last executing test programs:

6.543435046s ago: executing program 2 (id=182):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x5e, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
io_cancel(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
lchown(0x0, 0x0, 0x0)
geteuid()

6.521766708s ago: executing program 2 (id=183):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

6.454656315s ago: executing program 2 (id=196):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='syscall\x00')
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x110})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2020)

5.609671678s ago: executing program 2 (id=201):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e1, &(0x7f00000001c0))

3.700648146s ago: executing program 3 (id=256):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000007100)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r1, {0x7, 0x2b, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, 0x50)
read$FUSE(r0, &(0x7f0000002900)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000000000)={0x10, 0xffffffffffffffda, r2}, 0x10)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

1.877794575s ago: executing program 2 (id=262):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

1.874641496s ago: executing program 1 (id=263):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

1.807373312s ago: executing program 1 (id=264):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x31, &(0x7f0000000200), 0x4)
listen(r0, 0x0)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xefff}}}}}}}, 0x0)

1.769757086s ago: executing program 3 (id=265):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000800000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000850000000f00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r2=>0x0)
io_getevents(r2, 0x2, 0x2, &(0x7f0000000540)=[{}, {}], 0x0)
io_submit(r2, 0x1, &(0x7f00000007c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0, 0x0, 0x14}])

1.677147165s ago: executing program 1 (id=278):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, 0x0, 0x0}, 0x20)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2}, 0xc)

1.606478362s ago: executing program 1 (id=269):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000740)={'pim6reg1\x00', 0x400})

1.244554538s ago: executing program 1 (id=270):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3f, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x50a3}}, @call={0x85, 0x0, 0x0, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000e00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)

1.166387155s ago: executing program 1 (id=271):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003200)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)

688.435213ms ago: executing program 2 (id=276):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000080)={{0x3b, @remote, 0x4e23, 0x2003, 'ovf\x00', 0x20, 0xb, 0xc}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x4e22, 0x1, 0x7, 0x7fffffff, 0x4}}, 0x44)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

687.564152ms ago: executing program 0 (id=279):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x1, r1, 0x1, 0x9}, 0x14)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r1, 0x1, 0x6, @remote}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x2, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

681.851683ms ago: executing program 3 (id=280):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000380)="c7"})
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0xc058671e, &(0x7f00000000c0))

641.284877ms ago: executing program 3 (id=283):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000009c0)={0x2c, r3, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

595.816421ms ago: executing program 3 (id=284):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x30000d0, 0x0, 0x2, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

587.326562ms ago: executing program 0 (id=285):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='mm_page_alloc\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r2}, &(0x7f0000000000)=0x7d8, &(0x7f0000000180)='%ps    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6   \x00'}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, &(0x7f0000000200)=""/197, &(0x7f0000000380), &(0x7f0000000300), 0x2, r3}, 0x38)

554.887835ms ago: executing program 4 (id=286):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x82)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x9}}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

533.561328ms ago: executing program 0 (id=287):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x7, 0x4, 0x100, 0x401, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r1}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)

514.03676ms ago: executing program 4 (id=288):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
clock_getres(0x0, 0x0)

477.574763ms ago: executing program 0 (id=289):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="5402"], 0x69)
close(r2)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

453.591076ms ago: executing program 4 (id=290):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757811"], 0x65)

406.57643ms ago: executing program 0 (id=291):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

223.661808ms ago: executing program 4 (id=292):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r1, 0x80, 0x7e, 0xa}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x2804, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRES8, @ANYRES16], 0x1, 0x122e, &(0x7f0000002580)="$eJzs3MFrHFUcB/BftqlZU5tErdX2oA+9eBqaHDwJEiQFyYJSG6EVhCmZ6JJxN2SWwIoYe/Lq0b9BPHpTxH8gV/8Cb7mIpxzEEXZSk60NmlqyRT+fy/zIb76Z99hl4S3v7f7rX368uVFlG/kgWlNT0dqKSAcpUrTinhdXm+ut26vLnc7KjZSuL99cfC2lNPfSD+9/+s3LPw4uvPft3Hczsbfwwf4vSz/vXd67sv/7zY+6VepWqdcfpDzd6fcH+Z2ySOvdajNL6Z2yyKsidXtVsT3W3yj7W1vDlPfWL85ubRdVlfLeMG0WwzTop8H2MOUf5t1eyrIsXZwNTnT+729Z+/qgrr+PqOvz8UTUdV0/GbMxFU/FxZiLzyPi6Xgmno1L8Vxcjufjhbgyuusshg8AAAAAAAAAAAAAAAAAAAD/Hwej0/zj5/8vHJ7/n48F5/8BAAAAAAAAAAAAAAAAAADgDLx76/bqcqezciOldkT5xc7azlpzbfrLG9GNMoq4FvPxW4xO/zea+vpbnZVraeRcROwe5nd31s6N5xdHPydwmJ8e9e7lF5t8irvlsfxMzDb5dkQUsRTzcenY89tH+aUH5tvx6ivHnp/FfL0b0Y8y1kfPPsp/tpjSm2937stfHd0HAAAA/wVZ+tPC+Pq3Wb9n2Un9Jn+K7wfuW19Px9Xpyc6diGr4yWZelsX2eNH+y18mVsw8HsM4TdH6N/GZOLHVGmt99VPEpGf6WBTtw/fyo/iHU5OfzkMUdx/J3MeLCX8wcSaOXvRJjwQAAAAAAAAAAIDT+Cf7AX+Nh95FOB0P2Fn2xmSmCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MEOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAoQIAAP//uXHE5A==")
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd29, 0x25dfdbff, {0x7, 0x0, 0x0, r3, 0x40, 0x4c, 0x6}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x44801}, 0x840)

117.555678ms ago: executing program 3 (id=293):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

85.590032ms ago: executing program 4 (id=294):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="a6", 0xffffffffffffff90, 0x40854, 0x0, 0xfffffd08)
recvmsg(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/243, 0xf3}], 0x10}, 0x142)

