last executing test programs:

3m5.303087248s ago: executing program 32 (id=120):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x7fffffffffffffff}, 0x18)
r2 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x1294, 0x2, 0x5})
mq_timedreceive(r2, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000080)=""/87, 0x57, 0x1000002, 0x0)

2m58.669289518s ago: executing program 3 (id=382):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(r0, &(0x7f0000000080)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})

2m58.37188164s ago: executing program 3 (id=392):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x86)
fchdir(r1)
setuid(0xee00)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x408, 0x103)

2m58.35238299s ago: executing program 33 (id=392):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x86)
fchdir(r1)
setuid(0xee00)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x408, 0x103)

1m29.900758711s ago: executing program 1 (id=3936):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
r2 = socket(0x2, 0x80805, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
sendmmsg$inet(r2, &(0x7f0000000900)=[{{&(0x7f00000002c0)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000ac0)="6cb76def2c36dab0f366cf47ad785ed2fb5e1fa5fb56d566acdc377060c4ba50a58104620df72c3004bfbc77173110e163f7d8ad60c34cdb064852353438fea809e390e392afbf35311690cd8286a6c49668aee29b7537078dba77963d15c085d7343c1012135d361ac15c082b7ac8db87cc10fe3ffc374c8be18fc53437100a11dddb9981072ec036d513870a5bbf62ce9e39f790f61ef997af390b9f5fc8a699e001c59077c459eb40ee80a3ffeb35737da668ef974592faf129325cd9ad0dc5663950a329804c9f5d261f71165b05dac212cc2afc40f980ddef8773f1045e75de4ec606aef87052e9ac784bb0f5a43f9cac5e44ae1a6dd575ce17a4749dc7cd4d7f76a40676e792e5b31a25703b1f35b48a89ed84582ef8f4ac046695f402c25da1fa6bc732a7016edf093b4c31193130b3bc143702e2b1d23743ca797b24495dc4979b81413701c0597dcd5e3bcc9c2050c18cfe03814d358e0f795e990dc44d2c1b9890514bd5ea94a3f3a1e25a8cdc67133e9176d76dc54c31274cff0101d8a42c103bad1b8b57362446f2c2ed8a69daf3d7306ef3fa2015e4ee1ef3392120b82671d73b07f3082ea69ffa0ebc7b53c78862a3e1ece518c1f0abbe4053b4dfafe815c1fe4b0d079446e80d13af972e00644a0188605d7309812e24cd1158677f94a16a5eb0c5d48b60329fc522026efa596ac913540f2a9b0345f279329bfba29a7dfc8894e6a08eeee3dd974c3de9e0602cfd1e3e584b10dd26cd13f7fb432e72ea85fd1d3a872061bc967d7a67a3a7f09f34cc825db5d9ef3ce0ff9873f8eff342eb30fa970007e2f591f07dc9bc5141a9679a2f7c69aa50894353a7830a0f7cf766aff6e81d7c3b88d730946ce3f327716ef6fd270d5bf467aef288db903f740b6ac27b962a3c6462372e63f8da8505f05d17b364dd8c6b5d449accd01b4c6da297669f098bee986b95e389a2d003539ca9dec8c26b9f6bbb5f7fe6f0b764d99bc0dafcad4121ed6a749ac71fc5deeee54d0e8a2d9dccc87df818258d73c8816b78c1be3670fb14dded879caf925e0f8abf63f55ffee02bbffb465f0303338bd12e22fe94fdaa3f033127ecaf41649232c38e83850fd3ebc890ea5db2763a8389ac49bd9b7f6b81f381d3eeb90d0f596e2b7f7dfa2a0e9453c1f5f359b56aae9e97a51f6c092d25a031843e351f5733a25c5905706618ab569359bdca4932f6471f4f2d152f84cfc0c563885b0d93fd015095a8eb9422e3d17ddaf3f20dde5eeea415f76c0617964198c824b98f4d53ab0d4d734dcd6d07dddd5b77c1bd71208632941973bd5b5aca981137ec21dcd86ba518b3d4979b68f704a2a7d7cfeb9be3edf4b4b3560e930d9dba0bc358cba36a129748c1fa73483a69759ba0c4f2ee2a936899e163c213bb3fe5a28e68669fb2da6bbcdf4c55e933d127a8bc68b8d0e6c6c757fe8ea47f26ceb7c1b3ca8b962eb31a081756ed56fe4385dccc5e2a7a53300e9c8a1a55bcf8db3f828cb3db8485110da631a50199a5c1932b5538a2b1c3cddb4451868a413418e3f761530fd477b2ebb449070c73171964203ad7bad4302af13fa6fe55fb88ede096a7aba95ef3665da778250daa9dd4bd5ecb8a807d83fe6dcf2f0cf5de7a4ef742979afd7d93bb2672ad45f6537640313b1ca8838f3fdc08e57455af6398ce5b253312fe1a88206210831e0de59d1e3f9442fb9dd43f1b9c00d151d3234028990f8bcaf65c0ad9ea1bc20e4b7641ff26969b02ccd60d2d8d2d72fe5fd58068cd6d7525c9e24c4246cd776ecf1f57550bb6bddad5093618797547cde5c07e165bc979bfbb5479c58e89c29efa5fdfa5b4a87917a4275609afc849384458ca980ba5a2aa4d10c761bb3b3a57e3d3b41001cdf6", 0x541}], 0x1}}], 0x1, 0x0)

1m29.835336461s ago: executing program 1 (id=3943):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="07000000040000008001000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000050000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)

1m29.638512932s ago: executing program 1 (id=3952):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
write$binfmt_script(r2, &(0x7f0000001880)={'#! ', './file0'}, 0xb)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1m29.603365362s ago: executing program 1 (id=3954):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1m29.496102653s ago: executing program 1 (id=3961):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000700000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x18)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0)

1m29.447523534s ago: executing program 1 (id=3966):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000001180)='kfree\x00', r0, 0x0, 0x4}, 0x18)
syz_io_uring_submit(0x0, 0x0, 0x0)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)

1m14.441356995s ago: executing program 34 (id=3966):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000001180)='kfree\x00', r0, 0x0, 0x4}, 0x18)
syz_io_uring_submit(0x0, 0x0, 0x0)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)

48.575064863s ago: executing program 2 (id=5545):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
fsetxattr$security_capability(r2, &(0x7f0000000040), &(0x7f0000000200)=@v3={0x3000000, [{0x6, 0x2d}, {0x8, 0x4}]}, 0x18, 0x2)

48.557741724s ago: executing program 2 (id=5546):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x4ab}, 0x18)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000800), 0x8000, 0x0)
r3 = dup(r2)
ioctl$GIO_UNISCRNMAP(r3, 0x43403d0e, 0x0)

48.518999204s ago: executing program 2 (id=5557):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000002c0)={'team0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0xfffffffe, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

48.491350974s ago: executing program 2 (id=5549):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x20000, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='..\x00')
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0\x00', 0x0, 0x98d046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x106d4c8, 0x0)

48.410843044s ago: executing program 2 (id=5552):
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x6a040000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000000080002400000000014000000020a010800000000060000000000000014000000110001"], 0xa4}}, 0x0)

47.872648487s ago: executing program 2 (id=5570):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
r2 = getpid()
r3 = gettid()
rt_tgsigqueueinfo(r2, r3, 0x1, &(0x7f0000000600)={0x6, 0x8, 0x2})

47.865062838s ago: executing program 35 (id=5570):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
r2 = getpid()
r3 = gettid()
rt_tgsigqueueinfo(r2, r3, 0x1, &(0x7f0000000600)={0x6, 0x8, 0x2})

32.128843424s ago: executing program 5 (id=6154):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prlimit64(0x0, 0x7, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))

32.032305014s ago: executing program 5 (id=6156):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$UHID_CREATE(r0, &(0x7f0000000780)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x800}}, 0x120)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
write$UHID_DESTROY(r0, &(0x7f0000000080), 0x4)

31.912983755s ago: executing program 5 (id=6158):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
fsetxattr$security_selinux(r2, &(0x7f0000000840), &(0x7f0000000880)='system_u:object_r:systemd_passwd_agent_exec_t:s0\x00', 0x31, 0x1)

31.882590105s ago: executing program 5 (id=6161):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x1c5008, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x500, 0x40)
r1 = open_tree(r0, &(0x7f0000000300)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000040)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x172)

31.852103035s ago: executing program 5 (id=6164):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x1, 0x3, 0x3, 0x4a}, 0x10)
close(r2)

31.789445636s ago: executing program 5 (id=6167):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x10007ffffffff}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = epoll_create1(0x0)
epoll_pwait2(r2, &(0x7f0000000180)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0)

31.762093296s ago: executing program 36 (id=6167):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x10007ffffffff}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = epoll_create1(0x0)
epoll_pwait2(r2, &(0x7f0000000180)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0)

31.592876167s ago: executing program 6 (id=6178):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000080)="240000001a007f0214f9f407000904080a000000000000050002000008000f40fe00000e", 0x24)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x2, 0x7fff8000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

31.592180647s ago: executing program 6 (id=6181):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="610304080106789b21db02060912c90e1aba6bad8a1932148548fcee"], 0x1c)

30.445222424s ago: executing program 6 (id=6193):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x20000000000002a5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x16c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x144, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x10c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0xfc, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x7, 0x1, "20a81f"}]}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_MASK={0xd0, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa6, 0x1, "13a626e7dadc3b0192126de8c9df0d999f322c4edd91c75afc1265edead86ea46b398357e9525920a28ab842d65710328a78f47d7ca8db3a0757b435b58d3dfb4f3f9204972106e2318396e01a0e59c5662ce8449f1c604dda8f261f89226b40b3374a8c6685fd6697b3ab20e9f9ba48ca0baf88a8913ad9c5e129d2c0f6e6ef8b4b3100e6d2c70906f0eebb93212697c740807031a9e4b1047ab06a9902d7458aa1"}, @NFTA_DATA_VALUE={0x15, 0x1, "f5f52d09b14b48fea3259783ba60441681"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x1e0}}, 0x0)

30.380735834s ago: executing program 6 (id=6186):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
fsopen(0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x5400, 0x0)

30.300554255s ago: executing program 6 (id=6188):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0)

30.283685195s ago: executing program 6 (id=6190):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
creat(&(0x7f0000000000)='./file0\x00', 0x6a)
mount$9p_unix(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x873002, 0x0)

14.75899196s ago: executing program 37 (id=6190):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
creat(&(0x7f0000000000)='./file0\x00', 0x6a)
mount$9p_unix(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x873002, 0x0)

3.101152651s ago: executing program 8 (id=6655):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x5c, 0x10, 0xffffff1f, 0xfffffffc, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}, @IFLA_GRE_TOS={0x5, 0x9, 0x9}]}}}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x9}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x21}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

2.992593702s ago: executing program 8 (id=6661):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000600000618110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)

2.954281052s ago: executing program 8 (id=6665):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prlimit64(0x0, 0x7, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))

2.918878032s ago: executing program 8 (id=6666):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x1c5008, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x500, 0x40)
r1 = open_tree(r0, &(0x7f0000000300)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000040)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x172)

2.887204993s ago: executing program 8 (id=6669):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x1, 0x3, 0x3, 0x4a}, 0x10)
close(r2)

2.665317114s ago: executing program 8 (id=6682):
r0 = socket$inet(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x238, 0x238, 0x238, 0x98, 0x98, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x18}, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x4, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)

2.637128814s ago: executing program 38 (id=6682):
r0 = socket$inet(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x238, 0x238, 0x238, 0x98, 0x98, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x18}, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x4, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)

1.58084392s ago: executing program 4 (id=6708):
r0 = io_uring_setup(0x5597, &(0x7f0000000100)={0x0, 0x10000000, 0x1, 0x1, 0x1d1})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000001000080000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002700)=""/4096, 0x1000}, {0x0}], &(0x7f0000000200)=[0xba], 0x2}, 0x20)

1.480807571s ago: executing program 4 (id=6712):
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000bc0)='./file1\x00', 0x1a00404, &(0x7f0000000080)={[{@noblock_validity}, {@grpquota}]}, 0x1, 0xbb9, &(0x7f00000017c0)="$eJzs3M1rHGUYAPBnJpvv2KQiaotgQKqiuE2bUqGn1rOooAePjcmmhGw/TCKY0ENa7+pBxENB+icI3u3Fk+ChHrT+BUUsUvTS9rAy+5Gu2WwSk81Om/5+8Gbed97JPs+T2e68AzsN4Ik1nv1IIw5FxNkkYrS+P42IvmpvIGK1dtz9u5ens5ZEpfL+X0kkEXHv7uXpxmsl9e1wfTAQETffSuLpz1rjLi6vzE+Vy6WF+vjo0vlLRxeXV96YOz91rnSudOHE5JsnJk9OTnaw1tuXPvrmhV/eefnq9c8n3v36wE9JnI6R+lxzHZ0yHuNrf5NmhYiY6nSwnPTU62muMynkmBAAAJtKm9Zwz8Zo9MTDxdto/PhrrskBAAAAHVHpiagAAAAA+1zi/h8AAAD2ucb3AO7dvTzdaPl+I6G77pyJiLFa/Y3nm2szhVitbgeiNyKG/k6i+bHWpPZruzaeRfr+51LWYqvnkAc7EHCd1SsR8fxG5z+p1j9WfYq7tf40IiY6EH983bjb77/d1H+6A/Hzrh+AJ9ONM7ULWev1L62tf/pro/XXv8IG166dyPv611j/3W9Z/6Vr67+eNuu/97YZ4/CD1262m2te/334xe8zWfxsu6ui/oc7VyIOFzaqP1mrP2lT/9ltxhievn2t3VxWf1Zvo3W7/sr1iCPV1Vxr/Q3JZv8/0dHZuXJpovZzg9dfPrl5/Obzn7UsfuNeoBuy8z8UOzv/l7YZY+y5Pw+1m9u6/vSPvuSDaq+vvufTqaWlhWMRfcnbrfuPb55L45jGa2T1v/rS5v/+N6o/+0xYrf8dsnfPlfo2G19dF3P4yPHvdl7/3srqn9nh+f9ymzG+/eHax+3m8q4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMdDGhEjkaTFtX6aFosRwxHxTAyl5YuLS6/PXvzkwkw2FzEWvensXLk0ERGjtXGSjY9V+w/Hx9eNJyPiYER8NTpYHRenL5Zn8i4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANcMRMRJJWoyINCL+GU3TYjHvrAAAAICOG8s7AQAAAGDPuf8HAACA/a/l/r/wn9FAN3MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgXzr44o1bSUSsnhqstkxffa4318yAvZZu77Chvc4D6L6evBMAclNo6lcqlUqOqQBd5h4fSLaYH2g709/xXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4dL1y6MatJCJWTw1WW6avPteba2bAXkvzTgDITc9mk8mWO4DHWCHvBIDcuMcHaiv7B5Wa1vmBtr/Zv+uoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw+RqotSYsRkVb7aVosRjwVEWPRm8zOlUsTEXEgIn4b7e3PxsfyThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICOW1xemZ8ql0sLOvu2U6mf60clnyejMxhdizVYP8FtjulvP7VJJ8cPJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcrO4vDI/VS6XFhbzzgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI2+LyyvxUuVxa2MNO3jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCffwMAAP//xB0HRA==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r1 = open(&(0x7f0000000240)='./file2\x00', 0x145142, 0x0)
sendfile(r1, r1, 0x0, 0x800000009)
bpf$MAP_CREATE(0x0, 0x0, 0x50)

