last executing test programs:

2m5.096202147s ago: executing program 4 (id=5):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_setup(0x9, &(0x7f0000000080)=<r0=>0x0)
r1 = eventfd2(0xfffffeff, 0x801)
io_submit(r0, 0x3, &(0x7f00000001c0)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, r1, 0x0, 0x0, 0xde, 0x0, 0x1, r1}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x7, r1, 0x0, 0x0, 0x7ff, 0x0, 0x1, r1}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0, 0x0, 0x3}])
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x0, &(0x7f0000000240)}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x0, &(0x7f0000000240)})
sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x4, 0x1, 0xa, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe)
shutdown(r2, 0x1)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='kmem_cache_free\x00', r4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000008c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000008c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x3000490, &(0x7f0000000380)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@bsdgroups}, {@auto_da_alloc}, {@jqfmt_vfsv1}, {@nouid32}, {@journal_dev={'journal_dev', 0x3d, 0x7}}, {@grpjquota}, {@usrjquota}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r6 = syz_clone(0x308000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000180)={0x2b, @multicast2, 0x4e23, 0x2, 'sh\x00', 0x30, 0x4, 0x65}, 0x2c) (async)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000180)={0x2b, @multicast2, 0x4e23, 0x2, 'sh\x00', 0x30, 0x4, 0x65}, 0x2c)
socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00'], 0x30}, 0x1, 0x0, 0x0, 0x20000044}, 0x800) (async)
sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00'], 0x30}, 0x1, 0x0, 0x0, 0x20000044}, 0x800)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r7, &(0x7f0000000040)={0x10000008}) (async)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r7, &(0x7f0000000040)={0x10000008})
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r7, &(0x7f0000000c40)) (async)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r7, &(0x7f0000000c40))

2m4.467668535s ago: executing program 4 (id=15):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0x3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r1, &(0x7f0000000600)=ANY=[@ANYBLOB="1c0000f500050200ff"], 0xfdef)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x2b8, 0x0, 0x19, 0x0, 0x140, 0x0, 0x220, 0x1f0, 0x1f0, 0x220, 0x1f0, 0x3, 0x0, {[{{@uncond, 0x0, 0xe0, 0x140, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@limit={{0x48}, {0x0, 0x2}}, @inet=@rpfilter={{0x28}, {0x4}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x1]}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x1], 0x0, 0x3}}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x318)
syz_emit_ethernet(0x52, &(0x7f0000000280)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @empty, @val={@val={0x88a8, 0x4}, {0x8100, 0x2}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xa, 0x0, 0x0, 0x0, 0xfffc, {[@md5sig={0x13, 0x12, "41e35911e54143e31e41c0b652d0feea"}]}}}}}}}, 0x0)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wg2\x00', <r5=>0x0})
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000880)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r4, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000100000000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r5], 0x22c}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x90082, 0x0)
ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454c9, 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = socket$inet6(0xa, 0x3, 0x3c)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000880)='./cgroup.net/syz1\x00', 0x200002, 0x0)
setsockopt$inet6_IPV6_RTHDR(r7, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="000202"], 0x18)

2m2.035060356s ago: executing program 4 (id=31):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
syz_open_dev$sg(0x0, 0x0, 0x5)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x15}, 0x10)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000000306010800000000000000000600000705000100070000000500010007000000050001000700000005000100070000000900020073797a3000000000050001000700000005000100070000000900020073797a30000000000900020073797a30000000000900020073797a31"], 0x74}, 0x1, 0x0, 0x0, 0x80c1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, 0x0, r4, r4, 0x0)
keyctl$KEYCTL_MOVE(0x4, r3, r3, 0x0, 0x0)

2m2.029203806s ago: executing program 32 (id=31):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
syz_open_dev$sg(0x0, 0x0, 0x5)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x15}, 0x10)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000000306010800000000000000000600000705000100070000000500010007000000050001000700000005000100070000000900020073797a3000000000050001000700000005000100070000000900020073797a30000000000900020073797a30000000000900020073797a31"], 0x74}, 0x1, 0x0, 0x0, 0x80c1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, 0x0, r4, r4, 0x0)
keyctl$KEYCTL_MOVE(0x4, r3, r3, 0x0, 0x0)

1.576887858s ago: executing program 2 (id=2455):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000200), &(0x7f0000000400)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
read$char_usb(0xffffffffffffffff, &(0x7f0000000f00)=""/120, 0x78)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_BULK(r2, 0x5523, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0xa002a008})
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5522, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)

1.575878518s ago: executing program 1 (id=2465):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000040)={0x1, 'veth1_vlan\x00', {}, 0x1ff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r2, 0x0, 0x117}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

1.536955929s ago: executing program 1 (id=2456):
r0 = socket$nl_route(0x10, 0x3, 0x0)
dup(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000240)={'IDLETIMER\x00'}, &(0x7f0000000300)=0x1e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
io_setup(0x8, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x5c, 0x2, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x28}]}]}, 0x5c}}, 0x80)
syz_open_procfs(0x0, &(0x7f0000000800)='net/ip_vs_stats\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x20080010)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
socket(0x2000000000000021, 0x2, 0x10000000000002)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x80, 0x0)

1.45198857s ago: executing program 1 (id=2457):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = timerfd_create(0x0, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/33, 0x21}], 0x1)
preadv(r1, &(0x7f0000000240)=[{&(0x7f00000002c0)=""/90, 0x5a}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000340)=""/238, 0xee}, {&(0x7f0000000440)=""/159, 0x9f}], 0x4, 0x3, 0xfffffffc)
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r4, &(0x7f0000000180)='./bus\x00', 0x0)
renameat2(r4, &(0x7f0000000380)='./file0\x00', r4, &(0x7f0000000200)='./bus/file0\x00', 0x0)

1.125287904s ago: executing program 3 (id=2466):
r0 = socket$nl_route(0x10, 0x3, 0x0)
dup(r0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000240)={'IDLETIMER\x00'}, &(0x7f0000000300)=0x1e)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x5c, 0x2, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_PORT_TO={0x6}]}]}, 0x5c}}, 0x80)

1.072889685s ago: executing program 3 (id=2470):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x802)
r1 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = timerfd_create(0x0, 0x0)
readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/33, 0x21}], 0x1)

707.096721ms ago: executing program 2 (id=2478):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18)
syz_clone3(&(0x7f0000000600)={0x4040680, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0x0], 0x1}, 0x58)

679.892721ms ago: executing program 2 (id=2479):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r3, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0)

632.550901ms ago: executing program 1 (id=2480):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x3, 0x8)
setsockopt$inet_int(r2, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)
r3 = socket$inet(0x2, 0x3, 0x6)
r4 = dup3(r2, r3, 0x0)
setsockopt$inet_int(r4, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)

559.699662ms ago: executing program 1 (id=2483):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

549.942303ms ago: executing program 2 (id=2485):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000200), &(0x7f0000000400)}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f0000000180)=""/4, 0x4, <r1=>0x0, &(0x7f0000000280)=""/95, 0x5f}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/kexec_crash_loaded', 0x0, 0x0)
read$char_usb(r4, &(0x7f0000000f00)=""/120, 0x78)
r5 = syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r6, 0x5522)
ioctl$USBDEVFS_BULK(r6, 0x5523, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r8 = epoll_create1(0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
close(r9)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
setsockopt$sock_int(r9, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r9, &(0x7f0000000080)={0xa002a008})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x5522, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522)
ioctl$USBDEVFS_SETINTERFACE(r5, 0x80045510, &(0x7f0000000000))
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000340)=@req={0x8, 0x5, 0x0, 0x2}, 0x10)

534.750583ms ago: executing program 1 (id=2487):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x43)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000000), 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/address_bits', 0x0, 0x0)
unshare(0x24020400)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x1}, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r3}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r5}, 0x10)
close(r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000004, 0x50032, r1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x6000000)

445.451284ms ago: executing program 2 (id=2490):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60680, 0x0)
r1 = epoll_create(0x4)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x6be53a9e97bb733e, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=ANY=[], 0x4c}}, 0x8000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r5, 0x0, 0x80000}, 0x18)
r6 = io_uring_setup(0x1694, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10)
socket$key(0xf, 0x3, 0x2)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
socket(0x29, 0x2e19621493e5494a, 0xb32)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006000000050005000200000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000280)='rxrpc_rx_lose\x00', r9, 0x0, 0xfffffffffffffff7}, 0x18)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a400000000205000300020000000900020073797a310000000005000100070000005975192da26ef530a98d26af65b277884f9bd56a1d45840077e8b751bd4a56f5e6bc48d3a07ea2e1f8893b355a6688f9bcba8b0ff34fa839692f4fb58014088752664c69f6e1eef91747e4a894142e892dd7a5e7a66a7566cb9661117a8545e2887adf3dae545f65bfd7a64309ed7d63937df834e3924b3a38d6df06eae1e388a6f6676095278eb5a7149ec41dbe8a6f6db5aa0939d03b410ddac26d591feb1abfaff0e378708a26c1db5c12101e2e349ce5e4927dfcada05885e7b529ba2e4e8d329c7a17365333295a301c2d0d63ee60ae0f268e58b84d9d26dcce4e247ebbc8cbad97f8"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x3, 0x0, 0x0, 0x0, 0x82, 0x5, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={&(0x7f0000000080)}, 0x400, 0x1, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x4000000000000, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000010000000000008000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703592bb7478fd8850000002e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x12, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendfile(0xffffffffffffffff, r0, 0x0, 0x110003)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b000000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b702000003000200850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

444.950074ms ago: executing program 2 (id=2491):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = timerfd_create(0x0, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/33, 0x21}], 0x1)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000002c0)=""/90, 0x5a}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000340)=""/238, 0xee}, {&(0x7f0000000440)=""/159, 0x9f}], 0x4, 0x3, 0xfffffffc)
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000180)='./bus\x00', 0x0)
renameat2(r2, &(0x7f0000000380)='./file0\x00', r2, &(0x7f0000000200)='./bus/file0\x00', 0x0)

291.438246ms ago: executing program 0 (id=2495):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000100b7080000000000007b8af8ff00000000bfa200000000004c0e020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)

281.818536ms ago: executing program 0 (id=2497):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

265.444106ms ago: executing program 5 (id=2498):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x3, 0x8)
setsockopt$inet_int(r2, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)
r3 = socket$inet(0x2, 0x3, 0x6)
r4 = dup3(r2, r3, 0x0)
setsockopt$inet_int(r4, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)

255.625396ms ago: executing program 0 (id=2499):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
migrate_pages(0x0, 0x10, &(0x7f00000005c0)=0x77b4, &(0x7f0000000600)=0x7)

235.334917ms ago: executing program 5 (id=2500):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000200), &(0x7f0000000400)}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f0000000180)=""/4, 0x4, <r1=>0x0, &(0x7f0000000280)=""/95, 0x5f}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/kexec_crash_loaded', 0x0, 0x0)
read$char_usb(r4, &(0x7f0000000f00)=""/120, 0x78)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r6 = syz_open_dev$usbfs(0x0, 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r6, 0x5522)
ioctl$USBDEVFS_BULK(r6, 0x5523, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r8 = epoll_create1(0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
close(r9)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
setsockopt$sock_int(r9, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r9, &(0x7f0000000080)={0xa002a008})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x5522, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522)
ioctl$USBDEVFS_SETINTERFACE(r5, 0x80045510, &(0x7f0000000000))
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000340)=@req={0x8, 0x5, 0x0, 0x2}, 0x10)

234.976237ms ago: executing program 0 (id=2501):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r4 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r4, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240020005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1)
r5 = fcntl$dupfd(r3, 0x0, r3)
write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @time={0x9e, 0xbdaf}, {0x3}, {0x5}, @control={0x4, 0x4, 0x4}}, {0x3, 0x4, 0x0, 0x0, @time={0x200040, 0x74e4}, {}, {}, @ext={0x0, 0x0}}], 0x38)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r6, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', <r7=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r7}, 0x14)

224.376577ms ago: executing program 5 (id=2502):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r3, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0)

219.777547ms ago: executing program 3 (id=2503):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000040)={0x1, 'veth1_vlan\x00', {}, 0x1ff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

185.282577ms ago: executing program 3 (id=2504):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x6}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="8800000000010904000000000000000002000000240001801400018008000100e000800208000200000000000c00028005000100000000002400028014000180080001007f00000108000200e00000010c0002800500010000000000080007400000000024000e801400018008000100ac1414bb08000200640101000c000280050001"], 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x5, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@initr0]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, 0x0, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60010700004d1100fc010000000000000000000000000000ff02000000000000000000000000000100000e22004d90"], 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18}, './file0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x1008a, &(0x7f00000000c0)={[{@nomblk_io_submit}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@mblk_io_submit}, {@grpjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@jqfmt_vfsv1}]}, 0xfe, 0x455, &(0x7f0000000fc0)="$eJzs3M9PHFUcAPDv7rJQ2iJY649iq2g1En9AoT/swUuNJh40MdFDjScE2mC3xRRMbEMUPeDRNPFuPJr4F3ixXox6MvGqd2NCDBerpzWzO0O3sAssLGx1P59k4L19b/Ped2be7ts3OxtAxxpK/uQiDkbErxHRX83eWWGo+u/WysLk3ysLk7kol9/4M1ep99fKwmRWNXvegWqmXN6g3aW3IyZKpemraX50/vJ7o3PXrj83c3ni4vTF6SvjZ8+eOnms+8z46ZbE2Zf0dfDD2aNHXnnrxmuT52+88+PXSX8PpuW1cbTKUHXv1vVkqxtrs76adK6rjR2hKYWISA5XsTL++6MQvatl/fHyJ23tHLCryuV8uadx8WIZ+B9LJupAJ8re6JPPv9m2R1OPu8LyuVhdx7iVbtWSrsindYrpZ6TdMBQR5xf/+SLZYpfWIQAAat08FxHP1pv/5eOBmnr3pNeGBiLi3og4FBH3RcThiLg/olL3wYh4qMn2114hWT//KfdvK7AtSuZ/L6TXtu6c/2WzvxgopLm+SvzF3IWZ0vSJdJ8MR7EnyY9t0MZ3L/3yWaOy2vlfsiXtZ3PBtB9/dK1ZoJuamJ/YScy1lj+OGOyqF39udc6bzI+PRMTgNtuYefqro43KNo9/Ay2YlJe/jHiqevwXY038mVzD65Njz58ZPz26L0rTJ0azs2K9n35eer1R+zuKvwWWb5Zjf93zfzX+gdy+iLlr1y9VrtfONd/G0m+fNvxMs93zvzv3ZiXdnT72wcT8/NWxiO7cq+sfH7/93Cyf1U/O/+Hj9cf/obi9Jx6OiOQkPhYRj0TEo2nfH4uIxyPi+Abx//DiE+82H/8Gq/ItlMQ/tdnxj9rj33yicOn7b5qPP5Mc/1OV1HD6yFZe/7bawZ3sOwAAAPivyFe+A5/Lj6ym8/mRkep3+A/H/nxpdm7+mQuz71+Zqn5XfiCK+Wylq79mPXQsXRvO8uNr8ifTdePPC72V/MjkbGmq3cFDhzvQYPwnfi+0u3fArnO/FnQu4x86l/EPncv4h85l/EPnqjf+P2pDP4C9t8n7f+9e9QPYe+b/0LmMf+hcxj90pIb3xud3dMu/RJsS33bv7Lcatp6I/F0S8q4neiNiL9oqRjXRExE1RV1b/jGLbSZ66ha1+5UJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4NAAD//xwt370=")
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
creat(0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa1000000000000070100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r6, 0x0, 0x0}, 0x10)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000280)={0x8, &(0x7f0000000240)=[{0x4, 0x8, 0xd, 0x80000000}, {0x7e8b, 0x9d, 0xa5, 0x800}, {0x0, 0x5, 0x7, 0x9}, {0x65f0, 0x4, 0x80, 0x9}, {0xf, 0x1, 0xc, 0x1}, {0x3, 0x67, 0x6, 0x8}, {0x5673, 0x2, 0x1c, 0xffffffff}, {0x2, 0x7, 0x5, 0x5}]})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a421, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x1, 0x84}}}, 0x3c}}, 0x20050800)

