last executing test programs:

2.054052118s ago: executing program 3 (id=895):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x2, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[], 0x78}, 0x1, 0x7}, 0x0)

1.999448858s ago: executing program 3 (id=897):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}], 0x1)

1.962522949s ago: executing program 3 (id=900):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
setpriority(0x2, 0x0, 0x3)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000006000000180100006020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000035000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
sendto$inet(r2, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)

1.938068989s ago: executing program 3 (id=902):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)

1.91689032s ago: executing program 3 (id=904):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x100000000000}, 0x18)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r3, 0x29, 0xc8, &(0x7f0000000000), 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0xfd, 0x7ffc0001}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
syz_read_part_table(0x5f8, &(0x7f0000000bc0)="$eJzs0zGIU3ccB/Bf0jNXBRE7uTVchliXEzJer2BDfBwBcwSLDiK62SGLTh1iAoaKg2eHiOByDpbCGSq0TiKCIOLFQcgkinZREYciuFjFpuTu3XItB4UctPD5wHuP/+//+70vfx4v+F/Lxu/D4TATEcPJDdqGrdE9t778zVJl/1x+fl/9YEQmjkTE9+//+GG0k1kbTN86la6fpevSrYnG+aXk7EJ3+64b+Q8PsrEa0I5YuV72Lx8d5znZHLtP7bmTaQ923qzGlU9jeWZb4/CJXvGLbO/h+9H2n+nn3rJuLD+u/Ouz93ac6ZxMvsxFPEqaz5NX2bdvkgOXFqdzF1r14uu9ad+xcQWu0/h4KHft6t1y58XW0v1qrdb9+cnFQrNyu3N60C88fnfueNr3dKO/CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/4zdp/bc+Twz2HmzGleWv1qe2dY4fKJXLLd6D+d//frH/E9TkVnpm96k/Ouz93ac6ZxMFr6b/fZR0nyevMq+fZMcuLQ4nbvQqhdf7037jv3DbG4M+Y2Ph3LXrt4td15sLd2v1mrdLXGx0Kzc7pwe9AuP3507Hp/9Uq5GPJ0cxWXHkAgAAAAAAAAAAAAAAAAAAAB/V9k/l5/fVz8YkYkjETGzOPdkVB9Ormx/stY3lT6frdajdGuicX4pObvQ3b7rRv7Dg9/Sejsb0Y6Il/3LRzdOnticA/Gv/BUAAP//FI2HuA==")
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb01001800000000000000f8000000f8000000040000001000000000000009010000000300000008000006040000000100cf0007000000070000000500000007000000f9ffffff030000000500000006000000080000000e000000e00f0000050000007f0000000d000000480000001000000000000002000000000a0000000000000e02000000020000000200000005000013080000000d0000000b000000000400000300000081000000f103000007000000ff7f14ea65c7f0aef6af38c5231024d9ff0000090000000100004008000000010000000600000008000000030000000000000002000085070000001000000005000000060000000b00000005000000fdffffff0700000000000008050000000f000000000000090000000000300000"], &(0x7f0000000040)=""/76, 0x114, 0x4c, 0x0, 0xff, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, r5, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0)={0x0, r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0xb, &(0x7f00000006c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x10000, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000069000305000000000000000000000000000000000800010002"], 0x20}}, 0x0)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000400)={0x0, 0xa, 0x8001})
r7 = epoll_create1(0x80000)
epoll_pwait(r7, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0xb339, &(0x7f00000000c0)={[0xe]}, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x2)

1.792819512s ago: executing program 3 (id=909):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$key(0xf, 0x3, 0x2)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@tcp6, 0x1}, 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bf"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
getrusage(0x1, &(0x7f0000000540))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000028000000bca30000000000003403000040feffff720af1ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61144400000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
pipe2$9p(0x0, 0x0)
r4 = dup(0xffffffffffffffff)
getresuid(0x0, &(0x7f0000000480), &(0x7f00000004c0)=<r5=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access=', @ANYRESDEC=r5])

919.598726ms ago: executing program 1 (id=940):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x69, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'geneve1\x00'}}]}]}, 0x28}}, 0x0)
sendmsg$TIPC_NL_MON_GET(r1, &(0x7f00000007c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x8005)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0xffffffffffffffde, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="84010000210001000000000000000000fc020000000000000000000000000000fe80000000000000000000000000003500000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000034011100ac14140c000000000000000000000000fc000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aaff0000000200000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ff020000000000000000000000000001ff020000003500000a000800ac1414bb000000000000000000000000fc02000000000000000000000000000064010102000000000000000000000000fe8000000000000000000000000000323c00"], 0x184}}, 0x0)

879.070976ms ago: executing program 1 (id=943):
r0 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e24, 0x8, @remote, 0x3}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x7d9b, &(0x7f00000008c0)={0x0, 0x92b2, 0x10100, 0xfffffffe, 0x21a}, &(0x7f0000000980)=<r4=>0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000240)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x14a8}})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)

824.085347ms ago: executing program 1 (id=947):
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x200800, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x200800, 0x0)
r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
keyctl$reject(0x13, r0, 0xfffffffffffffffc, 0x7, r1)
openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async)
r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=@gettaction={0x148, 0x32, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x6d0a}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x6}, @action_gd=@TCA_ACT_TAB={0x78, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x31}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10001}}, {0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x1}, @action_gd=@TCA_ACT_TAB={0x7c, 0x1, [{0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x63}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x24048000}, 0x4)
keyctl$assume_authority(0x10, r1)
keyctl$KEYCTL_MOVE(0x1e, r2, r1, r0, 0x1) (async)
keyctl$KEYCTL_MOVE(0x1e, r2, r1, r0, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(r3, &(0x7f0000000440)={0xa, 0x4e21, 0x38, @loopback, 0x100}, 0x1c)
semget$private(0x0, 0x2, 0x215)
request_key(&(0x7f0000000480)='user\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)='xt\x00', r2)
write(r4, &(0x7f0000000540)="9c566753787d1addd69390f9ed2233f8ef052a07ce4962d4af4bbbf1a62741f757879d59389b04191b56af69d41026a12c60081f06ffcde9a755de4cbd1e1b55322429fdefc7656c0791e3907d57962136e79552f147ca", 0x57)
r5 = accept$unix(r4, &(0x7f00000005c0)=@abs, &(0x7f0000000640)=0x6e)
recvmsg$unix(r5, &(0x7f00000008c0)={&(0x7f0000000680), 0x6e, &(0x7f0000000780)=[{&(0x7f0000000700)=""/86, 0x56}], 0x1, &(0x7f00000007c0)=[@rights={{0x20, 0x1, 0x1, [<r6=>0xffffffffffffffff, 0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r8=>0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, <r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r12=>0xffffffffffffffff]}}], 0xd8}, 0x2)
accept4(r9, &(0x7f0000000900)=@nl, &(0x7f0000000980)=0x80, 0x80800) (async)
r13 = accept4(r9, &(0x7f0000000900)=@nl, &(0x7f0000000980)=0x80, 0x80800)
r14 = dup2(r7, r13)
write$binfmt_elf32(r14, &(0x7f00000009c0)={{0x7f, 0x45, 0x4c, 0x46, 0xf9, 0x2, 0x5, 0xad, 0x5, 0x2, 0x3, 0xffffffff, 0x335, 0x38, 0x2b8, 0x10000, 0x9, 0x20, 0x2, 0x8000, 0x101, 0x400}, [{0x7, 0x1, 0x8, 0xd5, 0x2a, 0x400, 0x81, 0xa1}, {0x6, 0x1, 0x0, 0x1, 0xb, 0xe69, 0x7, 0x1}], "c8e7bee8d23fc6945a827ca8bf53efe6193366b4e66f483491bdc91c72226397a5d86498e5", ['\x00']}, 0x19d)
preadv2(r10, &(0x7f0000001dc0)=[{&(0x7f0000000b80)=""/167, 0xa7}, {&(0x7f0000000c40)=""/232, 0xe8}, {&(0x7f0000000d40)=""/4096, 0x1000}, {&(0x7f0000001d40)=""/99, 0x63}], 0x4, 0x7, 0x4, 0x10) (async)
preadv2(r10, &(0x7f0000001dc0)=[{&(0x7f0000000b80)=""/167, 0xa7}, {&(0x7f0000000c40)=""/232, 0xe8}, {&(0x7f0000000d40)=""/4096, 0x1000}, {&(0x7f0000001d40)=""/99, 0x63}], 0x4, 0x7, 0x4, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001e40)={&(0x7f0000001e00)='inet_sock_set_state\x00', r12, 0x0, 0x7}, 0x18)
preadv(r6, &(0x7f0000002080)=[{&(0x7f0000001e80)=""/191, 0xbf}, {&(0x7f0000001f40)}, {&(0x7f0000001f80)}, {&(0x7f0000001fc0)=""/92, 0x5c}, {&(0x7f0000002040)=""/2, 0x2}], 0x5, 0x5, 0x6) (async)
preadv(r6, &(0x7f0000002080)=[{&(0x7f0000001e80)=""/191, 0xbf}, {&(0x7f0000001f40)}, {&(0x7f0000001f80)}, {&(0x7f0000001fc0)=""/92, 0x5c}, {&(0x7f0000002040)=""/2, 0x2}], 0x5, 0x5, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000002100)='afs_notify_call\x00', r11, 0x0, 0x6}, 0x18)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000002440)={&(0x7f0000002180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000002400)={&(0x7f00000021c0)={0x228, 0x17, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK={0x5c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'dummy0\x00'}, {0x14, 0x1, 'veth0_to_batadv\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8000}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x170, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x100}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'pimreg\x00'}, {0x14, 0x1, 'pim6reg0\x00'}, {0x14, 0x1, 'veth0_to_bond\x00'}, {0x14, 0x1, 'gre0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'batadv0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0xa4, 0x3, 0x0, 0x1, [{0x14, 0x1, 'netpci0\x00'}, {0x14, 0x1, 'syzkaller1\x00'}, {0x14}, {0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'veth1_virt_wifi\x00'}, {0x14, 0x1, 'ipvlan0\x00'}, {0x14, 0x1, 'veth0_macvtap\x00'}, {0x14, 0x1, 'bond_slave_0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xffffffff}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x228}, 0x1, 0x0, 0x0, 0x4000080}, 0x8080)
getsockopt$inet6_mreq(r9, 0x29, 0x14, &(0x7f0000002480)={@private0}, &(0x7f00000024c0)=0x14) (async)
getsockopt$inet6_mreq(r9, 0x29, 0x14, &(0x7f0000002480)={@private0, <r15=>0x0}, &(0x7f00000024c0)=0x14)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000025c0)={r11, r15, 0x25, 0x1, @val=@uprobe_multi={&(0x7f0000002500)='./file0\x00', &(0x7f0000002540)=[0x5dc, 0x8, 0x0, 0x4, 0x80000001, 0x56, 0x0, 0xfffffffffffffaa5], &(0x7f0000002580)=[0x1, 0x0, 0x5, 0x1, 0x2, 0x3], 0x1, 0x8, 0x1, r8}}, 0x40) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000025c0)={r11, r15, 0x25, 0x1, @val=@uprobe_multi={&(0x7f0000002500)='./file0\x00', &(0x7f0000002540)=[0x5dc, 0x8, 0x0, 0x4, 0x80000001, 0x56, 0x0, 0xfffffffffffffaa5], &(0x7f0000002580)=[0x1, 0x0, 0x5, 0x1, 0x2, 0x3], 0x1, 0x8, 0x1, r8}}, 0x40)
request_key(&(0x7f0000002600)='id_legacy\x00', &(0x7f0000002640)={'syz', 0x0}, &(0x7f0000002680)='skbedit\x00', r0)