985.620604ms ago: executing program 4 (id=6721):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x4070bd2c, 0x25dfdbfc, [@sadb_key={0x2, 0x9, 0x8, 0x0, "1c"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x80000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @remote}}]}, 0x60}, 0x1, 0x7}, 0x0)

865.942264ms ago: executing program 4 (id=6730):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = dup2(r1, r1)
write$tun(r2, 0x0, 0x46)

807.069365ms ago: executing program 4 (id=6736):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a800000001d78771b90bd8a3b4914783c58777003d5b9538a90000000300060000000000020000030000000000000000000000000200010000000000000002fc00000000030005000000000002"], 0x70}, 0x1, 0x7}, 0x0)

586.251436ms ago: executing program 0 (id=6742):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x4070bd2c, 0x25dfdbfc, [@sadb_key={0x2, 0x9, 0x8, 0x0, "1c"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x80000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @remote}}]}, 0x60}, 0x1, 0x7}, 0x0)

577.895446ms ago: executing program 0 (id=6744):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000a80)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050027bd7000fedbdf2501000000080001006f5935e6c1bee7824e0f96e8f75c5a709d409e5e65164bb689cc5e113111c37afa3f2596fcff7cceb3615e9e38f69e5b546e6e1a32adb632980fac5c01000000935aa0bca6ac0ad913d419aa67fc4ba301010000c2d8ab3ea1fe7148c89d1cb577dc2a593a3537e8cc059724c526d584ea8ec9620a1f889d000000", @ANYRES32=r3, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000100004006c6f616462616c616e636500"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)

501.133397ms ago: executing program 7 (id=6746):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)

500.966827ms ago: executing program 4 (id=6747):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000000)='cgroup\x00', 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
close_range(r0, 0xffffffffffffffff, 0x0)

406.627217ms ago: executing program 0 (id=6748):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000080)})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCL_BLANKSCREEN(r2, 0x4b67, &(0x7f0000000180))

357.001468ms ago: executing program 7 (id=6750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

346.635358ms ago: executing program 0 (id=6752):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000000)='inet_sock_set_state\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg(r1, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, &(0x7f0000000140)=[{&(0x7f00000004c0)='&', 0x1}], 0x1}}], 0xf00, 0x2c000011)

301.604238ms ago: executing program 9 (id=6753):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)

294.202828ms ago: executing program 9 (id=6762):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xcf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630bf7c045f94cd977", 0x18, 0xffffffffffffffff)

293.614888ms ago: executing program 7 (id=6754):
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00006ec000/0x1000)=nil, &(0x7f00002c7000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000559000/0x4000)=nil, &(0x7f000008d000/0x1000)=nil, &(0x7f00005e2000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000021a000/0x1000)=nil, &(0x7f00005e1000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

265.486628ms ago: executing program 0 (id=6755):
r0 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x707c, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x7, 0x0, 0xffffffffffffffff, &(0x7f00000021c0)={0xa01, 0x8}, 0x0, 0x18, 0x0, 0x12345})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
io_uring_enter(r0, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)

265.129048ms ago: executing program 9 (id=6756):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001100)='/proc/slabinfo\x00', 0x0, 0x0)
preadv(r1, &(0x7f00000010c0)=[{&(0x7f0000001800)=""/250, 0xfa}], 0x1, 0x40000004, 0x0)
write$binfmt_elf32(r1, 0x0, 0x3bb)

258.624568ms ago: executing program 7 (id=6757):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000400)='kmem_cache_free\x00', r1, 0x0, 0x5ffffff}, 0x9)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r2 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
ftruncate(r2, 0xee72)

168.018859ms ago: executing program 9 (id=6758):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000001c0)='kfree\x00', r1}, 0x18)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0xf00)

159.809949ms ago: executing program 3 (id=6683):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

145.155539ms ago: executing program 7 (id=6759):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f02, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
close_range(r1, 0xffffffffffffffff, 0x0)

91.75689ms ago: executing program 9 (id=6760):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x66be96ba}, 0x18)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(r1, 0x0, 0x0)
close(r1)

91.175079ms ago: executing program 7 (id=6771):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x32)
write(r1, &(0x7f00000001c0)="49bda8f11851b8436bebb25ac5f8202ffb", 0x11)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffffffffffffffd)

45.54797ms ago: executing program 3 (id=6761):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4005, &(0x7f0000000c00)=0xb, 0x6, 0x2)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2)

21.63907ms ago: executing program 3 (id=6763):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kfree\x00', r0}, 0x18)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1)
sendmsg$IEEE802154_LIST_PHY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)={0x14, r2, 0x30b, 0x0, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4044}, 0x20000004)

18.06491ms ago: executing program 0 (id=6764):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r1, 0x0, 0xffff}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@deltaction={0x38, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x24, 0x1, [{0x10, 0x8f, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844)

17.30659ms ago: executing program 9 (id=6775):
rt_sigprocmask(0x0, &(0x7f0000000100)={[0x12f440000]}, 0x0, 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000300)='rxrpc_client\x00', r0}, 0x18)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24)
sendmmsg(r1, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0)

0s ago: executing program 3 (id=6765):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

kernel console output (not intermixed with test programs):