81.716542ms ago: executing program 0 (id=295):
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="757365725f78617474722c61636c2c00abc39e1ba3ee498e1d8c12531462cd5519277b030853d25b421cc41e0b90996e5f28728a3bc9df609ba1a22568735bd5f06e6f25829fce8ee7fdde9d092508e3df606b9036557dfa085395e37c67337d522ef3d3a6a08578f19ed4d0753564c43e"], 0x3, 0x1bf, &(0x7f00000000c0)="$eJzsmE/rEkEYx78zu67Yya4RFCRkh9bdtSKIIE8eugT9o0skuYq1Zqx7SCGwY6deQy8hukeHrt2CoFMJQRePnSdmdnInTXcJheT3fA7jZ2Yex5ln9BEWBEEcWebffn59/vL7cQ7MKqihnA5/+WFlMdyIj99cr5/82Pbf3f9w5fPb9qfV9U4DEKLIJ9tLe9+ykGgX4s931/TrLXDUUFF+Gxzn9PhdMLjaH4DjjvYQDPe0P0qdATOMZLzr9gZR6D4cRV0pnmx82QSyaa7ucvGCoWvsjxnz48n0cSeKwnhdnM1TmwXV9am8LC5aHFcBoa9MmPf1Ozeeyl+KDw5fexMMN7VfRlnnhq+d/4Sdnd8qdv5cmaNwcEl+9bbFvPr3beSJjX2tXFQEi8dsBwk/ZMEslTKyKX7Y2ZDX+R9sY0+S1Q/xmuGsUT9to340kuHTa+PJ9Pxg2OmH/fBJEDQveRc872LQ6NlR6DVUhd5S/yqqPh0z1i9tiHWYg2edJIn9tF32g7T9W8V1VP3jqJ9J+0yPmaifZpXJvz7ULd0nCIIgCIIgCIIgCIIgCILYOafA1FPQHIIbKvpXAAAA//9TUmoV")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