538.729862ms ago: executing program 1 (id=950):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x178}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000007c0), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x40000000000009, 0x87}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xf4369000)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000000)='./file0\x00', 0x1018000, &(0x7f0000000b00)=ANY=[@ANYRESDEC=r1, @ANYRES16, @ANYRES16=0x0, @ANYRESOCT, @ANYRES32, @ANYBLOB="6f1c66985f"], 0x1, 0x2ee, &(0x7f00000006c0)="$eJzs3M9PE1sUwPHTH5S2BMri5b28l7xwoxvdTKC6VhoDibGJBKnxR2IywFSbji2ZaTA1RnTl1vhHuCAs2ZEo/wAbd7px446NiQtZGMd0OkNpGUBKaRG+n4TMYe49nXtnBnLuhGHzzuvHxbyt5fWKhONKQiIiWyLDEhZfyNuG3TgmO72QiwPfPv5/6+69G5lsdmJaqcnMzKW0Umpo5N2TZwmv21q/bAw/2Pya/rLx98a/mz9nHhVsVbBVqVxRupotf67os6ah5gt2UVNqyjR021CFkm1Y9fZyvT1vlhcWqkovzQ8mFyzDtpVeqqqiUVWVsqpYVRV5qBdKStM0NZgUHCS3PD2tZ9pMnuvwYHBMLCujR0Qksaslt9yTAQEAgJ5qrf/DojpZ/6+cW68M3F4d8ur/tVhQ/X/5U/2zmur/uIgE1v/+8QPrf/1w9f/uiuhsOVL9j5NhJLZrV6gR1hqtjJ70fn5dL++vjLoB9T8AAAAAAAAAAAAAAAAAAAAAAH+CLcdJOY6T8rf+V7+IxEXE/z4gNSIiV3swZHTQEa4/ToHGi3vRIRHz1WJuMVffeh3WRcQUQ0YlJT/c+8FTi/03j1TNsLw3l7z8pcVcxG3J5KXg5o9Jqk9a8x1n8np2YkzVNef3SXJnflpS8ldwfjowPyYXzu/I1yQlH+akLKbMu+No5D8fU+razWxLfsLtBwAAAADAaaCpbYHrd03bq72ev72+bn0+EGmsr0cD1+dR+S/a27kDAAAAAHBW2NWnRd00DWufICEH92k/iB7TJ/sz/N0s/28Zjm+m+wT+wZua4t7Ojp+W0CFOyx5BWNrJGqnNRh11Fv5jo736yNR4965g0zD+efP2e+cOcWU1fsBM2w8i+98AfV37BQQAAACgaxpFv79nvLcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDOrGv0nr9RwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JXAAAA//+qDgR1")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
pread64(r3, &(0x7f000001a240)=""/102386, 0x18ff2, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
fdatasync(r2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = fcntl$getown(r1, 0x9)
waitid(0x2, r5, &(0x7f0000000340), 0x80000000, &(0x7f0000000500))
mlock2(&(0x7f0000004000/0x4000)=nil, 0x40ef, 0x0)
mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x80000000000)

538.209792ms ago: executing program 0 (id=951):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x100000000000}, 0x18)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r3, 0x29, 0xc8, &(0x7f0000000000), 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0xfd, 0x7ffc0001}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
syz_read_part_table(0x5f8, &(0x7f0000000bc0)="$eJzs0zGIU3ccB/Bf0jNXBRE7uTVchliXEzJer2BDfBwBcwSLDiK62SGLTh1iAoaKg2eHiOByDpbCGSq0TiKCIOLFQcgkinZREYciuFjFpuTu3XItB4UctPD5wHuP/+//+70vfx4v+F/Lxu/D4TATEcPJDdqGrdE9t778zVJl/1x+fl/9YEQmjkTE9+//+GG0k1kbTN86la6fpevSrYnG+aXk7EJ3+64b+Q8PsrEa0I5YuV72Lx8d5znZHLtP7bmTaQ923qzGlU9jeWZb4/CJXvGLbO/h+9H2n+nn3rJuLD+u/Ouz93ac6ZxMvsxFPEqaz5NX2bdvkgOXFqdzF1r14uu9ad+xcQWu0/h4KHft6t1y58XW0v1qrdb9+cnFQrNyu3N60C88fnfueNr3dKO/CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/4zdp/bc+Twz2HmzGleWv1qe2dY4fKJXLLd6D+d//frH/E9TkVnpm96k/Ouz93ac6ZxMFr6b/fZR0nyevMq+fZMcuLQ4nbvQqhdf7037jv3DbG4M+Y2Ph3LXrt4td15sLd2v1mrdLXGx0Kzc7pwe9AuP3507Hp/9Uq5GPJ0cxWXHkAgAAAAAAAAAAAAAAAAAAAB/V9k/l5/fVz8YkYkjETGzOPdkVB9Ormx/stY3lT6frdajdGuicX4pObvQ3b7rRv7Dg9/Sejsb0Y6Il/3LRzdOnticA/Gv/BUAAP//FI2HuA==")
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb01001800000000000000f8000000f8000000040000001000000000000009010000000300000008000006040000000100cf0007000000070000000500000007000000f9ffffff030000000500000006000000080000000e000000e00f0000050000007f0000000d000000480000001000000000000002000000000a0000000000000e02000000020000000200000005000013080000000d0000000b000000000400000300000081000000f103000007000000ff7f14ea65c7f0aef6af38c5231024d9ff0000090000000100004008000000010000000600000008000000030000000000000002000085070000001000000005000000060000000b00000005000000fdffffff0700000000000008050000000f000000000000090000000000300000"], &(0x7f0000000040)=""/76, 0x114, 0x4c, 0x0, 0xff, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, r5, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0)={0x0, r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0xb, &(0x7f00000006c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x10000, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000069000305000000000000000000000000000000000800010002"], 0x20}}, 0x0)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000400)={0x0, 0xa, 0x8001})
r7 = epoll_create1(0x80000)
epoll_pwait(r7, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0xb339, &(0x7f00000000c0)={[0xe]}, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x2)

537.903282ms ago: executing program 2 (id=952):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}], 0x1)