fc9a8f6c9 code=0x7ffc0000
[  162.421802][   T29] audit: type=1326 audit(2000002614.457:7884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18166 comm="syz.7.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  162.445571][   T29] audit: type=1326 audit(2000002614.457:7885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18166 comm="syz.7.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  162.469322][   T29] audit: type=1326 audit(2000002614.457:7886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18166 comm="syz.7.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  162.496525][T18164] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.547185][T18175] loop6: detected capacity change from 0 to 1024
[  162.553912][T18175] EXT4-fs: Ignoring removed orlov option
[  162.599842][T18175] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.619755][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.645648][ T4460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.727960][T18183] loop5: detected capacity change from 0 to 4096
[  162.745432][T18183] EXT4-fs: Ignoring removed nomblk_io_submit option
[  162.755754][T18183] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.812960][T18216] bridge0: entered promiscuous mode
[  162.817959][ T3777] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.819579][T18216] bridge0: port 3(macsec1) entered blocking state
[  162.833934][T18216] bridge0: port 3(macsec1) entered disabled state
[  162.840658][T18216] macsec1: entered allmulticast mode
[  162.846093][T18216] bridge0: entered allmulticast mode
[  162.854989][T18216] macsec1: left allmulticast mode
[  162.860173][T18216] bridge0: left allmulticast mode
[  162.866744][T18216] bridge0: left promiscuous mode
[  162.889309][    T9] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  162.906109][    T9] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  163.052457][T18276] sd 0:0:1:0: device reset
[  163.240614][T18307] 0ªX¹¦À: renamed from caif0
[  163.247786][T18307] 0ªX¹¦À: entered allmulticast mode
[  163.253061][T18307] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  163.390725][T18330] SELinux: failed to load policy
[  163.898061][ T3371] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  163.926289][ T3371] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  163.964797][T18442] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  163.973111][T18442] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  165.145877][T18609] xt_hashlimit: max too large, truncated to 1048576
[  165.154384][T18609] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  165.273804][T18631] serio: Serial port ptm1
[  165.303928][T18636] netem: incorrect ge model size
[  165.308960][T18636] netem: change failed
[  165.356377][T18642] xt_hashlimit: max too large, truncated to 1048576
[  165.364302][T18642] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  165.406076][T18644] netlink: 'syz.6.5220': attribute type 4 has an invalid length.
[  165.413967][T18644] __nla_validate_parse: 5 callbacks suppressed
[  165.414034][T18644] netlink: 152 bytes leftover after parsing attributes in process `syz.6.5220'.
[  165.448671][T18644] .`: renamed from bond0 (while UP)
[  165.475296][T18652] sd 0:0:1:0: device reset
[  165.486544][T18654] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5225'.
[  165.495624][T18654] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5225'.
[  165.526755][T18654] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5225'.
[  165.535803][T18654] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5225'.
[  165.589764][T18654] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5225'.
[  165.598965][T18654] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5225'.
[  165.636294][T18695] netlink: 'syz.6.5235': attribute type 1 has an invalid length.
[  165.644117][T18695] netlink: 224 bytes leftover after parsing attributes in process `syz.6.5235'.
[  165.741787][T18716] loop6: detected capacity change from 0 to 512
[  165.765118][T18716] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  165.810782][T18716] Invalid ELF header magic: != ELF
[  165.959403][T18773] SELinux: ebitmap: truncated map
[  165.966302][T18773] SELinux: failed to load policy
[  166.006302][T18790] loop2: detected capacity change from 0 to 512
[  166.030643][T18790] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  166.086178][T18790] Invalid ELF header magic: != ELF
[  166.244608][T18841] ------------[ cut here ]------------
[  166.250204][T18841] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x0, 0x7800000000] s64=[0x0, 0xffffffffffffffff] u32=[0x80000000, 0x0] s32=[0x0, 0xffffffff] var_off=(0x0, 0x7800000000)
[  166.270192][T18841] WARNING: CPU: 0 PID: 18841 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x673/0x680
[  166.280578][T18841] Modules linked in:
[  166.284533][T18841] CPU: 0 UID: 0 PID: 18841 Comm: syz.4.5288 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  166.295957][T18841] Tainted: [W]=WARN
[  166.299818][T18841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  166.310023][T18841] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[  166.316418][T18841] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 b2 f6 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[  166.336863][T18841] RSP: 0018:ffffc900067c3408 EFLAGS: 00010282
[  166.343261][T18841] RAX: f46b92834ad4c000 RBX: ffff8881189c0840 RCX: 0000000000080000
[  166.351469][T18841] RDX: ffffc9000471a000 RSI: 0000000000014395 RDI: 0000000000014396
[  166.359461][T18841] RBP: 0000000000000000 R08: 0001c900067c3257 R09: 0000000000000000
[  166.367454][T18841] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff8881189c0800
[  166.375561][T18841] R13: ffff88810c538000 R14: ffff88810c538000 R15: ffff8881189c0838
[  166.383568][T18841] FS:  00007ff78b46f6c0(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000
[  166.386451][T18853] loop2: detected capacity change from 0 to 136
[  166.392539][T18841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  166.392560][T18841] CR2: 00002000000054c0 CR3: 000000012855c000 CR4: 00000000003506f0
[  166.392578][T18841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  166.405694][T18853] Attempt to read inode for relocated directory
[  166.413471][T18841] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  166.413493][T18841] Call Trace:
[  166.413501][T18841]  <TASK>
[  166.413516][T18841]  reg_set_min_max+0x1eb/0x260
[  166.446707][T18841]  check_cond_jmp_op+0x1370/0x19e0
[  166.451942][T18841]  do_check+0x3363/0x8460
[  166.456392][T18841]  do_check_common+0xc5e/0x12b0
[  166.461344][T18841]  bpf_check+0xaaae/0xd9d0
[  166.465801][T18841]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  166.470668][T18852] netlink: 300 bytes leftover after parsing attributes in process `syz.5.5290'.
[  166.471822][T18841]  ? __vmap_pages_range_noflush+0xbc4/0xcf0
[  166.481225][T18852] netlink: 152 bytes leftover after parsing attributes in process `syz.5.5290'.
[  166.487066][T18841]  ? try_charge_memcg+0x215/0xa10
[  166.501319][T18841]  ? pcpu_block_update+0x24e/0x3b0
[  166.506620][T18841]  ? pcpu_block_refresh_hint+0x157/0x170
[  166.512307][T18841]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  166.518476][T18841]  ? css_rstat_updated+0xb7/0x240
[  166.523574][T18841]  ? __rcu_read_unlock+0x4f/0x70
[  166.528637][T18841]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[  166.534513][T18841]  ? should_failslab+0x52/0xb0
[  166.539311][T18841]  ? should_fail_ex+0x30/0x280
[  166.544234][T18841]  ? should_failslab+0x8c/0xb0
[  166.549088][T18841]  ? __kmalloc_noprof+0x2a2/0x570
[  166.554249][T18841]  ? security_bpf_prog_load+0x60/0x140
[  166.559755][T18841]  ? selinux_bpf_prog_load+0xad/0xd0
[  166.565113][T18841]  ? security_bpf_prog_load+0x9e/0x140
[  166.571059][T18841]  bpf_prog_load+0xf6e/0x1100
[  166.575778][T18841]  ? security_bpf+0x2b/0x90
[  166.580340][T18841]  __sys_bpf+0x469/0x7c0
[  166.584864][T18841]  __x64_sys_bpf+0x41/0x50
[  166.589333][T18841]  x64_sys_call+0x2aee/0x3000
[  166.594025][T18841]  do_syscall_64+0xd2/0x200
[  166.598782][T18841]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  166.604867][T18841]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  166.611218][T18841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.617632][T18841] RIP: 0033:0x7ff78ca0f6c9
[  166.622422][T18841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.642067][T18841] RSP: 002b:00007ff78b46f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  166.650583][T18841] RAX: ffffffffffffffda RBX: 00007ff78cc65fa0 RCX: 00007ff78ca0f6c9
[  166.658578][T18841] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  166.666586][T18841] RBP: 00007ff78ca91f91 R08: 0000000000000000 R09: 0000000000000000
[  166.674569][T18841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  166.682615][T18841] R13: 00007ff78cc66038 R14: 00007ff78cc65fa0 R15: 00007ffc68c55ab8
[  166.690598][T18841]  </TASK>
[  166.693621][T18841] ---[ end trace 0000000000000000 ]---
[  166.787223][T18875] wireguard0: entered promiscuous mode
[  166.792816][T18875] wireguard0: entered allmulticast mode
[  167.127417][T18920] serio: Serial port ptm0
[  167.341061][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  167.394721][   T29] kauditd_printk_skb: 236 callbacks suppressed
[  167.394749][   T29] audit: type=1326 audit(2000002619.578:8123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.424566][   T29] audit: type=1326 audit(2000002619.578:8124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.448697][   T29] audit: type=1326 audit(2000002619.628:8125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.472227][   T29] audit: type=1326 audit(2000002619.628:8126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.495804][   T29] audit: type=1326 audit(2000002619.628:8127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.519451][   T29] audit: type=1326 audit(2000002619.678:8128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.543107][   T29] audit: type=1326 audit(2000002619.688:8129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.567035][   T29] audit: type=1326 audit(2000002619.688:8130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18982 comm="syz.4.5326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78ca0f6c9 code=0x7ffc0000
[  167.649358][T19004] netlink: 'syz.4.5330': attribute type 15 has an invalid length.
[  167.740110][T19017] usb usb1: usbfs: process 19017 (syz.6.5334) did not claim interface 63 before use
[  167.750864][   T29] audit: type=1326 audit(2000002619.928:8131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19019 comm="syz.2.5335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b79af6c9 code=0x7ffc0000
[  167.774407][   T29] audit: type=1326 audit(2000002619.928:8132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19019 comm="syz.2.5335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b79af6c9 code=0x7ffc0000
[  168.041105][T19081] serio: Serial port ptm0
[  168.255686][T19132] wireguard0: entered promiscuous mode
[  168.261277][T19132] wireguard0: entered allmulticast mode
[  168.746322][T19165] usb usb1: usbfs: process 19165 (syz.2.5364) did not claim interface 63 before use
[  168.780796][T19169] loop6: detected capacity change from 0 to 1024
[  168.797832][T19169] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.996476][T19206] wireguard0: entered promiscuous mode
[  169.002050][T19206] wireguard0: entered allmulticast mode
[  169.083205][T19221] 0ªX¹¦À: renamed from caif0
[  169.089846][T19221] 0ªX¹¦À: entered allmulticast mode
[  169.095098][T19221] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  169.265105][ T4460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.332696][T19262] netlink: 'syz.6.5395': attribute type 1 has an invalid length.
[  169.362080][T19267] loop6: detected capacity change from 0 to 128
[  169.387606][T19267] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  169.413989][T19267] ext4 filesystem being mounted at /891/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  169.440677][ T4460] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  169.534114][T19304] 0ªX¹¦À: renamed from caif0
[  169.550242][T19304] 0ªX¹¦À: entered allmulticast mode
[  169.555490][T19304] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  169.618599][T19321] loop4: detected capacity change from 0 to 128
[  169.628642][T19321] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  169.642298][T19321] ext4 filesystem being mounted at /1238/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.668165][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  169.698228][T19337] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  170.337610][T19396] loop2: detected capacity change from 0 to 1024
[  170.351990][T19396] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.561103][T15798] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  170.572460][T15798] CPU: 1 UID: 0 PID: 15798 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  170.572501][T15798] Tainted: [W]=WARN
[  170.572509][T15798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  170.572550][T15798] Call Trace:
[  170.572557][T15798]  <TASK>
[  170.572565][T15798]  __dump_stack+0x1d/0x30
[  170.572593][T15798]  dump_stack_lvl+0xe8/0x140
[  170.572618][T15798]  dump_stack+0x15/0x1b
[  170.572640][T15798]  dump_header+0x81/0x220
[  170.572658][T15798]  oom_kill_process+0x342/0x400
[  170.572727][T15798]  out_of_memory+0x979/0xb80
[  170.572763][T15798]  try_charge_memcg+0x610/0xa10
[  170.572802][T15798]  charge_memcg+0x51/0xc0
[  170.572830][T15798]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  170.572902][T15798]  __read_swap_cache_async+0x17b/0x2d0
[  170.572932][T15798]  swap_cluster_readahead+0x262/0x3c0
[  170.572963][T15798]  swapin_readahead+0xde/0x6f0
[  170.572990][T15798]  ? sized_strscpy+0x121/0x1a0
[  170.573095][T15798]  ? __rcu_read_unlock+0x4f/0x70
[  170.573123][T15798]  ? __rcu_read_unlock+0x4f/0x70
[  170.573154][T15798]  ? swap_cache_get_folio+0x277/0x280
[  170.573180][T15798]  do_swap_page+0x2ae/0x2370
[  170.573204][T15798]  ? _raw_spin_unlock+0x26/0x50
[  170.573252][T15798]  ? finish_task_switch+0xad/0x2b0
[  170.573280][T15798]  ? __pfx_default_wake_function+0x10/0x10
[  170.573308][T15798]  handle_mm_fault+0x9a5/0x2be0
[  170.573364][T15798]  ? vma_start_read+0x141/0x1f0
[  170.573404][T15798]  do_user_addr_fault+0x630/0x1080
[  170.573427][T15798]  ? fpregs_restore_userregs+0xe2/0x1d0
[  170.573458][T15798]  ? switch_fpu_return+0xe/0x20
[  170.573574][T15798]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  170.573613][T15798]  exc_page_fault+0x62/0xa0
[  170.573652][T15798]  asm_exc_page_fault+0x26/0x30
[  170.573683][T15798] RIP: 0033:0x7fafc9ac1f45
[  170.573699][T15798] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 66 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  170.573717][T15798] RSP: 002b:00007ffe87f96a38 EFLAGS: 00010246
[  170.573734][T15798] RAX: 0000000000000000 RBX: 000000000000014b RCX: 00007fafc9ac1f43
[  170.573810][T15798] RDX: 00007ffe87f96a50 RSI: 0000000000000000 RDI: 0000000000000000
[  170.573825][T15798] RBP: 00007ffe87f96abc R08: 000000001ec0b71a R09: 0000000000000000
[  170.573840][T15798] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  170.573856][T15798] R13: 00000000000927c0 R14: 00000000000297d0 R15: 00007ffe87f96b10
[  170.573875][T15798]  </TASK>
[  170.573882][T15798] memory: usage 307200kB, limit 307200kB, failcnt 152
[  170.827313][T15798] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0
[  170.835248][T15798] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[  170.842564][T15798] Memory cgroup stats for /syz7:
[  170.844223][T15798] cache 0
[  170.852194][T15798] rss 0
[  170.855122][T15798] shmem 0
[  170.858133][T15798] mapped_file 0
[  170.861664][T15798] dirty 0
[  170.864605][T15798] writeback 0
[  170.867976][T15798] workingset_refault_anon 14
[  170.872909][T15798] workingset_refault_file 0
[  170.877751][T15798] swap 196608
[  170.881089][T15798] swapcached 8192
[  170.884723][T15798] pgpgin 12762
[  170.888108][T15798] pgpgout 12760
[  170.891603][T15798] pgfault 22456
[  170.895555][T15798] pgmajfault 3
[  170.898983][T15798] inactive_anon 8192
[  170.902919][T15798] active_anon 0
[  170.906537][T15798] inactive_file 0
[  170.910207][T15798] active_file 0
[  170.913742][T15798] unevictable 0
[  170.917374][T15798] hierarchical_memory_limit 314572800
[  170.922895][T15798] hierarchical_memsw_limit 9223372036854771712
[  170.929098][T15798] total_cache 0
[  170.932726][T15798] total_rss 0
[  170.936027][T15798] total_shmem 0
[  170.939526][T15798] total_mapped_file 0
[  170.943965][T15798] total_dirty 0
[  170.947593][T15798] total_writeback 0
[  170.951512][T15798] total_workingset_refault_anon 14
[  170.956880][T15798] total_workingset_refault_file 0
[  170.962069][T15798] total_swap 196608
[  170.965918][T15798] total_swapcached 8192
[  170.970109][T15798] total_pgpgin 12762
[  170.974008][T15798] total_pgpgout 12760
[  170.977984][T15798] total_pgfault 22456
[  170.982013][T15798] total_pgmajfault 3
[  170.985910][T15798] total_inactive_anon 8192
[  170.990757][T15798] total_active_anon 0
[  170.994721][T15798] total_inactive_file 0
[  170.998938][T15798] total_active_file 0
[  171.002943][T15798] total_unevictable 0
[  171.007085][T15798] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.5432,pid=19357,uid=0
[  171.021830][T15798] Memory cgroup out of memory: Killed process 19357 (syz.7.5432) total-vm:93956kB, anon-rss:1264kB, file-rss:22312kB, shmem-rss:128kB, UID:0 pgtables:144kB oom_score_adj:1000
[  171.040058][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.116021][T19426] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  171.195002][T19436] loop2: detected capacity change from 0 to 256
[  171.203415][T19436] FAT-fs (loop2): bogus number of FAT sectors
[  171.209535][T19436] FAT-fs (loop2): Can't find a valid FAT filesystem