154.144698ms ago: executing program 0 (id=2505):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x82, 0x3}, 0x10)
bind$tipc(r0, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88)

136.889088ms ago: executing program 3 (id=2506):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_clone3(&(0x7f0000000600)={0x4040680, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0x0], 0x1}, 0x58)

107.277988ms ago: executing program 0 (id=2507):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000200), &(0x7f0000000400)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
read$char_usb(0xffffffffffffffff, &(0x7f0000000f00)=""/120, 0x78)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0xa002a008})
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5522, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)

106.518979ms ago: executing program 3 (id=2508):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x923, 0x80080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x105d30, 0x7f, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r1}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x5, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r2, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000404f0300000000000000010902020000000000000004005fc325641fe7eb93050102012205000905810310000c0a00"], 0x0)
r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
r4 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x0, 0x0, 0x207}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000080)=[{0x0}], 0x1})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x0})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000240)={0x2, &(0x7f0000000040)=[{0x30, 0x7f, 0x86, 0xfffff014}, {0x6, 0xfd, 0x0, 0xffffffff}]})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x307)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000840)=[{0x20, 0x0, 0x1, 0xfffff028}, {0x6}]})
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/timers\x00', 0x0, 0x0)
close(r7)

83.662779ms ago: executing program 5 (id=2509):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

63.643319ms ago: executing program 5 (id=2510):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x80)

0s ago: executing program 5 (id=2511):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r3, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0)

kernel console output (not intermixed with test programs):