457.457743ms ago: executing program 2 (id=956):
bpf$PROG_LOAD(0x2, 0x0, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x1000000000000}, 0x18)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xffffffff, @loopback, 0x3}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7fbf, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x2, 0x80000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x1b}, 0x8000, 0xffffffff, 0x0, 0x8, 0x0, 0x7, 0xfff9, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x9}}}, 0x24}}, 0x0)

408.694204ms ago: executing program 2 (id=959):
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000080000018110000", @ANYRES8=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c00024000000000000000000c0001400000000000000003"], 0x118}}, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0x17, &(0x7f0000000080)=0x1000, 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x28, r10, 0x1, 0x9, 0x800000, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2=0x7f000001}]}]}, 0x28}}, 0x34020840)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r8, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf250b0000000800040005000000b460d8a504a67388f43d442a6ab7fc559e1d6eb88539c5520679381037fc2d35567206ea6a77c4fd43c17e157d93106dfcafcfd9295b583bc9e08a4ea93ae50ba29a9e728c79"], 0x1c}, 0x1, 0x0, 0x0, 0x80851}, 0x4080)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")

366.229504ms ago: executing program 2 (id=960):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1822000000000000b32000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fcae68da850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
mlock2(&(0x7f00003ee000/0x4000)=nil, 0x4000, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000002c0), 0x5}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x28, r5, 0xc4fc9e906872338b, 0x20, 0x2000, {{0x15}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc}}}}}, 0x28}}, 0x0)

329.277315ms ago: executing program 2 (id=962):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x6000)

327.558095ms ago: executing program 0 (id=963):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x8)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x40045304, &(0x7f0000000040))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x48, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r4, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000580)="89", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="bc", 0x1}], 0x1}}], 0x2, 0x0)
close(r4)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0x5, 0x3, 0x2, {0x0, 0x3}, 0x4, 0x3})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000063017e00a021e6be9500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = perf_event_open(&(0x7f0000000380)={0x82ad1563e7a68582, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8412, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0, 0xc}, 0x140, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x661}, 0x0, 0x3, 0xffffffffffffffff, 0x8)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r5, 0x0)
remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x1)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x8) (async)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x40045304, &(0x7f0000000040)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) (async)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x48, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) (async)
socket$kcm(0x29, 0x2, 0x0) (async)
sendmmsg$inet(r4, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000580)="89", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="bc", 0x1}], 0x1}}], 0x2, 0x0) (async)
close(r4) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0x5, 0x3, 0x2, {0x0, 0x3}, 0x4, 0x3}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000063017e00a021e6be9500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
perf_event_open(&(0x7f0000000380)={0x82ad1563e7a68582, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8412, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0, 0xc}, 0x140, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x661}, 0x0, 0x3, 0xffffffffffffffff, 0x8) (async)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r5, 0x0) (async)
remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x1) (async)

243.236126ms ago: executing program 0 (id=964):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ec0)=ANY=[@ANYRES64=r0], 0xd4}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000014001a80100004800c0001"], 0x34}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000280)={'vxcan0\x00'})
rt_sigaction(0x1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x8205, &(0x7f0000000480)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@data_err_abort}, {@minixdf}, {@errors_remount}, {@abort}, {@noblock_validity}, {@barrier}, {@journal_dev={'journal_dev', 0x3d, 0xf35}}]}, 0x1, 0x618, &(0x7f0000000640)="$eJzs3c9rG9kdAPDvjGzXTtw6KSU0oaWGHhIo8Y80NG1PSS7NIdBAcyilh5jYTk3kxMQONGmgDvTQQgul9FpKLv0Hei+h195Koe1tzwvZZfGyh90lWmakSbSWZCteS6N4Ph8Y5c2bkd77avQy7438NAFU1mz2kEacjohbScRM27bptn2yZeeDJ7ezJYlG4yfvJ5G08or9X7b+PZ49JBGTEfHvqxFfrXWWu/no8d2leqPp1xHzW+sb85uPHp9fW1+6s3Jn5d7ihe9fvLTwg8WLi4cSZxHXtes//sYffvOL763+p34+ictxc/xXy7ErjsMyG7PxshVie/5YRFzKEl3el7dNEUJScj04mFrr8zgeEadiJmr5WtNMrP2+1MoBA9WoRTSAikq0f6iooh9QjO0HMQ4eZS+uNAdAnfGPNa+NxGQ+Njq2k7SNjJrj3ROHUH5WxqdPzvwlW6LHdYixQyinl+2nEfH1bvEned1O5FdxsvjTSNuel6UXImKi9V70N/4f78iZ3bU+7M/fm8Tffhyy+C+3/s3yrx6w/LLjB6Canl9pnci3s7XX57+sZ1j0f6JL/2e6y7nrIMo+//Xu/xXn+8n8Gnm6qx+W9XdudH/Jjk7OO7+79qde5bf3/7IlK7/oCw7Di6cRZ3bF/9u8o5e8Ov5Jl+Of7XKrzzJ+9N/3rvXaVnb8jWcRZ7uOf173aLPU/Nb6RpG36/vJ+dW1+spC87FrGf/418//1qv8suPPjn/0GP/tdfyzvI0+y/j7jWfrvbZN7xt/+u5EcjNPTbRyfrm0tfVgMWIiud7apS3/wt51KfYpXiOL/9y3u7f/bvG3isoP9Pbn3o3eNn56d6fXfn0f/86hU+ZlY+9w95XFv9zj87/f8f9jn2V89LOH39yVNVUk9op/qvOlku03jhAAAAAAAACqI82/g03SuVfpNJ2ba87h/VocS+v3N7e+s3r/4b3liHP530OOp8U33TPN9SRbX2z9PWyxfmHX+ncj4mRE/Lk2la/P3b5fXy47eAAAAAAAAAAAAAAAAAAAABgRx1vz/4v7VH9Ya87/78vWqQHXDhi4Qd5gDhht2j9UV97+07JrAZTB+R+qS/uH6tL+obq0f6gu7R+qS/uH6tL+obq0fwAAAAA4kk5+6/n/k4jY/uFUvmQmWtvGS60ZMGhv3sZnB1IPYPhqQ30aMEpeffVv+j9UTl/9/49bPw44+OoAJUi6Zeadg8bejf9512cCAAAAAAAAAAAAAANw9rT5/1BVafyz7CoAJemcyH96p8+Jfn4DAN5yfvofqusLjfFdIIAjYb9Z/JO9Npj/DwAAAAAAAAAAAABDM50vSTrXugXodKTp3FzElyPiRIwnq2v1lYWI+EpE/K82/qVsfbHsSgMAAAAAAAAAAAAAAAAAAMARs/no8d2len3lQXvik46co50o7oI6KvVpT0Qy/EKnImIUYh9MYqwtJ4nYzo78SFTswWaMRDXSvBol/8cEAAAAAAAAAAAAAAAAAAAV1Db3uLszfx1yjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg+F7f///giWSf1yk7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fRZAAAA//92ijw7")
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r7 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r7, 0x0)
write$selinux_load(r6, &(0x7f0000000000)=ANY=[], 0x2000)
r8 = syz_io_uring_setup(0x6372, &(0x7f0000000c00)={0x0, 0x9512, 0x400, 0x0, 0x74}, &(0x7f0000000c80), &(0x7f0000000cc0))
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r9, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1e000000729c5001040000000800000000280100", @ANYRES32=r7, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000000000002000000ffffffffffffffff00000000", @ANYRES32, @ANYBLOB="6f562487ef3228be060d28a8e5e49e1d21fbdd1f73534e0adb9e76ce4b8614592156bb3a1e9a5b4c662b8ef9274356b13fd613b8bd64ca54f9f939f89dcf92065c0a10d78d6bd0224911ffbd98cf865fa0b8ef45"], 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r12 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r11}, 0x10)
symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00')
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r8, 0x13, &(0x7f0000000d00)=[0x2], 0x2)
syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, r12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r13}, 0x10)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0)

242.951676ms ago: executing program 2 (id=965):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000070000100000000080000000000000000", @ANYRES32=r2, @ANYBLOB="100001"], 0x28}}, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$P9_RGETLOCK(r3, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(r3, 0x407, 0x7f)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="e8000000090605000000000000000000010000010500010007000000050001000700000034000780060005404e2100000a001100ffffffffffff000008000b40000000870c0019400000000000000fff05000700240000000900020073797a320000000008000940000090eb0800094000000008540008801c0007801800148014000240fc0200000000000000000000000000000c00078008000a40000000080c00078007001a00275e0000100007800c0014800800014064010101ac5e89f0050003001e00000020000780050007000800000013001a006272696467655f736c6176655f310000"], 0xe8}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bind$netlink(r3, &(0x7f0000000480)={0x10, 0x0, 0x25dfdbfb, 0x50}, 0xc)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000000))