[  171.275596][T19453] __nla_validate_parse: 22 callbacks suppressed
[  171.275615][T19453] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5468'.
[  171.326006][T19359] wÞ£ÿ (19359) used greatest stack depth: 7480 bytes left
[  171.417274][T19493] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  171.515472][T19509] loop5: detected capacity change from 0 to 128
[  171.535830][T19509] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  171.552208][T19509] ext4 filesystem being mounted at /1124/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.611352][ T3777] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  171.634380][T19525] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5486'.
[  171.779436][T19567] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  172.513016][T19702] netlink: 100 bytes leftover after parsing attributes in process `syz.2.5530'.
[  172.531783][T19704] xt_hashlimit: max too large, truncated to 1048576
[  172.539260][T19704] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  172.983870][   T29] kauditd_printk_skb: 112 callbacks suppressed
[  172.983887][   T29] audit: type=1400 audit(2000002625.159:8245): avc:  denied  { mounton } for  pid=19766 comm="syz.2.5549" path="/syzcgroup/cpu/syz2/cgroup.procs" dev="cgroup" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  173.362273][T19799] loop5: detected capacity change from 0 to 256
[  173.562160][ T6464] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.634517][ T6464] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.712532][ T6464] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.772563][ T6464] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.807771][T19853] macvtap1: entered promiscuous mode
[  173.813136][T19853] macvtap1: entered allmulticast mode
[  173.819162][T19853] veth1: entered promiscuous mode
[  173.824390][T19853] veth1: entered allmulticast mode
[  173.830933][T19853] team0: Device macvtap1 failed to register rx_handler
[  173.838033][T19853] veth1: left allmulticast mode
[  173.843260][T19853] veth1: left promiscuous mode
[  173.961272][ T6464] bond0 (unregistering): (slave geneve2): Releasing active interface
[  173.973288][ T6464] team0: Port device geneve1 removed
[  174.031293][ T6464] smc: removing net device bond0 with user defined pnetid SYZ2
[  174.039061][ T6464] bond0 (unregistering): Released all slaves
[  174.086999][T19977] loop7: detected capacity change from 0 to 1024
[  174.094978][T19829] chnl_net:caif_netlink_parms(): no params data found
[  174.104955][ T6464] tipc: Left network mode
[  174.111413][T19977] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.157980][ T6464] hsr_slave_0: left promiscuous mode
[  174.167698][ T6464] hsr_slave_1: left promiscuous mode
[  174.189645][ T6464] veth1_vlan: left promiscuous mode
[  174.196035][ T6464] veth0_vlan: left promiscuous mode
[  174.432756][T19829] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.439894][T19829] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.454648][T20057] loop5: detected capacity change from 0 to 512
[  174.462255][T19829] bridge_slave_0: entered allmulticast mode
[  174.468896][T19829] bridge_slave_0: entered promiscuous mode
[  174.476069][T19829] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.483213][T19829] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.490743][T19829] bridge_slave_1: entered allmulticast mode
[  174.498040][T19829] bridge_slave_1: entered promiscuous mode
[  174.507482][T20057] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5593: bg 0: block 248: padding at end of block bitmap is not set
[  174.524431][T20057] Quota error (device loop5): write_blk: dquota write failed
[  174.532055][T20057] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  174.548543][T20057] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.5593: Failed to acquire dquot type 1
[  174.560435][T15798] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.560832][T20057] EXT4-fs (loop5): 1 truncate cleaned up
[  174.572157][T19829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.575779][T20057] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.586750][T19829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.597198][T20057] ext4 filesystem being mounted at /1156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.634339][T19829] team0: Port device team_slave_0 added
[  174.650121][T19829] team0: Port device team_slave_1 added
[  174.677434][ T3777] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.688344][T19829] batman_adv: batadv0: Adding interface: batadv_slave_0
[  174.695398][T19829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  174.721412][T19829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  174.731994][ T6461] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-5
[  174.734766][T19829] batman_adv: batadv0: Adding interface: batadv_slave_1
[  174.740987][ T6461] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:41: Failed to release dquot type 1
[  174.747919][T19829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  174.785327][T19829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  174.854829][T19829] hsr_slave_0: entered promiscuous mode
[  174.862433][T19829] hsr_slave_1: entered promiscuous mode
[  174.931886][T20219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.962829][T20219] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.038634][T19829] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  175.051317][T19829] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  175.069409][T19829] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  175.078384][T19829] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  175.115108][T19829] 8021q: adding VLAN 0 to HW filter on device bond0
[  175.131819][T19829] 8021q: adding VLAN 0 to HW filter on device team0
[  175.142155][ T6448] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.149323][ T6448] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.161730][ T6448] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.168804][ T6448] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.244888][T19829] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.337711][T19829] veth0_vlan: entered promiscuous mode
[  175.345891][T19829] veth1_vlan: entered promiscuous mode
[  175.360816][T19829] veth0_macvtap: entered promiscuous mode
[  175.367926][T19829] veth1_macvtap: entered promiscuous mode
[  175.379719][T19829] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.389000][T19829] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.425621][ T6461] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.434511][ T6461] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.443862][ T6461] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.453200][ T6461] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.550875][T20333] atomic_op ffff8881629b9d28 conn xmit_atomic 0000000000000000
[  175.586168][T20343] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  175.594581][T20343] SELinux: failed to load policy
[  175.639547][   T29] audit: type=1400 audit(2000002627.809:8247): avc:  denied  { read write } for  pid=15798 comm="syz-executor" name="loop7" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  175.664038][   T29] audit: type=1400 audit(2000002627.809:8246): avc:  denied  { read write } for  pid=4460 comm="syz-executor" name="loop6" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  175.688588][   T29] audit: type=1400 audit(2000002627.819:8249): avc:  denied  { open } for  pid=4460 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  175.712737][   T29] audit: type=1400 audit(2000002627.819:8248): avc:  denied  { open } for  pid=15798 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  175.741266][   T29] audit: type=1400 audit(2000002627.819:8250): avc:  denied  { ioctl } for  pid=4460 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=106 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  175.767140][   T29] audit: type=1400 audit(2000002627.849:8251): avc:  denied  { map_create } for  pid=20350 comm="syz.7.5625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  175.820659][T20362] loop4: detected capacity change from 0 to 256
[  175.849182][T20369] loop6: detected capacity change from 0 to 128
[  176.015183][T20385] macvtap0: entered promiscuous mode
[  176.020676][T20385] macvtap0: entered allmulticast mode
[  176.026523][T20385] veth1: entered promiscuous mode
[  176.031703][T20385] veth1: entered allmulticast mode
[  176.038093][T20385] team0: Device macvtap0 failed to register rx_handler
[  176.045743][T20385] veth1: left allmulticast mode
[  176.050992][T20385] veth1: left promiscuous mode
[  176.144656][T20369] bio_check_eod: 74 callbacks suppressed
[  176.144675][T20369] syz.6.5632: attempt to access beyond end of device
[  176.144675][T20369] loop6: rw=2049, sector=128, nr_sectors = 1 limit=128
[  176.163910][T20369] buffer_io_error: 46 callbacks suppressed
[  176.163927][T20369] Buffer I/O error on dev loop6, logical block 128, lost async page write
[  176.186820][T20377] syz.6.5632: attempt to access beyond end of device
[  176.186820][T20377] loop6: rw=2049, sector=128, nr_sectors = 1 limit=128
[  176.200375][T20377] Buffer I/O error on dev loop6, logical block 128, lost async page write
[  176.219088][T20377] syz.6.5632: attempt to access beyond end of device
[  176.219088][T20377] loop6: rw=2049, sector=128, nr_sectors = 1 limit=128
[  176.232690][T20377] Buffer I/O error on dev loop6, logical block 128, lost async page write
[  176.278533][T20407] macvtap0: entered promiscuous mode
[  176.284324][T20407] macvtap0: entered allmulticast mode
[  176.328305][T20421] loop8: detected capacity change from 0 to 256
[  176.433675][T20442] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5655'.
[  176.562668][T20460] 9pnet: Unknown protocol version 9
[  176.586051][T20465] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5666'.
[  176.718216][T20486] loop7: detected capacity change from 0 to 256
[  177.500440][T20533] loop4: detected capacity change from 0 to 512
[  177.508940][T20532] loop6: detected capacity change from 0 to 256
[  177.536263][T20533] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5695: bg 0: block 248: padding at end of block bitmap is not set
[  177.553027][T20533] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.5695: Failed to acquire dquot type 1
[  177.572792][T20533] EXT4-fs (loop4): 1 truncate cleaned up
[  177.591609][T20533] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.604706][T20533] ext4 filesystem being mounted at /1290/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.644063][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.654156][ T6461] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:41: Failed to release dquot type 1
[  177.691759][T20558] loop8: detected capacity change from 0 to 1764
[  177.815048][T20572] loop5: detected capacity change from 0 to 256
[  177.840079][T20580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.862330][T20580] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.896991][T20593] loop8: detected capacity change from 0 to 128
[  177.906105][T20593] syz.8.5713: attempt to access beyond end of device
[  177.906105][T20593] loop8: rw=2049, sector=154, nr_sectors = 6 limit=128
[  177.920142][T20593] syz.8.5713: attempt to access beyond end of device
[  177.920142][T20593] loop8: rw=2049, sector=158, nr_sectors = 2 limit=128
[  177.934022][T20593] Buffer I/O error on dev loop8, logical block 79, lost async page write
[  177.942814][T20593] syz.8.5713: attempt to access beyond end of device
[  177.942814][T20593] loop8: rw=2049, sector=160, nr_sectors = 2 limit=128
[  177.946523][T20596] loop5: detected capacity change from 0 to 2048
[  177.956229][T20593] Buffer I/O error on dev loop8, logical block 80, lost async page write
[  177.956491][T20593] syz.8.5713: attempt to access beyond end of device
[  177.956491][T20593] loop8: rw=2049, sector=162, nr_sectors = 6 limit=128
[  177.984662][T20593] syz.8.5713: attempt to access beyond end of device
[  177.984662][T20593] loop8: rw=2049, sector=166, nr_sectors = 2 limit=128
[  177.998166][T20593] Buffer I/O error on dev loop8, logical block 83, lost async page write
[  178.006870][T20593] syz.8.5713: attempt to access beyond end of device
[  178.006870][T20593] loop8: rw=2049, sector=168, nr_sectors = 2 limit=128
[  178.020349][T20593] Buffer I/O error on dev loop8, logical block 84, lost async page write
[  178.029330][T20596]  loop5: p3 < > p4 < >
[  178.029436][T20593] syz.8.5713: attempt to access beyond end of device
[  178.029436][T20593] loop8: rw=2049, sector=186, nr_sectors = 6 limit=128
[  178.033532][T20596] loop5: partition table partially beyond EOD, truncated
[  178.047518][T20593] Buffer I/O error on dev loop8, logical block 95, lost async page write
[  178.054440][T20596] loop5: p3 start 4284289 is beyond EOD, truncated
[  178.063161][T20593] Buffer I/O error on dev loop8, logical block 96, lost async page write
[  178.079454][T20593] Buffer I/O error on dev loop8, logical block 99, lost async page write
[  178.227146][T20608] loop8: detected capacity change from 0 to 512
[  178.250332][T20608] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.5715: bg 0: block 248: padding at end of block bitmap is not set
[  178.265105][T20608] __quota_error: 98 callbacks suppressed
[  178.265122][T20608] Quota error (device loop8): write_blk: dquota write failed
[  178.278203][T20608] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota
[  178.288307][T20608] EXT4-fs error (device loop8): ext4_acquire_dquot:6945: comm syz.8.5715: Failed to acquire dquot type 1
[  178.300559][T20608] EXT4-fs (loop8): 1 truncate cleaned up
[  178.306710][T20608] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.320029][T20608] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.348061][T19829] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.357354][ T6464] Quota error (device loop8): do_check_range: Getting block 0 out of range 1-5
[  178.366476][ T6464] EXT4-fs error (device loop8): ext4_release_dquot:6981: comm kworker/u8:44: Failed to release dquot type 1
[  178.463180][   T29] audit: type=1400 audit(2000002630.639:8347): avc:  denied  { validate_trans } for  pid=20624 comm="syz.6.5720" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  178.503838][   T29] audit: type=1400 audit(2000002630.679:8348): avc:  denied  { create } for  pid=20626 comm="syz.6.5721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  178.617459][T20639] loop8: detected capacity change from 0 to 256
[  178.641196][   T29] audit: type=1326 audit(2000002630.819:8349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20643 comm="syz.5.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  178.697914][   T29] audit: type=1326 audit(2000002630.819:8350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20643 comm="syz.5.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  178.721707][   T29] audit: type=1326 audit(2000002630.819:8351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20643 comm="syz.5.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  178.745306][   T29] audit: type=1326 audit(2000002630.819:8352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20643 comm="syz.5.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  178.769000][   T29] audit: type=1326 audit(2000002630.819:8353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20643 comm="syz.5.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  178.964892][T20675] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  178.983109][T20675] SELinux: failed to load policy
[  179.116123][T20698] loop8: detected capacity change from 0 to 128
[  179.140720][T20698] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  179.163183][T20698] ext4 filesystem being mounted at /36/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  179.216984][T20704] netlink: 'syz.6.5749': attribute type 3 has an invalid length.
[  179.230116][T19829] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  179.735314][T20738] loop8: detected capacity change from 0 to 164
[  179.761281][T20738] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  179.779627][T20738] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  179.798375][T20738] Symlink component flag not implemented
[  179.804078][T20738] Symlink component flag not implemented
[  179.813006][T20738] Symlink component flag not implemented (7)
[  179.819253][T20738] Symlink component flag not implemented (116)
[  179.867587][T20765] loop8: detected capacity change from 0 to 128
[  180.002615][T20790] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  180.066480][T20805] loop4: detected capacity change from 0 to 1024
[  180.076289][T20805] EXT4-fs: Ignoring removed mblk_io_submit option
[  180.104986][T20805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.147850][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.261936][T20858] loop7: detected capacity change from 0 to 256
[  180.366479][T20885] binfmt_misc: register: failed to install interpreter file ./file2
[  180.740478][T20967] loop6: detected capacity change from 0 to 4096
[  180.749991][T20967] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.958831][ T4460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.156120][T21009] loop8: detected capacity change from 0 to 512
[  181.195020][T21009] EXT4-fs: Ignoring removed i_version option
[  181.201243][T21009] EXT4-fs: Ignoring removed bh option
[  181.225766][T21009] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.239585][T21009] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  181.311178][T19829] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.395246][T21049] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5827'.
[  181.404342][T21049] netlink: 108 bytes leftover after parsing attributes in process `syz.6.5827'.
[  181.413679][T21049] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5827'.
[  181.428668][T21049] netlink: 108 bytes leftover after parsing attributes in process `syz.6.5827'.