9 code=0x7ffc0000
[  122.832167][   T29] audit: type=1326 audit(1747874927.810:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7333 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  122.856160][   T29] audit: type=1326 audit(1747874927.810:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7333 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  122.879734][   T29] audit: type=1326 audit(1747874927.810:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7333 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  122.905434][ T7344] SELinux:  policydb table sizes (0,0) do not match mine (6,7)
[  122.914338][ T7342] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1289'.
[  122.931884][ T7344] SELinux: failed to load policy
[  122.938021][ T7344] FAULT_INJECTION: forcing a failure.
[  122.938021][ T7344] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.951354][ T7344] CPU: 0 UID: 0 PID: 7344 Comm: syz.5.1290 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  122.951392][ T7344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  122.951404][ T7344] Call Trace:
[  122.951410][ T7344]  <TASK>
[  122.951417][ T7344]  __dump_stack+0x1d/0x30
[  122.951438][ T7344]  dump_stack_lvl+0xe8/0x140
[  122.951475][ T7344]  dump_stack+0x15/0x1b
[  122.951497][ T7344]  should_fail_ex+0x265/0x280
[  122.951549][ T7344]  should_fail+0xb/0x20
[  122.951655][ T7344]  should_fail_usercopy+0x1a/0x20
[  122.951682][ T7344]  _copy_from_user+0x1c/0xb0
[  122.951762][ T7344]  kstrtouint_from_user+0x69/0xf0
[  122.951841][ T7344]  ? avc_policy_seqno+0x15/0x30
[  122.951869][ T7344]  proc_fail_nth_write+0x50/0x160
[  122.951905][ T7344]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  122.951931][ T7344]  vfs_write+0x266/0x8d0
[  122.951956][ T7344]  ? vfs_read+0x47f/0x6f0
[  122.952021][ T7344]  ? __rcu_read_unlock+0x4f/0x70
[  122.952051][ T7344]  ? __fget_files+0x184/0x1c0
[  122.952152][ T7344]  ksys_write+0xda/0x1a0
[  122.952189][ T7344]  __x64_sys_write+0x40/0x50
[  122.952217][ T7344]  x64_sys_call+0x2cdd/0x2fb0
[  122.952239][ T7344]  do_syscall_64+0xd0/0x1a0
[  122.952307][ T7344]  ? clear_bhb_loop+0x40/0x90
[  122.952415][ T7344]  ? clear_bhb_loop+0x40/0x90
[  122.952444][ T7344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.952472][ T7344] RIP: 0033:0x7f6956c4d41f
[  122.952497][ T7344] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.952558][ T7344] RSP: 002b:00007f69552b7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.952587][ T7344] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6956c4d41f
[  122.952608][ T7344] RDX: 0000000000000001 RSI: 00007f69552b70a0 RDI: 0000000000000004
[  122.952621][ T7344] RBP: 00007f69552b7090 R08: 0000000000000000 R09: 0000000000000000
[  122.952633][ T7344] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  122.952644][ T7344] R13: 0000000000000000 R14: 00007f6956e75fa0 R15: 00007fff4706b218
[  122.952686][ T7344]  </TASK>
[  123.275278][   T29] audit: type=1400 audit(1747874928.350:2522): avc:  denied  { map } for  pid=7354 comm="syz.0.1294" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  123.300933][ T7355] vhci_hcd: invalid port number 96
[  123.306217][ T7355] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  123.425688][   T29] audit: type=1326 audit(1747874928.500:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7368 comm="syz.5.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6956c4e969 code=0x7ffc0000
[  123.535113][ T7375] loop1: detected capacity change from 0 to 128
[  123.576046][   T29] audit: type=1326 audit(1747874928.530:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7368 comm="syz.5.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f6956c4e969 code=0x7ffc0000
[  123.600150][   T29] audit: type=1326 audit(1747874928.530:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7368 comm="syz.5.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6956c4e969 code=0x7ffc0000
[  123.667555][ T7375] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  123.738592][ T7375] ext4 filesystem being mounted at /262/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  123.808991][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  123.822055][   T29] audit: type=1400 audit(1747874928.870:2526): avc:  denied  { getopt } for  pid=7383 comm="syz.5.1304" lport=50735 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  123.859454][ T7386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.871162][ T7386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.954783][ T7388] vhci_hcd: invalid port number 96
[  123.959956][ T7388] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  124.085692][ T7407] loop1: detected capacity change from 0 to 512
[  124.115268][ T7407] EXT4-fs: Mount option(s) incompatible with ext3
[  124.244499][ T7407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1313'.
[  124.292290][ T7420] vhci_hcd: invalid port number 96
[  124.297465][ T7420] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  124.386670][ T7436] loop5: detected capacity change from 0 to 128
[  124.396060][ T7429] vhci_hcd: invalid port number 96
[  124.401245][ T7429] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  124.429434][ T7436] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  124.449426][ T7440] ip6t_srh: unknown srh invflags 7D00
[  124.456878][ T7440] sch_fq: defrate 0 ignored.
[  124.479887][ T7436] ext4 filesystem being mounted at /272/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  124.512527][ T7444] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  124.570089][ T3568] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  124.642280][ T7454] vhci_hcd: invalid port number 96
[  124.647546][ T7454] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  124.691726][ T7462] netlink: 'syz.3.1336': attribute type 1 has an invalid length.
[  124.716336][ T7464] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  124.755068][ T7466] loop2: detected capacity change from 0 to 512
[  124.762164][ T7466] EXT4-fs: Ignoring removed nomblk_io_submit option
[  124.773834][ T7466] EXT4-fs: Ignoring removed mblk_io_submit option
[  124.791062][ T7466] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  124.801655][ T7466] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  124.820230][ T7466] EXT4-fs (loop2): 1 truncate cleaned up
[  124.829740][ T7466] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.848687][ T7472] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  124.897802][ T7474] FAULT_INJECTION: forcing a failure.
[  124.897802][ T7474] name failslab, interval 1, probability 0, space 0, times 0
[  124.910569][ T7474] CPU: 0 UID: 0 PID: 7474 Comm: syz.5.1341 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  124.910610][ T7474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  124.910627][ T7474] Call Trace:
[  124.910634][ T7474]  <TASK>
[  124.910641][ T7474]  __dump_stack+0x1d/0x30
[  124.910684][ T7474]  dump_stack_lvl+0xe8/0x140
[  124.910710][ T7474]  dump_stack+0x15/0x1b
[  124.910746][ T7474]  should_fail_ex+0x265/0x280
[  124.910791][ T7474]  ? flow_change+0x1bf/0xc80
[  124.910821][ T7474]  should_failslab+0x8c/0xb0
[  124.910859][ T7474]  __kmalloc_cache_noprof+0x4c/0x320
[  124.910960][ T7474]  flow_change+0x1bf/0xc80
[  124.910980][ T7474]  ? flow_init+0x31/0x80
[  124.911047][ T7474]  ? __pfx_flow_change+0x10/0x10
[  124.911112][ T7474]  tc_new_tfilter+0xde4/0x10a0
[  124.911146][ T7474]  ? ns_capable+0x7d/0xb0
[  124.911174][ T7474]  ? __pfx_tc_new_tfilter+0x10/0x10
[  124.911201][ T7474]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  124.911263][ T7474]  netlink_rcv_skb+0x123/0x220
[  124.911324][ T7474]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  124.911356][ T7474]  rtnetlink_rcv+0x1c/0x30
[  124.911380][ T7474]  netlink_unicast+0x5a1/0x670
[  124.911427][ T7474]  netlink_sendmsg+0x58b/0x6b0
[  124.911489][ T7474]  ? __pfx_netlink_sendmsg+0x10/0x10
[  124.911599][ T7474]  __sock_sendmsg+0x145/0x180
[  124.911649][ T7474]  ____sys_sendmsg+0x31e/0x4e0
[  124.911680][ T7474]  ___sys_sendmsg+0x17b/0x1d0
[  124.911724][ T7474]  __x64_sys_sendmsg+0xd4/0x160
[  124.911759][ T7474]  x64_sys_call+0x2999/0x2fb0
[  124.911844][ T7474]  do_syscall_64+0xd0/0x1a0
[  124.911948][ T7474]  ? clear_bhb_loop+0x40/0x90
[  124.911977][ T7474]  ? clear_bhb_loop+0x40/0x90
[  124.912002][ T7474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.912024][ T7474] RIP: 0033:0x7f6956c4e969
[  124.912044][ T7474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.912137][ T7474] RSP: 002b:00007f69552b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  124.912158][ T7474] RAX: ffffffffffffffda RBX: 00007f6956e75fa0 RCX: 00007f6956c4e969
[  124.912175][ T7474] RDX: 0000000020040054 RSI: 0000200000006040 RDI: 0000000000000004
[  124.912192][ T7474] RBP: 00007f69552b7090 R08: 0000000000000000 R09: 0000000000000000
[  124.912209][ T7474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.912225][ T7474] R13: 0000000000000000 R14: 00007f6956e75fa0 R15: 00007fff4706b218
[  124.912245][ T7474]  </TASK>
[  125.162047][ T7466] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  125.184003][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.228245][ T7479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  125.236967][ T7479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  125.266317][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1344'.
[  125.275410][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1344'.
[  125.299457][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1344'.
[  125.337675][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1344'.
[  125.346619][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1344'.
[  125.420231][ T7490] vhci_hcd: invalid port number 96
[  125.425457][ T7490] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  125.489373][ T7499] netlink: 'syz.1.1350': attribute type 1 has an invalid length.
[  125.571871][ T7503] futex_wake_op: syz.2.1352 tries to shift op by -1; fix this program
[  125.572457][ T7506] loop5: detected capacity change from 0 to 512
[  125.587023][ T7506] EXT4-fs: Ignoring removed nomblk_io_submit option
[  125.606279][ T7506] EXT4-fs: Ignoring removed mblk_io_submit option
[  125.631966][ T7506] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  125.644611][ T7506] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  125.653759][ T7506] EXT4-fs (loop5): 1 truncate cleaned up
[  125.660257][ T7506] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.685612][ T7514] loop2: detected capacity change from 0 to 512
[  125.698424][ T7516] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  125.712337][ T7506] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  125.731764][ T3568] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.750112][ T7514] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  125.770419][ T7514] EXT4-fs (loop2): warning: maximal mount count reached, running e2fsck is recommended
[  125.780495][ T7521] SET target dimension over the limit!
[  125.790823][ T7514] EXT4-fs error (device loop2): ext4_orphan_get:1391: comm syz.2.1356: inode #15: comm syz.2.1356: iget: illegal inode #
[  125.851643][ T7514] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1356: couldn't read orphan inode 15 (err -117)
[  125.881232][ T7528] netlink: 'syz.1.1362': attribute type 1 has an invalid length.
[  125.901306][ T7514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.024045][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.246955][ T7562] netlink: 'syz.1.1375': attribute type 1 has an invalid length.
[  126.306137][ T7560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  126.337276][ T7560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  126.400577][ T7568] FAULT_INJECTION: forcing a failure.
[  126.400577][ T7568] name failslab, interval 1, probability 0, space 0, times 0
[  126.413521][ T7568] CPU: 1 UID: 0 PID: 7568 Comm: syz.3.1378 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  126.413616][ T7568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  126.413632][ T7568] Call Trace:
[  126.413656][ T7568]  <TASK>
[  126.413663][ T7568]  __dump_stack+0x1d/0x30
[  126.413686][ T7568]  dump_stack_lvl+0xe8/0x140
[  126.413706][ T7568]  dump_stack+0x15/0x1b
[  126.413728][ T7568]  should_fail_ex+0x265/0x280
[  126.413949][ T7568]  should_failslab+0x8c/0xb0
[  126.413991][ T7568]  kmem_cache_alloc_noprof+0x50/0x310
[  126.414012][ T7568]  ? getname_flags+0x80/0x3b0
[  126.414051][ T7568]  getname_flags+0x80/0x3b0
[  126.414151][ T7568]  __se_sys_move_mount+0x16d/0x440
[  126.414192][ T7568]  __x64_sys_move_mount+0x67/0x80
[  126.414229][ T7568]  x64_sys_call+0x1f00/0x2fb0
[  126.414255][ T7568]  do_syscall_64+0xd0/0x1a0
[  126.414418][ T7568]  ? clear_bhb_loop+0x40/0x90
[  126.414452][ T7568]  ? clear_bhb_loop+0x40/0x90
[  126.414542][ T7568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.414570][ T7568] RIP: 0033:0x7f827da9e969
[  126.414592][ T7568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.414617][ T7568] RSP: 002b:00007f827c107038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[  126.414644][ T7568] RAX: ffffffffffffffda RBX: 00007f827dcc5fa0 RCX: 00007f827da9e969
[  126.414710][ T7568] RDX: ffffffffffffff9c RSI: 0000200000000140 RDI: 0000000000000006
[  126.414727][ T7568] RBP: 00007f827c107090 R08: 0000000000000000 R09: 0000000000000000
[  126.414745][ T7568] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  126.414800][ T7568] R13: 0000000000000000 R14: 00007f827dcc5fa0 R15: 00007ffcf633c878
[  126.414828][ T7568]  </TASK>
[  126.579194][ T7574] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  126.660797][ T7580] futex_wake_op: syz.1.1384 tries to shift op by -1; fix this program
[  126.682860][ T1040] hid-generic 0000:0004:0000.0019: unknown main item tag 0x0
[  126.690351][ T1040] hid-generic 0000:0004:0000.0019: unknown main item tag 0x0
[  126.697932][ T1040] hid-generic 0000:0004:0000.0019: unknown main item tag 0x0
[  126.708137][ T1040] hid-generic 0000:0004:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  126.791099][ T7601] __nla_validate_parse: 7 callbacks suppressed
[  126.791120][ T7601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1391'.
[  126.811671][ T7605] dummy0: entered promiscuous mode
[  126.819473][ T7605] macsec1: entered allmulticast mode
[  126.824974][ T7605] dummy0: entered allmulticast mode
[  126.925585][ T7611] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  126.978724][ T7619] loop2: detected capacity change from 0 to 1024
[  126.985932][ T7619] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  126.997008][ T7619] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  127.012185][ T7619] JBD2: no valid journal superblock found
[  127.014204][ T7621] FAULT_INJECTION: forcing a failure.
[  127.014204][ T7621] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  127.017954][ T7619] EXT4-fs (loop2): Could not load journal inode
[  127.031093][ T7621] CPU: 1 UID: 0 PID: 7621 Comm: syz.0.1400 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  127.031132][ T7621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  127.031190][ T7621] Call Trace:
[  127.031197][ T7621]  <TASK>
[  127.031204][ T7621]  __dump_stack+0x1d/0x30
[  127.031227][ T7621]  dump_stack_lvl+0xe8/0x140
[  127.031263][ T7621]  dump_stack+0x15/0x1b
[  127.031286][ T7621]  should_fail_ex+0x265/0x280
[  127.031376][ T7621]  should_fail+0xb/0x20
[  127.031418][ T7621]  should_fail_usercopy+0x1a/0x20
[  127.031445][ T7621]  _copy_from_user+0x1c/0xb0
[  127.031477][ T7621]  kstrtouint_from_user+0x69/0xf0
[  127.031597][ T7621]  ? avc_policy_seqno+0x15/0x30
[  127.031625][ T7621]  proc_fail_nth_write+0x50/0x160
[  127.031731][ T7621]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  127.031776][ T7621]  vfs_write+0x266/0x8d0
[  127.031845][ T7621]  ? vfs_read+0x47f/0x6f0
[  127.031878][ T7621]  ? __rcu_read_unlock+0x4f/0x70
[  127.031972][ T7621]  ? __fget_files+0x184/0x1c0
[  127.032014][ T7621]  ksys_write+0xda/0x1a0
[  127.032052][ T7621]  __x64_sys_write+0x40/0x50
[  127.032101][ T7621]  x64_sys_call+0x2cdd/0x2fb0
[  127.032131][ T7621]  do_syscall_64+0xd0/0x1a0
[  127.032224][ T7621]  ? clear_bhb_loop+0x40/0x90
[  127.032254][ T7621]  ? clear_bhb_loop+0x40/0x90
[  127.032292][ T7621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.032320][ T7621] RIP: 0033:0x7fb563fdd41f
[  127.032340][ T7621] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  127.032436][ T7621] RSP: 002b:00007fb562647030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  127.032462][ T7621] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb563fdd41f
[  127.032516][ T7621] RDX: 0000000000000001 RSI: 00007fb5626470a0 RDI: 0000000000000004
[  127.032533][ T7621] RBP: 00007fb562647090 R08: 0000000000000000 R09: 0000000000000000
[  127.032549][ T7621] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  127.032566][ T7621] R13: 0000000000000000 R14: 00007fb564205fa0 R15: 00007ffef5997278
[  127.032591][ T7621]  </TASK>
[  127.066458][ T3544] hid-generic 0000:0004:0000.001A: unknown main item tag 0x0
[  127.255510][ T3544] hid-generic 0000:0004:0000.001A: unknown main item tag 0x0
[  127.263054][ T3544] hid-generic 0000:0004:0000.001A: unknown main item tag 0x0
[  127.271260][ T3544] hid-generic 0000:0004:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  127.352040][   T29] kauditd_printk_skb: 71 callbacks suppressed
[  127.352058][   T29] audit: type=1400 audit(1747874932.430:2598): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  127.400601][ T7648] netlink: 'syz.5.1410': attribute type 10 has an invalid length.
[  127.427603][ T7648] bridge0: port 3(team0) entered disabled state
[  127.435288][ T7648] team0: left allmulticast mode
[  127.440316][ T7648] team_slave_0: left allmulticast mode
[  127.445960][ T7648] team_slave_1: left allmulticast mode
[  127.451614][ T7648] team0: left promiscuous mode
[  127.456576][ T7648] team_slave_0: left promiscuous mode
[  127.462228][ T7648] team_slave_1: left promiscuous mode
[  127.467852][ T7648] bridge0: port 3(team0) entered disabled state
[  127.479885][ T7657] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  127.479885][ T7657]    program syz.2.1413 not setting count and/or reply_len properly
[  127.507190][ T7661] futex_wake_op: syz.3.1414 tries to shift op by -1; fix this program
[  127.537674][ T3544] hid-generic 0000:0004:0000.001B: unknown main item tag 0x0
[  127.545174][ T3544] hid-generic 0000:0004:0000.001B: unknown main item tag 0x0
[  127.552623][ T3544] hid-generic 0000:0004:0000.001B: unknown main item tag 0x0
[  127.561190][ T3544] hid-generic 0000:0004:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  127.589211][ T7666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  127.598025][ T7666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  127.616761][   T29] audit: type=1400 audit(1747874932.690:2599): avc:  denied  { ioctl } for  pid=7668 comm="syz.2.1418" path="socket:[19489]" dev="sockfs" ino=19489 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  127.641707][   T29] audit: type=1400 audit(1747874932.690:2600): avc:  denied  { name_connect } for  pid=7672 comm="syz.1.1417" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  127.989488][ T7677] FAULT_INJECTION: forcing a failure.