0s ago: executing program 4 (id=296):
syz_mount_image$ext4(&(0x7f0000001280)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000001080), 0x1, 0x4fe, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDvTOIkm6ZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBrdeygGpwAq0QeJgNP6RzW7sJOw6tmp/PtJo5s0bz/e9teY97zeJXwBj63pEHEbEVES8HRHz7fNJe4vXW1t23f17d9eO791dS6LReOsfSbM+OxenXpN5qn3PmYj4/ncifpScjVvbP9haLZdLu+1yoV7ZKdT2D25tVlY3Shul7WJxeWl58dXbrxT71tcXKr/55Nubb/zgg9996eM/HX7zJ1mz5tp1p/vRT62u507iZCYj4o2rCDYEE+3+TA27ITyWNCI+ExEvNp//+ZhovpuX0+WxBgA+BRqN+WjMny4DAKMubebAkjTfzgXMRZrm860c3nMxm5artfrNO9W97fVWrmwhcumdzXJpsZ0rXIhckpWX3suOH5SL8XD5dkQ8GxE/nb7WLOfXLp9nAAD666lH5v9/T7fmfwBgxM1cdMHKYNoBAAzOhfM/ADByzP8AMH7M/wAwfsz/ADB+zP8AMG4+6sz/E8NuCQAwEN97881saxy3v/96/Z39va3qO7fWS7WtfGVvLb9W3d3Jb1SrG+VSfq1aueh+5Wp1Z+nl2Hu3UC/V6oXa/sFKpbq3XV9pfq/3Sik3kF4BAOd59oUP/5JExOFr15pbnFrLwVwNoy0ddgOAoZHzh/HlW7hhfPk/PnDRWp49f0X4/ccI1njvMV4E9NuNz8v/w7jqkv+XEoAxIf8P48tkD+Or0Uh6rfmfnlwCAIwUOX5goD//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBEx19wWTpXTNJ+PeDoiFiKX3NkslxYj4pmI+PN0bjorLw21xQDAk0v/lrTX/7ox/9Lco7VTyX+uNfcR8eOfv/Wzd1fr9d2l7Pw/pzvn6++3zxeH0X4A4CKdebozj3fcv3d3rbMNsj2ffKu1uGgW97i9tWomYzLb/XEmchEx+6+kVW7LPq9M9CH+4VFEfK5b/5NmbmShvfLpo/Gz2E8PNH76UPy0WdfaZ/8Wnz1z5+meMS9a6xXGxYfZ+PN6t+cvjevN/UzXxY9nmiPUk+uMf8dnxr/O8z7THGu6jX/XLxvj5d9/t2fdUcQXJrvFT07iJz3iv3RSmjo3/kdf/PKLveoav4y4Ed3jn45VqFd2CrX9g1ubldWN0kZpu1hcXlpefPX2K8VCM0dd6GSqz/r7azef6dn/X0fM9og/c0H/v3ZurxsnA/Cv/vv2D7/SK/5RxDe+2v39f+6c+Nmc+PVz4z+wOvvbnst3Z/HXW/0/+n/f/5uXjP/xXw/WL3kpADAAtf2DrdVyubTb14NcdKma7k+I5Ira7GDED7LP4096n+fbKbOu1/zhFx88n1UOvad9ORjywARcuQcP/bBbAgAAAAAAAAAAAAAA9HLlf06UDruHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLL/BQAA//8SwcrQ")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000800), 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts.
[   22.668376][   T28] audit: type=1400 audit(1761104217.787:64): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.669836][  T275] cgroup: Unknown subsys name 'net'
[   22.691185][   T28] audit: type=1400 audit(1761104217.787:65): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.718923][   T28] audit: type=1400 audit(1761104217.827:66): avc:  denied  { unmount } for  pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.719180][  T275] cgroup: Unknown subsys name 'devices'
[   22.846804][  T275] cgroup: Unknown subsys name 'hugetlb'
[   22.852465][  T275] cgroup: Unknown subsys name 'rlimit'
[   22.987850][   T28] audit: type=1400 audit(1761104218.107:67): avc:  denied  { setattr } for  pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.011590][   T28] audit: type=1400 audit(1761104218.107:68): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   23.023368][  T277] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   23.036719][   T28] audit: type=1400 audit(1761104218.107:69): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   23.068697][   T28] audit: type=1400 audit(1761104218.167:70): avc:  denied  { relabelto } for  pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.094320][   T28] audit: type=1400 audit(1761104218.167:71): avc:  denied  { write } for  pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.124068][   T28] audit: type=1400 audit(1761104218.247:72): avc:  denied  { read } for  pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.149960][   T28] audit: type=1400 audit(1761104218.247:73): avc:  denied  { open } for  pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.150228][  T275] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.965247][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.972578][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.980290][  T284] device bridge_slave_0 entered promiscuous mode
[   23.988888][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.996104][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.003692][  T284] device bridge_slave_1 entered promiscuous mode
[   24.058097][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.065410][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.072793][  T285] device bridge_slave_0 entered promiscuous mode
[   24.088854][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.095981][  T287] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.103453][  T287] device bridge_slave_0 entered promiscuous mode
[   24.110482][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.117840][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.125656][  T285] device bridge_slave_1 entered promiscuous mode
[   24.139088][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.146219][  T287] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.153754][  T287] device bridge_slave_1 entered promiscuous mode
[   24.169551][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.176725][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.184184][  T286] device bridge_slave_0 entered promiscuous mode
[   24.206087][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.213264][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.220977][  T286] device bridge_slave_1 entered promiscuous mode
[   24.255906][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.263203][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.271035][  T283] device bridge_slave_0 entered promiscuous mode
[   24.279960][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.287257][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.294836][  T283] device bridge_slave_1 entered promiscuous mode
[   24.489155][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.496414][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.503760][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.510845][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.530864][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.538085][  T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.545774][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.552987][  T287] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.571779][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.578879][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.586366][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.593406][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.610551][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.618268][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.626340][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.633772][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.641406][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.649008][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.658711][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.666387][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.690675][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.699154][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.706233][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.739708][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.748064][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.756701][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.764530][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.772383][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.792732][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.816613][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.825263][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.832756][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.840518][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.849133][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.856533][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.874354][  T284] device veth0_vlan entered promiscuous mode
[   24.887052][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.896458][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.905103][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.912919][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.920920][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.929400][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.938671][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.945959][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.953741][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.962608][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.969732][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.977200][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.004017][  T284] device veth1_macvtap entered promiscuous mode