206.260777ms ago: executing program 0 (id=967):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52, &(0x7f0000000080)={0x0, 0x8b48, 0x50, 0x0, 0x2f3}, &(0x7f0000ff0000), 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x418, 0x210, 0x940c, 0x3002, 0x0, 0x2c0, 0x348, 0x3d8, 0x3d8, 0x348, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x6}}, @common=@inet=@recent0={{0xf8}, {0x0, 0xc58, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x10, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x478)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x100000, 0x0, 0x0, 0x3, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMODE(r3, 0x4bfa, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000300)={'veth1_to_bridge\x00', @local})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x9135}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x1e63e3fd40685bf2, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x2000000, 0x0, 'queue1\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r7 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r7, 0x0, 0xc, 0x0, &(0x7f0000000180))
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

148.615928ms ago: executing program 4 (id=969):
bpf$PROG_LOAD(0x2, 0x0, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x1000000000000}, 0x18)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xffffffff, @loopback, 0x3}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7fbf, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x2, 0x80000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x1b}, 0x8000, 0xffffffff, 0x0, 0x8, 0x0, 0x7, 0xfff9, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x9}}}, 0x24}}, 0x0)

148.004608ms ago: executing program 4 (id=970):
r0 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
ftruncate(r0, 0x2007ffb)

128.727358ms ago: executing program 1 (id=971):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={r0, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x8, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0x1b, &(0x7f0000000700)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000780), &(0x7f00000007c0), 0x8, 0xdd, 0x8, 0x8, &(0x7f0000000800)}}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000a00)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000980), &(0x7f00000009c0)='%pS    \x00'}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$kcm(0xa, 0x2, 0x73)
r5 = geteuid()
quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, r5, &(0x7f0000000040))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0xc3c, <r7=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095", @ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8=r4, @ANYRESOCT=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000a40)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xf, 0x5, &(0x7f0000000480)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x6}, @alu={0x7, 0x1, 0x5, 0x4, 0x2, 0x1, 0xffffffffffffffff}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf}], &(0x7f00000004c0)='syzkaller\x00', 0xfffffffd, 0x56, &(0x7f0000000500)=""/86, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0x1, 0x3, 0xb}, 0x10, r1, r0, 0x0, &(0x7f0000000ac0)=[0x1, r2, r3, r6, r8, r9], 0x0, 0x10, 0x5, @void, @value}, 0x94)
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x810)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r10 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r10, &(0x7f00000025c0)=[{&(0x7f0000000380)='4', 0x1}], 0x1)

125.550458ms ago: executing program 0 (id=972):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002600)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, 0x0, &(0x7f00000001c0))

94.070938ms ago: executing program 4 (id=973):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1822000000000000b32000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fcae68da850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
mlock2(&(0x7f00003ee000/0x4000)=nil, 0x4000, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000002c0), 0x5}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x28, r5, 0xc4fc9e906872338b, 0x20, 0x2000, {{0x15}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc}}}}}, 0x28}}, 0x0)

91.098488ms ago: executing program 0 (id=974):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mknod$loop(0x0, 0x80, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x3004000, &(0x7f0000000380)={[], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@seclabel}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@fsmagic={'fsmagic', 0x3d, 0x5}}]}, 0x4, 0x790, &(0x7f0000001740)="$eJzs3c9rHFUcAPDvTHaT/k4qClZRAx5aEPPLgj9QaMGjiKCevDQkaSnd/qCJYEOEFrEnjwXBiwiCF2+KF0FKT4p46UX6H0ilSBBaxUNkprPJttlNds1upnU/H5jkvXm7+95k+c6bHy/zAuhbo9mPNOJARFxMIoaL9UlEVPNUJeLI3dfdWV6a+Wt5aSaJlZW3/0jy19xeXpqJhvdkdhdv2xER168l8cjA+nrnLyyemq7V5s4X+fGF0+fG5y8sPn/y9PSJuRNzZ6ampl6eOjz54sRU17b1o6d+/uafy29+/Om+G1d+v/7dviSOxJ6irHE7umU0Rlf/Jo0qEfF6tysryUCxPWnDuqRSYoPoSNrwHT4ewzEQa1/ecFz7ttTGAQA9sZItAECfSfT/ANBn6tcBbi8vzdSXcq9IANvl1tHIb9RncX+nWO6WVOJI/ntHPg5g159JNN7WTepjB7Yo+4yv36t+ni3Ro/vwQHMXL+U3/pv0/0ke/yP5KJ718T8QUewftub+fYj4h+2zlfh/qwv1i38AAAAAAADonqtHI+KlZvf/0tXxP9Hk/t9QREx0of7N7/+lN7tQDdDEraMRrxbP9rl3/N/qE11GBorc3oh4LKrJ8ZO1uSz290XEoagOZfnJ5h+f7zLevTz5Q6v6G8f/ZUtWf30sYNGOm5Whe98zO70wvdXtBiJuXYp4otIs/pPV/j9pMf73WJt1fL/01dOtyjaPf6BXVr6IONi0/197cl2y8fP5xvPjgfH6UcF6i8de+7BV/W3F/9q/KQFdlPX/uzaO/5Gk8Xmd853X8cntic9alf3X4//B5J38qaKDxboPphcWzk9GDCZvrF/fvUeIwkOtHg/1eMni/9Czzc//Nzr+r0bEuTbr/PLH6q+tykbzSHX8D2XI4n+2o/6/88TfvzzZclfRXv9/OO/TDxVrXP+DjbUboGW3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuimNiD2RpGOr6TQdG4vYHRGPxq60dnZ+4bnjZ98/M5uVRYxENT1+sjY3ERHDd/NJlp/M02v5qfvyL0TE/oi4MrQzz4/NnK3Nlr3xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDY3WL+/8xvQ2W3DgDomR1lNwAA2Hb6fwDoP/p/AOg/Hff/P+3tTUMAgG3j/B8A+o/+HwAAAAAAAAAAAAAAAAAAAAAAAAB6av8zV28kEXHxlZ35khksyqqltgzotbTsBgClGSi7AUBpKu28KElWzwmA/w/n+ECySXnrKUJcQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoH8cPNDu/P9tzRQKPETM3gf9y/z/0L8c1UP/Mv8/YP5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY3PyFxVPTtdrceYluJyoPRjMehMRQRDwAzZDoIFH2ngkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfBvwEAAP//snoPXw==")
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
pipe(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f00000002c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_script(r4, 0x0, 0xcc10dcf2a0e042ab)
splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000980), 0xfdef)
splice(0xffffffffffffffff, 0x0, r4, 0x0, 0x80, 0x7)
timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000040)={0x2, 0x3, 0x0, 'queue1\x00'})
recvmmsg(0xffffffffffffffff, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0x17}, @empty, 0xffffffffffffffff, "246717e1db80a6f60c82a68d7cb18eceaf6d2be4f62e196f71f153ee47a665c9", 0x7, 0x6, 0x7fff, 0x774f}, 0x3c)
modify_ldt$write(0x1, &(0x7f0000000200)={0x806, 0xffffffffffffffff}, 0x10)
add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f00000007c0)={'fscrypt:', @desc2}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441700322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6de6269613800", 0x1}, 0x48, 0xfffffffffffffffb)

72.001469ms ago: executing program 1 (id=975):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x1, 0x500, &(0x7f0000000a00)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x4, 0x4007fe2, 0x10000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r3}, 0x10)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x14, 0x4, 0x4, 0xffffffff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
truncate(&(0x7f0000000000)='./file1\x00', 0x1104)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0x8004587d, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe, 0xe})

15.37417ms ago: executing program 4 (id=976):
r0 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
ftruncate(r0, 0x2007ffb) (fail_nth: 3)

15.02841ms ago: executing program 4 (id=977):
r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f00000000c0), 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
ioctl$FICLONERANGE(r6, 0x4020940d, &(0x7f0000000340)={{r0}, 0x9, 0x80, 0x8})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r7 = io_uring_setup(0x34ba, &(0x7f0000000280)={0x0, 0xf25c, 0x400, 0x0, 0x35f})
r8 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_int(r8, 0x1, 0xe, 0x0, 0x0)
r9 = syz_io_uring_setup(0x2d64, &(0x7f0000000100)={0x0, 0x100577, 0x100, 0x0, 0x42, 0x0, r7}, &(0x7f0000000300), &(0x7f0000011000))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r9, 0x2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r9, 0xe, &(0x7f0000001680)={0x3, 0x0, &(0x7f0000000500)=[{0x0}], 0x0, 0x1}, 0x20)
r10 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r11 = open(0x0, 0x185102, 0x0)
sendfile(r10, r11, 0x0, 0x1000000201005)
lseek(0xffffffffffffffff, 0x2, 0x4)

