 0xffffffff, 0x88a8}}, {0x14, 0x1, {0xe39, 0x616, 0xd, 0x8100}}]}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00', r6}, 0x18)
write(r5, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc131b8e11e775ef7ff118fe916e4017771c3d08", 0x29)
sendfile(r5, r4, 0x0, 0x3ffff)

0s ago: executing program 2 (id=4140):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x1, @remote}, 0xa}}, 0x26)
getsockname(r2, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000000080)={0x1, 'veth1\x00', {}, 0x7})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_getaffinity(r4, 0x8, &(0x7f0000000000))
sched_setaffinity(r4, 0x8, &(0x7f0000000000)=0x9)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x88604, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x20000, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

kernel console output (not intermixed with test programs):

port 6081 - 0
[  394.950509][T14410] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.002049][T14421] Cannot find set identified by id 0 to match
[  395.005192][   T41] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.022906][  T566] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.034217][  T566] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.047762][  T566] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.062112][T14425] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  395.085124][T14427] loop2: detected capacity change from 0 to 128
[  395.202076][T14428] syz.2.3641: attempt to access beyond end of device
[  395.202076][T14428] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  395.215566][T14428] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  395.224319][T14427] syz.2.3641: attempt to access beyond end of device
[  395.224319][T14427] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  395.237802][T14427] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  395.246663][T14427] syz.2.3641: attempt to access beyond end of device
[  395.246663][T14427] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  395.260104][T14427] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  395.269149][T14433] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  395.316958][T14432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.321292][T14435] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  395.336488][T14432] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.354235][T14439] loop2: detected capacity change from 0 to 128
[  395.362826][T14439] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  395.375110][T14439] ext4 filesystem being mounted at /66/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  395.408304][T14442] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  395.412491][T14435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.430350][T14435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.432211][T14437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.446998][T14437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.830178][T14445] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  395.846177][T14445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.855620][T14445] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.987554][T14452] loop3: detected capacity change from 0 to 128
[  396.021797][T14459] loop1: detected capacity change from 0 to 128
[  396.125851][T14452] syz.3.3650: attempt to access beyond end of device
[  396.125851][T14452] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  396.139335][T14452] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  396.168338][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  396.195872][T14461] netlink: 'syz.2.3653': attribute type 4 has an invalid length.
[  396.203627][T14461] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3653'.
[  396.236154][T14459] syz.1.3652: attempt to access beyond end of device
[  396.236154][T14459] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  396.240572][T14470] FAULT_INJECTION: forcing a failure.
[  396.240572][T14470] name failslab, interval 1, probability 0, space 0, times 0
[  396.249600][T14459] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  396.262177][T14470] CPU: 1 UID: 0 PID: 14470 Comm: syz.4.3656 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  396.262273][T14470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  396.262285][T14470] Call Trace:
[  396.262292][T14470]  <TASK>
[  396.262299][T14470]  __dump_stack+0x1d/0x30
[  396.262323][T14470]  dump_stack_lvl+0xe8/0x140
[  396.262371][T14470]  dump_stack+0x15/0x1b
[  396.262389][T14470]  should_fail_ex+0x265/0x280
[  396.262446][T14470]  should_failslab+0x8c/0xb0
[  396.262536][T14470]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  396.262574][T14470]  ? __alloc_skb+0x101/0x320
[  396.262602][T14470]  __alloc_skb+0x101/0x320
[  396.262630][T14470]  netlink_alloc_large_skb+0xbf/0xf0
[  396.262733][T14470]  netlink_sendmsg+0x3cf/0x6b0
[  396.262832][T14470]  ? __pfx_netlink_sendmsg+0x10/0x10
[  396.262852][T14470]  __sock_sendmsg+0x145/0x180
[  396.262876][T14470]  ____sys_sendmsg+0x31e/0x4e0
[  396.262896][T14470]  ___sys_sendmsg+0x17b/0x1d0
[  396.262926][T14470]  __x64_sys_sendmsg+0xd4/0x160
[  396.263018][T14470]  x64_sys_call+0x191e/0x3000
[  396.263114][T14470]  do_syscall_64+0xd2/0x200
[  396.263134][T14470]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  396.263161][T14470]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  396.263191][T14470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.263245][T14470] RIP: 0033:0x7f6ce39ff749
[  396.263260][T14470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.263277][T14470] RSP: 002b:00007f6ce2467038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  396.263295][T14470] RAX: ffffffffffffffda RBX: 00007f6ce3c55fa0 RCX: 00007f6ce39ff749
[  396.263308][T14470] RDX: 0000000004000080 RSI: 0000200000000500 RDI: 0000000000000003
[  396.263321][T14470] RBP: 00007f6ce2467090 R08: 0000000000000000 R09: 0000000000000000
[  396.263372][T14470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.263384][T14470] R13: 00007f6ce3c56038 R14: 00007f6ce3c55fa0 R15: 00007ffd7542da38
[  396.263402][T14470]  </TASK>
[  396.373357][T14475] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  396.489271][T14479] loop3: detected capacity change from 0 to 128
[  396.497098][T14479] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  396.501052][T14477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.511156][T14474] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  396.518495][T14477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.528707][T14479] ext4 filesystem being mounted at /155/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  396.547358][T14480] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.562541][T14474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.577678][T14479] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3657'.
[  396.583052][T14474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.610016][T14480] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.659478][T14480] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.685022][T14486] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  396.706994][T12122] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  396.718709][T14486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.727160][T14486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.749440][T14490] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  396.758397][T14490] loop3: detected capacity change from 0 to 512
[  396.759121][T14480] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.767954][T14490] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: comm syz.3.3663: inode #196608: comm syz.3.3663: iget: illegal inode #
[  396.788129][T14490] EXT4-fs (loop3): Remounting filesystem read-only
[  396.794623][T14490] EXT4-fs (loop3): no journal found
[  396.799851][T14490] EXT4-fs (loop3): can't get journal size
[  396.806052][T14490] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  396.815741][T14490] EXT4-fs (loop3): failed to initialize system zone (-22)
[  396.822921][T14490] EXT4-fs (loop3): mount failed
[  396.834030][  T566] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  396.845356][  T566] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  396.860402][  T566] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  396.868858][  T566] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  396.967163][T14498] FAULT_INJECTION: forcing a failure.
[  396.967163][T14498] name failslab, interval 1, probability 0, space 0, times 0
[  396.979804][T14498] CPU: 1 UID: 0 PID: 14498 Comm: syz.3.3666 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  396.979834][T14498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  396.979841][T14498] Call Trace:
[  396.979845][T14498]  <TASK>
[  396.979850][T14498]  __dump_stack+0x1d/0x30
[  396.979864][T14498]  dump_stack_lvl+0xe8/0x140
[  396.979875][T14498]  dump_stack+0x15/0x1b
[  396.979926][T14498]  should_fail_ex+0x265/0x280
[  396.979944][T14498]  should_failslab+0x8c/0xb0
[  396.980039][T14498]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  396.980092][T14498]  ? __alloc_skb+0x101/0x320
[  396.980108][T14498]  __alloc_skb+0x101/0x320
[  396.980199][T14498]  netlink_alloc_large_skb+0xbf/0xf0
[  396.980216][T14498]  netlink_sendmsg+0x3cf/0x6b0
[  396.980228][T14498]  ? __pfx_netlink_sendmsg+0x10/0x10
[  396.980239][T14498]  __sock_sendmsg+0x145/0x180
[  396.980307][T14498]  ____sys_sendmsg+0x31e/0x4e0
[  396.980381][T14498]  ___sys_sendmsg+0x17b/0x1d0
[  396.980398][T14498]  __x64_sys_sendmsg+0xd4/0x160
[  396.980410][T14498]  x64_sys_call+0x191e/0x3000
[  396.980422][T14498]  do_syscall_64+0xd2/0x200
[  396.980485][T14498]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  396.980499][T14498]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  396.980516][T14498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.980528][T14498] RIP: 0033:0x7fadcbc0f749
[  396.980562][T14498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.980587][T14498] RSP: 002b:00007fadca677038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  396.980599][T14498] RAX: ffffffffffffffda RBX: 00007fadcbe65fa0 RCX: 00007fadcbc0f749
[  396.980606][T14498] RDX: 0000000000064000 RSI: 0000200000000a00 RDI: 0000000000000004
[  396.980613][T14498] RBP: 00007fadca677090 R08: 0000000000000000 R09: 0000000000000000
[  396.980659][T14498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.980666][T14498] R13: 00007fadcbe66038 R14: 00007fadcbe65fa0 R15: 00007ffdd60f6338
[  396.980677][T14498]  </TASK>
[  397.214152][T14502] loop0: detected capacity change from 0 to 128
[  397.216394][T14504] netlink: 'syz.3.3669': attribute type 4 has an invalid length.
[  397.228232][T14504] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3669'.
[  397.290300][T14506] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  397.339323][T14502] syz.0.3668: attempt to access beyond end of device
[  397.339323][T14502] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  397.352734][T14502] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  397.356015][T14506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.377035][T14506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.524631][T14524] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3679'.
[  398.000269][T14539] netlink: 'syz.3.3681': attribute type 4 has an invalid length.
[  398.008133][T14539] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3681'.
[  398.140839][T14546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.155734][T14545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.168037][T14546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  398.208313][T14545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  398.377267][T14550] loop2: detected capacity change from 0 to 128
[  398.499398][T14550] syz.2.3686: attempt to access beyond end of device
[  398.499398][T14550] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  398.512828][T14550] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  398.679495][T14562] FAULT_INJECTION: forcing a failure.