[  127.989488][ T7677] name failslab, interval 1, probability 0, space 0, times 0
[  128.002399][ T7677] CPU: 1 UID: 0 PID: 7677 Comm: syz.1.1420 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  128.002494][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  128.002506][ T7677] Call Trace:
[  128.002512][ T7677]  <TASK>
[  128.002519][ T7677]  __dump_stack+0x1d/0x30
[  128.002538][ T7677]  dump_stack_lvl+0xe8/0x140
[  128.002556][ T7677]  dump_stack+0x15/0x1b
[  128.002611][ T7677]  should_fail_ex+0x265/0x280
[  128.002642][ T7677]  ? vlan_dev_set_egress_priority+0x113/0x200
[  128.002664][ T7677]  should_failslab+0x8c/0xb0
[  128.002763][ T7677]  __kmalloc_cache_noprof+0x4c/0x320
[  128.002787][ T7677]  vlan_dev_set_egress_priority+0x113/0x200
[  128.002811][ T7677]  vlan_changelink+0x254/0x2e0
[  128.002904][ T7677]  vlan_newlink+0x307/0x370
[  128.002935][ T7677]  ? __pfx_vlan_newlink+0x10/0x10
[  128.002960][ T7677]  rtnl_newlink_create+0x1bf/0x630
[  128.003046][ T7677]  ? security_capable+0x83/0x90
[  128.003158][ T7677]  ? netlink_ns_capable+0x86/0xa0
[  128.003186][ T7677]  rtnl_newlink+0xf29/0x12d0
[  128.003254][ T7677]  ? cgroup_rstat_updated+0xa3/0x510
[  128.003288][ T7677]  ? xas_load+0x413/0x430
[  128.003371][ T7677]  ? cgroup_rstat_updated+0xa3/0x510
[  128.003415][ T7677]  ? try_charge_memcg+0x174/0x870
[  128.003442][ T7677]  ? page_counter_charge+0x207/0x230
[  128.003462][ T7677]  ? __rcu_read_unlock+0x4f/0x70
[  128.003489][ T7677]  ? avc_has_perm_noaudit+0x1b1/0x200
[  128.003509][ T7677]  ? selinux_capable+0x1f9/0x270
[  128.003533][ T7677]  ? security_capable+0x83/0x90
[  128.003564][ T7677]  ? ns_capable+0x7d/0xb0
[  128.003660][ T7677]  ? __pfx_rtnl_newlink+0x10/0x10
[  128.003684][ T7677]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  128.003707][ T7677]  ? avc_has_perm_noaudit+0x1b1/0x200
[  128.003728][ T7677]  netlink_rcv_skb+0x123/0x220
[  128.003794][ T7677]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  128.003894][ T7677]  rtnetlink_rcv+0x1c/0x30
[  128.003935][ T7677]  netlink_unicast+0x5a1/0x670
[  128.003966][ T7677]  netlink_sendmsg+0x58b/0x6b0
[  128.003992][ T7677]  ? __pfx_netlink_sendmsg+0x10/0x10
[  128.004011][ T7677]  __sock_sendmsg+0x145/0x180
[  128.004041][ T7677]  ____sys_sendmsg+0x31e/0x4e0
[  128.004064][ T7677]  ___sys_sendmsg+0x17b/0x1d0
[  128.004157][ T7677]  __x64_sys_sendmsg+0xd4/0x160
[  128.004230][ T7677]  x64_sys_call+0x2999/0x2fb0
[  128.004249][ T7677]  do_syscall_64+0xd0/0x1a0
[  128.004272][ T7677]  ? clear_bhb_loop+0x40/0x90
[  128.004331][ T7677]  ? clear_bhb_loop+0x40/0x90
[  128.004350][ T7677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.004369][ T7677] RIP: 0033:0x7fbff451e969
[  128.004383][ T7677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.004463][ T7677] RSP: 002b:00007fbff2b87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  128.004488][ T7677] RAX: ffffffffffffffda RBX: 00007fbff4745fa0 RCX: 00007fbff451e969
[  128.004505][ T7677] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000007
[  128.004516][ T7677] RBP: 00007fbff2b87090 R08: 0000000000000000 R09: 0000000000000000
[  128.004528][ T7677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  128.004539][ T7677] R13: 0000000000000000 R14: 00007fbff4745fa0 R15: 00007ffef4678fc8
[  128.004558][ T7677]  </TASK>
[  128.383002][ T7681] vhci_hcd: invalid port number 96
[  128.388227][ T7681] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  128.426856][ T7691] futex_wake_op: syz.0.1426 tries to shift op by -1; fix this program
[  128.482697][ T7699] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  128.488888][ T7702] loop5: detected capacity change from 0 to 512
[  128.500002][ T7702] EXT4-fs: Ignoring removed nomblk_io_submit option
[  128.506818][ T7702] EXT4-fs: Ignoring removed mblk_io_submit option
[  128.535351][ T7702] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  128.543709][ T7702] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  128.562807][ T7702] EXT4-fs (loop5): 1 truncate cleaned up
[  128.572700][ T7702] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.601370][ T7708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.614778][   T36] hid-generic 0000:0004:0000.001C: unknown main item tag 0x0
[  128.620683][ T7708] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  128.622504][   T36] hid-generic 0000:0004:0000.001C: unknown main item tag 0x0
[  128.622529][   T36] hid-generic 0000:0004:0000.001C: unknown main item tag 0x0
[  128.648759][   T36] hid-generic 0000:0004:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  128.683825][ T7702] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  128.706958][ T3568] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.792096][ T7723] vhci_hcd: invalid port number 96
[  128.797248][ T7723] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  128.827144][   T29] audit: type=1326 audit(1747874933.900:2601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.850783][   T29] audit: type=1326 audit(1747874933.900:2602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.885454][   T29] audit: type=1326 audit(1747874933.900:2603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.909210][   T29] audit: type=1326 audit(1747874933.900:2604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.922917][ T7726] loop2: detected capacity change from 0 to 1024
[  128.932676][   T29] audit: type=1326 audit(1747874933.900:2605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.962491][   T29] audit: type=1326 audit(1747874933.900:2606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.986109][   T29] audit: type=1326 audit(1747874933.900:2607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7724 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  128.987187][ T7726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.035601][ T7726] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.1442: Allocating blocks 385-513 which overlap fs metadata
[  129.061881][ T7726] EXT4-fs (loop2): pa ffff888106e321c0: logic 16, phys. 129, len 24
[  129.069970][ T7726] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  129.081939][ T7726] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.107918][ T7731] loop2: detected capacity change from 0 to 512
[  129.114882][ T7731] EXT4-fs: Ignoring removed nomblk_io_submit option
[  129.122124][ T7731] EXT4-fs: Ignoring removed mblk_io_submit option
[  129.140286][ T7731] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  129.149723][ T7731] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  129.159036][ T7731] EXT4-fs (loop2): 1 truncate cleaned up
[  129.165229][ T7731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.182183][ T7731] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  129.204095][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.221868][ T7740] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  129.335642][ T7753] loop1: detected capacity change from 0 to 512
[  129.354018][ T7753] EXT4-fs warning (device loop1): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  129.354388][ T7751] vhci_hcd: invalid port number 96
[  129.369077][ T7753] EXT4-fs (loop1): mount failed
[  129.374265][ T7751] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  129.451188][ T7764] netlink: 'syz.1.1458': attribute type 1 has an invalid length.
[  129.459050][ T7764] netlink: 352 bytes leftover after parsing attributes in process `syz.1.1458'.
[  129.492451][ T7773] FAULT_INJECTION: forcing a failure.
[  129.492451][ T7773] name failslab, interval 1, probability 0, space 0, times 0
[  129.505139][ T7773] CPU: 1 UID: 0 PID: 7773 Comm: syz.1.1461 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  129.505178][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  129.505194][ T7773] Call Trace:
[  129.505200][ T7773]  <TASK>
[  129.505206][ T7773]  __dump_stack+0x1d/0x30
[  129.505295][ T7773]  dump_stack_lvl+0xe8/0x140
[  129.505328][ T7773]  dump_stack+0x15/0x1b
[  129.505409][ T7773]  should_fail_ex+0x265/0x280
[  129.505457][ T7773]  should_failslab+0x8c/0xb0
[  129.505498][ T7773]  __kmalloc_noprof+0xa5/0x3e0
[  129.505599][ T7773]  ? sock_kmalloc+0x85/0xc0
[  129.505620][ T7773]  ? mntput_no_expire+0x6f/0x3d0
[  129.505641][ T7773]  sock_kmalloc+0x85/0xc0
[  129.505663][ T7773]  ipv6_renew_options+0x1fb/0x5f0
[  129.505740][ T7773]  ipv6_set_opt_hdr+0x13b/0x600
[  129.505771][ T7773]  do_ipv6_setsockopt+0x121b/0x22e0
[  129.505799][ T7773]  ? kstrtoull+0x111/0x140
[  129.505896][ T7773]  ? __rcu_read_unlock+0x4f/0x70
[  129.505972][ T7773]  ? avc_has_perm_noaudit+0x1b1/0x200
[  129.506001][ T7773]  ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0
[  129.506186][ T7773]  ipv6_setsockopt+0x59/0x130
[  129.506216][ T7773]  rawv6_setsockopt+0x1d2/0x420
[  129.506247][ T7773]  sock_common_setsockopt+0x66/0x80
[  129.506282][ T7773]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  129.506382][ T7773]  __sys_setsockopt+0x181/0x200
[  129.506403][ T7773]  __x64_sys_setsockopt+0x64/0x80
[  129.506423][ T7773]  x64_sys_call+0x2bd5/0x2fb0
[  129.506445][ T7773]  do_syscall_64+0xd0/0x1a0
[  129.506536][ T7773]  ? clear_bhb_loop+0x40/0x90
[  129.506559][ T7773]  ? clear_bhb_loop+0x40/0x90
[  129.506639][ T7773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.506667][ T7773] RIP: 0033:0x7fbff451e969
[  129.506769][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.506858][ T7773] RSP: 002b:00007fbff2b87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  129.506877][ T7773] RAX: ffffffffffffffda RBX: 00007fbff4745fa0 RCX: 00007fbff451e969
[  129.506890][ T7773] RDX: 0000000000000039 RSI: 0000000000000029 RDI: 0000000000000006
[  129.506902][ T7773] RBP: 00007fbff2b87090 R08: 0000000000000018 R09: 0000000000000000
[  129.506914][ T7773] R10: 0000200000001640 R11: 0000000000000246 R12: 0000000000000001
[  129.506926][ T7773] R13: 0000000000000000 R14: 00007fbff4745fa0 R15: 00007ffef4678fc8
[  129.506945][ T7773]  </TASK>
[  129.824786][ T7784] pim6reg1: entered promiscuous mode
[  129.830149][ T7784] pim6reg1: entered allmulticast mode
[  129.847161][ T7787] block device autoloading is deprecated and will be removed.
[  129.865013][ T7785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.873872][ T7785] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.959318][ T3393] hid-generic 0000:0004:0000.001D: unknown main item tag 0x0
[  129.966821][ T3393] hid-generic 0000:0004:0000.001D: unknown main item tag 0x0
[  129.970837][ T7794] vhci_hcd: invalid port number 96
[  129.974380][ T3393] hid-generic 0000:0004:0000.001D: unknown main item tag 0x0
[  129.979513][ T7794] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  129.987435][ T3393] hid-generic 0000:0004:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  130.060951][ T7800] syzkaller0: entered promiscuous mode
[  130.066810][ T7800] syzkaller0: entered allmulticast mode
[  130.075344][ T7806] netlink: 'syz.5.1476': attribute type 27 has an invalid length.
[  130.126680][ T7808] loop0: detected capacity change from 0 to 512
[  130.133564][ T7808] EXT4-fs: Ignoring removed nomblk_io_submit option
[  130.140473][ T7808] EXT4-fs: Ignoring removed mblk_io_submit option
[  130.150851][ T7808] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  130.157496][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.158960][ T7808] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  130.167891][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.176597][ T7808] EXT4-fs (loop0): 1 truncate cleaned up
[  130.184845][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.199675][ T7808] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.220267][ T7808] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  130.221545][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.237837][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.246990][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.270463][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.281029][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.290102][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1476'.
[  130.320140][ T7814] FAULT_INJECTION: forcing a failure.
[  130.320140][ T7814] name failslab, interval 1, probability 0, space 0, times 0
[  130.333124][ T7814] CPU: 0 UID: 0 PID: 7814 Comm: syz.3.1479 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  130.333229][ T7814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  130.333246][ T7814] Call Trace:
[  130.333256][ T7814]  <TASK>
[  130.333266][ T7814]  __dump_stack+0x1d/0x30
[  130.333295][ T7814]  dump_stack_lvl+0xe8/0x140
[  130.333431][ T7814]  dump_stack+0x15/0x1b
[  130.333452][ T7814]  should_fail_ex+0x265/0x280
[  130.333504][ T7814]  should_failslab+0x8c/0xb0
[  130.333543][ T7814]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  130.333710][ T7814]  ? security_context_to_sid_core+0x69/0x3b0
[  130.333752][ T7814]  ? string_to_context_struct+0x2dc/0x2f0
[  130.333834][ T7814]  kmemdup_nul+0x36/0xc0
[  130.333915][ T7814]  security_context_to_sid_core+0x69/0x3b0
[  130.333962][ T7814]  security_context_to_sid+0x2e/0x40
[  130.334002][ T7814]  selinux_inode_setsecurity+0x148/0x280
[  130.334044][ T7814]  security_inode_setsecurity+0x8d/0xe0
[  130.334120][ T7814]  __vfs_setxattr_noperm+0x14b/0x410
[  130.334160][ T7814]  __vfs_setxattr_locked+0x1af/0x1d0
[  130.334198][ T7814]  vfs_setxattr+0x132/0x270
[  130.334239][ T7814]  file_setxattr+0x139/0x1b0
[  130.334275][ T7814]  path_setxattrat+0x290/0x310
[  130.334384][ T7814]  __x64_sys_fsetxattr+0x6b/0x80
[  130.334454][ T7814]  x64_sys_call+0x2f7c/0x2fb0
[  130.334518][ T7814]  do_syscall_64+0xd0/0x1a0
[  130.334633][ T7814]  ? clear_bhb_loop+0x40/0x90
[  130.334662][ T7814]  ? clear_bhb_loop+0x40/0x90
[  130.334697][ T7814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.334725][ T7814] RIP: 0033:0x7f827da9e969
[  130.334852][ T7814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.334876][ T7814] RSP: 002b:00007f827c107038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  130.334901][ T7814] RAX: ffffffffffffffda RBX: 00007f827dcc5fa0 RCX: 00007f827da9e969
[  130.334918][ T7814] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000000000000007
[  130.335002][ T7814] RBP: 00007f827c107090 R08: 0000000000000000 R09: 0000000000000000
[  130.335018][ T7814] R10: 000000000000001e R11: 0000000000000246 R12: 0000000000000001
[  130.335034][ T7814] R13: 0000000000000000 R14: 00007f827dcc5fa0 R15: 00007ffcf633c878
[  130.335060][ T7814]  </TASK>
[  130.608588][ T7824] pim6reg1: entered promiscuous mode
[  130.614378][ T7824] pim6reg1: entered allmulticast mode
[  130.684629][ T7836] futex_wake_op: syz.2.1487 tries to shift op by -1; fix this program
[  130.705901][ T7838] futex_wake_op: syz.0.1488 tries to shift op by -1; fix this program
[  130.774974][ T7849] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  130.774974][ T7849]    program syz.0.1493 not setting count and/or reply_len properly
[  130.835977][ T7857] loop2: detected capacity change from 0 to 512
[  130.845711][ T7857] EXT4-fs: Ignoring removed nomblk_io_submit option
[  130.852524][ T7857] EXT4-fs: Ignoring removed mblk_io_submit option
[  130.869267][ T7862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.878357][ T7862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.889365][ T7857] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  130.898007][ T7857] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  130.903528][ T7866] FAULT_INJECTION: forcing a failure.
[  130.903528][ T7866] name failslab, interval 1, probability 0, space 0, times 0
[  130.906988][ T7857] EXT4-fs (loop2): 1 truncate cleaned up
[  130.919076][ T7866] CPU: 1 UID: 0 PID: 7866 Comm: syz.3.1500 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  130.919118][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  130.919136][ T7866] Call Trace:
[  130.919145][ T7866]  <TASK>
[  130.919200][ T7866]  __dump_stack+0x1d/0x30
[  130.919230][ T7866]  dump_stack_lvl+0xe8/0x140
[  130.919257][ T7866]  dump_stack+0x15/0x1b
[  130.919277][ T7866]  should_fail_ex+0x265/0x280
[  130.919493][ T7866]  should_failslab+0x8c/0xb0
[  130.919536][ T7866]  __kvmalloc_node_noprof+0x126/0x4d0
[  130.919567][ T7866]  ? nf_hook_entries_grow+0x1bc/0x440
[  130.919613][ T7866]  nf_hook_entries_grow+0x1bc/0x440
[  130.919700][ T7866]  __nf_register_net_hook+0x18e/0x480
[  130.919754][ T7866]  nf_register_net_hook+0x88/0x130
[  130.919844][ T7866]  nf_register_net_hooks+0x44/0x150
[  130.919886][ T7866]  nf_ct_netns_do_get+0x188/0x380
[  130.919927][ T7866]  nf_ct_netns_get+0x87/0xc0
[  130.920003][ T7866]  xt_ct_tg_check+0x7d/0x660
[  130.920070][ T7866]  xt_ct_tg_check_v2+0x4a/0x60
[  130.920171][ T7866]  xt_check_target+0x28d/0x4c0
[  130.920312][ T7866]  ? xt_find_match+0x1d1/0x210
[  130.920348][ T7866]  ? strnlen+0x28/0x50
[  130.920382][ T7866]  ? strcmp+0x22/0x50
[  130.920415][ T7866]  ? xt_find_target+0x1cd/0x200
[  130.920506][ T7866]  translate_table+0xcf5/0x1070
[  130.920565][ T7866]  do_ip6t_set_ctl+0x678/0x840
[  130.920662][ T7866]  ? kstrtoull+0x111/0x140
[  130.920702][ T7866]  ? __rcu_read_unlock+0x4f/0x70
[  130.920749][ T7866]  nf_setsockopt+0x196/0x1b0
[  130.920778][ T7866]  ipv6_setsockopt+0x11a/0x130
[  130.920810][ T7866]  tcp_setsockopt+0x95/0xb0
[  130.920928][ T7866]  sock_common_setsockopt+0x66/0x80
[  130.920970][ T7866]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  130.921060][ T7866]  __sys_setsockopt+0x181/0x200
[  130.921088][ T7866]  __x64_sys_setsockopt+0x64/0x80
[  130.921123][ T7866]  x64_sys_call+0x2bd5/0x2fb0
[  130.921198][ T7866]  do_syscall_64+0xd0/0x1a0
[  130.921322][ T7866]  ? clear_bhb_loop+0x40/0x90
[  130.921351][ T7866]  ? clear_bhb_loop+0x40/0x90
[  130.921381][ T7866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.921411][ T7866] RIP: 0033:0x7f827da9e969
[  130.921495][ T7866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.921521][ T7866] RSP: 002b:00007f827c107038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  130.921546][ T7866] RAX: ffffffffffffffda RBX: 00007f827dcc5fa0 RCX: 00007f827da9e969
[  130.921564][ T7866] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000007
[  130.921586][ T7866] RBP: 00007f827c107090 R08: 00000000000003f8 R09: 0000000000000000
[  130.921603][ T7866] R10: 0000200000000a00 R11: 0000000000000246 R12: 0000000000000002
[  130.921673][ T7866] R13: 0000000000000000 R14: 00007f827dcc5fa0 R15: 00007ffcf633c878
[  130.921698][ T7866]  </TASK>
[  131.204735][ T7857] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.223387][ T7857] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  131.241737][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.304181][ T7874] futex_wake_op: syz.2.1501 tries to shift op by -1; fix this program