0s ago: executing program 4 (id=978):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x4000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) (async)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) (async)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x80400, 0x0)
pread64(r0, &(0x7f0000000240)=""/255, 0xff, 0x1000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, &(0x7f0000000080)=""/157, 0x9d}, &(0x7f0000000180)=0x46) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0xffffffffffffffd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='mm_page_free\x00', r4}, 0x18)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

mode
[   31.639344][ T3300] veth0_macvtap: entered promiscuous mode
[   31.657357][ T3300] veth1_macvtap: entered promiscuous mode
[   31.673605][ T3306] veth1_vlan: entered promiscuous mode
[   31.684980][ T3301] veth0_vlan: entered promiscuous mode
[   31.699470][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.713979][ T3301] veth1_vlan: entered promiscuous mode
[   31.727879][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.746184][ T3301] veth0_macvtap: entered promiscuous mode
[   31.758991][ T3300] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.767810][ T3300] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.776614][ T3300] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.785379][ T3300] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.802140][ T3301] veth1_macvtap: entered promiscuous mode
[   31.816222][ T3306] veth0_macvtap: entered promiscuous mode
[   31.827484][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.838030][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.849202][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.860791][ T3306] veth1_macvtap: entered promiscuous mode
[   31.870111][ T3310] veth0_vlan: entered promiscuous mode
[   31.886241][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.897017][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.907664][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.917448][ T3301] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.926340][ T3301] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.935168][ T3301] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.943954][ T3301] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.954460][ T3310] veth1_vlan: entered promiscuous mode
[   31.961623][ T3306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.972157][ T3306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.982109][ T3306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.992584][ T3306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.003100][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.017238][ T3308] veth0_vlan: entered promiscuous mode
[   32.025616][ T3308] veth1_vlan: entered promiscuous mode
[   32.038065][ T3306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.048640][ T3306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.058496][ T3306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.069044][ T3306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.079809][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.089398][   T29] kauditd_printk_skb: 18 callbacks suppressed
[   32.089412][   T29] audit: type=1400 audit(1743280709.146:110): avc:  denied  { mounton } for  pid=3300 comm="syz-executor" path="/root/syzkaller.tjpaAx/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   32.092202][ T3306] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.111150][   T29] audit: type=1400 audit(1743280709.146:111): avc:  denied  { mount } for  pid=3300 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   32.119830][ T3306] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.128454][   T29] audit: type=1400 audit(1743280709.146:112): avc:  denied  { mounton } for  pid=3300 comm="syz-executor" path="/root/syzkaller.tjpaAx/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   32.150435][ T3306] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.159472][   T29] audit: type=1400 audit(1743280709.146:113): avc:  denied  { mount } for  pid=3300 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   32.184662][ T3306] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.225756][   T29] audit: type=1400 audit(1743280709.266:114): avc:  denied  { mounton } for  pid=3300 comm="syz-executor" path="/root/syzkaller.tjpaAx/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   32.243743][ T3310] veth0_macvtap: entered promiscuous mode
[   32.252598][   T29] audit: type=1400 audit(1743280709.266:115): avc:  denied  { mounton } for  pid=3300 comm="syz-executor" path="/root/syzkaller.tjpaAx/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3552 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   32.261836][ T3310] veth1_macvtap: entered promiscuous mode
[   32.285576][   T29] audit: type=1400 audit(1743280709.266:116): avc:  denied  { unmount } for  pid=3300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   32.311059][   T29] audit: type=1400 audit(1743280709.286:117): avc:  denied  { mounton } for  pid=3300 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   32.333912][   T29] audit: type=1400 audit(1743280709.286:118): avc:  denied  { mount } for  pid=3300 comm="syz-executor" name="/" dev="gadgetfs" ino=3553 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   32.359425][ T3300] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   32.363535][ T3308] veth0_macvtap: entered promiscuous mode
[   32.394435][ T3308] veth1_macvtap: entered promiscuous mode
[   32.400462][   T29] audit: type=1400 audit(1743280709.456:119): avc:  denied  { read write } for  pid=3300 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   32.436093][    C1] hrtimer: interrupt took 35332 ns
[   32.445170][ T3310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.455859][ T3310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.465734][ T3310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.476201][ T3310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.486055][ T3310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.496522][ T3310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.507324][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.518579][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.529067][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.538985][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.549533][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.559471][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.570054][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.580114][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.590592][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.609826][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.655405][ T3310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.665909][ T3310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.675760][ T3310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.686304][ T3310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.696172][ T3310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.706630][ T3310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.717248][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.727736][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.738253][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.748172][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.758645][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.768517][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.779026][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.788886][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.799428][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.810715][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.819991][ T3447] loop1: detected capacity change from 0 to 2048
[   32.827491][ T3310] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.836301][ T3310] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.845131][ T3310] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.853996][ T3310] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.854282][ T3447] msdos: Unknown parameter 'ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff'
[   32.880390][ T3308] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.889285][ T3308] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.898131][ T3308] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.906873][ T3308] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   33.005463][ T3459] netlink: 96 bytes leftover after parsing attributes in process `syz.1.8'.
[   33.077436][ T3464] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9'.
[   33.253526][ T3462] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   33.260885][ T3462] IPv6: NLM_F_CREATE should be set when creating new route
[   33.480203][ T3470] loop3: detected capacity change from 0 to 1024
[   33.487311][ T3470] =======================================================
[   33.487311][ T3470] WARNING: The mand mount option has been deprecated and
[   33.487311][ T3470]          and is ignored by this kernel. Remove the mand
[   33.487311][ T3470]          option from the mount to silence this warning.
[   33.487311][ T3470] =======================================================
[   33.522649][ T3470] EXT4-fs: Ignoring removed nobh option
[   33.528235][ T3470] EXT4-fs: Ignoring removed bh option
[   33.561514][ T3466] loop1: detected capacity change from 0 to 1024
[   33.568741][ T3466] EXT4-fs: Ignoring removed nobh option
[   33.574396][ T3466] EXT4-fs: Ignoring removed bh option
[   33.658892][ T3470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.699040][ T3466] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.798385][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.838840][ T3462] bridge0: entered promiscuous mode
[   33.854789][ T3462] macvlan2: entered promiscuous mode
[   33.867210][ T3462] bridge0: port 3(macvlan2) entered blocking state
[   33.874000][ T3462] bridge0: port 3(macvlan2) entered disabled state
[   33.900042][ T3462] macvlan2: entered allmulticast mode
[   33.905634][ T3462] bridge0: entered allmulticast mode
[   33.930875][ T3485] netlink: 'syz.0.13': attribute type 21 has an invalid length.
[   33.967704][ T3488] loop1: detected capacity change from 0 to 2048
[   33.982181][ T3462] macvlan2: left allmulticast mode
[   33.987444][ T3462] bridge0: left allmulticast mode
[   33.995230][ T3462] bridge0: left promiscuous mode
[   34.000986][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.028085][ T3485] netlink: 156 bytes leftover after parsing attributes in process `syz.0.13'.
[   34.037098][ T3485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'.
[   34.062791][ T3490] netlink: 'syz.0.13': attribute type 3 has an invalid length.
[   34.064964][ T3493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16'.
[   34.079659][ T3489] loop2: detected capacity change from 0 to 2048
[   34.096503][ T3495] netlink: 96 bytes leftover after parsing attributes in process `syz.3.15'.
[   34.161442][ T3499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'.
[   34.180321][ T3499] block device autoloading is deprecated and will be removed.
[   34.188813][ T3499] syz.1.18: attempt to access beyond end of device
[   34.188813][ T3499] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   34.286925][ T3506] netlink: 'syz.0.19': attribute type 21 has an invalid length.