[   25.012063][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.020675][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.029403][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.038415][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.045959][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.054066][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.062271][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   25.070829][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.079382][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.086591][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.094145][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   25.103130][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.111562][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.118736][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.126750][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.134306][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.142004][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   25.150631][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.159204][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.166361][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.174116][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   25.182844][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.191444][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.198591][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.206277][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.214688][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.222904][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.230693][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.239106][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.247239][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   25.255032][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   25.276829][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.285081][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.293293][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.301744][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.310165][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.318756][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.333002][  T285] device veth0_vlan entered promiscuous mode
[   25.344717][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.353093][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.362020][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.370390][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.378827][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.387494][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.396200][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.403724][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.421850][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.430259][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.438577][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.447427][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.461216][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.469829][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.479345][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.487634][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.499635][  T285] device veth1_macvtap entered promiscuous mode
[   25.514097][  T287] device veth0_vlan entered promiscuous mode
[   25.520784][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.529478][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.537291][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.545174][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.553296][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.561761][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.570095][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.578349][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.586052][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.594829][  T286] device veth0_vlan entered promiscuous mode
[   25.615204][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.623740][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.624078][  T284] request_module fs-gadgetfs succeeded, but still no fs?
[   25.633016][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.648097][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.661067][  T286] device veth1_macvtap entered promiscuous mode
[   25.670176][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.678559][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.692572][  T287] device veth1_macvtap entered promiscuous mode
[   25.706832][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.717492][  T337] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   25.721832][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.750825][  T283] device veth0_vlan entered promiscuous mode
[   25.761173][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.769862][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.781507][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.790165][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.798809][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.807049][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.815490][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.823794][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.832525][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.840397][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.855536][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.864317][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.884815][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.893069][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.901754][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.910807][  T283] device veth1_macvtap entered promiscuous mode
[   25.948036][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.958645][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.967448][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.976045][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.013327][  T347] loop2: detected capacity change from 0 to 512
[   26.050195][  T347] EXT4-fs: Ignoring removed i_version option
[   26.064734][  T347] EXT4-fs: Ignoring removed bh option
[   26.089013][  T347] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   26.101995][  T347] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   26.162404][  T287] EXT4-fs (loop2): unmounting filesystem.
[   26.183164][  T371] Driver unsupported XDP return value 0 on prog  (id 8) dev N/A, expect packet loss!
[   26.316947][  T386] process 'syz.1.18' launched './file0' with NULL argv: empty string added
[   26.692384][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   26.896214][  T434] device gretap0 entered promiscuous mode
[   26.902109][  T434] device macsec1 entered promiscuous mode
[   26.909664][  T434] device gretap0 left promiscuous mode
[   27.011459][  T442] netlink: 277 bytes leftover after parsing attributes in process `syz.3.43'.
[   27.162662][  T454] loop4: detected capacity change from 0 to 256
[   27.191836][  T454] =======================================================
[   27.191836][  T454] WARNING: The mand mount option has been deprecated and
[   27.191836][  T454]          and is ignored by this kernel. Remove the mand
[   27.191836][  T454]          option from the mount to silence this warning.
[   27.191836][  T454] =======================================================
[   27.279368][  T454] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d)
[   27.347898][  T471] loop3: detected capacity change from 0 to 128
[   27.386230][  T465] SELinux: failed to load policy
[   27.459038][  T479] device wireguard0 entered promiscuous mode
[   27.459223][  T482] loop2: detected capacity change from 0 to 256
[   27.505607][  T482] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   27.549138][  T482] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   27.775171][  T509] netem: change failed