[  398.679495][T14562] name failslab, interval 1, probability 0, space 0, times 0
[  398.692126][T14562] CPU: 0 UID: 0 PID: 14562 Comm: syz.0.3688 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  398.692151][T14562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  398.692163][T14562] Call Trace:
[  398.692169][T14562]  <TASK>
[  398.692176][T14562]  __dump_stack+0x1d/0x30
[  398.692194][T14562]  dump_stack_lvl+0xe8/0x140
[  398.692211][T14562]  dump_stack+0x15/0x1b
[  398.692228][T14562]  should_fail_ex+0x265/0x280
[  398.692260][T14562]  should_failslab+0x8c/0xb0
[  398.692284][T14562]  kmem_cache_alloc_noprof+0x50/0x480
[  398.692307][T14562]  ? mas_alloc_nodes+0x1a2/0x210
[  398.692324][T14562]  mas_alloc_nodes+0x1a2/0x210
[  398.692342][T14562]  mas_preallocate+0x2ca/0x510
[  398.692365][T14562]  __split_vma+0x240/0x650
[  398.692390][T14562]  ? __schedule+0x6b9/0xb30
[  398.692414][T14562]  ? plist_check_list+0x1cf/0x210
[  398.692438][T14562]  vms_gather_munmap_vmas+0x17a/0x7b0
[  398.692461][T14562]  ? plist_check_list+0x1cf/0x210
[  398.692489][T14562]  do_vmi_align_munmap+0x1ac/0x3d0
[  398.692517][T14562]  do_vmi_munmap+0x1db/0x220
[  398.692539][T14562]  do_munmap+0x79/0xb0
[  398.692562][T14562]  mremap_to+0x192/0x430
[  398.692586][T14562]  ? mtree_load+0x33f/0x4f0
[  398.692606][T14562]  ? check_prep_vma+0x49c/0x660
[  398.692632][T14562]  __se_sys_mremap+0x632/0xb30
[  398.692664][T14562]  ? fput+0x8f/0xc0
[  398.692680][T14562]  ? ksys_write+0x192/0x1a0
[  398.692704][T14562]  __x64_sys_mremap+0x67/0x80
[  398.692727][T14562]  x64_sys_call+0x2a28/0x3000
[  398.692754][T14562]  do_syscall_64+0xd2/0x200
[  398.692774][T14562]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  398.692800][T14562]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  398.692830][T14562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.692846][T14562] RIP: 0033:0x7fa589d5f749
[  398.692858][T14562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.692874][T14562] RSP: 002b:00007fa588785038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  398.692893][T14562] RAX: ffffffffffffffda RBX: 00007fa589fb6180 RCX: 00007fa589d5f749
[  398.692905][T14562] RDX: 0000000000001000 RSI: 0000000000003000 RDI: 0000200000532000
[  398.692918][T14562] RBP: 00007fa588785090 R08: 0000200000190000 R09: 0000000000000000
[  398.692930][T14562] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  398.692942][T14562] R13: 00007fa589fb6218 R14: 00007fa589fb6180 R15: 00007ffea93a8a58
[  398.692959][T14562]  </TASK>
[  398.938797][T14563] loop4: detected capacity change from 0 to 128
[  398.991861][   T29] kauditd_printk_skb: 1403 callbacks suppressed
[  398.991875][   T29] audit: type=1400 audit(1763895057.037:40005): avc:  denied  { create } for  pid=14547 comm="syz.4.3685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  399.018002][   T29] audit: type=1400 audit(1763895057.037:40006): avc:  denied  { ioctl } for  pid=14547 comm="syz.4.3685" path="socket:[67225]" dev="sockfs" ino=67225 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  399.083181][   T29] audit: type=1400 audit(1763895057.097:40007): avc:  denied  { cpu } for  pid=14566 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  399.101907][   T29] audit: type=1400 audit(1763895057.097:40008): avc:  denied  { create } for  pid=14566 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  399.103553][T14571] FAULT_INJECTION: forcing a failure.
[  399.103553][T14571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.121084][   T29] audit: type=1400 audit(1763895057.107:40009): avc:  denied  { connect } for  pid=14566 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  399.134095][T14571] CPU: 0 UID: 0 PID: 14571 Comm: syz.1.3693 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  399.134121][T14571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  399.134133][T14571] Call Trace:
[  399.134140][T14571]  <TASK>
[  399.134149][T14571]  __dump_stack+0x1d/0x30
[  399.134192][T14571]  dump_stack_lvl+0xe8/0x140
[  399.134213][T14571]  dump_stack+0x15/0x1b
[  399.134230][T14571]  should_fail_ex+0x265/0x280
[  399.134262][T14571]  should_fail+0xb/0x20
[  399.134278][T14571]  should_fail_usercopy+0x1a/0x20
[  399.134342][T14571]  _copy_from_user+0x1c/0xb0
[  399.134367][T14571]  ucma_resolve_ip+0x4c/0x2e0
[  399.134396][T14571]  ucma_write+0x1b3/0x250
[  399.134459][T14571]  vfs_writev+0x406/0x8b0
[  399.134488][T14571]  ? __pfx_ucma_write+0x10/0x10
[  399.134519][T14571]  do_writev+0xe7/0x210
[  399.134578][T14571]  __x64_sys_writev+0x45/0x50
[  399.134604][T14571]  x64_sys_call+0x1e9a/0x3000
[  399.134626][T14571]  do_syscall_64+0xd2/0x200
[  399.134646][T14571]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  399.134740][T14571]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  399.134772][T14571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.134792][T14571] RIP: 0033:0x7fc8acfbf749
[  399.134808][T14571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.134899][T14571] RSP: 002b:00007fc8aba1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  399.134918][T14571] RAX: ffffffffffffffda RBX: 00007fc8ad215fa0 RCX: 00007fc8acfbf749
[  399.134930][T14571] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000006
[  399.134942][T14571] RBP: 00007fc8aba1f090 R08: 0000000000000000 R09: 0000000000000000
[  399.135017][T14571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.135029][T14571] R13: 00007fc8ad216038 R14: 00007fc8ad215fa0 R15: 00007ffe21bd2ac8
[  399.135047][T14571]  </TASK>
[  399.340083][   T29] audit: type=1326 audit(1763895057.107:40010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.1.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  399.363640][   T29] audit: type=1326 audit(1763895057.107:40011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.1.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  399.387249][   T29] audit: type=1326 audit(1763895057.107:40012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.1.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  399.410912][   T29] audit: type=1326 audit(1763895057.107:40013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.1.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  399.434515][   T29] audit: type=1326 audit(1763895057.107:40014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.1.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  399.537096][T14579] loop1: detected capacity change from 0 to 1024
[  399.551394][T14579] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  399.562391][T14579] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  399.586357][T14579] EXT4-fs (loop1): invalid journal inode
[  399.592138][T14579] EXT4-fs (loop1): can't get journal size
[  399.604424][T14579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  399.605687][T14585] xt_check_match: 2 callbacks suppressed
[  399.605704][T14585] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  399.636657][T14590] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3698'.
[  399.636679][T14590] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3698'.
[  399.636766][T14590] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3698'.
[  399.636840][T14579] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 37: comm syz.1.3696: path /101/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  399.649636][T14579] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz.1.3696: path /101/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=511, rec_len=65535, size=1024 fake=0
[  399.668327][T14590] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3698'.
[  399.668347][T14590] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3698'.
[  399.668451][T14590] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3698'.
[  399.683703][T13101] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.732342][T14594] loop2: detected capacity change from 0 to 128
[  399.740680][T14597] loop4: detected capacity change from 0 to 1024
[  399.790781][T14606] FAULT_INJECTION: forcing a failure.
[  399.790781][T14606] name failslab, interval 1, probability 0, space 0, times 0
[  399.803480][T14606] CPU: 0 UID: 0 PID: 14606 Comm: syz.3.3701 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  399.803511][T14606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  399.803523][T14606] Call Trace:
[  399.803529][T14606]  <TASK>
[  399.803535][T14606]  __dump_stack+0x1d/0x30
[  399.803557][T14606]  dump_stack_lvl+0xe8/0x140
[  399.803576][T14606]  dump_stack+0x15/0x1b
[  399.803612][T14606]  should_fail_ex+0x265/0x280
[  399.803707][T14606]  should_failslab+0x8c/0xb0
[  399.803734][T14606]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  399.803792][T14606]  ? __alloc_skb+0x101/0x320
[  399.803828][T14606]  __alloc_skb+0x101/0x320
[  399.803854][T14606]  netlink_alloc_large_skb+0xbf/0xf0
[  399.803927][T14606]  netlink_sendmsg+0x3cf/0x6b0
[  399.803949][T14606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.803966][T14606]  __sock_sendmsg+0x145/0x180
[  399.803986][T14606]  ____sys_sendmsg+0x31e/0x4e0
[  399.804009][T14606]  ___sys_sendmsg+0x17b/0x1d0
[  399.804061][T14606]  __x64_sys_sendmsg+0xd4/0x160
[  399.804123][T14606]  x64_sys_call+0x191e/0x3000
[  399.804145][T14606]  do_syscall_64+0xd2/0x200
[  399.804166][T14606]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  399.804246][T14606]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  399.804279][T14606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.804319][T14606] RIP: 0033:0x7fadcbc0f749
[  399.804334][T14606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.804351][T14606] RSP: 002b:00007fadca677038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  399.804367][T14606] RAX: ffffffffffffffda RBX: 00007fadcbe65fa0 RCX: 00007fadcbc0f749
[  399.804385][T14606] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  399.804397][T14606] RBP: 00007fadca677090 R08: 0000000000000000 R09: 0000000000000000
[  399.804410][T14606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.804486][T14606] R13: 00007fadcbe66038 R14: 00007fadcbe65fa0 R15: 00007ffdd60f6338
[  399.804502][T14606]  </TASK>
[  400.012614][T14597] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  400.023649][T14597] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  400.055559][T14597] EXT4-fs (loop4): invalid journal inode
[  400.063770][T14597] EXT4-fs (loop4): can't get journal size
[  400.078434][T14604] syzkaller0: entered promiscuous mode
[  400.083948][T14604] syzkaller0: entered allmulticast mode
[  400.091212][T14597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  400.111153][T14590] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 37: comm syz.4.3698: path /182/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  400.132714][T14590] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 3: comm syz.4.3698: path /182/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=511, rec_len=65535, size=1024 fake=0
[  400.152779][T14610] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  400.173227][T11868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.180401][T14594] syz.2.3699: attempt to access beyond end of device
[  400.180401][T14594] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  400.195579][T14594] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  400.205120][T14610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  400.213655][T14610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.217458][T14612] loop4: detected capacity change from 0 to 128
[  400.231892][T14612] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  400.247664][T14612] ext4 filesystem being mounted at /183/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  400.291452][T14616] loop1: detected capacity change from 0 to 128
[  400.299256][T14616] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  400.311546][T14616] ext4 filesystem being mounted at /103/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  400.384381][T14622] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.459132][T14622] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.498980][T14622] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.559282][T14622] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.624260][ T3499] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.635510][ T3499] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  400.646538][ T3499] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  400.657277][ T3499] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.025987][T14633] Cannot find set identified by id 0 to match
[  401.081433][T11868] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  401.156560][T14642] loop2: detected capacity change from 0 to 764
[  401.165802][T14642] Symlink component flag not implemented
[  401.172306][T14642] Symlink component flag not implemented (129)
[  401.188363][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  401.198190][T14642] rock: directory entry would overflow storage
[  401.204378][T14642] rock: sig=0x4f50, size=4, remaining=3
[  401.210078][T14642] iso9660: Corrupted directory entry in block 6 of inode 1792
[  401.241423][T14644] loop2: detected capacity change from 0 to 128
[  401.349007][T14644] syz.2.3716: attempt to access beyond end of device
[  401.349007][T14644] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  401.362434][T14644] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  401.456282][T14646] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14646 comm=syz.4.3711
[  401.619753][T14659] netlink: 'syz.4.3719': attribute type 4 has an invalid length.