[   34.326165][ T3499] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3499 comm=syz.1.18
[   34.410597][ T3510] loop3: detected capacity change from 0 to 1024
[   34.417962][ T3510] EXT4-fs: Ignoring removed nobh option
[   34.423574][ T3510] EXT4-fs: Ignoring removed bh option
[   34.449100][ T3510] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.480182][ T3506] netlink: 156 bytes leftover after parsing attributes in process `syz.0.19'.
[   34.489173][ T3506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.19'.
[   34.547667][ T3514] netlink: 'syz.0.19': attribute type 3 has an invalid length.
[   34.900490][ T3524] loop2: detected capacity change from 0 to 2048
[   35.000377][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.039346][ T3527] loop2: detected capacity change from 0 to 128
[   35.155730][ T3532] loop3: detected capacity change from 0 to 2048
[   35.239546][ T3535] loop2: detected capacity change from 0 to 2048
[   35.288241][ T3537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29'.
[   35.388955][ T3539] loop4: detected capacity change from 0 to 2048
[   35.401004][ T3539] netlink: 'syz.4.30': attribute type 2 has an invalid length.
[   35.408706][ T3539] netlink: 'syz.4.30': attribute type 3 has an invalid length.
[   35.826917][ T3558] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   35.834186][ T3558] IPv6: NLM_F_CREATE should be set when creating new route
[   35.849400][ T3558] bridge0: entered promiscuous mode
[   35.854742][ T3558] macvlan2: entered promiscuous mode
[   35.861761][ T3558] bridge0: port 3(macvlan2) entered blocking state
[   35.868347][ T3558] bridge0: port 3(macvlan2) entered disabled state
[   35.881217][ T3558] macvlan2: entered allmulticast mode
[   35.886806][ T3558] bridge0: entered allmulticast mode
[   35.907142][ T3558] macvlan2: left allmulticast mode
[   35.912372][ T3558] bridge0: left allmulticast mode
[   35.917970][ T3558] bridge0: left promiscuous mode
[   36.482250][ T3569] loop3: detected capacity change from 0 to 1024
[   36.514951][ T3569] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.527270][ T3569] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   37.293972][   T29] kauditd_printk_skb: 527 callbacks suppressed
[   37.293987][   T29] audit: type=1400 audit(1743280714.356:647): avc:  denied  { mounton } for  pid=3588 comm="syz.0.47" path="/7/file0" dev="tmpfs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   37.376572][ T3591] loop1: detected capacity change from 0 to 2048
[   37.390692][ T3594] syz.4.49: attempt to access beyond end of device
[   37.390692][ T3594] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   37.412846][ T3591] msdos: Unknown parameter 'ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff'
[   37.476107][   T29] audit: type=1400 audit(1743280714.406:648): avc:  denied  { create } for  pid=3588 comm=2B7D5B286A05847BC8EAC2AEAE9C2E scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   37.497327][   T29] audit: type=1400 audit(1743280714.406:649): avc:  denied  { connect } for  pid=3588 comm=2B7D5B286A05847BC8EAC2AEAE9C2E scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   37.518697][   T29] audit: type=1400 audit(1743280714.436:650): avc:  denied  { read } for  pid=3588 comm=2B7D5B286A05847BC8EAC2AEAE9C2E name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   37.544893][   T29] audit: type=1400 audit(1743280714.436:651): avc:  denied  { open } for  pid=3588 comm=2B7D5B286A05847BC8EAC2AEAE9C2E path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   37.571244][   T29] audit: type=1400 audit(1743280714.446:652): avc:  denied  { ioctl } for  pid=3588 comm=2B7D5B286A05847BC8EAC2AEAE9C2E path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   38.127859][ T3616] loop4: detected capacity change from 0 to 1024
[   38.134816][ T3616] EXT4-fs: Ignoring removed nobh option
[   38.140464][ T3616] EXT4-fs: Ignoring removed bh option
[   38.167440][ T3616] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.184840][ T3610] __nla_validate_parse: 4 callbacks suppressed
[   38.184853][ T3610] netlink: 16 bytes leftover after parsing attributes in process `syz.1.54'.
[   38.205090][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.286258][   T29] audit: type=1400 audit(1743280715.346:653): avc:  denied  { read } for  pid=3608 comm="syz.1.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   38.427488][ T3621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.59'.
[   38.648422][ T3627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.61'.
[   38.707669][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.775832][ T3633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.63'.
[   38.787137][ T3633] syz.4.63: attempt to access beyond end of device
[   38.787137][ T3633] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   38.803368][ T3621] syz.1.59 (3621) used greatest stack depth: 10480 bytes left
[   38.820208][ T3635] loop3: detected capacity change from 0 to 512
[   38.883075][ T3639] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   38.894944][ T3635] EXT4-fs (loop3): too many log groups per flexible block group
[   38.902853][ T3635] EXT4-fs (loop3): failed to initialize mballoc (-12)
[   38.920548][ T3635] EXT4-fs (loop3): mount failed
[   38.941538][   T29] audit: type=1400 audit(1743280716.006:654): avc:  denied  { write } for  pid=3638 comm="syz.1.66" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   38.989283][ T3639] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.025640][   T29] audit: type=1326 audit(1743280716.086:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3646 comm="syz.0.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67bc29d169 code=0x7ffc0000
[   39.083017][ T3639] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.121322][   T29] audit: type=1326 audit(1743280716.086:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3646 comm="syz.0.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f67bc29d169 code=0x7ffc0000
[   39.183073][ T3639] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.253201][ T3657] loop4: detected capacity change from 0 to 2048
[   39.290823][ T3657] Zero length message leads to an empty skb
[   39.309823][ T3639] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.344072][ T3635] loop3: detected capacity change from 0 to 128
[   39.344422][ T3639] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.350957][ T3635] vfat: Unknown parameter '00000000000000000004ÿÿ'
[   39.393047][ T3639] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.422610][ T3660] netlink: 4 bytes leftover after parsing attributes in process `syz.4.73'.
[   39.431432][ T3639] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.531885][ T3662] netlink: 96 bytes leftover after parsing attributes in process `syz.1.74'.
[   39.793866][ T3680] loop1: detected capacity change from 0 to 1024
[   39.800820][ T3680] EXT4-fs: Ignoring removed nobh option
[   39.806507][ T3680] EXT4-fs: Ignoring removed bh option
[   39.824144][ T3680] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.105146][ T3687] netlink: 'syz.3.81': attribute type 3 has an invalid length.
[   40.403025][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.483998][ T3696] loop2: detected capacity change from 0 to 2048
[   40.598379][ T3701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.86'.
[   40.612361][ T3709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'.
[   40.639861][ T3709] syz.2.89: attempt to access beyond end of device
[   40.639861][ T3709] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   40.658604][ T3711] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.691870][ T3717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.93'.
[   40.703074][ T3711] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.706535][ T3718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3718 comm=syz.2.89
[   40.762741][ T3711] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.816393][ T3711] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.870875][ T3737] loop4: detected capacity change from 0 to 2048
[   40.886787][ T3740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.101'.
[   41.002551][ T3744] loop3: detected capacity change from 0 to 2048
[   41.010333][ T3744] msdos: Unknown parameter 'ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff'
[   41.050973][ T3746] netlink: 'syz.3.104': attribute type 3 has an invalid length.
[   41.083592][ T3740] syz.0.101 (3740) used greatest stack depth: 10416 bytes left
[   41.115993][ T3747] 9pnet_fd: Insufficient options for proto=fd
[   41.180944][ T3761] netlink: 'syz.0.111': attribute type 21 has an invalid length.
[   41.192644][ T3761] netlink: 'syz.0.111': attribute type 3 has an invalid length.
[   41.268813][ T3766] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   41.276137][ T3766] IPv6: NLM_F_CREATE should be set when creating new route
[   41.289454][ T3766] bridge0: entered promiscuous mode
[   41.291961][ T3768] loop3: detected capacity change from 0 to 2048
[   41.294921][ T3766] macvlan0: entered promiscuous mode
[   41.304027][ T3768] msdos: Unknown parameter 'ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff'
[   41.307876][ T3766] bridge0: port 3(macvlan0) entered blocking state
[   41.321880][ T3766] bridge0: port 3(macvlan0) entered disabled state
[   41.328784][ T3766] macvlan0: entered allmulticast mode
[   41.334252][ T3766] bridge0: entered allmulticast mode
[   41.341872][ T3766] macvlan0: left allmulticast mode
[   41.347040][ T3766] bridge0: left allmulticast mode
[   41.352644][ T3766] bridge0: left promiscuous mode
[   41.382469][ T3772] netlink: 'syz.3.116': attribute type 3 has an invalid length.
[   42.115413][ T3801] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.183410][ T3801] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.233894][ T3801] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.284453][ T3801] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.327929][ T3809] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   42.335227][ T3809] IPv6: NLM_F_CREATE should be set when creating new route
[   42.350157][ T3809] bridge0: entered promiscuous mode
[   42.355501][ T3809] macvlan0: entered promiscuous mode
[   42.362130][ T3809] bridge0: port 3(macvlan0) entered blocking state
[   42.368663][ T3809] bridge0: port 3(macvlan0) entered disabled state
[   42.375318][ T3809] macvlan0: entered allmulticast mode
[   42.381128][ T3809] bridge0: entered allmulticast mode
[   42.386877][ T3809] macvlan0: left allmulticast mode
[   42.392111][ T3809] bridge0: left allmulticast mode
[   42.397525][ T3809] bridge0: left promiscuous mode
[   42.410847][ T3801] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.422112][ T3801] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   42.433351][ T3801] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   42.444421][ T3801] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   42.770600][ T3819] syz_tun: entered allmulticast mode
[   42.821848][   T29] kauditd_printk_skb: 298 callbacks suppressed
[   42.821871][   T29] audit: type=1326 audit(1743280719.876:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3820 comm="syz.2.134" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f06c82dd169 code=0x0
[   42.867961][ T3822] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   42.875241][ T3822] IPv6: NLM_F_CREATE should be set when creating new route