[   27.806936][   T28] kauditd_printk_skb: 97 callbacks suppressed
[   27.806952][   T28] audit: type=1400 audit(1761104222.926:171): avc:  denied  { unlink } for  pid=511 comm="syz.3.76" name="#1" dev="tmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   27.836158][   T28] audit: type=1400 audit(1761104222.926:172): avc:  denied  { watch_reads } for  pid=511 comm="syz.3.76" path="/18" dev="tmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   27.908778][   T28] audit: type=1400 audit(1761104223.026:173): avc:  denied  { create } for  pid=519 comm="syz.1.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   27.929691][   T28] audit: type=1400 audit(1761104223.026:174): avc:  denied  { connect } for  pid=519 comm="syz.1.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   27.954620][   T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   27.961192][   T28] audit: type=1400 audit(1761104223.026:175): avc:  denied  { write } for  pid=519 comm="syz.1.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   28.119357][  T527] loop3: detected capacity change from 0 to 512
[   28.136104][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.136883][  T527] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.83: bad orphan inode 11862016
[   28.147576][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.159121][  T527] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   28.167745][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   28.177457][  T527] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.190637][   T24] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[   28.209766][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.221895][   T24] usb 3-1: config 0 descriptor??
[   28.266147][   T28] audit: type=1400 audit(1761104223.386:176): avc:  denied  { read } for  pid=526 comm="syz.3.83" path="/21/file1/file1" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   28.311285][  T284] EXT4-fs (loop3): unmounting filesystem.
[   28.336123][  T543] netlink: 4 bytes leftover after parsing attributes in process `syz.3.89'.
[   28.544987][   T19] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   28.632510][   T24] sony 0003:054C:0268.0001: unknown main item tag 0x0
[   28.639647][  T341] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[   28.647432][   T24] sony 0003:054C:0268.0001: unknown main item tag 0x0
[   28.649867][  T547] loop4: detected capacity change from 0 to 40427
[   28.654671][   T24] sony 0003:054C:0268.0001: unknown main item tag 0x0
[   28.667624][   T24] sony 0003:054C:0268.0001: unknown main item tag 0x0
[   28.667854][  T547] F2FS-fs (loop4): Unrecognized mount option "" or missing value
[   28.674742][   T24] sony 0003:054C:0268.0001: unknown main item tag 0x0
[   28.705951][   T24] sony 0003:054C:0268.0001: hiddev96,hidraw0: USB HID v88.07 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0
[   28.719880][   T24] sony 0003:054C:0268.0001: failed to claim input
[   28.725778][   T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   28.771481][   T19] usb 2-1: config 0 has no interfaces?
[   28.785482][   T19] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   28.802253][   T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.825771][  T341] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   28.888314][   T19] usb 2-1: config 0 descriptor??
[   28.896970][  T341] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[   28.908439][  T341] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[   28.932699][  T341] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   28.942432][  T341] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.964942][   T24] usb 3-1: USB disconnect, device number 2
[   28.973188][  T545] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[   28.983444][  T341] hub 4-1:1.0: bad descriptor, ignoring hub
[   28.993228][  T341] hub: probe of 4-1:1.0 failed with error -5
[   29.003144][  T341] cdc_wdm 4-1:1.0: skipping garbage
[   29.013091][  T341] cdc_wdm 4-1:1.0: skipping garbage
[   29.020496][  T341] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[   29.069053][   T28] audit: type=1400 audit(1761104224.186:177): avc:  denied  { read } for  pid=564 comm="syz.4.98" dev="nsfs" ino=4026532457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   29.098404][    T6] usb 2-1: USB disconnect, device number 2
[   29.111082][   T28] audit: type=1400 audit(1761104224.216:178): avc:  denied  { open } for  pid=564 comm="syz.4.98" path="net:[4026532457]" dev="nsfs" ino=4026532457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   29.135414][   T28] audit: type=1400 audit(1761104224.216:179): avc:  denied  { write } for  pid=564 comm="syz.4.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   29.171282][  T561] loop0: detected capacity change from 0 to 40427
[   29.179942][  T561] F2FS-fs (loop0): invalid crc value
[   29.186582][  T561] F2FS-fs (loop0): Found nat_bits in checkpoint
[   29.220447][   T28] audit: type=1400 audit(1761104224.336:180): avc:  denied  { mounton } for  pid=569 comm="syz.4.100" path="/11/file0" dev="tmpfs" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   29.245890][  T561] F2FS-fs (loop0): Start checkpoint disabled!
[   29.252839][  T561] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   29.335455][  T288] usb 4-1: USB disconnect, device number 2
[   29.555316][  T598] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[   29.636316][  T610] loop0: detected capacity change from 0 to 512
[   29.645284][  T610] EXT4-fs: Ignoring removed i_version option
[   29.648558][  T611] device macsec1 entered promiscuous mode
[   29.661331][  T610] EXT4-fs: Ignoring removed bh option
[   29.676566][  T610] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   29.685959][  T610] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   29.696303][  T288] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   29.735502][  T286] EXT4-fs (loop0): unmounting filesystem.
[   29.827572][  T628] syz.0.134 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   29.885624][  T288] usb 4-1: config 1 has an invalid descriptor of length 47, skipping remainder of the config
[   29.906287][  T288] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[   29.924745][  T288] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   29.948284][  T288] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   29.960300][  T288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.969784][  T545] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   29.985093][  T288] hub 4-1:1.0: bad descriptor, ignoring hub
[   29.991147][  T288] hub: probe of 4-1:1.0 failed with error -5
[   30.003235][  T288] cdc_wdm 4-1:1.0: skipping garbage
[   30.010396][  T288] cdc_wdm 4-1:1.0: skipping garbage
[   30.015900][  T288] cdc_wdm: probe of 4-1:1.0 failed with error -22
[   30.177785][  T655] netlink: 'syz.4.135': attribute type 4 has an invalid length.
[   30.193412][  T655] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.135'.
[   30.254778][  T341] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   30.272053][  T661] fuse: root generation should be zero
[   30.304605][   T19] usb 4-1: USB disconnect, device number 3
[   30.445642][  T341] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[   30.453784][  T341] usb 3-1: config 0 has no interface number 0
[   30.460448][  T341] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   30.472145][  T341] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   30.482496][  T341] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[   30.500872][  T341] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.514625][  T341] usb 3-1: config 0 descriptor??
[   30.718205][  T689] loop0: detected capacity change from 0 to 512
[   30.752732][  T689] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   30.762075][  T689] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   30.779897][  T689] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #2: comm syz.0.159: corrupted inode contents
[   30.802266][  T689] EXT4-fs error (device loop0): ext4_dirty_inode:6121: inode #2: comm syz.0.159: mark_inode_dirty error
[   30.829046][  T689] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #2: comm syz.0.159: corrupted inode contents
[   30.851352][  T689] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.159: mark_inode_dirty error