[  401.627487][T14659] __nla_validate_parse: 3 callbacks suppressed
[  401.627498][T14659] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3719'.
[  402.013365][T14671] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  402.030873][T14671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.039978][T14671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.329879][T14676] loop2: detected capacity change from 0 to 128
[  402.444662][T14678] syz.2.3727: attempt to access beyond end of device
[  402.444662][T14678] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  402.458082][T14678] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  402.493337][T14676] syz.2.3727: attempt to access beyond end of device
[  402.493337][T14676] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  402.506763][T14676] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  402.618840][T14682] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3729'.
[  402.746023][T14685] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14685 comm=syz.2.3730
[  402.787902][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3730'.
[  402.858756][T14694] loop2: detected capacity change from 0 to 128
[  402.867462][T14694] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  402.879839][T14694] ext4 filesystem being mounted at /90/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  402.974797][T14697] loop1: detected capacity change from 0 to 128
[  403.393755][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  403.472294][T14706] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.539086][T14706] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.557063][T14711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.566113][T14711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.630751][T14706] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.699908][T14713] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  403.713068][T14706] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.717531][T14713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.732275][T14713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.752043][T14717] loop0: detected capacity change from 0 to 128
[  403.771007][T14719] loop1: detected capacity change from 0 to 128
[  403.888032][T14717] syz.0.3742: attempt to access beyond end of device
[  403.888032][T14717] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  403.901426][T14717] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  403.931719][T14719] syz.1.3743: attempt to access beyond end of device
[  403.931719][T14719] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  403.945106][T14719] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  403.985806][T14721] loop0: detected capacity change from 0 to 128
[  403.993675][T14721] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  404.006015][T14721] ext4 filesystem being mounted at /330/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  404.082693][T14724] loop1: detected capacity change from 0 to 128
[  404.090741][T14724] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  404.103056][T14724] ext4 filesystem being mounted at /111/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  404.157685][   T29] kauditd_printk_skb: 706 callbacks suppressed
[  404.164021][   T29] audit: type=1326 audit(1763895062.197:40721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="syz.4.3746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.188445][   T29] audit: type=1326 audit(1763895062.197:40722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="syz.4.3746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.212225][   T29] audit: type=1326 audit(1763895062.207:40723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="syz.4.3746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.235871][   T29] audit: type=1326 audit(1763895062.207:40724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.258946][   T29] audit: type=1326 audit(1763895062.207:40725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.282076][   T29] audit: type=1326 audit(1763895062.207:40726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.305138][   T29] audit: type=1326 audit(1763895062.207:40727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.328091][   T29] audit: type=1326 audit(1763895062.207:40728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.351204][   T29] audit: type=1326 audit(1763895062.207:40729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14727 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  404.374347][   T29] audit: type=1400 audit(1763895062.207:40730): avc:  denied  { cpu } for  pid=14727 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  404.654096][T14749] loop3: detected capacity change from 0 to 256
[  404.661067][T14749] msdos: Unknown parameter 'dot'
[  404.675724][T14749] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3750'.
[  404.857785][ T9506] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  404.967883][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  405.008093][T14751] loop4: detected capacity change from 0 to 128
[  405.042090][T14757] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  405.056533][T14758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  405.077701][T14758] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.187448][   T41] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  405.204591][   T41] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  405.227587][   T41] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  405.241411][   T41] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.365679][T14769] loop2: detected capacity change from 0 to 764
[  405.396679][T14769] Symlink component flag not implemented
[  405.417989][T14769] Symlink component flag not implemented (129)
[  405.427311][T14773] Cannot find set identified by id 0 to match
[  405.437057][T14769] rock: directory entry would overflow storage
[  405.443288][T14769] rock: sig=0x4f50, size=4, remaining=3
[  405.449061][T14769] iso9660: Corrupted directory entry in block 6 of inode 1792
[  405.480776][T14777] Cannot find set identified by id 0 to match
[  405.492740][T14775] loop3: detected capacity change from 0 to 1024
[  405.512350][T14775] EXT4-fs: Ignoring removed bh option
[  405.527864][T14775] EXT4-fs: inline encryption not supported
[  405.528910][T14779] loop2: detected capacity change from 0 to 128
[  405.542629][T14775] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  405.555739][T14779] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  405.570308][T14779] ext4 filesystem being mounted at /94/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  405.602583][T14775] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  405.611482][T14775] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.3765: lblock 2 mapped to illegal pblock 2 (length 1)
[  405.625778][T14775] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.3765: lblock 0 mapped to illegal pblock 48 (length 1)
[  405.640033][T14775] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.3765: Failed to acquire dquot type 0
[  405.652591][T14775] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  405.662417][T14775] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.3765: mark_inode_dirty error
[  405.674281][T14775] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  405.679297][T14786] loop4: detected capacity change from 0 to 764
[  405.684996][T14775] EXT4-fs (loop3): 1 orphan inode deleted
[  405.697251][T14775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  405.709889][   T52] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1)
[  405.726681][   T52] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:3: Failed to release dquot type 0
[  405.739081][T14775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.748821][T14775] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz.3.3765: Invalid inode table block 1 in block_group 0
[  405.762026][T14775] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  405.771786][T14775] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz.3.3765: mark_inode_dirty error
[  405.810282][T14786] Symlink component flag not implemented
[  405.815931][T14786] Symlink component flag not implemented (129)
[  405.823166][T14786] rock: directory entry would overflow storage
[  405.829370][T14786] rock: sig=0x4f50, size=4, remaining=3
[  405.834912][T14786] iso9660: Corrupted directory entry in block 6 of inode 1792
[  405.847480][T14791] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  405.860396][T14793] loop3: detected capacity change from 0 to 128
[  405.891046][T14791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  405.900574][T14791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.960358][T14796] netlink: 'syz.4.3773': attribute type 4 has an invalid length.
[  405.968122][T14796] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3773'.
[  406.048615][T14793] syz.3.3772: attempt to access beyond end of device
[  406.048615][T14793] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  406.061997][T14793] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  406.398658][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  406.416005][T14801] loop3: detected capacity change from 0 to 128
[  406.448992][T14801] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  406.496242][T14801] ext4 filesystem being mounted at /186/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  406.517344][T14801] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3776'.
[  406.530382][T14805] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  406.560544][T14809] loop2: detected capacity change from 0 to 764
[  406.580985][T14805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  406.594581][T14809] Symlink component flag not implemented
[  406.609395][T14809] Symlink component flag not implemented (129)
[  406.610743][T14805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  406.625970][T14809] rock: directory entry would overflow storage
[  406.632156][T14809] rock: sig=0x4f50, size=4, remaining=3
[  406.637721][T14809] iso9660: Corrupted directory entry in block 6 of inode 1792
[  406.655875][T12122] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  406.691447][T14813] loop3: detected capacity change from 0 to 128
[  406.766333][T14820] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  406.795405][T14813] syz.3.3780: attempt to access beyond end of device
[  406.795405][T14813] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  406.808841][T14813] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  406.864800][T14825] loop2: detected capacity change from 0 to 764
[  406.874024][T14825] Symlink component flag not implemented
[  406.896216][T14825] Symlink component flag not implemented (129)
[  406.903391][T14825] rock: directory entry would overflow storage
[  406.909599][T14825] rock: sig=0x4f50, size=4, remaining=3
[  406.915205][T14825] iso9660: Corrupted directory entry in block 6 of inode 1792
[  406.925327][T14829] loop4: detected capacity change from 0 to 128
[  406.939481][T14828] loop3: detected capacity change from 0 to 128
[  406.950418][T14831] loop2: detected capacity change from 0 to 128
[  407.075410][T14828] syz.3.3786: attempt to access beyond end of device
[  407.075410][T14828] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  407.088867][T14828] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  407.098180][T14831] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  407.110598][T14831] ext4 filesystem being mounted at /102/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  407.142745][T14832] syz.3.3786: attempt to access beyond end of device
[  407.142745][T14832] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  407.156256][T14832] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  407.335249][T14845] loop3: detected capacity change from 0 to 128
[  407.346369][T14845] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  407.358852][T14845] ext4 filesystem being mounted at /190/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  407.371124][T14845] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3791'.