[  131.423271][ T7890] xt_CT: You must specify a L4 protocol and not use inversions on it
[  131.471299][ T7893] netlink: 'syz.3.1510': attribute type 1 has an invalid length.
[  131.663410][ T7906] futex_wake_op: syz.5.1516 tries to shift op by -1; fix this program
[  131.918579][ T7913] xt_TCPMSS: Only works on TCP SYN packets
[  132.163238][ T7921] xt_CT: You must specify a L4 protocol and not use inversions on it
[  132.624486][ T3544] hid-generic 0000:0004:0000.001E: unknown main item tag 0x0
[  132.632722][ T3544] hid-generic 0000:0004:0000.001E: unknown main item tag 0x0
[  132.640244][ T3544] hid-generic 0000:0004:0000.001E: unknown main item tag 0x0
[  132.674007][   T29] kauditd_printk_skb: 401 callbacks suppressed
[  132.674029][   T29] audit: type=1400 audit(1747874937.740:3008): avc:  denied  { create } for  pid=7939 comm="syz.3.1531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  132.741815][ T3544] hid-generic 0000:0004:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  132.756733][ T7944] loop5: detected capacity change from 0 to 512
[  132.803831][ T7944] EXT4-fs: Mount option(s) incompatible with ext3
[  133.375368][ T7965] futex_wake_op: syz.1.1540 tries to shift op by -1; fix this program
[  133.420032][   T29] audit: type=1400 audit(1747874938.490:3009): avc:  denied  { getopt } for  pid=7970 comm="syz.1.1542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  133.445267][ T7971] loop1: detected capacity change from 0 to 512
[  133.452480][ T7971] EXT4-fs: Ignoring removed oldalloc option
[  133.460089][ T7971] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.1542: Parent and EA inode have the same ino 15
[  133.473422][ T7971] EXT4-fs (loop1): Remounting filesystem read-only
[  133.480045][ T7971] EXT4-fs (loop1): 1 orphan inode deleted
[  133.486521][ T7971] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  133.510790][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.581309][ T7976] xt_CT: You must specify a L4 protocol and not use inversions on it
[  133.607001][ T7944] __nla_validate_parse: 2 callbacks suppressed
[  133.607023][ T7944] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1533'.
[  133.617021][ T7981] FAULT_INJECTION: forcing a failure.
[  133.617021][ T7981] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  133.636507][ T7981] CPU: 0 UID: 0 PID: 7981 Comm: syz.3.1545 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  133.636619][ T7981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.636631][ T7981] Call Trace:
[  133.636637][ T7981]  <TASK>
[  133.636644][ T7981]  __dump_stack+0x1d/0x30
[  133.636664][ T7981]  dump_stack_lvl+0xe8/0x140
[  133.636682][ T7981]  dump_stack+0x15/0x1b
[  133.636759][ T7981]  should_fail_ex+0x265/0x280
[  133.636791][ T7981]  should_fail_alloc_page+0xf2/0x100
[  133.636882][ T7981]  __alloc_frozen_pages_noprof+0xff/0x360
[  133.636910][ T7981]  alloc_pages_mpol+0xb3/0x250
[  133.636933][ T7981]  folio_alloc_mpol_noprof+0x39/0x80
[  133.636955][ T7981]  shmem_get_folio_gfp+0x3cf/0xd40
[  133.637029][ T7981]  shmem_write_begin+0xa8/0x190
[  133.637065][ T7981]  generic_perform_write+0x181/0x490
[  133.637099][ T7981]  shmem_file_write_iter+0xc5/0xf0
[  133.637220][ T7981]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  133.637252][ T7981]  vfs_write+0x4a0/0x8d0
[  133.637281][ T7981]  __x64_sys_pwrite64+0xfd/0x150
[  133.637327][ T7981]  x64_sys_call+0xe45/0x2fb0
[  133.637346][ T7981]  do_syscall_64+0xd0/0x1a0
[  133.637512][ T7981]  ? clear_bhb_loop+0x40/0x90
[  133.637539][ T7981]  ? clear_bhb_loop+0x40/0x90
[  133.637565][ T7981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.637655][ T7981] RIP: 0033:0x7f827da9e969
[  133.637669][ T7981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.637685][ T7981] RSP: 002b:00007f827c107038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  133.637702][ T7981] RAX: ffffffffffffffda RBX: 00007f827dcc5fa0 RCX: 00007f827da9e969
[  133.637714][ T7981] RDX: 00000000ffffff07 RSI: 0000200000000140 RDI: 0000000000000008
[  133.637725][ T7981] RBP: 00007f827c107090 R08: 0000000000000000 R09: 0000000000000000
[  133.637736][ T7981] R10: 0000000008000c61 R11: 0000000000000246 R12: 0000000000000002
[  133.637819][ T7981] R13: 0000000000000000 R14: 00007f827dcc5fa0 R15: 00007ffcf633c878
[  133.637837][ T7981]  </TASK>
[  133.939618][ T7997] futex_wake_op: syz.5.1552 tries to shift op by -1; fix this program
[  133.956442][ T7995] loop1: detected capacity change from 0 to 512
[  133.967897][ T7995] EXT4-fs: Ignoring removed nomblk_io_submit option
[  133.984183][ T7995] EXT4-fs: Ignoring removed mblk_io_submit option
[  134.000031][ T7999] FAULT_INJECTION: forcing a failure.
[  134.000031][ T7999] name failslab, interval 1, probability 0, space 0, times 0
[  134.012751][ T7999] CPU: 0 UID: 0 PID: 7999 Comm: syz.3.1553 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  134.012785][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.012802][ T7999] Call Trace:
[  134.012809][ T7999]  <TASK>
[  134.012818][ T7999]  __dump_stack+0x1d/0x30
[  134.012893][ T7999]  dump_stack_lvl+0xe8/0x140
[  134.012919][ T7999]  dump_stack+0x15/0x1b
[  134.012941][ T7999]  should_fail_ex+0x265/0x280
[  134.012985][ T7999]  should_failslab+0x8c/0xb0
[  134.013091][ T7999]  kmem_cache_alloc_node_noprof+0x57/0x320
[  134.013119][ T7999]  ? __alloc_skb+0x101/0x320
[  134.013163][ T7999]  __alloc_skb+0x101/0x320
[  134.013207][ T7999]  alloc_skb_with_frags+0x7d/0x470
[  134.013298][ T7999]  ? selinux_file_open+0x31c/0x370
[  134.013342][ T7999]  ? should_fail_ex+0xdb/0x280
[  134.013409][ T7999]  sock_alloc_send_pskb+0x43a/0x4f0
[  134.013454][ T7999]  tun_get_user+0x8c0/0x24d0
[  134.013539][ T7999]  ? ref_tracker_alloc+0x1f2/0x2f0
[  134.013588][ T7999]  ? avc_policy_seqno+0x15/0x30
[  134.013683][ T7999]  tun_chr_write_iter+0x15e/0x210
[  134.013719][ T7999]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.013753][ T7999]  vfs_write+0x4a0/0x8d0
[  134.013795][ T7999]  ksys_write+0xda/0x1a0
[  134.013905][ T7999]  __x64_sys_write+0x40/0x50
[  134.013936][ T7999]  x64_sys_call+0x2cdd/0x2fb0
[  134.013965][ T7999]  do_syscall_64+0xd0/0x1a0
[  134.013997][ T7999]  ? clear_bhb_loop+0x40/0x90
[  134.014057][ T7999]  ? clear_bhb_loop+0x40/0x90
[  134.014087][ T7999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.014114][ T7999] RIP: 0033:0x7f827da9e969
[  134.014133][ T7999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.014156][ T7999] RSP: 002b:00007f827c107038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  134.014179][ T7999] RAX: ffffffffffffffda RBX: 00007f827dcc5fa0 RCX: 00007f827da9e969
[  134.014233][ T7999] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[  134.014250][ T7999] RBP: 00007f827c107090 R08: 0000000000000000 R09: 0000000000000000
[  134.014265][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.014277][ T7999] R13: 0000000000000000 R14: 00007f827dcc5fa0 R15: 00007ffcf633c878
[  134.014302][ T7999]  </TASK>
[  134.249024][ T8004] pim6reg1: entered promiscuous mode
[  134.255273][ T8004] pim6reg1: entered allmulticast mode
[  134.270951][ T7995] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  134.281182][ T7995] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  134.290069][ T8011] FAULT_INJECTION: forcing a failure.
[  134.290069][ T8011] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.290889][ T7995] EXT4-fs (loop1): 1 truncate cleaned up
[  134.303277][ T8011] CPU: 0 UID: 0 PID: 8011 Comm: syz.0.1557 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  134.303313][ T8011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.303330][ T8011] Call Trace:
[  134.303341][ T8011]  <TASK>
[  134.303351][ T8011]  __dump_stack+0x1d/0x30
[  134.303382][ T8011]  dump_stack_lvl+0xe8/0x140
[  134.303451][ T8011]  dump_stack+0x15/0x1b
[  134.303544][ T8011]  should_fail_ex+0x265/0x280
[  134.303592][ T8011]  should_fail+0xb/0x20
[  134.303689][ T8011]  should_fail_usercopy+0x1a/0x20
[  134.303713][ T8011]  _copy_from_iter+0xcf/0xdd0
[  134.303744][ T8011]  hci_sock_sendmsg+0x36d/0x900
[  134.303781][ T8011]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  134.303849][ T8011]  __sock_sendmsg+0x145/0x180
[  134.303935][ T8011]  sock_write_iter+0x165/0x1b0
[  134.303974][ T8011]  ? __pfx_sock_write_iter+0x10/0x10
[  134.304009][ T8011]  vfs_write+0x4a0/0x8d0
[  134.304081][ T8011]  ksys_write+0xda/0x1a0
[  134.304145][ T8011]  __x64_sys_write+0x40/0x50
[  134.304191][ T8011]  x64_sys_call+0x2cdd/0x2fb0
[  134.304244][ T8011]  do_syscall_64+0xd0/0x1a0
[  134.304278][ T8011]  ? clear_bhb_loop+0x40/0x90
[  134.304362][ T8011]  ? clear_bhb_loop+0x40/0x90
[  134.304392][ T8011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.304421][ T8011] RIP: 0033:0x7fb563fde969
[  134.304441][ T8011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.304518][ T8011] RSP: 002b:00007fb562647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  134.304544][ T8011] RAX: ffffffffffffffda RBX: 00007fb564205fa0 RCX: 00007fb563fde969
[  134.304561][ T8011] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000007
[  134.304596][ T8011] RBP: 00007fb562647090 R08: 0000000000000000 R09: 0000000000000000
[  134.304613][ T8011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.304629][ T8011] R13: 0000000000000000 R14: 00007fb564205fa0 R15: 00007ffef5997278
[  134.304656][ T8011]  </TASK>
[  134.311684][   T29] audit: type=1400 audit(1747874939.360:3010): avc:  denied  { bind } for  pid=8010 comm="syz.0.1557" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  134.352512][ T7995] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.364800][ T8013] xt_CT: You must specify a L4 protocol and not use inversions on it
[  134.420507][ T8017] netlink: 54775 bytes leftover after parsing attributes in process `syz.0.1560'.
[  134.563585][ T7995] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  134.588257][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.601231][ T8017] loop0: detected capacity change from 0 to 512
[  134.608703][ T8017] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  134.619753][ T8017] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[  134.627874][ T8017] EXT4-fs (loop0): orphan cleanup on readonly fs
[  134.635743][ T8017] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1560: bg 0: block 361: padding at end of block bitmap is not set
[  134.650286][ T8017] EXT4-fs (loop0): Remounting filesystem read-only
[  134.659743][ T8017] EXT4-fs (loop0): 1 truncate cleaned up
[  134.667602][ T8017] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  134.671964][   T29] audit: type=1400 audit(1747874939.740:3011): avc:  denied  { write } for  pid=8024 comm="syz.2.1564" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  134.762487][ T8029] futex_wake_op: syz.3.1565 tries to shift op by -1; fix this program
[  134.792741][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  134.854890][ T8039] loop0: detected capacity change from 0 to 512
[  134.855167][ T8038] loop2: detected capacity change from 0 to 512
[  134.861535][ T8039] EXT4-fs: Ignoring removed nomblk_io_submit option
[  134.881877][ T8039] EXT4-fs: Ignoring removed mblk_io_submit option
[  134.884638][ T8038] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  134.902802][ T8039] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  134.910933][ T8039] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  134.912313][ T8038] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  134.921897][ T8046] loop5: detected capacity change from 0 to 128
[  134.940158][ T8038] EXT4-fs error (device loop2): ext4_iget_extra_inode:4693: inode #15: comm syz.2.1570: corrupted in-inode xattr: e_value size too large
[  134.952166][ T8049] FAULT_INJECTION: forcing a failure.
[  134.952166][ T8049] name failslab, interval 1, probability 0, space 0, times 0
[  134.955701][ T8038] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1570: couldn't read orphan inode 15 (err -117)
[  134.966867][ T8049] CPU: 0 UID: 0 PID: 8049 Comm: syz.1.1573 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  134.966905][ T8049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.966922][ T8049] Call Trace:
[  134.966930][ T8049]  <TASK>
[  134.966939][ T8049]  __dump_stack+0x1d/0x30
[  134.966969][ T8049]  dump_stack_lvl+0xe8/0x140
[  134.967052][ T8049]  dump_stack+0x15/0x1b
[  134.967075][ T8049]  should_fail_ex+0x265/0x280
[  134.967171][ T8049]  should_failslab+0x8c/0xb0
[  134.967239][ T8049]  __kmalloc_noprof+0xa5/0x3e0
[  134.967266][ T8049]  ? io_cache_alloc_new+0x2a/0xb0
[  134.967303][ T8049]  ? io_write+0x969/0xd30
[  134.967379][ T8049]  io_cache_alloc_new+0x2a/0xb0
[  134.967417][ T8049]  io_arm_poll_handler+0x2ac/0x5b0
[  134.967456][ T8049]  ? __io_issue_sqe+0x15e/0x2e0
[  134.967560][ T8049]  io_queue_async+0x60/0x3e0
[  134.967585][ T8049]  ? io_submit_sqes+0xa02/0x1000
[  134.967627][ T8049]  io_submit_sqes+0xa0c/0x1000
[  134.967745][ T8049]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  134.967791][ T8049]  ? __rcu_read_unlock+0x4f/0x70
[  134.967821][ T8049]  ? get_pid_task+0x96/0xd0
[  134.967850][ T8049]  ? proc_fail_nth_write+0x12d/0x160
[  134.967959][ T8049]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  134.968026][ T8049]  ? vfs_write+0x75e/0x8d0
[  134.968062][ T8049]  ? __rcu_read_unlock+0x4f/0x70
[  134.968092][ T8049]  ? __fget_files+0x184/0x1c0
[  134.968153][ T8049]  ? fput+0x8f/0xc0
[  134.968180][ T8049]  __x64_sys_io_uring_enter+0x78/0x90
[  134.968226][ T8049]  x64_sys_call+0x28c8/0x2fb0
[  134.968298][ T8049]  do_syscall_64+0xd0/0x1a0
[  134.968331][ T8049]  ? clear_bhb_loop+0x40/0x90
[  134.968376][ T8049]  ? clear_bhb_loop+0x40/0x90
[  134.968437][ T8049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.968467][ T8049] RIP: 0033:0x7fbff451e969
[  134.968489][ T8049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.968515][ T8049] RSP: 002b:00007fbff2b87038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  134.968541][ T8049] RAX: ffffffffffffffda RBX: 00007fbff4745fa0 RCX: 00007fbff451e969
[  134.968558][ T8049] RDX: 0000000000000000 RSI: 0000000000007a98 RDI: 0000000000000004
[  134.968634][ T8049] RBP: 00007fbff2b87090 R08: 0000000000000000 R09: 0000000000000000
[  134.968714][ T8049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.968731][ T8049] R13: 0000000000000000 R14: 00007fbff4745fa0 R15: 00007ffef4678fc8
[  134.968756][ T8049]  </TASK>
[  134.979146][ T8039] EXT4-fs (loop0): 1 truncate cleaned up
[  134.996747][ T8038] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.020835][ T8052] xt_CT: You must specify a L4 protocol and not use inversions on it
[  135.022283][ T8039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.038994][ T8046] netlink: 'syz.5.1572': attribute type 1 has an invalid length.
[  135.090836][ T8055] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1572'.
[  135.097643][ T8039] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  135.298485][ T8046] 8021q: adding VLAN 0 to HW filter on device bond2
[  135.311268][ T8055] bond2 (unregistering): Released all slaves
[  135.318387][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.382075][ T8067] loop0: detected capacity change from 0 to 512
[  135.409130][ T8071] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  135.419856][ T8069] futex_wake_op: syz.5.1579 tries to shift op by -1; fix this program
[  135.422054][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.463526][ T8073] vhci_hcd: invalid port number 96
[  135.468791][ T8073] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  135.488064][ T8067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.505279][ T8067] ext4 filesystem being mounted at /323/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  135.519234][   T29] audit: type=1400 audit(1747874940.590:3012): avc:  denied  { setattr } for  pid=8066 comm="syz.0.1578" path="/323/bus/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  135.589002][ T8085] netlink: 'syz.2.1585': attribute type 1 has an invalid length.
[  135.671996][ T8091] xt_CT: You must specify a L4 protocol and not use inversions on it
[  135.683900][ T8093] futex_wake_op: syz.3.1586 tries to shift op by -1; fix this program
[  135.696545][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.757349][   T29] audit: type=1400 audit(1747874940.820:3013): avc:  denied  { read } for  pid=8095 comm="syz.0.1588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  135.810517][ T8105] loop1: detected capacity change from 0 to 8192
[  135.811871][ T8107] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  135.811871][ T8107]    program syz.5.1593 not setting count and/or reply_len properly
[  135.886703][ T8109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1594'.
[  135.932956][ T8117] vhci_hcd: invalid port number 96
[  135.938118][ T8117] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  135.948453][ T8123] futex_wake_op: syz.5.1599 tries to shift op by -1; fix this program
[  136.054224][ T8137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1605'.
[  136.082452][ T8135] futex_wake_op: syz.1.1604 tries to shift op by -1; fix this program
[  136.104205][ T8141] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  136.104205][ T8141]    program syz.2.1606 not setting count and/or reply_len properly
[  136.143521][ T8143] netlink: 'syz.1.1607': attribute type 1 has an invalid length.
[  136.242664][ T8157] futex_wake_op: syz.1.1613 tries to shift op by -1; fix this program
[  136.265646][ T8155] vhci_hcd: invalid port number 96
[  136.270906][ T8155] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  136.333082][ T8169] FAULT_INJECTION: forcing a failure.
[  136.333082][ T8169] name failslab, interval 1, probability 0, space 0, times 0
[  136.346623][ T8169] CPU: 1 UID: 0 PID: 8169 Comm: syz.5.1617 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  136.346652][ T8169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.346665][ T8169] Call Trace:
[  136.346673][ T8169]  <TASK>
[  136.346755][ T8169]  __dump_stack+0x1d/0x30
[  136.346781][ T8169]  dump_stack_lvl+0xe8/0x140
[  136.346806][ T8169]  dump_stack+0x15/0x1b
[  136.346823][ T8169]  should_fail_ex+0x265/0x280
[  136.346857][ T8169]  should_failslab+0x8c/0xb0
[  136.346966][ T8169]  __kmalloc_noprof+0xa5/0x3e0
[  136.346995][ T8169]  ? security_prepare_creds+0x52/0x120
[  136.347034][ T8169]  security_prepare_creds+0x52/0x120
[  136.347065][ T8169]  prepare_creds+0x34a/0x4c0
[  136.347093][ T8169]  copy_creds+0x8f/0x3f0
[  136.347187][ T8169]  copy_process+0x658/0x1f90
[  136.347213][ T8169]  ? kstrtouint+0x76/0xc0
[  136.347283][ T8169]  ? __rcu_read_unlock+0x4f/0x70
[  136.347314][ T8169]  kernel_clone+0x16c/0x5b0
[  136.347349][ T8169]  ? vfs_write+0x75e/0x8d0
[  136.347413][ T8169]  __x64_sys_clone+0xe6/0x120
[  136.347449][ T8169]  x64_sys_call+0x2c59/0x2fb0
[  136.347470][ T8169]  do_syscall_64+0xd0/0x1a0
[  136.347560][ T8169]  ? clear_bhb_loop+0x40/0x90
[  136.347586][ T8169]  ? clear_bhb_loop+0x40/0x90