[   30.886002][  T286] EXT4-fs (loop0): unmounting filesystem.
[   30.923312][  T341] prodikeys 0003:041E:2801.0002: item fetching failed at offset 5/7
[   30.940638][  T341] prodikeys 0003:041E:2801.0002: hid parse failed
[   30.950010][  T341] prodikeys: probe of 0003:041E:2801.0002 failed with error -22
[   31.131699][  T288] usb 3-1: USB disconnect, device number 3
[   31.165906][  T737] Zero length message leads to an empty skb
[   31.189736][  T739] input: syz0 as /devices/virtual/input/input5
[   31.274567][  T341] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   31.419775][  T762] netlink: 96 bytes leftover after parsing attributes in process `syz.3.174'.
[   31.456496][  T766] overlayfs: missing 'lowerdir'
[   31.469821][  T341] usb 1-1: Using ep0 maxpacket: 32
[   31.481706][  T341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.493656][  T341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   31.509997][  T341] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   31.519618][  T341] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   31.528668][  T341] usb 1-1: config 0 descriptor??
[   31.571395][  T773] syz.4.179 (773) used greatest stack depth: 21248 bytes left
[   31.586886][  T775] loop4: detected capacity change from 0 to 512
[   31.593910][  T775] EXT4-fs: Ignoring removed i_version option
[   31.605481][  T775] EXT4-fs: Ignoring removed bh option
[   31.626644][  T775] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   31.636139][  T775] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   31.688122][  T285] EXT4-fs (loop4): unmounting filesystem.
[   31.938795][  T341] savu 0003:1E7D:2D5A.0003: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[   32.143946][  T815] loop4: detected capacity change from 0 to 40427
[   32.163670][  T815] F2FS-fs (loop4): invalid crc value
[   32.180481][  T815] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[   32.207354][  T341] usb 1-1: USB disconnect, device number 2
[   32.214891][  T812] syz.3.194 (812) used greatest stack depth: 20880 bytes left
[   32.226871][  T815] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   32.280752][  T285] syz-executor: attempt to access beyond end of device
[   32.280752][  T285] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   32.690690][  T334] Bluetooth: hci0: Frame reassembly failed (-84)
[   32.982948][   T28] kauditd_printk_skb: 28 callbacks suppressed
[   32.982963][   T28] audit: type=1400 audit(1761104228.096:209): avc:  denied  { read } for  pid=851 comm="syz.0.208" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   33.073785][   T28] audit: type=1400 audit(1761104228.126:210): avc:  denied  { open } for  pid=851 comm="syz.0.208" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   33.186856][   T28] audit: type=1400 audit(1761104228.136:211): avc:  denied  { ioctl } for  pid=851 comm="syz.0.208" path="/dev/loop-control" dev="devtmpfs" ino=117 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   33.498997][  T890] loop1: detected capacity change from 0 to 1024
[   33.535909][  T890] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   33.550717][  T896] loop4: detected capacity change from 0 to 128
[   33.576410][   T28] audit: type=1400 audit(1761104228.696:212): avc:  denied  { read } for  pid=889 comm="syz.1.225" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   33.600314][  T896] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   33.614403][  T283] EXT4-fs (loop1): unmounting filesystem.
[   33.617694][  T896] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   33.676579][   T28] audit: type=1400 audit(1761104228.796:213): avc:  denied  { create } for  pid=895 comm="syz.4.227" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   33.721365][  T285] EXT4-fs (loop4): unmounting filesystem.
[   33.737081][   T28] audit: type=1400 audit(1761104228.856:214): avc:  denied  { create } for  pid=908 comm="syz.4.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   33.757383][   T28] audit: type=1400 audit(1761104228.856:215): avc:  denied  { bind } for  pid=908 comm="syz.4.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   33.776878][   T28] audit: type=1400 audit(1761104228.856:216): avc:  denied  { name_bind } for  pid=908 comm="syz.4.232" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[   33.799167][   T28] audit: type=1400 audit(1761104228.856:217): avc:  denied  { node_bind } for  pid=908 comm="syz.4.232" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[   33.820659][   T28] audit: type=1400 audit(1761104228.856:218): avc:  denied  { setopt } for  pid=908 comm="syz.4.232" lport=28196 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   34.050754][  T945] loop4: detected capacity change from 0 to 128
[   34.059861][  T945] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   34.077897][  T945] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   34.802566][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   34.808766][  T834] Bluetooth: hci0: command 0x1003 tx timeout
[   36.254469][    C1] sched: RT throttling activated
[   36.262150][  T832] Bluetooth: hci0: Opcode 0x080f failed: -22
[   36.315518][  T971] netlink: 'syz.0.259': attribute type 12 has an invalid length.
[   36.421206][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   36.644090][  T997] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   36.754271][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   36.772806][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   36.804967][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   36.829099][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   36.857145][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   36.878452][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   36.977335][ T1002] loop0: detected capacity change from 0 to 512
[   37.025621][ T1002] EXT4-fs: Ignoring removed bh option
[   37.058805][ T1002] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   37.115207][ T1002] EXT4-fs (loop0): 1 truncate cleaned up
[   37.120953][ T1002] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   37.282871][ T1002] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.282: invalid indirect mapped block 4294967295 (level 1)
[   37.363568][  T286] EXT4-fs (loop0): unmounting filesystem.
[   37.560622][ T1024] device veth0 entered promiscuous mode
[   37.578072][ T1024] device veth0 left promiscuous mode
[   37.899886][ T1043] SELinux: security policydb version 17 (MLS) not backwards compatible
[   37.924538][ T1043] SELinux: failed to load policy
[   38.077205][ T1048] loop4: detected capacity change from 0 to 8192
[   38.137458][ T1050] loop0: detected capacity change from 0 to 16
[   38.174987][ T1050] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk!
[   38.194597][ T1050] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk!
[   38.227560][ T1054] loop4: detected capacity change from 0 to 512
[   38.236209][ T1050] erofs: (device loop0): mounted with root inode @ nid 36.
[   38.265920][   T28] kauditd_printk_skb: 20 callbacks suppressed
[   38.265936][   T28] audit: type=1400 audit(1761104233.386:239): avc:  denied  { append } for  pid=1049 comm="syz.0.295" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   38.296119][    C0] ==================================================================
[   38.296134][    C0] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0
[   38.296177][    C0] Write of size 8 at addr ffff888131a30a00 by task kauditd/28
[   38.296191][    C0] 
[   38.296196][    C0] CPU: 0 PID: 28 Comm: kauditd Not tainted syzkaller #0
[   38.296212][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   38.296228][    C0] Call Trace:
[   38.296235][    C0]  <IRQ>
[   38.296242][    C0]  __dump_stack+0x21/0x24
[   38.296260][    C0]  dump_stack_lvl+0xee/0x150
[   38.296276][    C0]  ? __cfi_dump_stack_lvl+0x8/0x8
[   38.296292][    C0]  ? hrtimer_forward+0x1d2/0x2a0
[   38.296320][    C0]  ? __run_timers+0x32b/0x9a0
[   38.296340][    C0]  print_address_description+0x71/0x200
[   38.296366][    C0]  print_report+0x4a/0x60
[   38.296389][    C0]  kasan_report+0x122/0x150
[   38.296409][    C0]  ? __run_timers+0x32b/0x9a0
[   38.296432][    C0]  __asan_report_store8_noabort+0x17/0x20
[   38.296447][    C0]  __run_timers+0x32b/0x9a0