[   42.898398][ T3822] bridge0: entered promiscuous mode
[   42.905308][ T3822] macvlan2: entered promiscuous mode
[   42.913468][ T3822] bridge0: port 3(macvlan2) entered blocking state
[   42.920108][ T3822] bridge0: port 3(macvlan2) entered disabled state
[   42.929098][ T3822] macvlan2: entered allmulticast mode
[   42.934683][ T3822] bridge0: entered allmulticast mode
[   42.944195][ T3822] macvlan2: left allmulticast mode
[   42.949435][ T3822] bridge0: left allmulticast mode
[   42.955793][ T3822] bridge0: left promiscuous mode
[   43.133136][ T3828] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.147393][ T3830] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.162922][ T3711] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.173848][ T3828] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.188108][ T3711] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.199258][ T3711] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.210619][ T3711] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.222377][ T3830] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.248692][ T3828] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.295079][ T3830] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.363844][ T3828] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.394622][ T3830] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.406362][ T3839] __nla_validate_parse: 5 callbacks suppressed
[   43.406378][ T3839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.140'.
[   43.459616][ T3828] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.478009][ T3828] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.490274][ T3828] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.506696][ T3843] netlink: 'syz.0.141': attribute type 3 has an invalid length.
[   43.518967][ T3828] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.529117][ T3844] 9pnet_fd: Insufficient options for proto=fd
[   43.530688][ T3830] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.577485][ T3830] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.621831][ T3830] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.631862][ T3848] netlink: 'syz.0.142': attribute type 21 has an invalid length.
[   43.641340][ T3848] netlink: 156 bytes leftover after parsing attributes in process `syz.0.142'.
[   43.650403][ T3848] netlink: 4 bytes leftover after parsing attributes in process `syz.0.142'.
[   43.672088][ T3830] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.704133][ T3848] netlink: 'syz.0.142': attribute type 3 has an invalid length.
[   43.766727][   T29] audit: type=1400 audit(1743280720.826:956): avc:  denied  { ioctl } for  pid=3857 comm="syz.2.148" path="socket:[5556]" dev="sockfs" ino=5556 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   43.793805][ T3858] netlink: 16 bytes leftover after parsing attributes in process `syz.2.148'.
[   43.857430][ T3861] netlink: 16 bytes leftover after parsing attributes in process `syz.3.149'.
[   43.879463][   T29] audit: type=1400 audit(1743280720.936:957): avc:  denied  { write } for  pid=3857 comm="syz.2.148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   43.937560][   T29] audit: type=1400 audit(1743280720.996:958): avc:  denied  { listen } for  pid=3857 comm="syz.2.148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   43.972362][   T29] audit: type=1326 audit(1743280721.026:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3865 comm="syz.3.150" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc28a71d169 code=0x0
[   44.021806][ T3868] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   44.047596][ T3868] bridge0: entered promiscuous mode
[   44.085939][ T3868] macvlan0: entered promiscuous mode
[   44.111138][ T3868] bridge0: port 3(macvlan0) entered blocking state
[   44.117864][ T3868] bridge0: port 3(macvlan0) entered disabled state
[   44.131198][ T3868] macvlan0: entered allmulticast mode
[   44.136746][ T3868] bridge0: entered allmulticast mode
[   44.174752][ T3868] macvlan0: left allmulticast mode
[   44.179978][ T3868] bridge0: left allmulticast mode
[   44.201368][ T3868] bridge0: left promiscuous mode
[   44.406656][ T3874] netlink: 'syz.2.153': attribute type 3 has an invalid length.
[   44.487633][ T3877] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3877 comm=syz.2.154
[   44.536883][ T3881] netlink: 96 bytes leftover after parsing attributes in process `syz.2.156'.
[   44.873968][ T3897] netlink: 16 bytes leftover after parsing attributes in process `syz.4.162'.
[   44.979986][ T3899] netlink: 'syz.3.164': attribute type 3 has an invalid length.
[   45.244652][ T3905] syz.3.166: attempt to access beyond end of device
[   45.244652][ T3905] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   45.324914][ T3905] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3905 comm=syz.3.166
[   45.552843][ T3914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.168'.
[   45.705874][   T29] audit: type=1400 audit(1743280722.766:960): avc:  denied  { read write } for  pid=3921 comm="syz.3.171" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   45.706622][ T3922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.762382][ T3922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   45.784813][   T29] audit: type=1400 audit(1743280722.766:961): avc:  denied  { open } for  pid=3921 comm="syz.3.171" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   45.808269][   T29] audit: type=1400 audit(1743280722.766:962): avc:  denied  { ioctl } for  pid=3921 comm="syz.3.171" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   45.838496][ T3922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.171'.
[   46.309425][ T3927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.173'.
[   46.344415][ T3927] syz.2.173: attempt to access beyond end of device
[   46.344415][ T3927] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   46.386901][   T29] audit: type=1400 audit(1743280723.446:963): avc:  denied  { bind } for  pid=3932 comm="syz.1.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   46.407704][ T3933] syz_tun: entered allmulticast mode
[   46.430167][   T29] audit: type=1400 audit(1743280723.476:964): avc:  denied  { setopt } for  pid=3932 comm="syz.1.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   46.468484][ T3927] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3927 comm=syz.2.173
[   46.490375][ T3937] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.544683][ T3937] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.602670][ T3937] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.793087][ T3937] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.813941][ T3953] syz.4.183: attempt to access beyond end of device
[   46.813941][ T3953] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   46.898194][ T3953] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3953 comm=syz.4.183
[   47.118297][ T3958] syz.3.184: attempt to access beyond end of device
[   47.118297][ T3958] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   47.185469][ T3961] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3961 comm=syz.3.184
[   47.499925][ T3965] 9pnet_fd: Insufficient options for proto=fd
[   47.559805][ T3937] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.590560][ T3937] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.667675][ T3937] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.679446][ T3937] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.263337][ T3985] syz_tun: entered allmulticast mode
[   48.324175][   T29] audit: type=1326 audit(1743280725.386:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.347656][   T29] audit: type=1326 audit(1743280725.386:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.492062][   T29] audit: type=1326 audit(1743280725.436:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.515407][   T29] audit: type=1326 audit(1743280725.436:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.538945][   T29] audit: type=1326 audit(1743280725.436:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.562230][   T29] audit: type=1326 audit(1743280725.436:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.585901][   T29] audit: type=1326 audit(1743280725.436:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.609360][   T29] audit: type=1326 audit(1743280725.436:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.632623][   T29] audit: type=1326 audit(1743280725.436:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.656057][   T29] audit: type=1326 audit(1743280725.436:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3986 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   48.723428][ T4002] netlink: 'syz.0.201': attribute type 2 has an invalid length.
[   48.731165][ T4002] netlink: 'syz.0.201': attribute type 3 has an invalid length.
[   48.738880][ T4002] __nla_validate_parse: 4 callbacks suppressed
[   48.738893][ T4002] netlink: 132 bytes leftover after parsing attributes in process `syz.0.201'.
[   48.835868][ T4007] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   48.851115][ T4007] bridge0: entered promiscuous mode
[   48.856704][ T4007] macvlan0: entered promiscuous mode
[   48.864900][ T4007] bridge0: port 3(macvlan0) entered blocking state
[   48.871935][ T4007] bridge0: port 3(macvlan0) entered disabled state
[   48.878828][ T4007] macvlan0: entered allmulticast mode
[   48.884281][ T4007] bridge0: entered allmulticast mode
[   48.890268][ T4007] macvlan0: left allmulticast mode
[   48.895513][ T4007] bridge0: left allmulticast mode
[   48.901161][ T4007] bridge0: left promiscuous mode
[   49.108376][ T4016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'.
[   49.220594][ T4019] syz.1.207: attempt to access beyond end of device
[   49.220594][ T4019] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   49.243809][ T4016] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4016 comm=syz.1.207
[   49.770324][ T4026] bridge_slave_0: left allmulticast mode
[   49.776050][ T4026] bridge_slave_0: left promiscuous mode
[   49.781750][ T4026] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.840463][ T4026] bridge_slave_1: left allmulticast mode
[   49.846198][ T4026] bridge_slave_1: left promiscuous mode
[   49.851993][ T4026] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.868431][ T4026] bond0: (slave bond_slave_0): Releasing backup interface
[   49.893688][ T4026] bond0: (slave bond_slave_1): Releasing backup interface
[   49.916207][ T4026] team0: Port device team_slave_0 removed
[   49.930667][ T4026] team0: Port device team_slave_1 removed
[   49.949139][ T4026] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   49.956623][ T4026] batman_adv: batadv0: Removing interface: batadv_slave_0
[   50.031525][ T4026] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   50.039023][ T4026] batman_adv: batadv0: Removing interface: batadv_slave_1
[   50.079637][ T4036] netlink: 96 bytes leftover after parsing attributes in process `syz.2.212'.
[   50.233465][ T4039] syz.3.213: attempt to access beyond end of device
[   50.233465][ T4039] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   50.457206][ T4039] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4039 comm=syz.3.213