[  181.437755][T21049] netlink: 84 bytes leftover after parsing attributes in process `syz.6.5827'.
[  181.511770][T21064] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5834'.
[  181.524471][T21065] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  181.544667][T21064] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5834'.
[  181.596837][T21074] program syz.8.5840 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  181.785890][T21096] loop4: detected capacity change from 0 to 1024
[  181.799388][T21098] vhci_hcd: invalid port number 236
[  181.829782][T21096] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.915316][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.015751][T21134] netlink: 'syz.7.5863': attribute type 6 has an invalid length.
[  182.037948][T21133] loop8: detected capacity change from 0 to 2048
[  182.056714][T21133] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.169503][T19829] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.268706][T21176] netlink: 256 bytes leftover after parsing attributes in process `syz.7.5879'.
[  182.321146][T21182] SELinux: failed to load policy
[  182.664065][T21224] loop4: detected capacity change from 0 to 164
[  182.674467][T21224] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  182.685310][T21224] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  182.692053][T21227] ALSA: seq fatal error: cannot create timer (-19)
[  182.693740][T21224] Symlink component flag not implemented
[  182.705849][T21224] Symlink component flag not implemented
[  182.712275][T21224] Symlink component flag not implemented (7)
[  182.718272][T21224] Symlink component flag not implemented (116)
[  182.749878][T21234] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.5898'.
[  182.794329][T21244] loop4: detected capacity change from 0 to 512
[  182.801363][T21244] EXT4-fs: inline encryption not supported
[  182.807232][T21244] EXT4-fs: Ignoring removed mblk_io_submit option
[  182.815340][T21244] EXT4-fs error (device loop4): ext4_orphan_get:1392: comm syz.4.5903: inode #13: comm syz.4.5903: iget: illegal inode #
[  182.828486][T21244] EXT4-fs (loop4): Remounting filesystem read-only
[  182.828921][T21247] loop7: detected capacity change from 0 to 512
[  182.835423][T21244] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.859520][T21247] EXT4-fs warning (device loop7): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  182.875353][T21247] EXT4-fs (loop7): mount failed
[  182.875510][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.063087][T21292] vhci_hcd: invalid port number 96
[  183.068314][T21292] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  183.105356][T21297] netlink: 83992 bytes leftover after parsing attributes in process `syz.5.5912'.
[  183.114746][T21297] netlink: zone id is out of range
[  183.119996][T21297] netlink: zone id is out of range
[  183.125921][T21297] netlink: zone id is out of range
[  183.131098][T21297] netlink: zone id is out of range
[  183.136270][T21297] netlink: zone id is out of range
[  183.172311][T21297] netlink: set zone limit has 8 unknown bytes
[  183.599616][T21359] netlink: 176 bytes leftover after parsing attributes in process `syz.4.5935'.
[  183.634471][   T29] kauditd_printk_skb: 382 callbacks suppressed
[  183.634493][   T29] audit: type=1400 audit(2000002635.810:8735): avc:  denied  { name_bind } for  pid=21362 comm="syz.5.5937" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  183.665468][   T29] audit: type=1326 audit(2000002635.840:8736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.689204][   T29] audit: type=1326 audit(2000002635.840:8737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.713050][   T29] audit: type=1326 audit(2000002635.840:8738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.736663][   T29] audit: type=1326 audit(2000002635.840:8739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.760528][   T29] audit: type=1326 audit(2000002635.840:8740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.784073][   T29] audit: type=1326 audit(2000002635.840:8741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.807588][   T29] audit: type=1326 audit(2000002635.840:8742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.831146][   T29] audit: type=1326 audit(2000002635.840:8743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  183.854783][   T29] audit: type=1326 audit(2000002635.840:8744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21366 comm="syz.5.5939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  184.055756][T21414] netlink: 'syz.6.5955': attribute type 15 has an invalid length.
[  184.063704][T21414] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5955'.
[  184.076278][T21414] netlink: 'syz.6.5955': attribute type 15 has an invalid length.
[  184.076282][ T6455] netdevsim netdevsim6 eth0: set [0, 1] type 1 family 0 port 2816 - 0
[  184.084225][T21414] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5955'.
[  184.101655][ T6455] netdevsim netdevsim6 eth1: set [0, 1] type 1 family 0 port 2816 - 0
[  184.110090][ T6455] netdevsim netdevsim6 eth2: set [0, 1] type 1 family 0 port 2816 - 0
[  184.118539][ T6455] netdevsim netdevsim6 eth3: set [0, 1] type 1 family 0 port 2816 - 0
[  184.248976][T21431] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5960'.
[  184.305727][T21437] loop7: detected capacity change from 0 to 512
[  184.306327][T21437] EXT4-fs: dax option not supported
[  184.343359][T21444] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5965'.
[  184.343392][T21444] netlink: 'syz.7.5965': attribute type 6 has an invalid length.
[  184.343708][T21444] netlink: 'syz.7.5965': attribute type 6 has an invalid length.
[  185.035028][T21466] loop7: detected capacity change from 0 to 32768
[  185.088978][T21466]  loop7: p1 p3 < >
[  185.825915][    T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:0)
[  186.279061][T21703] netlink: 'syz.7.6037': attribute type 1 has an invalid length.
[  186.329920][T21713] netlink: 'syz.6.6039': attribute type 3 has an invalid length.
[  186.354522][ T3397] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0
[  186.372558][ T3397] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  186.551082][T21752] __nla_validate_parse: 9 callbacks suppressed
[  186.551098][T21752] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6043'.
[  186.772571][T21800] loop6: detected capacity change from 0 to 764
[  186.782469][T21800] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  186.793233][T21800] Symlink component flag not implemented
[  186.799010][T21800] Symlink component flag not implemented (7)
[  186.813729][T21803] netlink: 'syz.5.6059': attribute type 1 has an invalid length.
[  186.872578][T21815] loop6: detected capacity change from 0 to 512
[  186.896199][T21815] EXT4-fs error (device loop6): ext4_xattr_inode_iget:446: comm syz.6.6063: error while reading EA inode 32 err=-116
[  186.929368][T21815] EXT4-fs (loop6): Remounting filesystem read-only
[  186.936019][T21815] EXT4-fs warning (device loop6): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  186.959905][T21815] EXT4-fs (loop6): 1 orphan inode deleted
[  186.966407][T21830] netem: incorrect ge model size
[  186.971528][T21830] netem: change failed
[  186.971808][T21815] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.011102][ T4460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.084613][T21850] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=21850 comm=syz.4.6079
[  187.112185][T21854] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  187.183100][T21865] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6086'.
[  187.253941][T21878] loop4: detected capacity change from 0 to 512
[  187.265436][T21874] loop7: detected capacity change from 0 to 1024
[  187.273233][T21874] EXT4-fs: Ignoring removed bh option
[  187.279181][T21874] EXT4-fs: inline encryption not supported
[  187.285597][T21874] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  187.297253][T21878] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.312026][T21878] ext4 filesystem being mounted at /1363/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  187.326236][T21889] loop5: detected capacity change from 0 to 1024
[  187.326841][T21874] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  187.333467][T21889] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  187.353617][T21889] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #3: block 1: comm syz.5.6095: lblock 1 mapped to illegal pblock 1 (length 1)
[  187.368282][T21874] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.6091: lblock 2 mapped to illegal pblock 2 (length 1)
[  187.383118][T21889] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.6095: Failed to acquire dquot type 0
[  187.383769][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.394467][T21874] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 48: comm syz.7.6091: lblock 0 mapped to illegal pblock 48 (length 1)
[  187.418941][T21874] EXT4-fs error (device loop7): ext4_acquire_dquot:6945: comm syz.7.6091: Failed to acquire dquot type 0
[  187.430334][T21889] EXT4-fs error (device loop5): ext4_free_blocks:6706: comm syz.5.6095: Freeing blocks not in datazone - block = 0, count = 4096
[  187.444258][T21874] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  187.444350][T21889] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.6095: Invalid inode bitmap blk 0 in block_group 0
[  187.466656][ T1925] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  187.480943][T21889] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  187.489654][T21874] EXT4-fs error (device loop7): ext4_evict_inode:254: inode #11: comm syz.7.6091: mark_inode_dirty error
[  187.492964][T21889] EXT4-fs (loop5): 1 orphan inode deleted
[  187.507836][ T1925] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 0
[  187.519787][T21874] EXT4-fs warning (device loop7): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  187.531163][T21889] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.537866][T21874] EXT4-fs (loop7): 1 orphan inode deleted
[  187.549602][ T1925] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  187.571088][T21874] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.597861][ T1925] EXT4-fs error (device loop7): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 0
[  187.625046][ T3777] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.635728][T21874] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000.
[  187.687649][T15798] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.710797][T15798] EXT4-fs error (device loop7): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  187.726542][T15798] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  187.738370][T15798] EXT4-fs error (device loop7): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  187.910543][ T6455] Bluetooth: hci0: Frame reassembly failed (-84)
[  187.959097][T21978] netlink: 'syz.5.6119': attribute type 3 has an invalid length.
[  187.966975][T21978] netlink: 'syz.5.6119': attribute type 3 has an invalid length.
[  188.008785][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.016602][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.024388][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.032240][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.040349][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.048210][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.056053][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.064099][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.072084][   T36] hid-generic 0004:FFFFF800:0000.0015: unknown main item tag 0x0
[  188.087877][   T36] hid-generic 0004:FFFFF800:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  188.131034][T22011] loop5: detected capacity change from 0 to 1024
[  188.138185][T22011] EXT4-fs: Ignoring removed oldalloc option
[  188.144170][T22011] EXT4-fs: Ignoring removed bh option
[  188.175112][T22011] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.209621][ T3777] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.235356][T22033] geneve0: entered promiscuous mode
[  188.240652][T22033] geneve0: entered allmulticast mode
[  188.271831][T22046] netlink: 'syz.4.6128': attribute type 1 has an invalid length.
[  188.289760][T22046] 8021q: adding VLAN 0 to HW filter on device bond1
[  188.307436][T22046] bond1: (slave gretap1): making interface the new active one
[  188.316670][T22046] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  188.355902][T22099] xt_limit: Overflow, try lower: 0/0
[  188.647375][   T29] kauditd_printk_skb: 205 callbacks suppressed
[  188.647448][   T29] audit: type=1400 audit(2000002640.820:8944): avc:  denied  { setopt } for  pid=22157 comm="syz.4.6140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  188.673319][T22158] syz.4.6140: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  188.687899][T22158] CPU: 0 UID: 0 PID: 22158 Comm: syz.4.6140 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  188.687960][T22158] Tainted: [W]=WARN
[  188.687967][T22158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  188.688104][T22158] Call Trace:
[  188.688115][T22158]  <TASK>
[  188.688124][T22158]  __dump_stack+0x1d/0x30
[  188.688245][T22158]  dump_stack_lvl+0xe8/0x140
[  188.688269][T22158]  dump_stack+0x15/0x1b
[  188.688352][T22158]  warn_alloc+0x12b/0x1a0
[  188.688393][T22158]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  188.688432][T22158]  __vmalloc_node_range_noprof+0x9d/0xed0
[  188.688525][T22158]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  188.688566][T22158]  ? xfd_validate_state+0x45/0xf0
[  188.688589][T22158]  ? save_fpregs_to_fpstate+0x100/0x160
[  188.688684][T22158]  ? should_fail_ex+0x30/0x280
[  188.688707][T22158]  ? xskq_create+0x36/0xe0
[  188.688791][T22158]  vmalloc_user_noprof+0x7d/0xb0
[  188.688833][T22158]  ? xskq_create+0x80/0xe0
[  188.688857][T22158]  xskq_create+0x80/0xe0
[  188.688885][T22158]  xsk_init_queue+0x95/0xf0
[  188.688932][T22158]  xsk_setsockopt+0x3f5/0x640
[  188.688954][T22158]  ? __pfx_xsk_setsockopt+0x10/0x10
[  188.688977][T22158]  __sys_setsockopt+0x184/0x200
[  188.689020][T22158]  __x64_sys_setsockopt+0x64/0x80
[  188.689060][T22158]  x64_sys_call+0x20ec/0x3000
[  188.689087][T22158]  do_syscall_64+0xd2/0x200
[  188.689161][T22158]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  188.689192][T22158]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  188.689278][T22158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.689304][T22158] RIP: 0033:0x7ff78ca0f6c9
[  188.689322][T22158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.689390][T22158] RSP: 002b:00007ff78b46f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  188.689409][T22158] RAX: ffffffffffffffda RBX: 00007ff78cc65fa0 RCX: 00007ff78ca0f6c9
[  188.689422][T22158] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  188.689495][T22158] RBP: 00007ff78ca91f91 R08: 0000000000000004 R09: 0000000000000000
[  188.689508][T22158] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  188.689521][T22158] R13: 00007ff78cc66038 R14: 00007ff78cc65fa0 R15: 00007ffc68c55ab8
[  188.689539][T22158]  </TASK>
[  188.689551][T22158] Mem-Info:
[  188.921792][T22158] active_anon:37948 inactive_anon:19 isolated_anon:0
[  188.921792][T22158]  active_file:17012 inactive_file:13081 isolated_file:0
[  188.921792][T22158]  unevictable:0 dirty:35 writeback:0
[  188.921792][T22158]  slab_reclaimable:3608 slab_unreclaimable:26507
[  188.921792][T22158]  mapped:28911 shmem:34234 pagetables:1572
[  188.921792][T22158]  sec_pagetables:0 bounce:0
[  188.921792][T22158]  kernel_misc_reclaimable:0
[  188.921792][T22158]  free:1829534 free_pcp:15468 free_cma:0
[  188.967127][T22158] Node 0 active_anon:151676kB inactive_anon:76kB active_file:68048kB inactive_file:52324kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:115644kB dirty:140kB writeback:0kB shmem:136936kB kernel_stack:4384kB pagetables:6288kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  188.994831][T22158] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  189.024479][T22158] lowmem_reserve[]: 0 2881 7859 7859
[  189.029807][T22158] Node 0 DMA32 free:2946728kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950256kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB
[  189.061333][T22158] lowmem_reserve[]: 0 0 4978 4978
[  189.066369][T22158] Node 0 Normal free:4356048kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:151676kB inactive_anon:76kB active_file:68048kB inactive_file:52324kB unevictable:0kB writepending:140kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:58532kB local_pcp:9476kB free_cma:0kB
[  189.099954][T22158] lowmem_reserve[]: 0 0 0 0
[  189.104641][T22158] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  189.117457][T22158] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 5*16kB (M) 2*32kB (M) 4*64kB (M) 2*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2946728kB
[  189.133987][T22158] Node 0 Normal: 2738*4kB (UME) 2082*8kB (UME) 582*16kB (UME) 259*32kB (UME) 351*64kB (UME) 347*128kB (UME) 220*256kB (UME) 149*512kB (UME) 77*1024kB (UM) 31*2048kB (UME) 969*4096kB (UM) = 4356056kB
[  189.135622][T22192] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  189.153743][T22158] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  189.170489][T22158] 64339 total pagecache pages
[  189.175172][T22158] 28 pages in swap cache
[  189.179445][T22158] Free swap  = 124884kB
[  189.183778][T22158] Total swap = 124996kB
[  189.187968][T22158] 2097051 pages RAM
[  189.188064][T22194] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  189.191852][T22158] 0 pages HighMem/MovableOnly
[  189.191860][T22158] 81087 pages reserved
[  189.243848][ T1034] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [] on 