[   38.296470][    C0]  ? sched_clock+0x9/0x10
[   38.296489][    C0]  ? sched_clock_cpu+0x6e/0x250
[   38.296507][    C0]  ? calc_index+0x200/0x200
[   38.296529][    C0]  ? kvm_sched_clock_read+0x18/0x40
[   38.296554][    C0]  run_timer_softirq+0x6a/0xf0
[   38.296574][    C0]  handle_softirqs+0x1d7/0x600
[   38.296592][    C0]  ? irqtime_account_irq+0xc4/0x240
[   38.296615][    C0]  __irq_exit_rcu+0x52/0xf0
[   38.296631][    C0]  irq_exit_rcu+0x9/0x10
[   38.296646][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   38.296668][    C0]  </IRQ>
[   38.296673][    C0]  <TASK>
[   38.296678][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   38.296701][    C0] RIP: 0010:console_emit_next_record+0x9e3/0xbc0
[   38.296725][    C0] Code: de 48 81 e6 00 02 00 00 31 ff e8 78 4a 19 00 48 81 e3 00 02 00 00 75 07 e8 aa 45 19 00 eb 06 e8 a3 45 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7
[   38.296739][    C0] RSP: 0018:ffffc900001df7e0 EFLAGS: 00000293
[   38.296763][    C0] RAX: ffffffff8156d87d RBX: 0000000000000001 RCX: ffff888100339440
[   38.296775][    C0] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[   38.296786][    C0] RBP: ffffc900001df9f0 R08: 0000000000000004 R09: 0000000000000003
[   38.296797][    C0] R10: fffff5200003beec R11: 1ffff9200003beec R12: ffffc900001dfa3f
[   38.296816][    C0] R13: dffffc0000000000 R14: 1ffff9200003bf0c R15: 000000000000010b
[   38.296830][    C0]  ? console_emit_next_record+0x9dd/0xbc0
[   38.296855][    C0]  ? __kasan_check_write+0x14/0x20
[   38.296870][    C0]  ? info_print_prefix+0x300/0x300
[   38.296894][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   38.296912][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   38.296930][    C0]  ? __cfi_vprintk_store+0x10/0x10
[   38.296947][    C0]  ? __irq_work_queue_local+0x12a/0x190
[   38.296969][    C0]  console_unlock+0x23d/0x550
[   38.296986][    C0]  ? down_trylock+0x52/0xb0
[   38.297006][    C0]  ? console_unlock+0x261/0x550
[   38.297024][    C0]  ? __cfi_console_unlock+0x10/0x10
[   38.297049][    C0]  ? __cfi_sched_clock_cpu+0x10/0x10
[   38.297068][    C0]  vprintk_emit+0x14d/0x410
[   38.297086][    C0]  ? __cfi_vprintk_emit+0x10/0x10
[   38.297103][    C0]  ? __cfi__printk_deferred+0x8/0x8
[   38.297125][    C0]  ? _raw_spin_trylock+0xb1/0x140
[   38.297142][    C0]  vprintk_default+0x26/0x30
[   38.297160][    C0]  vprintk+0x7a/0x80
[   38.297180][    C0]  _printk+0xcc/0x118
[   38.297200][    C0]  ? _raw_spin_unlock+0x4c/0x70
[   38.297217][    C0]  ? __cfi__printk+0x8/0x8
[   38.297239][    C0]  ? __kasan_check_write+0x14/0x20
[   38.297253][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   38.297272][    C0]  kauditd_hold_skb+0x1c1/0x210
[   38.297296][    C0]  ? __cfi_kauditd_send_multicast_skb+0x10/0x10
[   38.297312][    C0]  ? __cfi_kauditd_hold_skb+0x10/0x10
[   38.297335][    C0]  kauditd_send_queue+0x2b4/0x300
[   38.297349][    C0]  ? _raw_spin_unlock_irqrestore+0x5a/0x80
[   38.297367][    C0]  ? __cfi_kauditd_hold_skb+0x10/0x10
[   38.297390][    C0]  ? __cfi_kauditd_send_multicast_skb+0x10/0x10
[   38.297407][    C0]  kauditd_thread+0x4ec/0x730
[   38.297430][    C0]  ? __kasan_check_write+0x14/0x20
[   38.297444][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   38.297461][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   38.297478][    C0]  ? __cfi_kauditd_thread+0x10/0x10
[   38.297501][    C0]  ? __cfi_autoremove_wake_function+0x10/0x10
[   38.297525][    C0]  ? __kasan_check_read+0x11/0x20
[   38.297539][    C0]  ? __kthread_parkme+0x142/0x180
[   38.297557][    C0]  kthread+0x281/0x320
[   38.297573][    C0]  ? __cfi_kauditd_thread+0x10/0x10
[   38.297595][    C0]  ? __cfi_kthread+0x10/0x10
[   38.297612][    C0]  ret_from_fork+0x1f/0x30
[   38.297634][    C0]  </TASK>
[   38.297639][    C0] 
[   38.297642][    C0] Allocated by task 833:
[   38.297649][    C0]  kasan_set_track+0x4b/0x70
[   38.297665][    C0]  kasan_save_alloc_info+0x25/0x30
[   38.297686][    C0]  __kasan_kmalloc+0x95/0xb0
[   38.297703][    C0]  __kmalloc+0xb1/0x1e0
[   38.297725][    C0]  hci_alloc_dev_priv+0x27/0x1bd0
[   38.297743][    C0]  hci_uart_tty_ioctl+0x3d6/0xa20
[   38.297762][    C0]  tty_ioctl+0x8ef/0xc60
[   38.297779][    C0]  __se_sys_ioctl+0x12f/0x1b0
[   38.297794][    C0]  __x64_sys_ioctl+0x7b/0x90
[   38.297807][    C0]  x64_sys_call+0x58b/0x9a0
[   38.297824][    C0]  do_syscall_64+0x4c/0xa0
[   38.297839][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   38.297858][    C0] 
[   38.297861][    C0] Freed by task 832:
[   38.297867][    C0]  kasan_set_track+0x4b/0x70
[   38.297883][    C0]  kasan_save_free_info+0x31/0x50
[   38.297904][    C0]  ____kasan_slab_free+0x132/0x180
[   38.297922][    C0]  __kasan_slab_free+0x11/0x20
[   38.297938][    C0]  slab_free_freelist_hook+0xc2/0x190
[   38.297961][    C0]  __kmem_cache_free+0xb7/0x1b0
[   38.297980][    C0]  kfree+0x6f/0xf0
[   38.298001][    C0]  hci_release_dev+0x12a3/0x13b0
[   38.298020][    C0]  bt_host_release+0x82/0x90
[   38.298044][    C0]  device_release+0xa4/0x1d0
[   38.298060][    C0]  kobject_put+0x19d/0x280
[   38.298077][    C0]  put_device+0x1f/0x30
[   38.298095][    C0]  hci_dev_cmd+0x265/0x720
[   38.298117][    C0]  hci_sock_ioctl+0x41e/0x7f0
[   38.298135][    C0]  sock_do_ioctl+0x101/0x310
[   38.298156][    C0]  sock_ioctl+0x4d8/0x6e0
[   38.298174][    C0]  __se_sys_ioctl+0x12f/0x1b0
[   38.298188][    C0]  __x64_sys_ioctl+0x7b/0x90
[   38.298201][    C0]  x64_sys_call+0x58b/0x9a0
[   38.298218][    C0]  do_syscall_64+0x4c/0xa0
[   38.298232][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   38.298251][    C0] 
[   38.298254][    C0] Last potentially related work creation:
[   38.298258][    C0]  kasan_save_stack+0x3a/0x60
[   38.298274][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[   38.298295][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[   38.298317][    C0]  insert_work+0x51/0x300
[   38.298339][    C0]  __queue_work+0x9b1/0xd30
[   38.298356][    C0]  queue_work_on+0xd2/0x140
[   38.298373][    C0]  __hci_cmd_sync_sk+0xa3e/0xcf0
[   38.298390][    C0]  hci_cmd_sync_status+0x53/0x120
[   38.298407][    C0]  hci_dev_cmd+0x628/0x720
[   38.298429][    C0]  hci_sock_ioctl+0x41e/0x7f0
[   38.298448][    C0]  sock_do_ioctl+0x101/0x310
[   38.298468][    C0]  sock_ioctl+0x4d8/0x6e0
[   38.298487][    C0]  __se_sys_ioctl+0x12f/0x1b0
[   38.298500][    C0]  __x64_sys_ioctl+0x7b/0x90
[   38.298514][    C0]  x64_sys_call+0x58b/0x9a0
[   38.298531][    C0]  do_syscall_64+0x4c/0xa0
[   38.298545][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   38.298564][    C0] 
[   38.298567][    C0] Second to last potentially related work creation:
[   38.298572][    C0]  kasan_save_stack+0x3a/0x60
[   38.298587][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[   38.298609][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[   38.298631][    C0]  insert_work+0x51/0x300
[   38.298653][    C0]  __queue_work+0x9b1/0xd30
[   38.298671][    C0]  queue_work_on+0xd2/0x140
[   38.298688][    C0]  hci_cmd_timeout+0x191/0x200
[   38.298706][    C0]  process_one_work+0x71f/0xc40
[   38.298719][    C0]  worker_thread+0xa29/0x11f0
[   38.298732][    C0]  kthread+0x281/0x320
[   38.298747][    C0]  ret_from_fork+0x1f/0x30
[   38.298764][    C0] 
[   38.298766][    C0] The buggy address belongs to the object at ffff888131a30000
[   38.298766][    C0]  which belongs to the cache kmalloc-8k of size 8192
[   38.298779][    C0] The buggy address is located 2560 bytes inside of
[   38.298779][    C0]  8192-byte region [ffff888131a30000, ffff888131a32000)
[   38.298796][    C0] 
[   38.298799][    C0] The buggy address belongs to the physical page:
[   38.298807][    C0] page:ffffea0004c68c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x131a30
[   38.298827][    C0] head:ffffea0004c68c00 order:3 compound_mapcount:0 compound_pincount:0
[   38.298839][    C0] flags: 0x4000000000010200(slab|head|zone=1)
[   38.298864][    C0] raw: 4000000000010200 ffffea00044ace00 dead000000000005 ffff888100043500
[   38.298879][    C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   38.298886][    C0] page dumped because: kasan: bad access detected
[   38.298897][    C0] page_owner tracks the page as allocated
[   38.298901][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 284, tgid 284 (syz-executor), ts 25690703260, free_ts 0