[  407.486826][T14848] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.506772][T12122] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  407.559872][T14852] syzkaller0: entered promiscuous mode
[  407.565525][T14852] syzkaller0: entered allmulticast mode
[  407.574161][T14848] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.620071][T14848] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.654183][T14857] loop1: detected capacity change from 0 to 1024
[  407.661121][T14857] EXT4-fs: Ignoring removed orlov option
[  407.667308][T14857] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  407.678754][T14857] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e018, mo2=0000]
[  407.687593][T14857] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.3796: lblock 2 mapped to illegal pblock 2 (length 1)
[  407.701877][T14857] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.3796: lblock 0 mapped to illegal pblock 48 (length 1)
[  407.716283][T14857] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.3796: Failed to acquire dquot type 0
[  407.727996][T14857] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  407.729062][T14848] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.737462][T14857] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.3796: mark_inode_dirty error
[  407.737528][T14857] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  407.758566][T14860] loop3: detected capacity change from 0 to 128
[  407.768609][T14857] EXT4-fs (loop1): 1 orphan inode deleted
[  407.768974][T14857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  407.792754][   T12] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1)
[  407.807216][   T12] EXT4-fs error (device loop1): ext4_release_dquot:6981: comm kworker/u8:0: Failed to release dquot type 0
[  407.857384][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  407.883968][  T566] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  407.897783][  T566] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  407.916105][  T566] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  407.933163][T14860] syz.3.3797: attempt to access beyond end of device
[  407.933163][T14860] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  407.946582][T14860] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  407.958820][T13101] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.972611][T13101] EXT4-fs error (device loop1): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  407.989830][T13101] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  407.999547][T13101] EXT4-fs error (device loop1): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  408.015484][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  408.064212][T14866] loop2: detected capacity change from 0 to 128
[  408.211184][T14876] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3804'.
[  408.230675][T14876] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3804'.
[  408.266751][T14866] syz.2.3799: attempt to access beyond end of device
[  408.266751][T14866] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  408.280350][T14866] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  408.298104][T14880] loop0: detected capacity change from 0 to 764
[  408.316673][T14869] loop1: detected capacity change from 0 to 128
[  408.327006][T14880] Symlink component flag not implemented
[  408.360732][T14880] Symlink component flag not implemented (129)
[  408.387272][T14880] rock: directory entry would overflow storage
[  408.393461][T14880] rock: sig=0x4f50, size=4, remaining=3
[  408.393516][T14881] loop4: detected capacity change from 0 to 128
[  408.399025][T14880] iso9660: Corrupted directory entry in block 6 of inode 1792
[  408.440618][T14888] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  408.531577][T14890] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.563513][T14893] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  408.611379][T14890] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.628141][T14898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  408.641032][T14898] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  408.692692][T14890] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.731293][T14890] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.748325][T14900] loop3: detected capacity change from 0 to 128
[  408.756521][T14900] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  408.787610][T14900] ext4 filesystem being mounted at /196/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  408.819662][ T3499] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  408.837904][ T3499] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  408.854723][ T3499] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  408.883411][ T3499] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  409.234462][T14913] loop1: detected capacity change from 0 to 128
[  409.249665][T14913] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  409.295757][T14913] ext4 filesystem being mounted at /132/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  409.304195][T14917] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3817'.
[  409.317041][T14913] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3816'.
[  409.423368][T14924] loop4: detected capacity change from 0 to 128
[  409.436013][   T29] kauditd_printk_skb: 924 callbacks suppressed
[  409.436027][   T29] audit: type=1400 audit(1763895067.477:41649): avc:  denied  { tracepoint } for  pid=14916 comm="syz.0.3817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  409.474063][   T29] audit: type=1400 audit(1763895067.517:41650): avc:  denied  { mount } for  pid=14920 comm="syz.2.3819" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  409.510909][T14927] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  409.512028][   T29] audit: type=1400 audit(1763895067.547:41651): avc:  denied  { create } for  pid=14920 comm="syz.2.3819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  409.534395][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  409.563460][   T29] audit: type=1326 audit(1763895067.607:41652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.587156][   T29] audit: type=1326 audit(1763895067.607:41653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.610743][   T29] audit: type=1326 audit(1763895067.607:41654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.613825][T14931] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  409.634331][   T29] audit: type=1326 audit(1763895067.607:41655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.668243][   T29] audit: type=1326 audit(1763895067.607:41656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.691956][   T29] audit: type=1326 audit(1763895067.607:41657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.715833][   T29] audit: type=1326 audit(1763895067.607:41658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14928 comm="syz.1.3821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  409.740867][T12122] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  409.781405][T14939] loop2: detected capacity change from 0 to 128
[  409.788060][T14935] loop0: detected capacity change from 0 to 1024
[  409.812618][T14941] loop4: detected capacity change from 0 to 128
[  409.820765][T14938] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  409.841470][T14938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  409.848088][T14935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.863401][T14938] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  409.885485][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3823'.
[  409.894476][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3823'.
[  409.903437][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3823'.
[  409.912318][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3823'.
[  409.921287][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3823'.
[  409.937441][T14935] bridge1: entered promiscuous mode
[  409.942741][T14935] bridge1: entered allmulticast mode
[  409.949960][T14935] team0: Port device bridge1 added
[  410.002712][T14935] bridge0: port 3(team0) entered blocking state
[  410.009042][T14935] bridge0: port 3(team0) entered disabled state
[  410.015519][T14935] team0: entered allmulticast mode
[  410.020663][T14935] team_slave_0: entered allmulticast mode
[  410.026390][T14935] team_slave_1: entered allmulticast mode
[  410.029868][T14941] syz.4.3827: attempt to access beyond end of device
[  410.029868][T14941] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[  410.032238][T14935] dummy0: entered allmulticast mode
[  410.045488][T14941] Buffer I/O error on dev loop4, logical block 128, lost async page write
[  410.061873][T14935] team0: entered promiscuous mode
[  410.066951][T14935] team_slave_0: entered promiscuous mode
[  410.072693][T14935] team_slave_1: entered promiscuous mode
[  410.078741][T14935] dummy0: entered promiscuous mode
[  410.095432][T14935] bridge0: port 3(team0) entered blocking state
[  410.101718][T14935] bridge0: port 3(team0) entered forwarding state
[  410.109665][T14939] syz.2.3826: attempt to access beyond end of device
[  410.109665][T14939] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  410.123094][T14939] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  410.142646][ T9506] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.165985][T14948] loop0: detected capacity change from 0 to 128
[  410.226629][T14952] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.259445][T14955] loop2: detected capacity change from 0 to 128
[  410.269598][T14952] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.291537][T14959] loop1: detected capacity change from 0 to 128
[  410.397099][T14955] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  410.416957][T14955] ext4 filesystem being mounted at /107/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  410.428725][T14952] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.479553][T14952] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.492167][T14966] loop0: detected capacity change from 0 to 128
[  410.580637][T14968] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  410.599188][T14968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.609836][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  410.609897][T14968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.638442][T14970] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.678959][T14970] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.739079][T14970] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.789112][T14970] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.844872][  T566] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  410.860335][  T566] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  410.872316][  T566] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  410.880548][  T566] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  410.991739][T14986] loop1: detected capacity change from 0 to 128
[  411.125083][T14986] syz.1.3842: attempt to access beyond end of device
[  411.125083][T14986] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  411.138496][T14986] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  411.239310][T14994] loop1: detected capacity change from 0 to 128
[  411.255768][T14992] loop0: detected capacity change from 0 to 128
[  411.266048][T14994] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  411.298407][T14994] ext4 filesystem being mounted at /142/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  411.393724][T15000] loop0: detected capacity change from 0 to 128
[  411.506915][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  411.532669][T15006] Cannot find set identified by id 0 to match
[  411.599268][T15010] loop1: detected capacity change from 0 to 128
[  411.614124][T15000] syz.0.3847: attempt to access beyond end of device
[  411.614124][T15000] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  411.627607][T15000] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  411.729615][T15013] loop3: detected capacity change from 0 to 128
[  411.775719][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  411.788934][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  411.803884][ T3499] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  411.821598][ T3499] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  411.868601][T15010] syz.1.3852: attempt to access beyond end of device
[  411.868601][T15010] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  411.882118][T15010] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  411.918318][T15013] syz.3.3853: attempt to access beyond end of device
[  411.918318][T15013] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  411.931734][T15013] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  411.940738][T15013] syz.3.3853: attempt to access beyond end of device
[  411.940738][T15013] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  411.954237][T15013] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  412.014058][T15023] loop0: detected capacity change from 0 to 128
[  412.039301][T15022] loop2: detected capacity change from 0 to 128
[  412.113025][T15028] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  412.130961][T15032] loop1: detected capacity change from 0 to 128
[  412.135041][T15028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.147583][T15032] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  412.147668][T15028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.168031][T15032] ext4 filesystem being mounted at /147/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  412.232152][T15022] syz.2.3857: attempt to access beyond end of device
[  412.232152][T15022] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  412.245849][T15022] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  412.277418][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  412.313954][T15038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.322552][T15038] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.448327][T15047] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  412.459957][T15047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.468413][T15047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.718912][T15049] loop3: detected capacity change from 0 to 128
[  412.844446][T15049] syz.3.3866: attempt to access beyond end of device
[  412.844446][T15049] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  412.857862][T15049] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  412.962927][T15063] loop0: detected capacity change from 0 to 128
[  413.218818][T15072] loop4: detected capacity change from 0 to 764
[  413.269859][T15072] Symlink component flag not implemented
[  413.281670][T15077] loop2: detected capacity change from 0 to 128
[  413.297472][T15072] Symlink component flag not implemented (129)
[  413.308705][T15072] rock: directory entry would overflow storage
[  413.314925][T15072] rock: sig=0x4f50, size=4, remaining=3
[  413.320554][T15072] iso9660: Corrupted directory entry in block 6 of inode 1792
[  413.345245][T15081] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  413.358729][T15081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.366422][T15080] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  413.368116][T15081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.383527][T15080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.424684][T15080] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.455443][T15084] loop1: detected capacity change from 0 to 128
[  413.556890][T15085] loop2: detected capacity change from 0 to 128
[  413.730575][T15091] __nla_validate_parse: 48 callbacks suppressed
[  413.730586][T15091] netlink: 172 bytes leftover after parsing attributes in process `syz.0.3882'.