[  136.347654][ T8169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.347677][ T8169] RIP: 0033:0x7f6956c4e969
[  136.347696][ T8169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.347720][ T8169] RSP: 002b:00007f69552b6fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  136.347785][ T8169] RAX: ffffffffffffffda RBX: 00007f6956e75fa0 RCX: 00007f6956c4e969
[  136.347840][ T8169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400
[  136.347852][ T8169] RBP: 00007f69552b7090 R08: 0000000000000000 R09: 0000000000000000
[  136.347864][ T8169] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  136.347877][ T8169] R13: 0000000000000000 R14: 00007f6956e75fa0 R15: 00007fff4706b218
[  136.347899][ T8169]  </TASK>
[  136.357219][   T29] audit: type=1326 audit(1747874941.430:3014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8164 comm="syz.1.1615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff451e969 code=0x7ffc0000
[  136.515325][ T8165] loop1: detected capacity change from 0 to 4096
[  136.538044][   T29] audit: type=1400 audit(1747874941.480:3015): avc:  denied  { create } for  pid=8174 comm="syz.3.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  136.538087][   T29] audit: type=1400 audit(1747874941.490:3016): avc:  denied  { nlmsg_write } for  pid=8174 comm="syz.3.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  136.538129][   T29] audit: type=1326 audit(1747874941.500:3017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8164 comm="syz.1.1615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff451e969 code=0x7ffc0000
[  136.563070][ T3544] hid-generic 0000:0004:0000.001F: unknown main item tag 0x0
[  136.661515][ T3544] hid-generic 0000:0004:0000.001F: unknown main item tag 0x0
[  136.669131][ T3544] hid-generic 0000:0004:0000.001F: unknown main item tag 0x0
[  136.678215][ T3544] hid-generic 0000:0004:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  136.691020][ T8165] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.775198][ T8189] netlink: 'syz.5.1623': attribute type 1 has an invalid length.
[  136.847603][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.883148][ T8199] loop1: detected capacity change from 0 to 128
[  136.891382][ T8199] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  136.904078][ T8199] ext4 filesystem being mounted at /328/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  136.928104][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  137.386056][ T8212] pim6reg1: entered promiscuous mode
[  137.391509][ T8212] pim6reg1: entered allmulticast mode
[  137.542023][ T8214] xt_CT: You must specify a L4 protocol and not use inversions on it
[  137.690945][   T29] kauditd_printk_skb: 69 callbacks suppressed
[  137.690965][   T29] audit: type=1326 audit(1747874942.760:3085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.724304][   T29] audit: type=1326 audit(1747874942.760:3086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.748130][   T29] audit: type=1326 audit(1747874942.760:3087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.771675][   T29] audit: type=1326 audit(1747874942.760:3088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.795572][   T29] audit: type=1326 audit(1747874942.760:3089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.819196][   T29] audit: type=1326 audit(1747874942.770:3090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.842646][   T29] audit: type=1326 audit(1747874942.770:3091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.866156][   T29] audit: type=1326 audit(1747874942.770:3092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.889599][   T29] audit: type=1326 audit(1747874942.770:3093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.913075][   T29] audit: type=1326 audit(1747874942.770:3094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  137.948425][ T1040] hid-generic 0000:0004:0000.0020: unknown main item tag 0x0
[  137.955970][ T1040] hid-generic 0000:0004:0000.0020: unknown main item tag 0x0
[  137.959070][ T8228] loop2: detected capacity change from 0 to 128
[  137.963557][ T1040] hid-generic 0000:0004:0000.0020: unknown main item tag 0x0
[  137.979621][ T8223] futex_wake_op: syz.3.1636 tries to shift op by -1; fix this program
[  137.996769][ T8228] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  138.016998][ T8228] ext4 filesystem being mounted at /307/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  138.031434][ T1040] hid-generic 0000:0004:0000.0020: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  138.048898][ T8236] pim6reg1: entered promiscuous mode
[  138.054387][ T8236] pim6reg1: entered allmulticast mode
[  138.063044][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  138.074280][ T8237] netlink: 'syz.3.1641': attribute type 1 has an invalid length.
[  138.108189][ T8243] xt_CT: You must specify a L4 protocol and not use inversions on it
[  138.153871][ T1040] hid-generic 0000:0004:0000.0021: unknown main item tag 0x0
[  138.157509][ T8250] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  138.157509][ T8250]    program syz.1.1648 not setting count and/or reply_len properly
[  138.161324][ T1040] hid-generic 0000:0004:0000.0021: unknown main item tag 0x0
[  138.186075][ T1040] hid-generic 0000:0004:0000.0021: unknown main item tag 0x0
[  138.201837][ T1040] hid-generic 0000:0004:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  138.228624][ T8252] futex_wake_op: syz.2.1650 tries to shift op by -1; fix this program
[  138.266605][ T8258] futex_wake_op: syz.2.1652 tries to shift op by -1; fix this program
[  138.291278][ T8262] loop1: detected capacity change from 0 to 512
[  138.298780][ T8262] EXT4-fs: Ignoring removed nomblk_io_submit option
[  138.307712][ T8262] EXT4-fs: Ignoring removed mblk_io_submit option
[  138.349680][ T8262] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  138.357957][ T8268] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  138.357957][ T8268]    program syz.2.1656 not setting count and/or reply_len properly
[  138.375060][ T8262] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  138.384318][ T8262] EXT4-fs (loop1): 1 truncate cleaned up
[  138.390565][ T8262] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.412851][ T8262] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  138.434317][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.453265][ T1040] hid-generic 0000:0004:0000.0022: unknown main item tag 0x0
[  138.460726][ T1040] hid-generic 0000:0004:0000.0022: unknown main item tag 0x0
[  138.468213][ T1040] hid-generic 0000:0004:0000.0022: unknown main item tag 0x0
[  138.476312][ T1040] hid-generic 0000:0004:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  138.501393][ T8278] xt_CT: You must specify a L4 protocol and not use inversions on it
[  138.535965][ T8282] futex_wake_op: syz.0.1663 tries to shift op by -1; fix this program
[  138.605767][ T8290] futex_wake_op: syz.1.1667 tries to shift op by -1; fix this program
[  138.665589][ T8298] loop0: detected capacity change from 0 to 512
[  138.672467][ T8298] EXT4-fs: Ignoring removed nomblk_io_submit option
[  138.679325][ T8298] EXT4-fs: Ignoring removed mblk_io_submit option
[  138.688072][ T8298] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  138.697103][ T8298] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  138.705932][ T8298] EXT4-fs (loop0): 1 truncate cleaned up
[  138.712581][ T8298] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.737477][ T8298] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  138.754738][ T8303] loop2: detected capacity change from 0 to 128
[  138.761992][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.763086][ T8303] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  138.783498][ T8303] ext4 filesystem being mounted at /319/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  138.826050][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  139.170388][ T8316] futex_wake_op: syz.2.1676 tries to shift op by -1; fix this program
[  139.296968][ T8318] xt_CT: You must specify a L4 protocol and not use inversions on it
[  139.555556][ T8330] loop0: detected capacity change from 0 to 512
[  139.585233][ T8330] EXT4-fs: Mount option(s) incompatible with ext3
[  139.660963][ T8330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1682'.
[  139.685921][ T8343] futex_wake_op: syz.5.1687 tries to shift op by -1; fix this program
[  139.718799][ T8345] pim6reg1: entered promiscuous mode
[  139.724313][ T8345] pim6reg1: entered allmulticast mode
[  139.827267][ T8355] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  139.827267][ T8355]    program syz.5.1693 not setting count and/or reply_len properly
[  140.187389][ T8384] loop0: detected capacity change from 0 to 512
[  140.210003][ T8384] EXT4-fs: Ignoring removed nomblk_io_submit option
[  140.222023][ T8386] pim6reg1: entered promiscuous mode
[  140.227428][ T8386] pim6reg1: entered allmulticast mode
[  140.237009][ T8384] EXT4-fs: Ignoring removed mblk_io_submit option
[  140.245025][ T8384] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  140.253658][ T8384] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  140.262867][ T8384] EXT4-fs (loop0): 1 truncate cleaned up
[  140.269694][ T8384] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.287473][ T8384] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  140.307997][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.789258][ T8413] loop5: detected capacity change from 0 to 512
[  140.816705][ T8413] EXT4-fs: Ignoring removed nomblk_io_submit option
[  140.833927][ T8413] EXT4-fs: Ignoring removed mblk_io_submit option
[  140.868461][ T8413] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  140.894515][ T8413] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  140.926686][ T8413] EXT4-fs (loop5): 1 truncate cleaned up
[  140.946200][ T8413] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.971868][ T8425] loop0: detected capacity change from 0 to 128
[  140.988668][ T8425] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  141.001111][ T8425] ext4 filesystem being mounted at /357/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  141.016548][ T8413] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  141.036795][ T3568] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.048414][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  141.052472][ T8429] vhci_hcd: invalid port number 96
[  141.062568][ T8429] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  141.126480][ T8433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  141.155165][ T8433] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.203545][ T8448] futex_atomic_op_inuser: 8 callbacks suppressed
[  141.203567][ T8448] futex_wake_op: syz.0.1732 tries to shift op by -1; fix this program
[  141.258204][ T8442] loop2: detected capacity change from 0 to 8192
[  141.284999][ T8455] futex_wake_op: syz.1.1734 tries to shift op by -1; fix this program
[  141.339350][ T8458] loop1: detected capacity change from 0 to 512
[  141.346616][ T8458] EXT4-fs: Ignoring removed nomblk_io_submit option
[  141.353573][ T8458] EXT4-fs: Ignoring removed mblk_io_submit option
[  141.367533][ T8458] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  141.376045][ T8458] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  141.385498][ T8458] EXT4-fs (loop1): 1 truncate cleaned up
[  141.391861][ T8458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.417461][ T8458] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  141.451837][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.702928][ T8473] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  141.702928][ T8473]    program syz.0.1740 not setting count and/or reply_len properly
[  141.892083][ T8483] xt_CT: You must specify a L4 protocol and not use inversions on it
[  142.089247][ T8497] futex_wake_op: syz.1.1753 tries to shift op by -1; fix this program
[  142.202283][ T8504] vhci_hcd: invalid port number 96
[  142.207471][ T8504] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  142.244217][ T8513] xt_CT: You must specify a L4 protocol and not use inversions on it
[  142.292876][ T8515] loop0: detected capacity change from 0 to 8192
[  142.396197][ T8529] futex_wake_op: syz.0.1765 tries to shift op by -1; fix this program
[  142.500806][ T8537] pim6reg1: entered promiscuous mode
[  142.506999][ T8537] pim6reg1: entered allmulticast mode
[  142.533267][ T8539] xt_CT: You must specify a L4 protocol and not use inversions on it
[  142.619360][ T8541] loop0: detected capacity change from 0 to 8192
[  142.733770][ T8555] futex_wake_op: syz.0.1777 tries to shift op by -1; fix this program
[  142.857266][ T1040] hid-generic 0000:0004:0000.0023: unknown main item tag 0x0
[  142.864750][ T1040] hid-generic 0000:0004:0000.0023: unknown main item tag 0x0
[  142.872347][ T1040] hid-generic 0000:0004:0000.0023: unknown main item tag 0x0
[  142.880633][ T1040] hid-generic 0000:0004:0000.0023: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  142.940562][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.949793][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.034476][ T3544] hid-generic 0000:0004:0000.0024: unknown main item tag 0x0
[  143.041962][ T3544] hid-generic 0000:0004:0000.0024: unknown main item tag 0x0
[  143.049568][ T3544] hid-generic 0000:0004:0000.0024: unknown main item tag 0x0
[  143.060959][ T3544] hid-generic 0000:0004:0000.0024: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  143.148965][ T8593] futex_wake_op: syz.1.1794 tries to shift op by -1; fix this program
[  143.268157][ T1040] hid-generic 0000:0004:0000.0025: unknown main item tag 0x0
[  143.275711][ T1040] hid-generic 0000:0004:0000.0025: unknown main item tag 0x0
[  143.283146][ T1040] hid-generic 0000:0004:0000.0025: unknown main item tag 0x0
[  143.291462][ T1040] hid-generic 0000:0004:0000.0025: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  143.464351][ T3544] hid-generic 0000:0004:0000.0026: unknown main item tag 0x0
[  143.471921][ T3544] hid-generic 0000:0004:0000.0026: unknown main item tag 0x0
[  143.479400][ T3544] hid-generic 0000:0004:0000.0026: unknown main item tag 0x0
[  143.487390][ T3544] hid-generic 0000:0004:0000.0026: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  143.570570][ T8624] xt_CT: You must specify a L4 protocol and not use inversions on it
[  143.759672][ T8633] futex_wake_op: syz.2.1811 tries to shift op by -1; fix this program
[  143.787032][ T8635] loop2: detected capacity change from 0 to 512
[  143.794011][ T8635] EXT4-fs: Mount option(s) incompatible with ext3
[  143.822701][ T8635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1812'.
[  143.895865][ T8644] pim6reg1: entered promiscuous mode
[  143.901301][ T8644] pim6reg1: entered allmulticast mode
[  144.063093][ T8651] vhci_hcd: invalid port number 96
[  144.068257][ T8651] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  144.084722][ T8655] futex_wake_op: syz.3.1820 tries to shift op by -1; fix this program
[  144.224335][ T3544] hid-generic 0000:0004:0000.0027: unknown main item tag 0x0
[  144.231865][ T3544] hid-generic 0000:0004:0000.0027: unknown main item tag 0x0
[  144.239455][ T3544] hid-generic 0000:0004:0000.0027: unknown main item tag 0x0
[  144.269525][ T3544] hid-generic 0000:0004:0000.0027: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  144.322841][ T8684] vhci_hcd: invalid port number 96
[  144.328146][ T8684] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  144.382151][ T1040] hid-generic 0000:0004:0000.0028: unknown main item tag 0x0
[  144.389669][ T1040] hid-generic 0000:0004:0000.0028: unknown main item tag 0x0
[  144.397248][ T1040] hid-generic 0000:0004:0000.0028: unknown main item tag 0x0
[  144.411992][ T1040] hid-generic 0000:0004:0000.0028: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  144.438318][ T8704] xt_CT: You must specify a L4 protocol and not use inversions on it
[  144.463945][ T8708] loop2: detected capacity change from 0 to 512
[  144.470668][ T8708] EXT4-fs: Ignoring removed nomblk_io_submit option
[  144.478522][ T8708] EXT4-fs: Ignoring removed mblk_io_submit option
[  144.487223][ T8708] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  144.504623][ T8708] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  144.518173][ T8708] EXT4-fs (loop2): 1 truncate cleaned up
[  144.524548][ T8708] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.541427][ T8708] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  144.559962][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.600314][ T8719] pim6reg1: entered promiscuous mode
[  144.606567][ T8719] pim6reg1: entered allmulticast mode
[  144.642224][ T8721] vhci_hcd: invalid port number 96
[  144.647391][ T8721] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  144.669874][ T8723] loop2: detected capacity change from 0 to 128
[  144.678080][ T8723] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  144.690465][ T8723] ext4 filesystem being mounted at /343/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  144.713678][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  144.854541][ T1040] hid-generic 0000:0004:0000.0029: unknown main item tag 0x0
[  144.862066][ T1040] hid-generic 0000:0004:0000.0029: unknown main item tag 0x0
[  144.869502][ T1040] hid-generic 0000:0004:0000.0029: unknown main item tag 0x0
[  144.877772][ T1040] hid-generic 0000:0004:0000.0029: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  145.007247][ T8750] loop1: detected capacity change from 0 to 512
[  145.014270][ T8750] EXT4-fs: Mount option(s) incompatible with ext3
[  145.017132][ T8751] pim6reg1: entered promiscuous mode
[  145.026088][ T8751] pim6reg1: entered allmulticast mode
[  145.056441][ T8750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1861'.
[  145.143892][   T29] kauditd_printk_skb: 38 callbacks suppressed
[  145.143911][   T29] audit: type=1326 audit(1747874950.210:3133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8760 comm="syz.1.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff451e969 code=0x7ffc0000
[  145.174487][   T29] audit: type=1326 audit(1747874950.210:3134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8760 comm="syz.1.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff451e969 code=0x7ffc0000
[  145.198161][   T29] audit: type=1326 audit(1747874950.210:3135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8760 comm="syz.1.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fbff451e969 code=0x7ffc0000
[  145.221790][   T29] audit: type=1326 audit(1747874950.210:3136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8760 comm="syz.1.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff451e969 code=0x7ffc0000
[  145.250082][ T8767] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1870'.
[  145.328862][ T8774] loop1: detected capacity change from 0 to 512
[  145.336324][ T8774] EXT4-fs: Ignoring removed nomblk_io_submit option