[   38.298929][    C0]  post_alloc_hook+0x1f5/0x210
[   38.298948][    C0]  prep_new_page+0x1c/0x110
[   38.298967][    C0]  get_page_from_freelist+0x2c7b/0x2cf0
[   38.298987][    C0]  __alloc_pages+0x1c3/0x450
[   38.299006][    C0]  alloc_slab_page+0x6e/0xf0
[   38.299027][    C0]  new_slab+0x98/0x3d0
[   38.299053][    C0]  ___slab_alloc+0x6bd/0xb20
[   38.299072][    C0]  __slab_alloc+0x5e/0xa0
[   38.299091][    C0]  __kmem_cache_alloc_node+0x203/0x2c0
[   38.299125][    C0]  kmalloc_trace+0x29/0xb0
[   38.299152][    C0]  audit_log_d_path+0xc6/0x240
[   38.299175][    C0]  common_lsm_audit+0x8f8/0x16d0
[   38.299195][    C0]  slow_avc_audit+0x1ac/0x220
[   38.299216][    C0]  avc_has_extended_perms+0x8d3/0xdc0
[   38.299252][    C0]  ioctl_has_perm+0x391/0x4c0
[   38.299273][    C0]  selinux_file_ioctl+0x377/0x480
[   38.299290][    C0] page_owner free stack trace missing
[   38.299295][    C0] 
[   38.299297][    C0] Memory state around the buggy address:
[   38.299305][    C0]  ffff888131a30900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.299315][    C0]  ffff888131a30980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.299325][    C0] >ffff888131a30a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.299332][    C0]                    ^
[   38.299340][    C0]  ffff888131a30a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.299350][    C0]  ffff888131a30b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.299357][    C0] ==================================================================
[   38.299363][    C0] Disabling lock debugging due to kernel taint
[   38.299413][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   38.299428][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   38.299439][    C0] CPU: 0 PID: 28 Comm: kauditd Tainted: G    B              syzkaller #0
[   38.299455][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   38.299463][    C0] RIP: 0010:__queue_work+0x575/0xd30
[   38.299483][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 dc 28 00 4c 89 ff e8 70 db ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 4b 6d 00 49 8b 7d 00 e8 53 d7
[   38.299496][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[   38.299510][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100339440
[   38.299521][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   38.299531][    C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[   38.299543][    C0] R10: ffffed1026346139 R11: 1ffff11026346139 R12: dffffc0000000000
[   38.299555][    C0] R13: 0000000000000000 R14: ffff888131a309c8 R15: 0000000000000008
[   38.299565][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   38.299579][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.299590][    C0] CR2: 0000200000000180 CR3: 0000000135a84000 CR4: 00000000003526b0
[   38.299605][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   38.299614][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   38.299624][    C0] Call Trace:
[   38.299629][    C0]  <IRQ>
[   38.299637][    C0]  delayed_work_timer_fn+0x61/0x80
[   38.299657][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   38.299677][    C0]  call_timer_fn+0x46/0x2a0
[   38.299697][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   38.299718][    C0]  __run_timers+0x667/0x9a0
[   38.299741][    C0]  ? calc_index+0x200/0x200
[   38.299762][    C0]  ? kvm_sched_clock_read+0x18/0x40
[   38.299788][    C0]  run_timer_softirq+0x6a/0xf0
[   38.299807][    C0]  handle_softirqs+0x1d7/0x600
[   38.299824][    C0]  ? irqtime_account_irq+0xc4/0x240
[   38.299847][    C0]  __irq_exit_rcu+0x52/0xf0
[   38.299863][    C0]  irq_exit_rcu+0x9/0x10
[   38.299877][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   38.299899][    C0]  </IRQ>
[   38.299904][    C0]  <TASK>
[   38.299909][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   38.299929][    C0] RIP: 0010:console_emit_next_record+0x9e3/0xbc0
[   38.299952][    C0] Code: de 48 81 e6 00 02 00 00 31 ff e8 78 4a 19 00 48 81 e3 00 02 00 00 75 07 e8 aa 45 19 00 eb 06 e8 a3 45 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7
[   38.299964][    C0] RSP: 0018:ffffc900001df7e0 EFLAGS: 00000293
[   38.299976][    C0] RAX: ffffffff8156d87d RBX: 0000000000000001 RCX: ffff888100339440
[   38.299988][    C0] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[   38.299997][    C0] RBP: ffffc900001df9f0 R08: 0000000000000004 R09: 0000000000000003
[   38.300007][    C0] R10: fffff5200003beec R11: 1ffff9200003beec R12: ffffc900001dfa3f
[   38.300019][    C0] R13: dffffc0000000000 R14: 1ffff9200003bf0c R15: 000000000000010b
[   38.300039][    C0]  ? console_emit_next_record+0x9dd/0xbc0
[   38.300063][    C0]  ? __kasan_check_write+0x14/0x20
[   38.300078][    C0]  ? info_print_prefix+0x300/0x300
[   38.300102][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   38.300119][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   38.300137][    C0]  ? __cfi_vprintk_store+0x10/0x10
[   38.300154][    C0]  ? __irq_work_queue_local+0x12a/0x190
[   38.300174][    C0]  console_unlock+0x23d/0x550
[   38.300191][    C0]  ? down_trylock+0x52/0xb0
[   38.300212][    C0]  ? console_unlock+0x261/0x550
[   38.300229][    C0]  ? __cfi_console_unlock+0x10/0x10
[   38.300247][    C0]  ? __cfi_sched_clock_cpu+0x10/0x10
[   38.300271][    C0]  vprintk_emit+0x14d/0x410
[   38.300288][    C0]  ? __cfi_vprintk_emit+0x10/0x10
[   38.300306][    C0]  ? __cfi__printk_deferred+0x8/0x8
[   38.300327][    C0]  ? _raw_spin_trylock+0xb1/0x140
[   38.300344][    C0]  vprintk_default+0x26/0x30
[   38.300362][    C0]  vprintk+0x7a/0x80
[   38.300381][    C0]  _printk+0xcc/0x118
[   38.300401][    C0]  ? _raw_spin_unlock+0x4c/0x70
[   38.300418][    C0]  ? __cfi__printk+0x8/0x8
[   38.300439][    C0]  ? __kasan_check_write+0x14/0x20
[   38.300454][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   38.300487][    C0]  kauditd_hold_skb+0x1c1/0x210
[   38.300511][    C0]  ? __cfi_kauditd_send_multicast_skb+0x10/0x10
[   38.300526][    C0]  ? __cfi_kauditd_hold_skb+0x10/0x10
[   38.300551][    C0]  kauditd_send_queue+0x2b4/0x300
[   38.300564][    C0]  ? _raw_spin_unlock_irqrestore+0x5a/0x80
[   38.300581][    C0]  ? __cfi_kauditd_hold_skb+0x10/0x10
[   38.300605][    C0]  ? __cfi_kauditd_send_multicast_skb+0x10/0x10
[   38.300622][    C0]  kauditd_thread+0x4ec/0x730
[   38.300645][    C0]  ? __kasan_check_write+0x14/0x20
[   38.300659][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   38.300675][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   38.300692][    C0]  ? __cfi_kauditd_thread+0x10/0x10
[   38.300714][    C0]  ? __cfi_autoremove_wake_function+0x10/0x10
[   38.300738][    C0]  ? __kasan_check_read+0x11/0x20
[   38.300752][    C0]  ? __kthread_parkme+0x142/0x180
[   38.300767][    C0]  kthread+0x281/0x320
[   38.300783][    C0]  ? __cfi_kauditd_thread+0x10/0x10
[   38.300807][    C0]  ? __cfi_kthread+0x10/0x10
[   38.300823][    C0]  ret_from_fork+0x1f/0x30
[   38.300844][    C0]  </TASK>
[   38.300849][    C0] Modules linked in:
[   38.300861][    C0] ---[ end trace 0000000000000000 ]---
[   38.300867][    C0] RIP: 0010:__queue_work+0x575/0xd30
[   38.300887][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 dc 28 00 4c 89 ff e8 70 db ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 4b 6d 00 49 8b 7d 00 e8 53 d7
[   38.300899][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[   38.300911][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100339440
[   38.300922][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   38.300933][    C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[   38.300944][    C0] R10: ffffed1026346139 R11: 1ffff11026346139 R12: dffffc0000000000
[   38.300956][    C0] R13: 0000000000000000 R14: ffff888131a309c8 R15: 0000000000000008
[   38.300966][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   38.300979][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.300991][    C0] CR2: 0000200000000180 CR3: 0000000135a84000 CR4: 00000000003526b0
[   38.301005][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   38.301014][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   38.301025][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   38.301327][    C0] Kernel Offset: disabled
[   40.004108][    C0] Rebooting in 86400 seconds..