[  189.252781][T22200] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  189.315440][   T29] audit: type=1326 audit(2000002641.491:8945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.341905][   T29] audit: type=1326 audit(2000002641.491:8946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.365528][   T29] audit: type=1326 audit(2000002641.491:8947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.389226][   T29] audit: type=1326 audit(2000002641.491:8948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.413126][   T29] audit: type=1326 audit(2000002641.491:8949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.436742][   T29] audit: type=1326 audit(2000002641.501:8950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.439469][ T1034] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  189.460374][   T29] audit: type=1326 audit(2000002641.521:8951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.494542][   T29] audit: type=1326 audit(2000002641.521:8952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.518865][   T29] audit: type=1326 audit(2000002641.521:8953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22223 comm="syz.5.6154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f47522df6c9 code=0x7ffc0000
[  189.563601][T22239] SELinux:  Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped).
[  189.646070][ T6455] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  189.656509][ T6455] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.673684][T22253] io-wq is not configured for unbound workers
[  189.749974][ T6455] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  189.766672][ T6455] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.811450][ T6455] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  189.821985][ T6455] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.870438][ T6455] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  189.881017][ T6455] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.965384][ T6455] bridge_slave_1: left allmulticast mode
[  189.971110][ T6455] bridge_slave_1: left promiscuous mode
[  189.976968][ T6455] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.984145][ T3683] Bluetooth: hci0: command 0x1003 tx timeout
[  189.984321][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  189.996849][ T6455] bridge_slave_0: left promiscuous mode
[  190.002639][ T6455] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.109861][ T6455] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.119422][ T6455] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.128876][ T6455] bond0 (unregistering): Released all slaves
[  190.172638][ T6455] tipc: Disabling bearer <udp:£>
[  190.177639][ T6455] tipc: Left network mode
[  190.194070][T22267] chnl_net:caif_netlink_parms(): no params data found
[  190.205101][ T6455] hsr_slave_0: left promiscuous mode
[  190.210939][ T6455] hsr_slave_1: left promiscuous mode
[  190.218607][ T6455] veth1_vlan: left promiscuous mode
[  190.223847][ T6455] veth0_vlan: left promiscuous mode
[  190.277608][ T6461] smc: removing ib device syz!
[  190.351841][T22267] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.359128][T22267] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.367436][T22267] bridge_slave_0: entered allmulticast mode
[  190.375844][T22267] bridge_slave_0: entered promiscuous mode
[  190.386068][T22267] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.393195][T22267] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.400556][T22267] bridge_slave_1: entered allmulticast mode
[  190.406863][T22267] bridge_slave_1: entered promiscuous mode
[  190.425094][T22267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.435242][T22267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  190.454866][T22267] team0: Port device team_slave_0 added
[  190.461695][T22267] team0: Port device team_slave_1 added
[  190.477802][T22267] batman_adv: batadv0: Adding interface: batadv_slave_0
[  190.484767][T22267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.510902][T22267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  190.522784][T22267] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.529853][T22267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.555852][T22267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.581697][T22267] hsr_slave_0: entered promiscuous mode
[  190.587717][T22267] hsr_slave_1: entered promiscuous mode
[  190.593584][T22267] debugfs: 'hsr0' already exists in 'hsr'
[  190.599346][T22267] Cannot create hsr debugfs directory
[  190.662483][T22267] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  190.671139][T22267] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  190.682879][T22267] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  190.691440][T22267] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  190.721727][T22267] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.733142][T22267] 8021q: adding VLAN 0 to HW filter on device team0
[  190.742185][ T6455] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.749427][ T6455] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.760496][ T6455] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.767617][ T6455] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.821888][T22267] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.904331][T22267] veth0_vlan: entered promiscuous mode
[  190.912050][T22267] veth1_vlan: entered promiscuous mode
[  190.925932][T22267] veth0_macvtap: entered promiscuous mode
[  190.933325][T22267] veth1_macvtap: entered promiscuous mode
[  190.943101][T22267] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.953201][T22267] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.963840][ T6448] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.973360][ T6448] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.984119][ T6448] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.993162][ T6448] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.088070][T22677] pim6reg1: entered promiscuous mode
[  191.093521][T22677] pim6reg1: entered allmulticast mode
[  191.168005][T22708] serio: Serial port ptm0
[  191.524835][T22757] loop8: detected capacity change from 0 to 256
[  191.613677][T22779] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  192.816086][T22884] loop4: detected capacity change from 0 to 256
[  193.654647][   T29] kauditd_printk_skb: 64 callbacks suppressed
[  193.654663][   T29] audit: type=1326 audit(2000002645.831:9018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f04fbe36567 code=0x7ffc0000
[  193.747112][   T29] audit: type=1326 audit(2000002645.831:9019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f04fbddb779 code=0x7ffc0000
[  193.752759][T22922] netlink: 48 bytes leftover after parsing attributes in process `syz.8.6226'.
[  193.770971][   T29] audit: type=1326 audit(2000002645.831:9020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f04fbe36567 code=0x7ffc0000
[  193.803524][   T29] audit: type=1326 audit(2000002645.831:9021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f04fbddb779 code=0x7ffc0000
[  193.827374][   T29] audit: type=1326 audit(2000002645.831:9022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04fbe3f6c9 code=0x7ffc0000
[  193.851151][   T29] audit: type=1326 audit(2000002645.831:9023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04fbe3f6c9 code=0x7ffc0000
[  193.874789][   T29] audit: type=1326 audit(2000002645.851:9024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04fbe3f6c9 code=0x7ffc0000
[  193.898810][   T29] audit: type=1326 audit(2000002645.851:9025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04fbe3f6c9 code=0x7ffc0000
[  193.922484][   T29] audit: type=1326 audit(2000002645.851:9026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04fbe3f6c9 code=0x7ffc0000
[  193.946073][   T29] audit: type=1326 audit(2000002645.851:9027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22914 comm="syz.9.6231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04fbe3f6c9 code=0x7ffc0000
[  193.999490][T22932] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6236'.
[  194.079926][T22938] loop8: detected capacity change from 0 to 2048
[  194.117214][T22938]  loop8: p3 < > p4 < >
[  194.121420][T22938] loop8: partition table partially beyond EOD, truncated
[  194.140395][T22938] loop8: p3 start 4284289 is beyond EOD, truncated
[  194.311864][T22977] netlink: 48 bytes leftover after parsing attributes in process `syz.9.6246'.
[  194.356839][T22978] loop4: detected capacity change from 0 to 1764
[  194.597332][T23017] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6253'.
[  194.862893][T23041] loop4: detected capacity change from 0 to 2048
[  194.927804][T23041]  loop4: p3 < > p4 < >
[  194.932005][T23041] loop4: partition table partially beyond EOD, truncated
[  194.957067][T23041] loop4: p3 start 4284289 is beyond EOD, truncated
[  195.363081][T23084] loop9: detected capacity change from 0 to 256
[  195.480907][T23099] loop9: detected capacity change from 0 to 128
[  195.519985][T23099] bio_check_eod: 35 callbacks suppressed
[  195.520004][T23099] syz.9.6262: attempt to access beyond end of device
[  195.520004][T23099] loop9: rw=2049, sector=154, nr_sectors = 6 limit=128
[  195.539946][T23099] syz.9.6262: attempt to access beyond end of device
[  195.539946][T23099] loop9: rw=2049, sector=158, nr_sectors = 2 limit=128
[  195.553589][T23099] buffer_io_error: 21 callbacks suppressed
[  195.553606][T23099] Buffer I/O error on dev loop9, logical block 79, lost async page write
[  195.575988][T23099] syz.9.6262: attempt to access beyond end of device
[  195.575988][T23099] loop9: rw=2049, sector=160, nr_sectors = 2 limit=128
[  195.589460][T23099] Buffer I/O error on dev loop9, logical block 80, lost async page write
[  195.598351][T23099] syz.9.6262: attempt to access beyond end of device
[  195.598351][T23099] loop9: rw=2049, sector=162, nr_sectors = 6 limit=128
[  195.619293][T23099] syz.9.6262: attempt to access beyond end of device
[  195.619293][T23099] loop9: rw=2049, sector=166, nr_sectors = 2 limit=128
[  195.632887][T23099] Buffer I/O error on dev loop9, logical block 83, lost async page write
[  195.641425][T23099] syz.9.6262: attempt to access beyond end of device
[  195.641425][T23099] loop9: rw=2049, sector=168, nr_sectors = 2 limit=128
[  195.654876][T23099] Buffer I/O error on dev loop9, logical block 84, lost async page write
[  195.666987][T23099] syz.9.6262: attempt to access beyond end of device
[  195.666987][T23099] loop9: rw=2049, sector=186, nr_sectors = 6 limit=128
[  195.697186][T23099] syz.9.6262: attempt to access beyond end of device
[  195.697186][T23099] loop9: rw=2049, sector=190, nr_sectors = 2 limit=128
[  195.710671][T23099] Buffer I/O error on dev loop9, logical block 95, lost async page write
[  195.737066][T23099] syz.9.6262: attempt to access beyond end of device
[  195.737066][T23099] loop9: rw=2049, sector=192, nr_sectors = 2 limit=128
[  195.750583][T23099] Buffer I/O error on dev loop9, logical block 96, lost async page write
[  195.787093][T23099] syz.9.6262: attempt to access beyond end of device
[  195.787093][T23099] loop9: rw=2049, sector=194, nr_sectors = 6 limit=128
[  195.817294][T23099] Buffer I/O error on dev loop9, logical block 99, lost async page write
[  195.825874][T23099] Buffer I/O error on dev loop9, logical block 100, lost async page write
[  195.835914][T23099] Buffer I/O error on dev loop9, logical block 111, lost async page write
[  195.845390][T23099] Buffer I/O error on dev loop9, logical block 112, lost async page write
[  196.009088][T23141] atomic_op ffff888128418528 conn xmit_atomic 0000000000000000
[  196.366534][T23147] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6266'.
[  196.396367][T23153] netlink: 48 bytes leftover after parsing attributes in process `syz.7.6264'.
[  206.724089][   T29] kauditd_printk_skb: 100 callbacks suppressed
[  206.724105][   T29] audit: type=1400 audit(2000002658.903:9128): avc:  denied  { create } for  pid=23156 comm="syz.4.6268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  206.818452][   T29] audit: type=1400 audit(2000002658.923:9129): avc:  denied  { map_create } for  pid=23155 comm="syz.8.6271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  206.822619][T23165] loop7: detected capacity change from 0 to 128
[  206.838082][   T29] audit: type=1400 audit(2000002658.923:9130): avc:  denied  { bpf } for  pid=23155 comm="syz.8.6271" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  206.838110][   T29] audit: type=1400 audit(2000002658.923:9131): avc:  denied  { map_read map_write } for  pid=23155 comm="syz.8.6271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  206.885108][   T29] audit: type=1400 audit(2000002658.933:9132): avc:  denied  { prog_load } for  pid=23158 comm="syz.7.6281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  206.904522][   T29] audit: type=1400 audit(2000002658.933:9133): avc:  denied  { perfmon } for  pid=23158 comm="syz.7.6281" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  206.925539][   T29] audit: type=1400 audit(2000002658.933:9134): avc:  denied  { prog_run } for  pid=23158 comm="syz.7.6281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  206.944632][   T29] audit: type=1400 audit(2000002658.933:9135): avc:  denied  { execmem } for  pid=23154 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  206.964407][   T29] audit: type=1400 audit(2000002658.943:9136): avc:  denied  { map_create } for  pid=23156 comm="syz.4.6268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  206.983935][   T29] audit: type=1400 audit(2000002658.943:9137): avc:  denied  { map_read map_write } for  pid=23156 comm="syz.4.6268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  207.103660][T23165] bio_check_eod: 32 callbacks suppressed
[  207.103678][T23165] syz.7.6285: attempt to access beyond end of device
[  207.103678][T23165] loop7: rw=2049, sector=154, nr_sectors = 6 limit=128
[  207.141528][T23165] syz.7.6285: attempt to access beyond end of device
[  207.141528][T23165] loop7: rw=2049, sector=158, nr_sectors = 2 limit=128
[  207.155232][T23165] buffer_io_error: 18 callbacks suppressed
[  207.155249][T23165] Buffer I/O error on dev loop7, logical block 79, lost async page write
[  207.200392][T23165] syz.7.6285: attempt to access beyond end of device
[  207.200392][T23165] loop7: rw=2049, sector=160, nr_sectors = 2 limit=128
[  207.214571][T23165] Buffer I/O error on dev loop7, logical block 80, lost async page write
[  207.242771][T23165] syz.7.6285: attempt to access beyond end of device
[  207.242771][T23165] loop7: rw=2049, sector=162, nr_sectors = 6 limit=128
[  207.257669][T23165] syz.7.6285: attempt to access beyond end of device
[  207.257669][T23165] loop7: rw=2049, sector=166, nr_sectors = 2 limit=128
[  207.271139][T23165] Buffer I/O error on dev loop7, logical block 83, lost async page write
[  207.280302][T23165] syz.7.6285: attempt to access beyond end of device
[  207.280302][T23165] loop7: rw=2049, sector=168, nr_sectors = 2 limit=128
[  207.293916][T23165] Buffer I/O error on dev loop7, logical block 84, lost async page write
[  207.303315][T23165] syz.7.6285: attempt to access beyond end of device
[  207.303315][T23165] loop7: rw=2049, sector=186, nr_sectors = 6 limit=128
[  207.317388][T23165] syz.7.6285: attempt to access beyond end of device
[  207.317388][T23165] loop7: rw=2049, sector=190, nr_sectors = 2 limit=128
[  207.330910][T23165] Buffer I/O error on dev loop7, logical block 95, lost async page write
[  207.340079][T23165] syz.7.6285: attempt to access beyond end of device
[  207.340079][T23165] loop7: rw=2049, sector=192, nr_sectors = 2 limit=128
[  207.353836][T23165] Buffer I/O error on dev loop7, logical block 96, lost async page write
[  207.363166][T23165] syz.7.6285: attempt to access beyond end of device
[  207.363166][T23165] loop7: rw=2049, sector=194, nr_sectors = 6 limit=128
[  207.377404][T23165] Buffer I/O error on dev loop7, logical block 99, lost async page write
[  207.386309][T23165] Buffer I/O error on dev loop7, logical block 100, lost async page write
[  207.396647][T23165] Buffer I/O error on dev loop7, logical block 111, lost async page write
[  207.405171][T23165] Buffer I/O error on dev loop7, logical block 112, lost async page write
[  207.461238][   T31] netdevsim netdevsim6 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  207.471056][   T31] netdevsim netdevsim6 eth3 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  207.501463][   T31] netdevsim netdevsim6 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  207.511877][   T31] netdevsim netdevsim6 eth2 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  207.526858][T23170] chnl_net:caif_netlink_parms(): no params data found
[  207.572065][   T31] netdevsim netdevsim6 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  207.581937][   T31] netdevsim netdevsim6 eth1 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  207.617445][T23309] atomic_op ffff88810ac9c128 conn xmit_atomic 0000000000000000
[  207.706574][   T31] netdevsim netdevsim6 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  207.716416][   T31] netdevsim netdevsim6 eth0 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  207.773460][T23170] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.780621][T23170] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.787883][T23170] bridge_slave_0: entered allmulticast mode
[  207.794467][T23170] bridge_slave_0: entered promiscuous mode
[  207.801379][T23170] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.808573][T23170] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.816188][T23170] bridge_slave_1: entered allmulticast mode
[  207.822737][T23170] bridge_slave_1: entered promiscuous mode
[  207.847984][T23170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.858308][T23170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  207.885258][T23170] team0: Port device team_slave_0 added
[  207.891883][T23170] team0: Port device team_slave_1 added
[  207.938547][   T31] .` (unregistering): (slave dummy0): Releasing backup interface
[  207.947378][   T31] .` (unregistering): Released all slaves