[  413.760946][T15093] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3883'.
[  413.770016][T15093] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  413.777373][T15093] batman_adv: batadv0: Removing interface: batadv_slave_0
[  413.784915][T15093] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  413.792379][T15093] batman_adv: batadv0: Removing interface: batadv_slave_1
[  413.901813][T15096] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  413.950825][T15102] loop0: detected capacity change from 0 to 128
[  413.955030][T15104] Cannot find set identified by id 0 to match
[  414.131925][T15118] loop1: detected capacity change from 0 to 512
[  414.151859][T15118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  414.164644][T15118] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  414.202839][T13101] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.232549][T15125] loop3: detected capacity change from 0 to 128
[  414.385214][T15102] syz.0.3887: attempt to access beyond end of device
[  414.385214][T15102] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  414.398702][T15102] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  414.432796][T15131] loop1: detected capacity change from 0 to 128
[  414.452349][T15133] loop2: detected capacity change from 0 to 128
[  414.717272][T15135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.740655][T15137] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  414.762854][T15135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.803693][T15131] syz.1.3893: attempt to access beyond end of device
[  414.803693][T15131] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  414.817187][T15131] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  414.954514][T15153] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3897'.
[  414.987954][T15153] loop2: detected capacity change from 0 to 512
[  415.007610][   T29] kauditd_printk_skb: 726 callbacks suppressed
[  415.007623][   T29] audit: type=1326 audit(1763895073.047:42385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="syz.4.3899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.028308][T15153] EXT4-fs: Ignoring removed nomblk_io_submit option
[  415.053637][   T29] audit: type=1326 audit(1763895073.087:42386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="syz.4.3899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.077220][   T29] audit: type=1326 audit(1763895073.087:42387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.081254][T15153] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: comm syz.2.3897: Parent and EA inode have the same ino 15
[  415.100273][   T29] audit: type=1326 audit(1763895073.087:42388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.100297][   T29] audit: type=1326 audit(1763895073.087:42389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.112889][T15153] EXT4-fs (loop2): Remounting filesystem read-only
[  415.135520][   T29] audit: type=1326 audit(1763895073.087:42390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.135541][   T29] audit: type=1326 audit(1763895073.087:42391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.135562][   T29] audit: type=1326 audit(1763895073.087:42392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.159158][T15153] EXT4-fs (loop2): 1 orphan inode deleted
[  415.165089][   T29] audit: type=1326 audit(1763895073.087:42393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.165112][   T29] audit: type=1326 audit(1763895073.087:42394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15198 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  415.286467][T15153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  415.303477][T15204] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  415.324352][T15207] netlink: 'syz.4.3902': attribute type 4 has an invalid length.
[  415.332101][T15207] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3902'.
[  415.351711][T15202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.371792][T15202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.387171][T15211] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3904'.
[  415.450585][T15209] Cannot find set identified by id 0 to match
[  415.460057][T13309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.478414][T15216] tipc: MTU too low for tipc bearer
[  415.541296][T15226] FAULT_INJECTION: forcing a failure.
[  415.541296][T15226] name failslab, interval 1, probability 0, space 0, times 0
[  415.554036][T15226] CPU: 1 UID: 0 PID: 15226 Comm: syz.2.3909 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  415.554061][T15226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  415.554072][T15226] Call Trace:
[  415.554078][T15226]  <TASK>
[  415.554084][T15226]  __dump_stack+0x1d/0x30
[  415.554134][T15226]  dump_stack_lvl+0xe8/0x140
[  415.554152][T15226]  dump_stack+0x15/0x1b
[  415.554167][T15226]  should_fail_ex+0x265/0x280
[  415.554272][T15226]  should_failslab+0x8c/0xb0
[  415.554353][T15226]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  415.554378][T15226]  ? __alloc_skb+0x101/0x320
[  415.554402][T15226]  __alloc_skb+0x101/0x320
[  415.554426][T15226]  netlink_alloc_large_skb+0xbf/0xf0
[  415.554492][T15226]  netlink_sendmsg+0x3cf/0x6b0
[  415.554510][T15226]  ? __pfx_netlink_sendmsg+0x10/0x10
[  415.554596][T15226]  __sock_sendmsg+0x145/0x180
[  415.554616][T15226]  ____sys_sendmsg+0x31e/0x4e0
[  415.554686][T15226]  ___sys_sendmsg+0x17b/0x1d0
[  415.554711][T15226]  __x64_sys_sendmsg+0xd4/0x160
[  415.554729][T15226]  x64_sys_call+0x191e/0x3000
[  415.554750][T15226]  do_syscall_64+0xd2/0x200
[  415.554767][T15226]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  415.554839][T15226]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  415.554872][T15226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.554890][T15226] RIP: 0033:0x7f2d1108f749
[  415.554903][T15226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.554948][T15226] RSP: 002b:00007f2d0faf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  415.554966][T15226] RAX: ffffffffffffffda RBX: 00007f2d112e5fa0 RCX: 00007f2d1108f749
[  415.555005][T15226] RDX: 0000000000008094 RSI: 0000200000001a40 RDI: 0000000000000003
[  415.555016][T15226] RBP: 00007f2d0faf7090 R08: 0000000000000000 R09: 0000000000000000
[  415.555026][T15226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.555036][T15226] R13: 00007f2d112e6038 R14: 00007f2d112e5fa0 R15: 00007fffc338a3e8
[  415.555052][T15226]  </TASK>
[  415.767580][T15228] FAULT_INJECTION: forcing a failure.
[  415.767580][T15228] name failslab, interval 1, probability 0, space 0, times 0
[  415.780282][T15228] CPU: 1 UID: 0 PID: 15228 Comm: syz.2.3910 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  415.780308][T15228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  415.780319][T15228] Call Trace:
[  415.780325][T15228]  <TASK>
[  415.780332][T15228]  __dump_stack+0x1d/0x30
[  415.780428][T15228]  dump_stack_lvl+0xe8/0x140
[  415.780449][T15228]  dump_stack+0x15/0x1b
[  415.780467][T15228]  should_fail_ex+0x265/0x280
[  415.780502][T15228]  should_failslab+0x8c/0xb0
[  415.780553][T15228]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  415.780620][T15228]  ? __alloc_skb+0x101/0x320
[  415.780647][T15228]  __alloc_skb+0x101/0x320
[  415.780673][T15228]  netlink_alloc_large_skb+0xbf/0xf0
[  415.780735][T15228]  netlink_sendmsg+0x3cf/0x6b0
[  415.780755][T15228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  415.780776][T15228]  __sock_sendmsg+0x145/0x180
[  415.780800][T15228]  ____sys_sendmsg+0x31e/0x4e0
[  415.780904][T15228]  ___sys_sendmsg+0x17b/0x1d0
[  415.780981][T15228]  __x64_sys_sendmsg+0xd4/0x160
[  415.781003][T15228]  x64_sys_call+0x191e/0x3000
[  415.781025][T15228]  do_syscall_64+0xd2/0x200
[  415.781045][T15228]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  415.781082][T15228]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  415.781110][T15228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.781131][T15228] RIP: 0033:0x7f2d1108f749
[  415.781145][T15228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.781222][T15228] RSP: 002b:00007f2d0faf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  415.781241][T15228] RAX: ffffffffffffffda RBX: 00007f2d112e5fa0 RCX: 00007f2d1108f749
[  415.781253][T15228] RDX: 0000000004000000 RSI: 0000200000000280 RDI: 0000000000000004
[  415.781265][T15228] RBP: 00007f2d0faf7090 R08: 0000000000000000 R09: 0000000000000000
[  415.781278][T15228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.781291][T15228] R13: 00007f2d112e6038 R14: 00007f2d112e5fa0 R15: 00007fffc338a3e8
[  415.781310][T15228]  </TASK>
[  416.059616][T15230] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  416.071407][T15237] loop3: detected capacity change from 0 to 764
[  416.079914][T15232] loop2: detected capacity change from 0 to 128
[  416.084201][T15230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.094676][T15237] Symlink component flag not implemented
[  416.100622][T15237] Symlink component flag not implemented (129)
[  416.103717][T15230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.116312][T15237] rock: directory entry would overflow storage
[  416.122498][T15237] rock: sig=0x4f50, size=4, remaining=3
[  416.128062][T15237] iso9660: Corrupted directory entry in block 6 of inode 1792
[  416.201839][T15240] SELinux: failed to load policy
[  416.354416][T15258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.369744][T15258] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.372304][T15260] syzkaller0: entered promiscuous mode
[  416.383019][T15260] syzkaller0: entered allmulticast mode
[  416.391393][T15247] Cannot find set identified by id 0 to match
[  416.533359][T15267] syzkaller0: entered promiscuous mode
[  416.538944][T15267] syzkaller0: entered allmulticast mode
[  416.551326][T15266] loop3: detected capacity change from 0 to 128
[  416.667747][T15276] loop2: detected capacity change from 0 to 128
[  416.675467][T15276] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  416.694882][T15276] ext4 filesystem being mounted at /131/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  416.705686][T15280] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  416.718762][T15276] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3931'.