[  145.348364][   T29] audit: type=1400 audit(1747874950.420:3137): avc:  denied  { write } for  pid=8769 comm="syz.0.1871" path="socket:[21470]" dev="sockfs" ino=21470 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  145.375612][ T8774] EXT4-fs: Ignoring removed mblk_io_submit option
[  145.401747][ T8774] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  145.410202][ T8774] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  145.420684][ T8774] EXT4-fs (loop1): 1 truncate cleaned up
[  145.486600][ T8774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.529293][ T1040] hid-generic 0000:0004:0000.002A: unknown main item tag 0x0
[  145.536808][ T1040] hid-generic 0000:0004:0000.002A: unknown main item tag 0x0
[  145.544436][ T1040] hid-generic 0000:0004:0000.002A: unknown main item tag 0x0
[  145.599467][ T8774] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  145.754158][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.783855][ T8797] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1881'.
[  145.826865][ T8799] futex_wake_op: syz.3.1882 tries to shift op by -1; fix this program
[  146.022095][ T8807] xt_CT: You must specify a L4 protocol and not use inversions on it
[  146.042204][ T8808] pim6reg1: entered promiscuous mode
[  146.047568][ T8808] pim6reg1: entered allmulticast mode
[  146.108271][ T8810] loop2: detected capacity change from 0 to 128
[  146.296044][ T8810] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  146.397802][ T8810] ext4 filesystem being mounted at /353/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  146.504234][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  147.011326][ T1040] hid-generic 0000:0004:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  147.104062][ T8829] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1893'.
[  147.351761][ T8850] loop1: detected capacity change from 0 to 512
[  147.373990][ T8850] EXT4-fs: Mount option(s) incompatible with ext3
[  147.421341][ T8850] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1900'.
[  147.521840][ T8858] futex_wake_op: syz.1.1903 tries to shift op by -1; fix this program
[  147.628279][ T8863] pim6reg1: entered promiscuous mode
[  147.634431][ T8863] pim6reg1: entered allmulticast mode
[  147.644982][ T8865] futex_wake_op: syz.1.1907 tries to shift op by -1; fix this program
[  147.911662][ T8882] loop1: detected capacity change from 0 to 512
[  147.919047][ T8882] EXT4-fs: Mount option(s) incompatible with ext3
[  147.945420][ T8882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1915'.
[  148.064278][ T8903] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  148.084940][ T8907] loop0: detected capacity change from 0 to 128
[  148.100852][ T8907] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  148.121661][ T8907] ext4 filesystem being mounted at /405/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  148.138709][ T8916] xt_CT: You must specify a L4 protocol and not use inversions on it
[  148.157519][ T1040] hid-generic 0000:0004:0000.002B: unknown main item tag 0x0
[  148.165101][ T1040] hid-generic 0000:0004:0000.002B: unknown main item tag 0x0
[  148.172540][ T1040] hid-generic 0000:0004:0000.002B: unknown main item tag 0x0
[  148.180541][ T1040] hid-generic 0000:0004:0000.002B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  148.191223][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  148.317246][ T8941] loop1: detected capacity change from 0 to 128
[  148.332487][ T8941] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  148.345049][ T8941] ext4 filesystem being mounted at /374/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  148.361960][ T8947] xt_CT: You must specify a L4 protocol and not use inversions on it
[  148.373348][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  148.395189][ T8951] futex_wake_op: syz.3.1944 tries to shift op by -1; fix this program
[  148.405988][ T8952] pim6reg1: entered promiscuous mode
[  148.411346][ T8952] pim6reg1: entered allmulticast mode
[  148.510271][ T8970] loop1: detected capacity change from 0 to 128
[  148.529053][ T8970] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  148.543698][ T8970] ext4 filesystem being mounted at /376/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  148.569924][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  148.627993][ T8984] futex_wake_op: syz.1.1958 tries to shift op by -1; fix this program
[  148.674150][ T8988] xt_CT: You must specify a L4 protocol and not use inversions on it
[  148.750513][ T8997] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1964'.
[  148.759674][ T8997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1964'.
[  148.762946][ T8999] loop0: detected capacity change from 0 to 128
[  148.768652][ T8997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'.
[  148.777181][ T8999] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  148.790887][ T8997] loop1: detected capacity change from 0 to 512
[  148.797288][ T8999] ext4 filesystem being mounted at /418/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  148.804445][ T8997] EXT4-fs: Ignoring removed nomblk_io_submit option
[  148.820076][ T8997] EXT4-fs: Ignoring removed mblk_io_submit option
[  148.833141][ T8997] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  148.841424][ T8997] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  148.842545][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  148.854592][ T8997] EXT4-fs (loop1): 1 truncate cleaned up
[  148.866237][ T8997] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.884399][ T8997] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  148.904455][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.123957][ T9024] loop0: detected capacity change from 0 to 128
[  149.134221][ T9024] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  149.146658][ T9024] ext4 filesystem being mounted at /423/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  149.173724][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  149.179671][ T9029] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1977'.
[  149.197955][ T9029] loop2: detected capacity change from 0 to 512
[  149.206780][ T9029] EXT4-fs: Ignoring removed nomblk_io_submit option
[  149.213568][ T9029] EXT4-fs: Ignoring removed mblk_io_submit option
[  149.221552][ T9029] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  149.230840][ T9029] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  149.239698][ T9029] EXT4-fs (loop2): 1 truncate cleaned up
[  149.246031][ T9029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.263118][ T9029] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  149.290832][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.666059][ T9067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.675402][ T9067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.211452][ T9079] futex_wake_op: syz.3.1995 tries to shift op by -1; fix this program
[  150.233183][ T9081] pim6reg1: entered promiscuous mode
[  150.237917][ T9083] futex_wake_op: syz.3.1997 tries to shift op by -1; fix this program
[  150.238619][ T9081] pim6reg1: entered allmulticast mode
[  150.264568][ T9085] __nla_validate_parse: 2 callbacks suppressed
[  150.264582][ T9085] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1998'.
[  150.449501][ T1040] hid-generic 0000:0004:0000.002C: unknown main item tag 0x0
[  150.457176][ T1040] hid-generic 0000:0004:0000.002C: unknown main item tag 0x0
[  150.464670][ T1040] hid-generic 0000:0004:0000.002C: unknown main item tag 0x0
[  150.473197][ T1040] hid-generic 0000:0004:0000.002C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  150.554214][ T9114] loop5: detected capacity change from 0 to 512
[  150.564817][ T9114] EXT4-fs: Mount option(s) incompatible with ext3
[  150.586010][   T36] hid-generic 0000:0004:0000.002D: unknown main item tag 0x0
[  150.593515][   T36] hid-generic 0000:0004:0000.002D: unknown main item tag 0x0
[  150.601100][   T36] hid-generic 0000:0004:0000.002D: unknown main item tag 0x0
[  150.610004][   T36] hid-generic 0000:0004:0000.002D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  150.626106][ T9114] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2011'.
[  150.669514][ T9123] pim6reg1: entered promiscuous mode
[  150.674993][ T9123] pim6reg1: entered allmulticast mode
[  150.752836][ T9128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.761404][ T9128] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.879599][ T9147] loop1: detected capacity change from 0 to 128
[  150.907039][ T9147] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  150.922694][ T9147] ext4 filesystem being mounted at /397/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  150.959648][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  150.995778][ T9159] futex_wake_op: syz.5.2030 tries to shift op by -1; fix this program
[  151.053140][ T9162] pim6reg1: entered promiscuous mode
[  151.058564][ T9162] pim6reg1: entered allmulticast mode
[  151.211729][ T9176] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2037'.
[  151.258374][ T9182] futex_wake_op: syz.1.2040 tries to shift op by -1; fix this program
[  151.300906][   T36] hid-generic 0000:0004:0000.002E: unknown main item tag 0x0
[  151.308519][   T36] hid-generic 0000:0004:0000.002E: unknown main item tag 0x0
[  151.316081][   T36] hid-generic 0000:0004:0000.002E: unknown main item tag 0x0
[  151.356006][   T36] hid-generic 0000:0004:0000.002E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  151.384443][ T9199] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  151.412103][ T9202] pim6reg1: entered promiscuous mode
[  151.417458][ T9202] pim6reg1: entered allmulticast mode
[  151.443738][ T9208] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  151.443738][ T9208]    program syz.3.2051 not setting count and/or reply_len properly
[  151.490351][ T9214] futex_wake_op: syz.5.2055 tries to shift op by -1; fix this program
[  151.603304][ T9231] loop2: detected capacity change from 0 to 128
[  151.616769][ T9231] netlink: 'syz.2.2062': attribute type 1 has an invalid length.
[  151.630809][ T9231] 8021q: adding VLAN 0 to HW filter on device bond1
[  151.640656][ T9231] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2062'.
[  151.654212][ T9231] bond1 (unregistering): Released all slaves
[  151.667499][ T9239] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  151.667499][ T9239]    program syz.5.2065 not setting count and/or reply_len properly
[  151.739598][ T9247] futex_wake_op: syz.5.2068 tries to shift op by -1; fix this program
[  151.787875][ T9255] pim6reg1: entered promiscuous mode
[  151.794177][ T9255] pim6reg1: entered allmulticast mode
[  151.973612][ T9261] vhci_hcd: invalid port number 96
[  151.978869][ T9261] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  152.053601][ T9269] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  152.053601][ T9269]    program syz.2.2078 not setting count and/or reply_len properly
[  152.193931][ T9283] vhci_hcd: invalid port number 96
[  152.199106][ T9283] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  152.228130][ T9286] xt_CT: You must specify a L4 protocol and not use inversions on it
[  152.253589][ T9288] xt_CT: You must specify a L4 protocol and not use inversions on it
[  152.472295][   T29] audit: type=1326 audit(1747874957.550:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9305 comm="syz.0.2095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  152.532545][   T29] audit: type=1326 audit(1747874957.570:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9305 comm="syz.0.2095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  152.556111][   T29] audit: type=1326 audit(1747874957.570:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9305 comm="syz.0.2095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  152.579896][   T29] audit: type=1326 audit(1747874957.570:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9305 comm="syz.0.2095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  152.623016][ T9321] netlink: 'syz.3.2101': attribute type 1 has an invalid length.
[  152.630902][ T9310] vhci_hcd: invalid port number 96
[  152.636146][ T9310] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  152.641898][ T9321] 8021q: adding VLAN 0 to HW filter on device bond1
[  152.652626][ T9321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2101'.
[  152.681439][ T9321] bond1 (unregistering): Released all slaves
[  152.699330][ T9328] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2103'.
[  152.752785][   T29] audit: type=1326 audit(1747874957.830:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9336 comm="syz.2.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  152.803821][   T29] audit: type=1326 audit(1747874957.850:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9336 comm="syz.2.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  152.827377][   T29] audit: type=1326 audit(1747874957.850:3144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9336 comm="syz.2.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fecc3e969 code=0x7ffc0000
[  152.897852][ T9350] pim6reg1: entered promiscuous mode
[  152.903262][ T9350] pim6reg1: entered allmulticast mode
[  152.938585][ T9354] vhci_hcd: invalid port number 96
[  152.943786][ T9354] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  152.969089][ T9360] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2119'.
[  153.005561][ T9366] loop5: detected capacity change from 0 to 128
[  153.015060][ T9366] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  153.031726][ T9366] ext4 filesystem being mounted at /418/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  153.045726][ T9372] futex_atomic_op_inuser: 5 callbacks suppressed
[  153.045745][ T9372] futex_wake_op: syz.0.2124 tries to shift op by -1; fix this program
[  153.075995][ T9374] futex_wake_op: syz.2.2125 tries to shift op by -1; fix this program
[  153.098585][ T9376] futex_wake_op: syz.3.2126 tries to shift op by -1; fix this program
[  153.183560][ T3568] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  153.278675][ T9389] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2132'.
[  153.339380][ T9387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.356795][ T9387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.514222][ T9396] vhci_hcd: invalid port number 96
[  153.519394][ T9396] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  153.696966][ T9411] futex_wake_op: syz.3.2139 tries to shift op by -1; fix this program
[  153.792360][   T29] audit: type=1326 audit(1747874958.860:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9415 comm="syz.5.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6956c4e969 code=0x7ffc0000
[  153.815982][   T29] audit: type=1326 audit(1747874958.860:3146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9415 comm="syz.5.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6956c4e969 code=0x7ffc0000
[  153.840323][   T29] audit: type=1326 audit(1747874958.860:3147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9415 comm="syz.5.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f6956c4e969 code=0x7ffc0000
[  154.031243][ T9434] netlink: 'syz.3.2150': attribute type 1 has an invalid length.
[  154.056000][ T9434] 8021q: adding VLAN 0 to HW filter on device bond1
[  154.063000][ T9440] futex_wake_op: syz.2.2152 tries to shift op by -1; fix this program
[  154.073629][ T9434] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2150'.
[  154.094549][ T9434] bond1 (unregistering): Released all slaves
[  154.153022][ T9447] futex_wake_op: syz.2.2153 tries to shift op by -1; fix this program
[  154.183210][ T9448] xt_CT: You must specify a L4 protocol and not use inversions on it
[  154.216789][ T9454] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2159'.
[  154.393256][ T9471] futex_wake_op: syz.3.2166 tries to shift op by -1; fix this program
[  154.469333][ T9480] pim6reg1: entered promiscuous mode
[  154.474846][ T9480] pim6reg1: entered allmulticast mode
[  154.487205][ T9482] xt_CT: You must specify a L4 protocol and not use inversions on it
[  155.351107][ T9523] futex_wake_op: syz.2.2187 tries to shift op by -1; fix this program
[  155.395727][ T9531] loop0: detected capacity change from 0 to 128
[  155.429598][ T9531] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  155.458455][ T9538] xt_CT: You must specify a L4 protocol and not use inversions on it
[  155.471220][ T9537] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2194'.
[  155.484561][ T9531] ext4 filesystem being mounted at /457/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  155.547585][ T9543] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  155.547585][ T9543]    program syz.2.2197 not setting count and/or reply_len properly
[  155.565394][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  155.634099][ T9547] vhci_hcd: invalid port number 96
[  155.639278][ T9547] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  155.713202][ T9567] loop1: detected capacity change from 0 to 128
[  155.722006][ T9567] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  155.734466][ T9567] ext4 filesystem being mounted at /422/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  155.763976][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  155.774350][ T9572] xt_CT: You must specify a L4 protocol and not use inversions on it
[  155.784976][ T9570] loop2: detected capacity change from 0 to 8192
[  155.827580][ T9576] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  155.827580][ T9576]    program syz.1.2210 not setting count and/or reply_len properly
[  155.865196][ T9578] futex_wake_op: syz.0.2211 tries to shift op by -1; fix this program
[  155.867001][ T9580] futex_wake_op: syz.1.2212 tries to shift op by -1; fix this program
[  155.961701][ T9589] loop5: detected capacity change from 0 to 128
[  155.975028][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2216'.
[  156.053010][ T9599] loop5: detected capacity change from 0 to 128
[  156.070368][ T9599] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  156.074085][ T9602] xt_CT: You must specify a L4 protocol and not use inversions on it
[  156.084840][ T9599] ext4 filesystem being mounted at /447/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  156.120947][ T3568] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  156.165720][ T9606] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  156.165720][ T9606]    program syz.5.2223 not setting count and/or reply_len properly
[  156.207287][ T9610] pim6reg1: entered promiscuous mode
[  156.212765][ T9610] pim6reg1: entered allmulticast mode
[  156.529805][ T9629] xt_CT: You must specify a L4 protocol and not use inversions on it
[  156.562218][ T9633] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  156.562218][ T9633]    program syz.5.2236 not setting count and/or reply_len properly
[  156.610265][ T9635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  156.619497][ T9635] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  156.809041][ T9656] loop0: detected capacity change from 0 to 128