[  207.955098][   T31] bond1 (unregistering): (slave bond2): Releasing backup interface
[  207.963140][   T31] bond2 (unregistering): left promiscuous mode
[  207.969784][   T31] bond1 (unregistering): Released all slaves
[  207.978160][   T31] bond2 (unregistering): Released all slaves
[  207.996690][T23170] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.003641][T23170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.029776][T23170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.041111][T23170] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.048279][T23170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.074703][T23170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.101070][   T31] tipc: Disabling bearer <udp:£>
[  208.106142][   T31] tipc: Left network mode
[  208.108619][T23170] hsr_slave_0: entered promiscuous mode
[  208.116838][T23170] hsr_slave_1: entered promiscuous mode
[  208.122780][T23170] debugfs: 'hsr0' already exists in 'hsr'
[  208.128533][T23170] Cannot create hsr debugfs directory
[  208.136282][   T31] hsr_slave_0: left promiscuous mode
[  208.141998][   T31] hsr_slave_1: left promiscuous mode
[  208.337275][   T31] ------------[ cut here ]------------
[  208.344452][   T31] WARNING: CPU: 0 PID: 31 at net/ipv6/xfrm6_tunnel.c:341 xfrm6_tunnel_net_exit+0x91/0x100
[  208.354526][   T31] Modules linked in:
[  208.358435][   T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  208.369928][   T31] Tainted: [W]=WARN
[  208.373743][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  208.384098][   T31] Workqueue: netns cleanup_net
[  208.388986][   T31] RIP: 0010:xfrm6_tunnel_net_exit+0x91/0x100
[  208.394970][   T31] Code: 15 19 a5 fc 4b 83 3c 3e 00 75 19 e8 09 ac 89 fc 49 81 ff f8 07 00 00 74 1d e8 fb ab 89 fc 49 83 c7 08 eb d7 e8 f0 ab 89 fc 90 <0f> 0b 90 49 81 ff f8 07 00 00 75 e3 49 81 c6 00 08 00 00 31 db 49
[  208.414738][   T31] RSP: 0018:ffffc90000113c78 EFLAGS: 00010293
[  208.420906][   T31] RAX: ffffffff84cd9ed0 RBX: ffff88810b056000 RCX: ffff8881010d8000
[  208.428892][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888119506000
[  208.436927][   T31] RBP: ffffffff86c99390 R08: 0001ffff8684810f R09: 0000000000000000
[  208.445020][   T31] R10: ffffc90000113bf8 R11: 0001c90000113bf8 R12: ffffffff86c993b0
[  208.453128][   T31] R13: ffff88810b056028 R14: ffff888119506000 R15: 0000000000000000
[  208.461483][   T31] FS:  0000000000000000(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000
[  208.470795][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.477539][   T31] CR2: 00007ffdc8173dc8 CR3: 0000000006834000 CR4: 00000000003506f0
[  208.485574][   T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  208.493730][   T31] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  208.501824][   T31] Call Trace:
[  208.505133][   T31]  <TASK>
[  208.508185][   T31]  ops_undo_list+0x27b/0x410
[  208.512893][   T31]  cleanup_net+0x2f4/0x4f0
[  208.517418][   T31]  process_scheduled_works+0x4ce/0x9d0
[  208.522996][   T31]  worker_thread+0x582/0x770
[  208.527634][   T31]  kthread+0x489/0x510
[  208.531931][   T31]  ? finish_task_switch+0xad/0x2b0
[  208.537116][   T31]  ? __pfx_worker_thread+0x10/0x10
[  208.542349][   T31]  ? __pfx_kthread+0x10/0x10
[  208.547017][   T31]  ret_from_fork+0x122/0x1b0
[  208.551627][   T31]  ? __pfx_kthread+0x10/0x10
[  208.556425][   T31]  ret_from_fork_asm+0x1a/0x30
[  208.561725][   T31]  </TASK>
[  208.564820][   T31] ---[ end trace 0000000000000000 ]---
[  208.570892][   T31] ------------[ cut here ]------------
[  208.576345][   T31] WARNING: CPU: 0 PID: 31 at net/ipv6/xfrm6_tunnel.c:344 xfrm6_tunnel_net_exit+0xd5/0x100
[  208.586307][   T31] Modules linked in:
[  208.590243][   T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  208.601844][   T31] Tainted: [W]=WARN
[  208.605675][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  208.615937][   T31] Workqueue: netns cleanup_net
[  208.620922][   T31] RIP: 0010:xfrm6_tunnel_net_exit+0xd5/0x100
[  208.627009][   T31] Code: d1 18 a5 fc 49 83 3c 1e 00 75 19 e8 c5 ab 89 fc 48 81 fb f8 07 00 00 74 1d e8 b7 ab 89 fc 48 83 c3 08 eb d7 e8 ac ab 89 fc 90 <0f> 0b 90 48 81 fb f8 07 00 00 75 e3 e8 9a ab 89 fc 5b 41 5e 41 5f
[  208.646748][   T31] RSP: 0018:ffffc90000113c78 EFLAGS: 00010293
[  208.652801][   T31] RAX: ffffffff84cd9f14 RBX: 0000000000000008 RCX: ffff8881010d8000
[  208.660833][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888119506808
[  208.668906][   T31] RBP: ffffffff86c99390 R08: 0001ffff8684810f R09: 0000000000000000
[  208.676883][   T31] R10: ffffc90000113bf8 R11: 0001c90000113bf8 R12: ffffffff86c993b0
[  208.684975][   T31] R13: ffff88810b056028 R14: ffff888119506800 R15: 00000000000007f8
[  208.693042][   T31] FS:  0000000000000000(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000
[  208.702094][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.708750][   T31] CR2: 00007ffdc8173dc8 CR3: 0000000006834000 CR4: 00000000003506f0
[  208.716827][   T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  208.724860][   T31] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  208.732859][   T31] Call Trace:
[  208.736131][   T31]  <TASK>
[  208.739115][   T31]  ops_undo_list+0x27b/0x410
[  208.743701][   T31]  cleanup_net+0x2f4/0x4f0
[  208.748141][   T31]  process_scheduled_works+0x4ce/0x9d0
[  208.753778][   T31]  worker_thread+0x582/0x770
[  208.758394][   T31]  kthread+0x489/0x510
[  208.762453][   T31]  ? finish_task_switch+0xad/0x2b0
[  208.767610][   T31]  ? __pfx_worker_thread+0x10/0x10
[  208.772713][   T31]  ? __pfx_kthread+0x10/0x10
[  208.777316][   T31]  ret_from_fork+0x122/0x1b0
[  208.782097][   T31]  ? __pfx_kthread+0x10/0x10
[  208.786765][   T31]  ret_from_fork_asm+0x1a/0x30
[  208.791532][   T31]  </TASK>
[  208.794635][   T31] ---[ end trace 0000000000000000 ]---
[  208.814597][T23535] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6283'.
[  208.849160][   T31] ------------[ cut here ]------------
[  208.854763][   T31] WARNING: CPU: 0 PID: 31 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x179/0x1f0
[  208.864190][   T31] Modules linked in:
[  208.868201][   T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  208.871229][T23545] loop7: detected capacity change from 0 to 256
[  208.879972][   T31] Tainted: [W]=WARN
[  208.879982][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  208.879999][   T31] Workqueue: netns cleanup_net
[  208.906081][   T31] RIP: 0010:xfrm_state_fini+0x179/0x1f0
[  208.911816][   T31] Code: 48 8d bb 70 0e 00 00 e8 65 41 b7 fc 48 8b bb 70 0e 00 00 e8 c9 ee c3 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f8 e7 9b fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 ea e7 9b fc 90 0f 0b 90 4c 89 f7 e8 2e
[  208.931657][   T31] RSP: 0018:ffffc90000113c60 EFLAGS: 00010293
[  208.933977][T23538] netlink: 'syz.4.6298': attribute type 3 has an invalid length.
[  208.937935][   T31] RAX: ffffffff84bb62c8 RBX: ffff88810b056000 RCX: ffff8881010d8000
[  208.937954][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810b056e40
[  208.937967][   T31] RBP: ffffffff86c91080 R08: 0001ffff8684810f R09: 0000000000000000
[  208.937980][   T31] R10: ffffc90000113be8 R11: 0001c90000113be8 R12: ffffffff86c910a0
[  208.937994][   T31] R13: ffff88810b056028 R14: ffff88810b056e40 R15: ffff88810b056000
[  208.938012][   T31] FS:  0000000000000000(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000
[  208.938029][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  209.001877][   T31] CR2: 00007ff78cc67dac CR3: 0000000006834000 CR4: 00000000003506f0
[  209.009962][   T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  209.018040][   T31] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  209.026084][   T31] Call Trace:
[  209.029363][   T31]  <TASK>
[  209.032311][   T31]  xfrm_net_exit+0x2d/0x60
[  209.036989][   T31]  ops_undo_list+0x27b/0x410
[  209.041633][   T31]  cleanup_net+0x2f4/0x4f0
[  209.046155][   T31]  process_scheduled_works+0x4ce/0x9d0
[  209.052046][   T31]  worker_thread+0x582/0x770
[  209.056793][   T31]  kthread+0x489/0x510
[  209.061154][   T31]  ? finish_task_switch+0xad/0x2b0
[  209.066583][   T31]  ? __pfx_worker_thread+0x10/0x10
[  209.071952][   T31]  ? __pfx_kthread+0x10/0x10
[  209.076586][   T31]  ret_from_fork+0x122/0x1b0
[  209.081222][   T31]  ? __pfx_kthread+0x10/0x10
[  209.086048][   T31]  ret_from_fork_asm+0x1a/0x30
[  209.090815][   T31]  </TASK>
[  209.093819][   T31] ---[ end trace 0000000000000000 ]---
[  209.146424][T23563] loop4: detected capacity change from 0 to 128
[  209.165819][T23563] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  209.180257][T23563] ext4 filesystem being mounted at /1431/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  209.250122][T23170] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  209.258214][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  209.272646][T23170] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  209.294263][T23170] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  209.306891][T23170] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  209.343483][T23170] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.354628][T23170] 8021q: adding VLAN 0 to HW filter on device team0
[  209.363739][ T6450] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.370976][ T6450] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.381554][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.388630][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.441693][T23170] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.493164][T23170] veth0_vlan: entered promiscuous mode
[  209.500783][T23170] veth1_vlan: entered promiscuous mode
[  209.514669][T23170] veth0_macvtap: entered promiscuous mode
[  209.522762][T23170] veth1_macvtap: entered promiscuous mode
[  209.532904][T23170] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.543553][T23170] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.554131][ T6450] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.564127][ T6450] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.574533][ T6450] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.586541][ T6450] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.682735][T23631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6303'.
[  209.751497][T23645] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6326'.
[  209.847052][T23669] loop7: detected capacity change from 0 to 128
[  209.853495][T23666] loop4: detected capacity change from 0 to 128
[  209.856502][T23669] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  209.872332][T23669] ext4 filesystem being mounted at /325/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  209.937049][T15798] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  209.960553][T23679] loop7: detected capacity change from 0 to 164
[  209.976218][T23679] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  209.989825][T23679] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  209.998693][T23679] Symlink component flag not implemented
[  210.004337][T23679] Symlink component flag not implemented
[  210.010692][T23679] Symlink component flag not implemented (7)
[  210.016901][T23679] Symlink component flag not implemented (116)
[  210.056390][T23695] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6334'.
[  210.074619][T23696] netlink: 'syz.7.6335': attribute type 3 has an invalid length.
[  210.110546][T23706] loop9: detected capacity change from 0 to 128
[  210.252688][T23733] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  210.306821][T23738] loop0: detected capacity change from 0 to 128
[  210.502472][T23761] binfmt_misc: register: failed to install interpreter file ./file2
[  210.560327][T23769] loop7: detected capacity change from 0 to 1024
[  210.574237][T23769] EXT4-fs: Ignoring removed mblk_io_submit option
[  210.602088][T23769] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.688988][T15798] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.706827][T23803] loop8: detected capacity change from 0 to 256
[  210.710918][T23805] loop0: detected capacity change from 0 to 128
[  210.724336][T23805] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  210.738335][T23805] ext4 filesystem being mounted at /15/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  210.816154][T23170] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  210.840021][T23822] netlink: 'syz.9.6377': attribute type 3 has an invalid length.
[  211.055751][T23855] loop9: detected capacity change from 0 to 128
[  211.081455][T23855] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  211.098384][T23855] ext4 filesystem being mounted at /53/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  211.146284][T22267] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  211.160536][T23869] netlink: 'syz.8.6390': attribute type 3 has an invalid length.
[  211.163069][T23873] loop9: detected capacity change from 0 to 164
[  211.179144][T23873] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  211.192063][T23873] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  211.225486][T23873] Symlink component flag not implemented
[  211.231186][T23873] Symlink component flag not implemented
[  211.242113][T23873] Symlink component flag not implemented (7)
[  211.248234][T23873] Symlink component flag not implemented (116)
[  211.274283][T23885] loop4: detected capacity change from 0 to 128
[  211.400873][T23916] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  211.433377][T23920] loop4: detected capacity change from 0 to 164
[  211.440929][T23920] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  211.463850][T23920] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  211.474004][T23920] Symlink component flag not implemented
[  211.479703][T23920] Symlink component flag not implemented
[  211.486083][T23920] Symlink component flag not implemented (7)
[  211.492083][T23920] Symlink component flag not implemented (116)
[  211.535860][T23933] loop8: detected capacity change from 0 to 1024
[  211.544529][T23933] EXT4-fs: Ignoring removed mblk_io_submit option
[  211.578365][T23933] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.611404][T19829] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.607713][   T29] kauditd_printk_skb: 160 callbacks suppressed
[  212.607728][   T29] audit: type=1400 audit(2000002664.793:9298): avc:  denied  { create } for  pid=23949 comm="syz.7.6412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  212.654856][   T29] audit: type=1400 audit(2000002664.793:9299): avc:  denied  { write } for  pid=23949 comm="syz.7.6412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  212.674603][   T29] audit: type=1400 audit(2000002664.823:9300): avc:  denied  { kexec_image_load } for  pid=23948 comm="syz.8.6424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  212.704297][   T29] audit: type=1326 audit(2000002664.883:9301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.727956][   T29] audit: type=1326 audit(2000002664.883:9302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.751675][   T29] audit: type=1326 audit(2000002664.883:9303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.775207][   T29] audit: type=1326 audit(2000002664.883:9304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.799995][   T29] audit: type=1326 audit(2000002664.883:9305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.825810][   T29] audit: type=1326 audit(2000002664.933:9306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.849655][   T29] audit: type=1326 audit(2000002664.933:9307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23962 comm="syz.7.6413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc9a8f6c9 code=0x7ffc0000
[  212.941730][T23979] loop0: detected capacity change from 0 to 164
[  212.950769][T23979] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  212.972996][T23979] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  212.993625][T23979] Symlink component flag not implemented
[  212.999422][T23979] Symlink component flag not implemented
[  213.010979][T23986] loop9: detected capacity change from 0 to 1024
[  213.014842][T23979] Symlink component flag not implemented (7)
[  213.023378][T23979] Symlink component flag not implemented (116)
[  213.073543][T23995] loop7: detected capacity change from 0 to 164
[  213.085972][T23986] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.100786][T23997] loop0: detected capacity change from 0 to 1024
[  213.108352][T23995] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  213.122917][T23997] EXT4-fs: Ignoring removed mblk_io_submit option
[  213.129617][T23995] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  213.147765][T23995] Symlink component flag not implemented
[  213.153521][T23995] Symlink component flag not implemented
[  213.163562][T22267] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.172280][T23995] Symlink component flag not implemented (7)
[  213.174151][T23997] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.178757][T23995] Symlink component flag not implemented (116)
[  213.256038][T23170] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.367325][T24035] SELinux: failed to load policy
[  213.475413][T24042] netlink: 'syz.9.6445': attribute type 6 has an invalid length.
[  213.634755][T24061] netlink: 256 bytes leftover after parsing attributes in process `syz.8.6453'.
[  213.873770][T24098] ALSA: seq fatal error: cannot create timer (-19)
[  213.967718][T24105] 9pnet_fd: Insufficient options for proto=fd
[  214.481596][T24109] loop0: detected capacity change from 0 to 164
[  214.489526][T24109] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  214.501584][T24109] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  214.510218][T24109] Symlink component flag not implemented
[  214.516067][T24109] Symlink component flag not implemented
[  214.522014][T24109] Symlink component flag not implemented (7)