[  416.726290][T15274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.762085][T15274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.857046][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  416.931969][T15296] loop1: detected capacity change from 0 to 128
[  416.973526][T15292] Cannot find set identified by id 0 to match
[  417.097902][T15301] loop4: detected capacity change from 0 to 128
[  417.135127][T15296] syz.1.3938: attempt to access beyond end of device
[  417.135127][T15296] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  417.148618][T15296] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  417.272965][T15306] loop2: detected capacity change from 0 to 128
[  417.494714][T15312] FAULT_INJECTION: forcing a failure.
[  417.494714][T15312] name failslab, interval 1, probability 0, space 0, times 0
[  417.507415][T15312] CPU: 0 UID: 0 PID: 15312 Comm: syz.1.3942 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  417.507469][T15312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  417.507479][T15312] Call Trace:
[  417.507485][T15312]  <TASK>
[  417.507491][T15312]  __dump_stack+0x1d/0x30
[  417.507582][T15312]  dump_stack_lvl+0xe8/0x140
[  417.507598][T15312]  dump_stack+0x15/0x1b
[  417.507613][T15312]  should_fail_ex+0x265/0x280
[  417.507720][T15312]  should_failslab+0x8c/0xb0
[  417.507748][T15312]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  417.507779][T15312]  ? __alloc_skb+0x101/0x320
[  417.507805][T15312]  __alloc_skb+0x101/0x320
[  417.507835][T15312]  netlink_alloc_large_skb+0xbf/0xf0
[  417.507900][T15312]  netlink_sendmsg+0x3cf/0x6b0
[  417.507929][T15312]  ? __pfx_netlink_sendmsg+0x10/0x10
[  417.508025][T15312]  __sock_sendmsg+0x145/0x180
[  417.508045][T15312]  ____sys_sendmsg+0x31e/0x4e0
[  417.508091][T15312]  ___sys_sendmsg+0x17b/0x1d0
[  417.508118][T15312]  __x64_sys_sendmsg+0xd4/0x160
[  417.508212][T15312]  x64_sys_call+0x191e/0x3000
[  417.508235][T15312]  do_syscall_64+0xd2/0x200
[  417.508265][T15312]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  417.508294][T15312]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  417.508343][T15312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.508360][T15312] RIP: 0033:0x7fc8acfbf749
[  417.508410][T15312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.508429][T15312] RSP: 002b:00007fc8aba1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  417.508449][T15312] RAX: ffffffffffffffda RBX: 00007fc8ad215fa0 RCX: 00007fc8acfbf749
[  417.508462][T15312] RDX: 0000000000000840 RSI: 0000200000001340 RDI: 0000000000000003
[  417.508474][T15312] RBP: 00007fc8aba1f090 R08: 0000000000000000 R09: 0000000000000000
[  417.508484][T15312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.508545][T15312] R13: 00007fc8ad216038 R14: 00007fc8ad215fa0 R15: 00007ffe21bd2ac8
[  417.508565][T15312]  </TASK>
[  417.735667][T15313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.744233][T15313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.754216][T15317] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  417.863199][T15325] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.875634][T15328] Cannot find set identified by id 0 to match
[  417.913279][T15325] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.980496][T15325] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.002463][T15336] loop2: detected capacity change from 0 to 128
[  418.010553][T15330] Cannot find set identified by id 0 to match
[  418.035298][T15336] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  418.047620][T15336] ext4 filesystem being mounted at /136/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  418.109336][T15325] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.130032][T15340] loop1: detected capacity change from 0 to 128
[  418.197666][ T8292] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  418.209355][ T8292] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  418.225374][ T8292] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  418.239492][ T8292] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  418.265568][T15340] syz.1.3954: attempt to access beyond end of device
[  418.265568][T15340] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  418.278968][T15340] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  418.329656][T15343] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3955'.
[  418.411128][T15352] loop1: detected capacity change from 0 to 128
[  418.426317][T15352] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  418.445899][T15352] ext4 filesystem being mounted at /168/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  418.461213][T15352] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3959'.
[  418.517128][T15360] loop3: detected capacity change from 0 to 128
[  418.543118][T15358] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  418.581708][T15358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.601274][T15358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.638473][T15360] syz.3.3962: attempt to access beyond end of device
[  418.638473][T15360] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  418.651984][T15360] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  418.720485][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  418.759047][T15367] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  418.779841][T15367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.788271][T15366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.789041][T15367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.800758][T15366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.835851][T15369] syzkaller0: entered promiscuous mode
[  418.841501][T15369] syzkaller0: entered allmulticast mode
[  418.915520][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  418.942936][T15374] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.018906][T15374] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.068392][T15378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  419.076811][T15378] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  419.089468][T15374] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.149096][T15374] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.206380][T15181] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  419.218719][T15181] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  419.235198][T15181] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  419.247003][T15181] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  419.359820][T15394] loop0: detected capacity change from 0 to 128
[  419.367516][T15394] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  419.380241][T15394] ext4 filesystem being mounted at /358/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  419.387957][T15392] loop3: detected capacity change from 0 to 128
[  419.391420][T15390] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  419.418528][T15394] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3976'.
[  419.490275][T15390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  419.498967][T15390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  419.624392][T15392] syz.3.3975: attempt to access beyond end of device
[  419.624392][T15392] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  419.637842][T15392] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  419.642064][T15400] loop2: detected capacity change from 0 to 128
[  419.677552][ T9506] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  419.774515][T15400] syz.2.3977: attempt to access beyond end of device
[  419.774515][T15400] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  419.787993][T15400] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  419.798523][T15404] loop0: detected capacity change from 0 to 128
[  419.813675][T15404] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  419.848972][T15404] ext4 filesystem being mounted at /359/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  419.872792][T15403] Cannot find set identified by id 0 to match
[  419.890033][T15404] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3978'.
[  420.009080][   T29] kauditd_printk_skb: 1435 callbacks suppressed
[  420.009095][   T29] audit: type=1326 audit(1763895078.047:43830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15410 comm="syz.3.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fadcbc0f749 code=0x7ffc0000
[  420.057278][   T29] audit: type=1400 audit(1763895078.057:43831): avc:  denied  { bind } for  pid=15408 comm="syz.2.3980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  420.077051][   T29] audit: type=1326 audit(1763895078.087:43832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15410 comm="syz.3.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcbc0f749 code=0x7ffc0000
[  420.100699][   T29] audit: type=1326 audit(1763895078.097:43833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15410 comm="syz.3.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcbc0f749 code=0x7ffc0000
[  420.124403][   T29] audit: type=1326 audit(1763895078.097:43834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15410 comm="syz.3.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fadcbc0f749 code=0x7ffc0000
[  420.157910][T15414] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  420.194016][ T9506] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  420.220379][   T29] audit: type=1326 audit(1763895078.267:43835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15417 comm="syz.4.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  420.244048][   T29] audit: type=1326 audit(1763895078.267:43836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15417 comm="syz.4.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  420.287345][   T29] audit: type=1326 audit(1763895078.317:43837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15417 comm="syz.4.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  420.308217][T15415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.311015][   T29] audit: type=1326 audit(1763895078.317:43838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15417 comm="syz.4.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  420.342750][   T29] audit: type=1326 audit(1763895078.317:43839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15417 comm="syz.4.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  420.357892][T15415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.388374][T15419] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  420.420509][T15428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.429350][T15428] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.476146][T15419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.485542][T15419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.553602][T15430] loop1: detected capacity change from 0 to 128
[  420.892980][T15433] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  420.906969][T15432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.916104][T15432] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.972856][T15439] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  421.062858][T15451] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  421.071616][T15451] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3997'.
[  421.112040][T15451] netlink: 'syz.4.3997': attribute type 10 has an invalid length.
[  421.123190][T15451] team0: Port device dummy0 added
[  421.188645][T15460] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  421.200579][T15460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.209052][T15460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.291475][T15463] loop1: detected capacity change from 0 to 128
[  421.299473][T15463] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  421.313645][T15463] ext4 filesystem being mounted at /176/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  421.324980][T15463] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3999'.
[  421.434786][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  421.524839][T15468] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  421.541004][T15468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.550947][T15468] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.751960][T15474] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  421.929401][T15477] loop4: detected capacity change from 0 to 128
[  421.936768][T15479] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  422.009228][T15485] loop3: detected capacity change from 0 to 128
[  422.133154][T15485] syz.3.4007: attempt to access beyond end of device
[  422.133154][T15485] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  422.146609][T15485] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  422.156125][T15487] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.218985][T15487] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.269811][T15487] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.276377][T15492] netlink: 'syz.3.4010': attribute type 4 has an invalid length.
[  422.287350][T15492] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4010'.
[  422.315231][T15494] loop3: detected capacity change from 0 to 128
[  422.323260][T15494] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  422.336158][T15487] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.346053][T15494] ext4 filesystem being mounted at /243/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  422.359087][T15494] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4011'.
[  422.412441][T15499] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4012'.
[  422.463031][T12122] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  422.502631][T15502] SELinux:  Context system_u:object_r:udev_var_run_t:s0 is not valid (left unmapped).
[  422.513808][T15510] FAULT_INJECTION: forcing a failure.