[  156.817946][ T9656] ext4 filesystem being mounted at /467/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  156.867272][ T9662] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2247'.
[  156.895888][ T9664] xt_CT: You must specify a L4 protocol and not use inversions on it
[  157.073626][ T9671] loop1: detected capacity change from 0 to 128
[  157.085912][ T9671] netlink: 'syz.1.2251': attribute type 1 has an invalid length.
[  157.111026][ T9671] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.119661][ T9671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2251'.
[  157.130139][ T9671] bond0 (unregistering): Released all slaves
[  157.395465][ T9687] pim6reg1: entered promiscuous mode
[  157.400889][ T9687] pim6reg1: entered allmulticast mode
[  157.580693][ T9700] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  157.580693][ T9700]    program syz.3.2263 not setting count and/or reply_len properly
[  157.682676][ T9710] loop5: detected capacity change from 0 to 128
[  157.710123][ T9710] ext4 filesystem being mounted at /462/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  157.785597][ T9722] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2273'.
[  157.815067][ T9724] pim6reg1: entered promiscuous mode
[  157.820500][ T9724] pim6reg1: entered allmulticast mode
[  157.839699][ T9726] loop0: detected capacity change from 0 to 512
[  157.846515][ T9728] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  157.846515][ T9728]    program syz.3.2276 not setting count and/or reply_len properly
[  157.864754][ T9726] EXT4-fs: Ignoring removed nomblk_io_submit option
[  157.872643][ T9726] EXT4-fs: Ignoring removed mblk_io_submit option
[  157.881655][ T9726] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  157.889976][ T9731] loop5: detected capacity change from 0 to 128
[  157.890105][ T9726] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  157.905955][ T9726] EXT4-fs (loop0): 1 truncate cleaned up
[  157.913621][ T9731] ext4 filesystem being mounted at /465/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  157.935421][ T9726] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  158.086255][ T9750] vhci_hcd: invalid port number 96
[  158.091509][ T9750] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  158.121066][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  158.121082][   T29] audit: type=1326 audit(1747874963.190:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9755 comm="syz.0.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  158.151446][   T29] audit: type=1326 audit(1747874963.190:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9755 comm="syz.0.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  158.176569][   T29] audit: type=1326 audit(1747874963.190:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9755 comm="syz.0.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  158.255246][ T9764] loop5: detected capacity change from 0 to 512
[  158.282168][ T9764] EXT4-fs: Ignoring removed nomblk_io_submit option
[  158.288944][ T9764] EXT4-fs: Ignoring removed mblk_io_submit option
[  158.411101][ T9774] futex_atomic_op_inuser: 4 callbacks suppressed
[  158.411118][ T9774] futex_wake_op: syz.2.2295 tries to shift op by -1; fix this program
[  158.445542][ T9775] futex_wake_op: syz.0.2294 tries to shift op by -1; fix this program
[  158.513371][ T9781] futex_wake_op: syz.2.2298 tries to shift op by -1; fix this program
[  158.551719][ T9785] loop2: detected capacity change from 0 to 128
[  158.569526][ T9764] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  158.577984][ T9764] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  158.630789][ T9764] EXT4-fs (loop5): 1 truncate cleaned up
[  158.643312][ T9785] netlink: 'syz.2.2300': attribute type 1 has an invalid length.
[  158.651549][ T9785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2300'.
[  158.680784][ T9764] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  158.695736][ T9791] loop2: detected capacity change from 0 to 128
[  158.730881][ T9791] ext4 filesystem being mounted at /420/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  158.843907][ T9799] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2305'.
[  158.877824][ T9801] xt_CT: You must specify a L4 protocol and not use inversions on it
[  158.943769][ T3544] hid-generic 0000:0004:0000.002F: unknown main item tag 0x0
[  158.951224][ T3544] hid-generic 0000:0004:0000.002F: unknown main item tag 0x0
[  158.959389][ T3544] hid-generic 0000:0004:0000.002F: unknown main item tag 0x0
[  158.986378][ T3544] hid-generic 0000:0004:0000.002F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  159.025197][ T9808] futex_wake_op: syz.3.2309 tries to shift op by -1; fix this program
[  159.060666][ T9812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.072539][ T9812] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.619132][ T9825] futex_wake_op: syz.5.2315 tries to shift op by -1; fix this program
[  159.646353][ T9827] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2316'.
[  159.673232][ T9829] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2317'.
[  159.749185][ T9833] atomic_op ffff888121811d28 conn xmit_atomic 0000000000000000
[  159.775528][ T9835] loop5: detected capacity change from 0 to 128
[  159.787090][ T9835] netlink: 'syz.5.2320': attribute type 1 has an invalid length.
[  159.795565][ T9835] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2320'.
[  159.858982][ T9839] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  159.858982][ T9839]    program syz.2.2322 not setting count and/or reply_len properly
[  159.902119][   T29] audit: type=1326 audit(1747874964.980:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9840 comm="syz.0.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  159.926319][   T29] audit: type=1326 audit(1747874964.980:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9840 comm="syz.0.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  160.011773][   T29] audit: type=1326 audit(1747874964.980:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9840 comm="syz.0.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  160.035288][   T29] audit: type=1326 audit(1747874964.980:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9840 comm="syz.0.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  160.061883][ T9846] futex_wake_op: syz.0.2326 tries to shift op by -1; fix this program
[  160.254110][ T1040] hid-generic 0000:0004:0000.0030: unknown main item tag 0x0
[  160.261684][ T1040] hid-generic 0000:0004:0000.0030: unknown main item tag 0x0
[  160.269106][ T1040] hid-generic 0000:0004:0000.0030: unknown main item tag 0x0
[  160.287161][ T1040] hid-generic 0000:0004:0000.0030: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  160.425309][   T29] audit: type=1326 audit(1747874965.500:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9871 comm="syz.3.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  160.464585][   T29] audit: type=1326 audit(1747874965.500:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9871 comm="syz.3.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  160.488124][   T29] audit: type=1326 audit(1747874965.520:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9871 comm="syz.3.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  160.594795][ T9878] loop2: detected capacity change from 0 to 8192
[  160.666297][ T9884] pim6reg1: entered promiscuous mode
[  160.671689][ T9884] pim6reg1: entered allmulticast mode
[  160.877427][ T3544] hid-generic 0000:0004:0000.0031: unknown main item tag 0x0
[  160.885637][ T3544] hid-generic 0000:0004:0000.0031: unknown main item tag 0x0
[  160.893073][ T3544] hid-generic 0000:0004:0000.0031: unknown main item tag 0x0
[  160.901918][ T3544] hid-generic 0000:0004:0000.0031: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  160.949237][ T9892] __nla_validate_parse: 2 callbacks suppressed
[  160.949254][ T9892] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2346'.
[  161.003840][ T9896] netlink: 'syz.3.2348': attribute type 1 has an invalid length.
[  161.018483][ T9896] 8021q: adding VLAN 0 to HW filter on device bond1
[  161.028933][ T9896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2348'.
[  161.124957][ T9905] vhci_hcd: invalid port number 96
[  161.130116][ T9905] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  161.183517][ T9911] futex_wake_op: syz.0.2354 tries to shift op by -1; fix this program
[  161.345832][ T9922] xt_CT: You must specify a L4 protocol and not use inversions on it
[  161.477389][ T9940] futex_wake_op: syz.5.2368 tries to shift op by -1; fix this program
[  161.548800][ T9953] pim6reg1: entered promiscuous mode
[  161.554250][ T9953] pim6reg1: entered allmulticast mode
[  161.578290][ T9955] xt_CT: You must specify a L4 protocol and not use inversions on it
[  161.706444][ T9956] loop1: detected capacity change from 0 to 8192
[  161.822478][ T9973] futex_wake_op: syz.0.2384 tries to shift op by -1; fix this program
[  161.913016][ T3392] hid-generic 0000:0004:0000.0032: unknown main item tag 0x0
[  161.920497][ T3392] hid-generic 0000:0004:0000.0032: unknown main item tag 0x0
[  161.928088][ T3392] hid-generic 0000:0004:0000.0032: unknown main item tag 0x0
[  161.933572][ T9984] xt_CT: You must specify a L4 protocol and not use inversions on it
[  161.936835][ T3392] hid-generic 0000:0004:0000.0032: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  161.995474][ T9989] futex_wake_op: syz.5.2391 tries to shift op by -1; fix this program
[  162.055129][ T9995] loop5: detected capacity change from 0 to 128
[  162.072689][ T9995] netlink: 'syz.5.2394': attribute type 1 has an invalid length.
[  162.090806][ T9995] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2394'.
[  162.250053][T10013] xt_CT: You must specify a L4 protocol and not use inversions on it
[  162.405617][T10026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2409'.
[  162.504100][T10037] vhci_hcd: invalid port number 96
[  162.509340][T10037] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  162.865733][T10064] vhci_hcd: invalid port number 96
[  162.870915][T10064] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  163.011213][T10078] pim6reg1: entered promiscuous mode
[  163.016643][T10078] pim6reg1: entered allmulticast mode
[  163.036130][T10080] loop5: detected capacity change from 0 to 128
[  163.048613][T10080] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2433'.
[  163.135782][T10087] pim6reg1: entered promiscuous mode
[  163.141479][T10087] pim6reg1: entered allmulticast mode
[  163.194203][T10090] vhci_hcd: invalid port number 96
[  163.200973][T10090] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  163.412934][T10103] loop2: detected capacity change from 0 to 8192
[  163.425875][T10114] futex_atomic_op_inuser: 6 callbacks suppressed
[  163.425891][T10114] futex_wake_op: syz.3.2445 tries to shift op by -1; fix this program
[  163.459878][   T29] kauditd_printk_skb: 15 callbacks suppressed
[  163.459897][   T29] audit: type=1326 audit(1747874968.530:3199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10115 comm="syz.3.2447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  163.508048][   T29] audit: type=1326 audit(1747874968.530:3200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10115 comm="syz.3.2447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  163.532544][   T29] audit: type=1326 audit(1747874968.530:3201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10115 comm="syz.3.2447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  163.556322][   T29] audit: type=1326 audit(1747874968.530:3202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10115 comm="syz.3.2447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f827da9e969 code=0x7ffc0000
[  163.643590][T10128] vhci_hcd: invalid port number 96
[  163.648890][T10128] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  164.243668][T10144] futex_wake_op: syz.0.2458 tries to shift op by -1; fix this program
[  164.281614][   T29] audit: type=1326 audit(1747874969.350:3203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  164.305285][   T29] audit: type=1326 audit(1747874969.350:3204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  164.328916][   T29] audit: type=1326 audit(1747874969.350:3205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  164.329337][T10142] loop1: detected capacity change from 0 to 8192
[  164.411686][T10152] loop0: detected capacity change from 0 to 512
[  164.418232][T10152] EXT4-fs: Ignoring removed nomblk_io_submit option
[  164.424971][T10152] EXT4-fs: Ignoring removed mblk_io_submit option
[  164.433007][T10152] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  164.441737][T10152] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  164.450981][T10152] EXT4-fs (loop0): 1 truncate cleaned up
[  164.457281][T10152] EXT4-fs mount: 12 callbacks suppressed
[  164.457295][T10152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.480917][T10152] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  164.508970][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.570861][T10163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.590316][T10163] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.625674][   T29] audit: type=1326 audit(1747874969.700:3206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.0.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  164.649482][   T29] audit: type=1326 audit(1747874969.700:3207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.0.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  164.674976][   T29] audit: type=1326 audit(1747874969.700:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.0.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fb563fde969 code=0x7ffc0000
[  164.696917][T10174] futex_wake_op: syz.0.2472 tries to shift op by -1; fix this program
[  164.746538][T10178] pim6reg1: entered promiscuous mode
[  164.752017][T10178] pim6reg1: entered allmulticast mode
[  164.856030][T10183] loop0: detected capacity change from 0 to 512
[  164.862740][T10183] EXT4-fs: Ignoring removed nomblk_io_submit option
[  164.869421][T10183] EXT4-fs: Ignoring removed mblk_io_submit option
[  164.877467][T10183] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  164.886311][T10183] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  164.895351][T10183] EXT4-fs (loop0): 1 truncate cleaned up
[  164.901609][T10183] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.918446][T10183] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  164.936981][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.987350][T10188] netlink: 'syz.2.2479': attribute type 1 has an invalid length.
[  165.000920][T10188] 8021q: adding VLAN 0 to HW filter on device bond1
[  165.016580][T10188] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2479'.
[  165.029696][T10191] futex_wake_op: syz.0.2477 tries to shift op by -1; fix this program
[  165.039986][T10188] bond1 (unregistering): Released all slaves
[  165.077304][T10198] futex_wake_op: syz.0.2482 tries to shift op by -1; fix this program
[  165.078536][T10199] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2483'.
[  165.167727][T10211] netlink: 'syz.0.2489': attribute type 1 has an invalid length.
[  165.192496][T10211] 8021q: adding VLAN 0 to HW filter on device bond1
[  165.207069][T10211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2489'.
[  165.219143][T10211] bond1 (unregistering): Released all slaves
[  165.323720][T10220] loop2: detected capacity change from 0 to 8192
[  165.357761][T10228] futex_wake_op: syz.0.2495 tries to shift op by -1; fix this program
[  165.385011][T10232] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2497'.
[  165.447775][T10244] netlink: 'syz.5.2502': attribute type 1 has an invalid length.
[  165.456262][T10240] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in;
[  165.456262][T10240]    program syz.0.2501 not setting count and/or reply_len properly
[  165.485037][T10244] 8021q: adding VLAN 0 to HW filter on device bond2
[  165.499774][T10244] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2502'.
[  165.513200][T10244] bond2 (unregistering): Released all slaves
[  165.567044][T10255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  165.576381][T10255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  165.623478][T10262] netlink: 'syz.5.2511': attribute type 1 has an invalid length.
[  165.638177][T10262] 8021q: adding VLAN 0 to HW filter on device bond2
[  165.653682][T10262] bond2 (unregistering): Released all slaves
[  165.686334][T10265] ==================================================================
[  165.694437][T10265] BUG: KCSAN: data-race in __perf_event_read_value / perf_event_set_state
[  165.702959][T10265] 
[  165.705274][T10265] write to 0xffff888119aa1628 of 8 bytes by task 10255 on cpu 0:
[  165.712983][T10265]  perf_event_set_state+0x195/0x440
[  165.718193][T10265]  event_sched_in+0xee/0x6f0
[  165.722788][T10265]  merge_sched_in+0x258/0xa60
[  165.727469][T10265]  visit_groups_merge+0x9db/0xfd0
[  165.732497][T10265]  __pmu_ctx_sched_in+0x8a/0xb0
[  165.737351][T10265]  ctx_sched_in+0x325/0x370
[  165.741865][T10265]  __perf_event_task_sched_in+0x660/0xaa0
[  165.747590][T10265]  finish_task_switch+0x21a/0x2b0
[  165.752613][T10265]  __schedule+0x6a2/0xb20
[  165.756951][T10265]  schedule+0x5f/0xd0
[  165.760937][T10265]  futex_wait_queue+0xa8/0x110
[  165.765705][T10265]  __futex_wait+0xb4/0x1b0
[  165.772129][T10265]  futex_wait+0x9d/0x1d0
[  165.776402][T10265]  do_futex+0x2bf/0x380
[  165.780577][T10265]  __se_sys_futex+0x2ed/0x360
[  165.785277][T10265]  __x64_sys_futex+0x78/0x90
[  165.789874][T10265]  x64_sys_call+0x1331/0x2fb0
[  165.794557][T10265]  do_syscall_64+0xd0/0x1a0
[  165.799065][T10265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.804956][T10265] 
[  165.807274][T10265] read to 0xffff888119aa1628 of 8 bytes by task 10265 on cpu 1:
[  165.814908][T10265]  __perf_event_read_value+0x82/0x1d0
[  165.820305][T10265]  perf_read+0x173/0x4d0
[  165.824549][T10265]  loop_rw_iter+0x2c6/0x3f0
[  165.829062][T10265]  __io_read+0xbc2/0xc10
[  165.833311][T10265]  io_read+0x1c/0x60
[  165.837223][T10265]  __io_issue_sqe+0xfe/0x2e0
[  165.841904][T10265]  io_issue_sqe+0x53/0x970
[  165.846420][T10265]  io_wq_submit_work+0x3f7/0x5f0
[  165.851459][T10265]  io_worker_handle_work+0x46a/0x9f0
[  165.856752][T10265]  io_wq_worker+0x22e/0x870
[  165.861262][T10265]  ret_from_fork+0x4b/0x60
[  165.865672][T10265]  ret_from_fork_asm+0x1a/0x30
[  165.870435][T10265] 
[  165.872756][T10265] value changed: 0x00000000069e4b57 -> 0x00000000069ed343
[  165.879865][T10265] 
[  165.882179][T10265] Reported by Kernel Concurrency Sanitizer on:
[  165.888319][T10265] CPU: 1 UID: 0 PID: 10265 Comm: iou-wrk-10255 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(voluntary) 
[  165.901073][T10265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.911234][T10265] ==================================================================