[  214.528052][T24109] Symlink component flag not implemented (116)
[  214.797202][T24172] ALSA: seq fatal error: cannot create timer (-19)
[  215.270064][T24239] netlink: 'syz.0.6524': attribute type 15 has an invalid length.
[  215.277996][T24239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6524'.
[  215.324047][T24239] netlink: 'syz.0.6524': attribute type 15 has an invalid length.
[  215.332011][T24239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6524'.
[  215.341379][T24246] loop9: detected capacity change from 0 to 1024
[  215.342017][ T6470] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  215.355215][T24246] EXT4-fs: Ignoring removed orlov option
[  215.365270][ T6470] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  215.375932][ T6470] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  215.398573][T24246] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.411588][ T6470] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  215.474924][T22267] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.582867][T24293] loop7: detected capacity change from 0 to 512
[  215.590746][T24293] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem
[  215.608965][T24293] EXT4-fs (loop7): orphan cleanup on readonly fs
[  215.617060][T24293] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.6546: bad orphan inode 15
[  215.627684][T24293] ext4_test_bit(bit=14, block=18) = 1
[  215.633120][T24293] is_bad_inode(inode)=0
[  215.637351][T24293] NEXT_ORPHAN(inode)=1023
[  215.641684][T24293] max_ino=32
[  215.644956][T24293] i_nlink=0
[  215.648328][T24293] EXT4-fs error (device loop7): ext4_xattr_delete_inode:2967: inode #15: comm syz.7.6546: corrupted xattr block 19: e_value size too large
[  215.662887][T24293] EXT4-fs warning (device loop7): ext4_evict_inode:274: xattr delete (err -117)
[  215.672819][T24293] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  215.698433][T15798] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.725721][T24313] loop7: detected capacity change from 0 to 1024
[  215.732881][T24313] EXT4-fs: Ignoring removed orlov option
[  215.746240][T24313] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.782937][T15798] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.807342][ T1034] hid_parser_main: 82 callbacks suppressed
[  215.807359][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.820638][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.828257][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.835758][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.843722][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.851243][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.858789][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.866299][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.873835][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.881396][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  215.889654][ T1034] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID vfffff0.01 Device [syz0] on syz1
[  215.893820][T24340] netlink: 96 bytes leftover after parsing attributes in process `syz.9.6560'.
[  216.286980][T24366] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6570'.
[  216.314391][T24368] SELinux: failed to load policy
[  216.685016][T24386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.710660][T24386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.862590][T24416] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6587'.
[  216.902074][T24422] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6589'.
[  216.975477][T24428] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6594'.
[  216.996599][T24428] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6594'.
[  217.229700][ T3404] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  217.324619][T24486] netem: incorrect ge model size
[  217.329618][T24486] netem: change failed
[  217.433764][T24496] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24496 comm=syz.0.6622
[  217.583407][T24508] loop4: detected capacity change from 0 to 764
[  217.593193][T24508] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  217.604687][T24515] netlink: 'syz.7.6638': attribute type 1 has an invalid length.
[  217.613341][T24508] Symlink component flag not implemented
[  217.641962][T24508] Symlink component flag not implemented (7)
[  217.750418][   T29] kauditd_printk_skb: 266 callbacks suppressed
[  217.750431][   T29] audit: type=1326 audit(2000002669.934:9574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.793709][   T29] audit: type=1326 audit(2000002669.974:9575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.817292][   T29] audit: type=1326 audit(2000002669.974:9576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.840865][   T29] audit: type=1326 audit(2000002669.974:9577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.864583][   T29] audit: type=1326 audit(2000002669.974:9578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.888258][   T29] audit: type=1326 audit(2000002669.974:9579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.911993][   T29] audit: type=1326 audit(2000002669.974:9580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.936597][   T29] audit: type=1326 audit(2000002670.104:9581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.960292][   T29] audit: type=1326 audit(2000002670.104:9582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  217.983867][   T29] audit: type=1326 audit(2000002670.104:9583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24532 comm="syz.0.6634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab4ecf6c9 code=0x7ffc0000
[  218.040618][T24575] loop9: detected capacity change from 0 to 1024
[  218.064714][T24575] EXT4-fs: Ignoring removed bh option
[  218.080290][T24575] EXT4-fs: inline encryption not supported
[  218.089240][T24575] EXT4-fs (loop9): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  218.132146][T24575] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  218.146024][T24575] EXT4-fs error (device loop9): ext4_map_blocks:778: inode #3: block 2: comm syz.9.6644: lblock 2 mapped to illegal pblock 2 (length 1)
[  218.181133][T24575] EXT4-fs error (device loop9): ext4_map_blocks:778: inode #3: block 48: comm syz.9.6644: lblock 0 mapped to illegal pblock 48 (length 1)
[  218.195527][T24575] EXT4-fs error (device loop9): ext4_acquire_dquot:6945: comm syz.9.6644: Failed to acquire dquot type 0
[  218.207658][T24575] EXT4-fs error (device loop9) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  218.225468][T24575] EXT4-fs error (device loop9): ext4_evict_inode:254: inode #11: comm syz.9.6644: mark_inode_dirty error
[  218.257776][T24575] EXT4-fs warning (device loop9): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  218.268116][T24575] EXT4-fs (loop9): 1 orphan inode deleted
[  218.274764][T24575] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.292092][ T6773] EXT4-fs error (device loop9): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:67: lblock 1 mapped to illegal pblock 1 (length 1)
[  218.298702][T24598] netlink: 'syz.4.6663': attribute type 1 has an invalid length.
[  218.322606][ T6773] EXT4-fs error (device loop9): ext4_release_dquot:6981: comm kworker/u8:67: Failed to release dquot type 0
[  218.344853][T24575] EXT4-fs (loop9): re-mounted 00000000-0000-0000-0000-000000000000.
[  218.376708][T22267] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.386378][T22267] EXT4-fs error (device loop9): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  218.398231][T24607] netlink: 'syz.8.6655': attribute type 1 has an invalid length.
[  218.399869][T22267] EXT4-fs error (device loop9) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  218.416582][T24607] 8021q: adding VLAN 0 to HW filter on device bond1
[  218.439775][T24607] bond1: (slave gretap1): making interface the new active one
[  218.448196][T24607] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  218.470924][T22267] EXT4-fs error (device loop9): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  218.484604][T24654] 9pnet: Unknown protocol version 9
[  218.495466][T24658] xt_limit: Overflow, try lower: 0/0
[  218.541277][T24668] loop9: detected capacity change from 0 to 1024
[  218.550115][T24668] EXT4-fs: Ignoring removed oldalloc option
[  218.556180][T24668] EXT4-fs: Ignoring removed bh option
[  218.580190][T24668] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.618213][T22267] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.647987][T24686] loop4: detected capacity change from 0 to 512
[  218.657230][T24686] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.6674: error while reading EA inode 32 err=-116
[  218.670213][T24686] EXT4-fs (loop4): Remounting filesystem read-only
[  218.677824][T24686] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  218.688881][T24686] EXT4-fs (loop4): 1 orphan inode deleted
[  218.695354][T24686] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.727152][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.785094][ T6773] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.839621][ T6773] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.900158][ T6773] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.968185][ T6773] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.097085][T24718] chnl_net:caif_netlink_parms(): no params data found
[  219.120378][ T6773] bridge_slave_1: left allmulticast mode
[  219.126349][ T6773] bridge_slave_1: left promiscuous mode
[  219.132160][ T6773] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.144262][ T6773] bridge_slave_0: left allmulticast mode
[  219.149955][ T6773] bridge_slave_0: left promiscuous mode
[  219.155728][ T6773] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.207307][T24875] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  219.231035][ T6773] bond1 (unregistering): (slave gretap1): Releasing active interface
[  219.254810][    T9] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [] on 
[  219.285749][ T6773] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  219.295821][ T6773] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  219.305481][ T6773] bond0 (unregistering): Released all slaves
[  219.313818][ T6773] bond1 (unregistering): Released all slaves
[  219.323907][T24887] netlink: 'syz.0.6695': attribute type 3 has an invalid length.
[  219.332120][T24887] netlink: 'syz.0.6695': attribute type 3 has an invalid length.
[  219.369354][ T6773] hsr_slave_0: left promiscuous mode
[  219.381723][ T6773] hsr_slave_1: left promiscuous mode
[  219.394130][ T6773] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.401762][ T6773] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.412300][ T6773] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.419784][ T6773] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.436669][ T6773] veth1_macvtap: left promiscuous mode
[  219.449328][ T6773] veth0_macvtap: left promiscuous mode
[  219.457331][ T6773] veth1_vlan: left promiscuous mode
[  219.464022][ T6773] veth0_vlan: left promiscuous mode
[  219.532584][ T6773] team0 (unregistering): Port device team_slave_1 removed
[  219.542243][ T6773] team0 (unregistering): Port device team_slave_0 removed
[  219.615235][T24927] sd 0:0:1:0: device reset
[  219.667550][T24718] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.674729][T24718] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.686267][T24718] bridge_slave_0: entered allmulticast mode
[  219.692752][T24718] bridge_slave_0: entered promiscuous mode
[  219.700157][T24718] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.707316][T24718] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.714865][T24718] bridge_slave_1: entered allmulticast mode
[  219.750199][T24718] bridge_slave_1: entered promiscuous mode
[  219.782658][T24718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.804101][T24718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.845253][T24718] team0: Port device team_slave_0 added
[  219.865176][T24718] team0: Port device team_slave_1 added
[  219.914949][T24718] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.921949][T24718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  219.947986][T24718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.978994][T24718] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.986064][T24718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  220.012167][T24718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.045004][T25032] loop4: detected capacity change from 0 to 4096
[  220.063227][T25032] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.175149][T24718] hsr_slave_0: entered promiscuous mode
[  220.194551][T24718] hsr_slave_1: entered promiscuous mode
[  220.480740][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.535518][T25167] netlink: 256 bytes leftover after parsing attributes in process `syz.7.6725'.
[  220.544784][T25167] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6725'.
[  220.584385][T25173] netlink: 'syz.0.6728': attribute type 7 has an invalid length.
[  220.592326][T25173] netlink: 'syz.0.6728': attribute type 7 has an invalid length.
[  220.639744][T24718] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  220.648769][T24718] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  220.661184][T24718] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  220.670487][T24718] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  220.716719][T24718] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.741506][T24718] 8021q: adding VLAN 0 to HW filter on device team0
[  220.757333][ T6455] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.764522][ T6455] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.778630][T25217] IPv6: NLM_F_CREATE should be specified when creating new route
[  220.785675][ T6455] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.793451][ T6455] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.814365][T24718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  220.824892][T24718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  220.901568][T25237] netlink: 68 bytes leftover after parsing attributes in process `syz.0.6744'.
[  220.913915][T24718] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.928637][T25237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6744'.
[  220.971848][T25237] team0 (unregistering): Port device team_slave_0 removed
[  220.989488][T25237] team0 (unregistering): Port device team_slave_1 removed
[  221.076726][T25312] sd 0:0:1:0: device reset
[  221.097406][T24718] veth0_vlan: entered promiscuous mode
[  221.116178][T24718] veth1_vlan: entered promiscuous mode
[  221.168237][T24718] veth0_macvtap: entered promiscuous mode
[  221.185512][T24718] veth1_macvtap: entered promiscuous mode
[  221.211888][T24718] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.226656][T24718] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.244564][   T31] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.268099][   T31] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.285586][ T6479] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.362594][ T6455] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.382541][T25342] loop7: detected capacity change from 0 to 128
[  221.479324][T25348] ==================================================================
[  221.487545][T25348] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty
[  221.495643][T25348] 
[  221.498069][T25348] write to 0xffff888119028d28 of 4 bytes by task 25342 on cpu 1:
[  221.505779][T25348]  __mark_inode_dirty+0x248/0x750
[  221.511175][T25348]  fat_update_time+0x1ec/0x200
[  221.516062][T25348]  touch_atime+0x148/0x340
[  221.520504][T25348]  filemap_splice_read+0x6ba/0x740
[  221.525651][T25348]  splice_direct_to_actor+0x26f/0x680
[  221.531124][T25348]  do_splice_direct+0xda/0x150
[  221.535898][T25348]  do_sendfile+0x380/0x650
[  221.540332][T25348]  __x64_sys_sendfile64+0x105/0x150
[  221.545739][T25348]  x64_sys_call+0x2bb4/0x3000
[  221.550429][T25348]  do_syscall_64+0xd2/0x200
[  221.555035][T25348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.560948][T25348] 
[  221.563356][T25348] read to 0xffff888119028d28 of 4 bytes by task 25348 on cpu 0:
[  221.571066][T25348]  __mark_inode_dirty+0x55/0x750
[  221.576221][T25348]  fat_update_time+0x1ec/0x200
[  221.580990][T25348]  touch_atime+0x148/0x340
[  221.586327][T25348]  filemap_splice_read+0x6ba/0x740
[  221.591545][T25348]  splice_direct_to_actor+0x26f/0x680
[  221.596936][T25348]  do_splice_direct+0xda/0x150
[  221.601716][T25348]  do_sendfile+0x380/0x650
[  221.606142][T25348]  __x64_sys_sendfile64+0x105/0x150
[  221.611348][T25348]  x64_sys_call+0x2bb4/0x3000
[  221.616208][T25348]  do_syscall_64+0xd2/0x200
[  221.620807][T25348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.626811][T25348] 
[  221.629126][T25348] value changed: 0x00000000 -> 0x00000070
[  221.634841][T25348] 
[  221.637150][T25348] Reported by Kernel Concurrency Sanitizer on:
[  221.643297][T25348] CPU: 0 UID: 0 PID: 25348 Comm: syz.7.6771 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  221.654786][T25348] Tainted: [W]=WARN
[  221.658595][T25348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  221.668646][T25348] ==================================================================
[  221.695111][T25356] IPv6: NLM_F_CREATE should be specified when creating new route
[  221.914299][T25348] bio_check_eod: 116 callbacks suppressed
[  221.914318][T25348] syz.7.6771: attempt to access beyond end of device
[  221.914318][T25348] loop7: rw=2049, sector=128, nr_sectors = 1 limit=128
[  221.933653][T25348] buffer_io_error: 74 callbacks suppressed
[  221.933670][T25348] Buffer I/O error on dev loop7, logical block 128, lost async page write
[  221.952699][T25342] syz.7.6771: attempt to access beyond end of device
[  221.952699][T25342] loop7: rw=2049, sector=128, nr_sectors = 1 limit=128
[  221.966204][T25342] Buffer I/O error on dev loop7, logical block 128, lost async page write