[  422.513808][T15510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.526929][T15510] CPU: 0 UID: 0 PID: 15510 Comm: syz.2.4015 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  422.526952][T15510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  422.526963][T15510] Call Trace:
[  422.526971][T15510]  <TASK>
[  422.526979][T15510]  __dump_stack+0x1d/0x30
[  422.527067][T15510]  dump_stack_lvl+0xe8/0x140
[  422.527084][T15510]  dump_stack+0x15/0x1b
[  422.527098][T15510]  should_fail_ex+0x265/0x280
[  422.527153][T15504] loop3: detected capacity change from 0 to 512
[  422.527161][T15510]  should_fail+0xb/0x20
[  422.527178][T15510]  should_fail_usercopy+0x1a/0x20
[  422.527196][T15510]  _copy_from_user+0x1c/0xb0
[  422.527253][T15510]  ___sys_sendmsg+0xc1/0x1d0
[  422.527300][T15510]  __x64_sys_sendmsg+0xd4/0x160
[  422.527322][T15510]  x64_sys_call+0x191e/0x3000
[  422.527446][T15510]  do_syscall_64+0xd2/0x200
[  422.527467][T15510]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  422.527502][T15510]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  422.527533][T15510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.527553][T15510] RIP: 0033:0x7f2d1108f749
[  422.527590][T15510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.527608][T15510] RSP: 002b:00007f2d0faf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  422.527647][T15510] RAX: ffffffffffffffda RBX: 00007f2d112e5fa0 RCX: 00007f2d1108f749
[  422.527660][T15510] RDX: 0000000004000010 RSI: 0000200000000080 RDI: 0000000000000003
[  422.527672][T15510] RBP: 00007f2d0faf7090 R08: 0000000000000000 R09: 0000000000000000
[  422.527751][T15510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.527762][T15510] R13: 00007f2d112e6038 R14: 00007f2d112e5fa0 R15: 00007fffc338a3e8
[  422.527781][T15510]  </TASK>
[  422.542142][T15512] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  422.561030][T15502] bridge_slave_0: left allmulticast mode
[  422.719340][T15502] bridge_slave_0: left promiscuous mode
[  422.724990][T15502] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.734826][T15502] bridge_slave_1: left allmulticast mode
[  422.740661][T15502] bridge_slave_1: left promiscuous mode
[  422.746290][T15502] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.756815][T15518] loop4: detected capacity change from 0 to 128
[  422.763407][T15502] .`: (slave bond_slave_0): Releasing backup interface
[  422.772167][T15518] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  422.784763][T15518] ext4 filesystem being mounted at /245/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  422.784907][T15502] .`: (slave bond_slave_1): Releasing backup interface
[  422.813322][T15502] team0: Port device team_slave_0 removed
[  422.829219][T15502] team0: Port device team_slave_1 removed
[  422.836224][T15502] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  422.843643][T15502] batman_adv: batadv0: Removing interface: batadv_slave_0
[  422.851997][T15502] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  422.859446][T15502] batman_adv: batadv0: Removing interface: batadv_slave_1
[  422.861180][T15523] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  422.879805][T15502] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  422.911310][T15504] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  422.946704][T11868] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  422.972437][T15526] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  422.987674][T15523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.996418][T15523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.051802][T15533] loop3: detected capacity change from 0 to 128
[  423.059785][T15533] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  423.072040][T15533] ext4 filesystem being mounted at /247/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  423.083725][T15533] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4023'.
[  423.183229][T15537] loop4: detected capacity change from 0 to 128
[  423.484361][T15543] syzkaller0: entered promiscuous mode
[  423.489947][T15543] syzkaller0: entered allmulticast mode
[  423.529990][T15545] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4025'.
[  423.812909][T15550] loop2: detected capacity change from 0 to 128
[  423.991988][T12122] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  424.023949][ T8292] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  424.067600][ T8292] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  424.083900][ T8292] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  424.092380][T15557] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4027'.
[  424.101605][ T8292] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  424.144956][T15557] loop3: detected capacity change from 0 to 2048
[  424.179759][T15557] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.191509][T15564] Cannot find set identified by id 0 to match
[  424.191952][T15557] ext4 filesystem being mounted at /248/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  424.239747][T15569] loop1: detected capacity change from 0 to 128
[  424.247837][T15565] loop4: detected capacity change from 0 to 128
[  424.279526][T15570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.296285][T15570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.379653][T15572] loop0: detected capacity change from 0 to 128
[  424.416961][T15569] syz.1.4032: attempt to access beyond end of device
[  424.416961][T15569] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  424.430393][T15569] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  424.535091][T15574] FAULT_INJECTION: forcing a failure.
[  424.535091][T15574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.548250][T15574] CPU: 1 UID: 0 PID: 15574 Comm: syz.2.4034 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  424.548276][T15574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  424.548288][T15574] Call Trace:
[  424.548294][T15574]  <TASK>
[  424.548301][T15574]  __dump_stack+0x1d/0x30
[  424.548352][T15574]  dump_stack_lvl+0xe8/0x140
[  424.548368][T15574]  dump_stack+0x15/0x1b
[  424.548383][T15574]  should_fail_ex+0x265/0x280
[  424.548410][T15574]  should_fail+0xb/0x20
[  424.548493][T15574]  should_fail_usercopy+0x1a/0x20
[  424.548515][T15574]  _copy_from_user+0x1c/0xb0
[  424.548549][T15574]  ___sys_sendmsg+0xc1/0x1d0
[  424.548627][T15574]  __x64_sys_sendmsg+0xd4/0x160
[  424.548646][T15574]  x64_sys_call+0x191e/0x3000
[  424.548664][T15574]  do_syscall_64+0xd2/0x200
[  424.548735][T15574]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  424.548759][T15574]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  424.548788][T15574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.548837][T15574] RIP: 0033:0x7f2d1108f749
[  424.548853][T15574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.548871][T15574] RSP: 002b:00007f2d0faf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.548940][T15574] RAX: ffffffffffffffda RBX: 00007f2d112e5fa0 RCX: 00007f2d1108f749
[  424.548961][T15574] RDX: 0000000004000010 RSI: 0000200000000080 RDI: 0000000000000003
[  424.549046][T15574] RBP: 00007f2d0faf7090 R08: 0000000000000000 R09: 0000000000000000
[  424.549058][T15574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.549146][T15574] R13: 00007f2d112e6038 R14: 00007f2d112e5fa0 R15: 00007fffc338a3e8
[  424.549162][T15574]  </TASK>
[  424.779059][T15572] syz.0.4033: attempt to access beyond end of device
[  424.779059][T15572] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  424.792557][T15572] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  424.815554][T15576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.831491][T15580] loop2: detected capacity change from 0 to 128
[  424.838927][T15576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.848083][T15580] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  424.869907][T15580] ext4 filesystem being mounted at /153/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  425.018482][   T29] kauditd_printk_skb: 818 callbacks suppressed
[  425.018496][   T29] audit: type=1326 audit(1763895083.067:44658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15584 comm="syz.4.4039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  425.020784][T15585] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  425.024772][   T29] audit: type=1326 audit(1763895083.067:44659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15584 comm="syz.4.4039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  425.083453][T15588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.092285][T15588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.105633][   T29] audit: type=1326 audit(1763895083.147:44660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15584 comm="syz.4.4039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  425.148386][   T29] audit: type=1326 audit(1763895083.177:44661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15584 comm="syz.4.4039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce39ff749 code=0x7ffc0000
[  425.190051][T15591] loop0: detected capacity change from 0 to 128
[  425.232160][T15177] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:15: bg 0: block 345: padding at end of block bitmap is not set
[  425.247517][T15177] EXT4-fs (loop3): Remounting filesystem read-only
[  425.324789][T12122] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.420478][   T29] audit: type=1400 audit(1763895083.467:44662): avc:  denied  { watch watch_reads } for  pid=15594 comm="syz.3.4040" path="/249" dev="tmpfs" ino=1404 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  425.443977][T15596] loop3: detected capacity change from 0 to 512
[  425.451020][T15596] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  425.467053][T15599] Cannot find set identified by id 0 to match
[  425.489918][T15601] loop1: detected capacity change from 0 to 128
[  425.498101][T15601] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  425.510749][T15601] ext4 filesystem being mounted at /186/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  425.550101][T15604] loop3: detected capacity change from 0 to 128
[  425.678437][T15604] syz.3.4044: attempt to access beyond end of device
[  425.678437][T15604] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  425.691945][T15604] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  425.791986][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  425.804028][T15607] Cannot find set identified by id 0 to match
[  425.812196][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  425.852287][   T29] audit: type=1326 audit(1763895083.897:44663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15612 comm="syz.1.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  425.875949][   T29] audit: type=1326 audit(1763895083.897:44664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15612 comm="syz.1.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  425.899542][   T29] audit: type=1326 audit(1763895083.897:44665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15612 comm="syz.1.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  425.923113][   T29] audit: type=1326 audit(1763895083.897:44666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15612 comm="syz.1.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  425.949128][T15613] loop3: detected capacity change from 0 to 128
[  425.967736][   T29] audit: type=1326 audit(1763895083.947:44667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15612 comm="syz.1.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8acfbf749 code=0x7ffc0000
[  426.052146][T15623] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  426.075048][T15615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  426.091571][T15615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  426.155951][T15613] syz.3.4049: attempt to access beyond end of device
[  426.155951][T15613] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  426.169387][T15613] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  426.297070][T15641] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  426.312315][T15639] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  426.323588][T15641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  426.337727][T15639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  426.346396][T15641] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  426.355035][T15639] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  426.367055][T15644] loop2: detected capacity change from 0 to 128
[  426.506922][T15644] syz.2.4057: attempt to access beyond end of device
[  426.506922][T15644] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  426.520612][T15644] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  426.591221][T15647] loop2: detected capacity change from 0 to 128
[  426.756573][T15647] syz.2.4059: attempt to access beyond end of device
[  426.756573][T15647] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  426.770006][T15647] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  426.942607][T15656] loop1: detected capacity change from 0 to 128
[  427.039359][T15653] loop0: detected capacity change from 0 to 128
[  427.102897][T15662] loop4: detected capacity change from 0 to 128
[  427.110709][T15653] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  427.258913][T15653] ext4 filesystem being mounted at /367/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  427.286274][T15653] __nla_validate_parse: 1 callbacks suppressed
[  427.286375][T15653] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4061'.
[  427.481169][T15677] loop2: detected capacity change from 0 to 128
[  427.490249][ T9506] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  427.517562][T15679] loop3: detected capacity change from 0 to 128
[  427.553454][T15662] syz.4.4063: attempt to access beyond end of device
[  427.553454][T15662] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[  427.566897][T15662] Buffer I/O error on dev loop4, logical block 128, lost async page write
[  427.583805][T15683] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  427.621105][T15685] loop1: detected capacity change from 0 to 128
[  427.713710][T15679] syz.3.4070: attempt to access beyond end of device
[  427.713710][T15679] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  427.727151][T15679] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  427.743080][T15694] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  427.767100][T15691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  427.776941][T15691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  427.822121][T15685] syz.1.4073: attempt to access beyond end of device
[  427.822121][T15685] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  427.822157][T15696] loop4: detected capacity change from 0 to 764
[  427.841881][T15685] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  427.850603][T15696] Symlink component flag not implemented
[  427.856387][T15696] Symlink component flag not implemented (129)
[  427.863235][T15696] rock: directory entry would overflow storage
[  427.869428][T15696] rock: sig=0x4f50, size=4, remaining=3
[  427.874993][T15696] iso9660: Corrupted directory entry in block 6 of inode 1792
[  427.909319][T15700] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  427.954853][T15702] loop4: detected capacity change from 0 to 128
[  427.956936][T15704] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  427.964030][T15702] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  427.983749][T15702] ext4 filesystem being mounted at /257/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  428.019578][T15700] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.057785][T11868] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  428.073378][T15700] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.084570][T15712] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  428.127398][T15716] netlink: 'syz.4.4086': attribute type 4 has an invalid length.
[  428.135237][T15716] netlink: 152 bytes leftover after parsing attributes in process `syz.4.4086'.
[  428.149893][T15700] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.160052][T15717] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  428.192913][T15723] loop4: detected capacity change from 0 to 764
[  428.199771][T15717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.215644][T15723] Symlink component flag not implemented
[  428.215721][T15717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.215901][T15723] Symlink component flag not implemented (129)
[  428.236534][T15723] rock: directory entry would overflow storage
[  428.242779][T15723] rock: sig=0x4f50, size=4, remaining=3
[  428.248343][T15723] iso9660: Corrupted directory entry in block 6 of inode 1792
[  428.272150][ T8292] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  428.285110][ T8292] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  428.297207][ T8292] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  428.306945][ T8292] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  428.330963][T15733] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  428.330964][T15729] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  428.356845][T15731] loop2: detected capacity change from 0 to 128
[  428.382839][T15736] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.406151][T15729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.416643][T15736] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.423617][T15729] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.470348][T15736] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.519334][T15731] syz.2.4092: attempt to access beyond end of device
[  428.519334][T15731] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  428.532896][T15731] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  428.542392][T15736] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.622553][T15746] loop2: detected capacity change from 0 to 128
[  428.630214][T15746] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  428.642479][T15746] ext4 filesystem being mounted at /166/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  428.652979][T15744] loop0: detected capacity change from 0 to 128
[  428.654005][T15746] netlink: 148 bytes leftover after parsing attributes in process `syz.2.4098'.
[  428.750184][T13309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  428.774546][T15750] netlink: 'syz.2.4099': attribute type 4 has an invalid length.
[  428.782367][T15750] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4099'.
[  428.804407][T15754] loop1: detected capacity change from 0 to 764
[  428.838790][T15756] syzkaller0: entered promiscuous mode
[  428.844283][T15756] syzkaller0: entered allmulticast mode
[  428.847288][T15760] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  428.897356][T15764] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.949292][T15764] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.076115][T15764] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.129402][T15764] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.151896][T15774] loop2: detected capacity change from 0 to 128
[  429.178951][  T114] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.194252][  T114] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.205843][  T114] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  429.218831][  T114] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  429.388257][T15779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  429.399130][T15779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  429.530299][T15784] loop0: detected capacity change from 0 to 128
[  429.898100][T15787] netlink: 'syz.2.4114': attribute type 4 has an invalid length.
[  429.903341][T15784] syz.0.4113: attempt to access beyond end of device
[  429.903341][T15784] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  429.905866][T15787] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4114'.
[  429.919271][T15784] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  429.921342][T15789] loop4: detected capacity change from 0 to 128
[  429.943667][T15784] syz.0.4113: attempt to access beyond end of device
[  429.943667][T15784] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  429.957090][T15784] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  429.970647][T15789] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  429.985985][T15789] ext4 filesystem being mounted at /265/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  430.042071][T15798] Cannot find set identified by id 0 to match
[  430.050751][   T29] kauditd_printk_skb: 1045 callbacks suppressed
[  430.050762][   T29] audit: type=1326 audit(1763895088.097:45713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.096874][T15805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.105273][   T29] audit: type=1326 audit(1763895088.127:45714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.111115][T15805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.128991][   T29] audit: type=1326 audit(1763895088.127:45715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.160365][   T29] audit: type=1326 audit(1763895088.127:45716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.184042][   T29] audit: type=1326 audit(1763895088.127:45717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.207806][   T29] audit: type=1326 audit(1763895088.127:45718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.231510][   T29] audit: type=1326 audit(1763895088.127:45719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.255336][   T29] audit: type=1326 audit(1763895088.127:45720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.278977][   T29] audit: type=1326 audit(1763895088.127:45721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.302682][   T29] audit: type=1326 audit(1763895088.127:45722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15795 comm="syz.2.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1108f749 code=0x7ffc0000
[  430.358241][T15808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.367777][T15808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.854371][T15816] loop1: detected capacity change from 0 to 128
[  430.916934][T15818] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.940441][T11868] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  430.962465][T15820] loop0: detected capacity change from 0 to 128
[  430.990149][T15818] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.029704][T15818] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.069993][T15818] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.120323][T15177] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  431.140078][T15816] syz.1.4124: attempt to access beyond end of device
[  431.140078][T15816] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  431.141485][T15820] syz.0.4127: attempt to access beyond end of device
[  431.141485][T15820] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  431.153571][T15816] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  431.166891][T15820] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  431.183976][T15177] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  431.192233][T15177] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  431.210332][T15177] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  431.425063][T15828] loop1: detected capacity change from 0 to 128
[  431.439951][T15830] xt_check_match: 4 callbacks suppressed
[  431.440008][T15830] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  431.464642][T15830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.499614][T15830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.887518][T15836] loop0: detected capacity change from 0 to 128
[  431.963272][T15840] syzkaller0: entered promiscuous mode
[  431.968902][T15840] syzkaller0: entered allmulticast mode
[  432.165585][T15845] Cannot find set identified by id 0 to match
[  432.215436][T15850] loop1: detected capacity change from 0 to 128
[  432.235185][T15850] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  432.247508][T15850] ext4 filesystem being mounted at /211/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  432.287651][T15856] loop2: detected capacity change from 0 to 128
[  432.484927][T15856] syz.2.4139: attempt to access beyond end of device
[  432.484927][T15856] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[  432.498362][T15856] Buffer I/O error on dev loop2, logical block 128, lost async page write
[  432.525976][T15165] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  432.536978][T15165] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  432.548350][T15181] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  432.559842][T15165] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  432.611250][T15859] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4140'.
[  432.623119][T15836] ==================================================================
[  432.631216][T15836] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty
[  432.639122][T15836] 
[  432.641439][T15836] write to 0xffff88811a854728 of 4 bytes by task 15841 on cpu 0:
[  432.649137][T15836]  __mark_inode_dirty+0x248/0x750
[  432.654181][T15836]  fat_update_time+0x1ec/0x200
[  432.658954][T15836]  touch_atime+0x148/0x340
[  432.663376][T15836]  filemap_splice_read+0x6ba/0x740
[  432.668499][T15836]  splice_direct_to_actor+0x26f/0x680
[  432.673876][T15836]  do_splice_direct+0xda/0x150
[  432.678638][T15836]  do_sendfile+0x380/0x650
[  432.683065][T15836]  __x64_sys_sendfile64+0x105/0x150
[  432.688268][T15836]  x64_sys_call+0x2bb4/0x3000
[  432.692951][T15836]  do_syscall_64+0xd2/0x200
[  432.697451][T15836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.703343][T15836] 
[  432.705664][T15836] read to 0xffff88811a854728 of 4 bytes by task 15836 on cpu 1:
[  432.713288][T15836]  __mark_inode_dirty+0x55/0x750
[  432.718226][T15836]  fat_update_time+0x1ec/0x200
[  432.723011][T15836]  touch_atime+0x148/0x340
[  432.726184][T15841] syz.0.4131: attempt to access beyond end of device
[  432.726184][T15841] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[  432.727433][T15836]  filemap_splice_read+0x6ba/0x740
[  432.727467][T15836]  splice_direct_to_actor+0x26f/0x680
[  432.727490][T15836]  do_splice_direct+0xda/0x150
[  432.727511][T15836]  do_sendfile+0x380/0x650
[  432.727541][T15836]  __x64_sys_sendfile64+0x105/0x150
[  432.727569][T15836]  x64_sys_call+0x2bb4/0x3000
[  432.741065][T15841] Buffer I/O error on dev loop0, logical block 128, lost async page write
[  432.745979][T15836]  do_syscall_64+0xd2/0x200
[  432.746002][T15836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.746022][T15836] 
[  432.746027][T15836] value changed: 0x00000000 -> 0x00000070
[  432.746038][T15836] 
[  432.746042][T15836] Reported by Kernel Concurrency Sanitizer on:
[  432.746054][T15836] CPU: 1 UID: 0 PID: 15836 Comm: syz.0.4131 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  432.746079][T15836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  432.746092][T15836] ==================================================================
[  433.115845][T13101] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.