[   50.753228][ T4046] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.872769][ T4046] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.969377][ T4046] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.093144][ T4046] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.157803][ T4046] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   51.182244][ T4046] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   51.223907][ T4046] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   51.248117][ T4046] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   51.344130][ T4069] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   51.365866][ T4069] bridge0: entered promiscuous mode
[   51.378770][ T4069] macvlan0: entered promiscuous mode
[   51.392280][ T4069] bridge0: port 3(macvlan0) entered blocking state
[   51.398891][ T4069] bridge0: port 3(macvlan0) entered disabled state
[   51.412747][ T4069] macvlan0: entered allmulticast mode
[   51.418167][ T4069] bridge0: entered allmulticast mode
[   51.425403][ T4069] macvlan0: left allmulticast mode
[   51.430570][ T4069] bridge0: left allmulticast mode
[   51.443823][ T4069] bridge0: left promiscuous mode
[   51.465243][ T4071] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   51.478407][ T4071] bridge0: entered promiscuous mode
[   51.483860][ T4071] macvlan0: entered promiscuous mode
[   51.490517][ T4071] bridge0: port 3(macvlan0) entered blocking state
[   51.497150][ T4071] bridge0: port 3(macvlan0) entered disabled state
[   51.519548][ T4071] macvlan0: entered allmulticast mode
[   51.525078][ T4071] bridge0: entered allmulticast mode
[   51.530981][ T4071] macvlan0: left allmulticast mode
[   51.536218][ T4071] bridge0: left allmulticast mode
[   51.542024][ T4071] bridge0: left promiscuous mode
[   51.914001][ T4081] netlink: 16 bytes leftover after parsing attributes in process `syz.3.226'.
[   52.297554][ T4090] netlink: 4 bytes leftover after parsing attributes in process `syz.0.229'.
[   52.321563][ T4094] netlink: 4 bytes leftover after parsing attributes in process `syz.4.230'.
[   52.351696][ T4094] syz.4.230: attempt to access beyond end of device
[   52.351696][ T4094] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   52.413128][ T4098] netlink: 96 bytes leftover after parsing attributes in process `syz.0.232'.
[   53.858639][   T29] kauditd_printk_skb: 51 callbacks suppressed
[   53.858654][   T29] audit: type=1326 audit(1743280730.916:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   53.899370][ T4123] netlink: 96 bytes leftover after parsing attributes in process `syz.3.240'.
[   53.939750][   T29] audit: type=1326 audit(1743280730.956:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   53.963236][   T29] audit: type=1326 audit(1743280730.956:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   53.986894][   T29] audit: type=1326 audit(1743280730.956:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.010260][   T29] audit: type=1326 audit(1743280730.956:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.033719][   T29] audit: type=1326 audit(1743280730.956:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.057222][   T29] audit: type=1326 audit(1743280730.956:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.080642][   T29] audit: type=1326 audit(1743280730.956:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.104157][   T29] audit: type=1326 audit(1743280730.956:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.127763][   T29] audit: type=1326 audit(1743280730.956:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   54.383892][ T4139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.244'.
[   54.446609][ T4139] syz.1.244: attempt to access beyond end of device
[   54.446609][ T4139] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   54.696652][ T4145] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   54.758208][ T4145] bridge0: entered promiscuous mode
[   54.773578][ T4145] macvlan0: entered promiscuous mode
[   54.792155][ T4145] bridge0: port 3(macvlan0) entered blocking state
[   54.798815][ T4145] bridge0: port 3(macvlan0) entered disabled state
[   54.834236][ T4145] macvlan0: entered allmulticast mode
[   54.839689][ T4145] bridge0: entered allmulticast mode
[   54.858100][ T4145] macvlan0: left allmulticast mode
[   54.863285][ T4145] bridge0: left allmulticast mode
[   54.872169][ T4145] bridge0: left promiscuous mode
[   55.097778][ T4155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.250'.
[   55.207725][ T4160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.252'.
[   55.240629][ T4157] 9pnet_fd: Insufficient options for proto=fd
[   55.292241][ T4169] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.325319][ T4174] netlink: 4 bytes leftover after parsing attributes in process `syz.3.256'.
[   55.336148][ T4174] syz.3.256: attempt to access beyond end of device
[   55.336148][ T4174] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   55.361834][ T4169] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.377026][ T4173] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4173 comm=syz.4.258
[   55.406617][ T4181] netlink: 16 bytes leftover after parsing attributes in process `syz.4.259'.
[   55.515424][ T4169] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.582351][ T4169] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.707300][ T4169] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.747392][ T4169] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.777221][ T4169] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.810881][ T4169] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.905998][ T4200] netlink: 96 bytes leftover after parsing attributes in process `syz.2.265'.
[   55.966104][ T4204] netlink: 4 bytes leftover after parsing attributes in process `syz.4.267'.
[   57.177977][ T4217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.271'.
[   57.280655][ T4219] syz.3.271: attempt to access beyond end of device
[   57.280655][ T4219] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   57.314389][ T4218] 9pnet_fd: Insufficient options for proto=fd
[   57.403345][ T4219] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4219 comm=syz.3.271
[   57.654445][ T4230] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   57.686231][ T4230] bridge0: entered promiscuous mode
[   57.910333][ T4230] macvlan2: entered promiscuous mode
[   57.961974][ T4230] bridge0: port 3(macvlan2) entered blocking state
[   57.968571][ T4230] bridge0: port 3(macvlan2) entered disabled state
[   58.066112][ T4230] macvlan2: entered allmulticast mode
[   58.071655][ T4230] bridge0: entered allmulticast mode
[   58.119436][ T4230] macvlan2: left allmulticast mode
[   58.124683][ T4230] bridge0: left allmulticast mode
[   58.160403][ T4230] bridge0: left promiscuous mode
[   58.216471][ T4238] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.246367][ T4243] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   58.269728][ T4246] bridge0: entered promiscuous mode
[   58.297644][ T4246] macvlan0: entered promiscuous mode
[   58.342445][ T4246] bridge0: port 1(macvlan0) entered blocking state
[   58.349172][ T4246] bridge0: port 1(macvlan0) entered disabled state
[   58.548143][ T4246] macvlan0: entered allmulticast mode
[   58.553634][ T4246] bridge0: entered allmulticast mode
[   58.584980][ T4246] macvlan0: left allmulticast mode
[   58.590147][ T4246] bridge0: left allmulticast mode
[   58.609102][ T4246] bridge0: left promiscuous mode
[   58.622600][ T4238] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.702432][ T4238] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.773882][ T4238] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.944675][ T4238] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.956063][ T4238] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.967643][ T4238] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.979182][ T4238] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.437442][   T29] kauditd_printk_skb: 70 callbacks suppressed
[   59.437460][   T29] audit: type=1326 audit(1743280736.496:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.467167][   T29] audit: type=1326 audit(1743280736.496:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.490691][   T29] audit: type=1326 audit(1743280736.496:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.514069][   T29] audit: type=1326 audit(1743280736.496:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.537562][   T29] audit: type=1326 audit(1743280736.496:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.561092][   T29] audit: type=1326 audit(1743280736.496:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.584455][   T29] audit: type=1326 audit(1743280736.496:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.607816][   T29] audit: type=1326 audit(1743280736.496:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.631145][   T29] audit: type=1326 audit(1743280736.496:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   59.654536][   T29] audit: type=1326 audit(1743280736.496:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4257 comm="syz.2.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c82dd169 code=0x7ffc0000
[   60.292281][ T4280] netlink: 16 bytes leftover after parsing attributes in process `syz.4.292'.
[   60.463738][ T4284] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.652809][ T4284] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.709023][ T4290] netlink: 'syz.1.295': attribute type 3 has an invalid length.
[   60.773948][ T4284] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.829318][ T4292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.296'.
[   60.843009][ T4298] netlink: 12 bytes leftover after parsing attributes in process `syz.2.298'.
[   60.855876][ T4299] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   60.868915][ T4284] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.918792][ T4299] bridge0: entered promiscuous mode
[   60.926467][ T4299] macvlan0: entered promiscuous mode
[   60.934379][ T4299] bridge0: port 3(macvlan0) entered blocking state
[   60.940977][ T4299] bridge0: port 3(macvlan0) entered disabled state
[   60.947818][ T4299] macvlan0: entered allmulticast mode
[   60.953278][ T4299] bridge0: entered allmulticast mode
[   60.960680][ T4299] macvlan0: left allmulticast mode
[   60.965880][ T4299] bridge0: left allmulticast mode
[   60.971603][ T4299] bridge0: left promiscuous mode
[   60.996779][ T4310] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   61.011785][ T4310] bridge0: entered promiscuous mode
[   61.017305][ T4310] macvlan2: entered promiscuous mode
[   61.024088][ T4310] bridge0: port 3(macvlan2) entered blocking state
[   61.030735][ T4310] bridge0: port 3(macvlan2) entered disabled state
[   61.040753][ T4310] macvlan2: entered allmulticast mode
[   61.046262][ T4310] bridge0: entered allmulticast mode
[   61.056807][ T4312] netlink: 4 bytes leftover after parsing attributes in process `syz.4.304'.
[   61.056845][ T4310] macvlan2: left allmulticast mode
[   61.070907][ T4310] bridge0: left allmulticast mode
[   61.077851][ T4310] bridge0: left promiscuous mode
[   61.108561][ T4284] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.120311][ T4284] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.144431][ T4284] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.165620][ T4284] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.286522][ T4321] bridge_slave_0: left allmulticast mode
[   61.292386][ T4321] bridge_slave_0: left promiscuous mode
[   61.298093][ T4321] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.309214][ T4321] bridge_slave_1: left allmulticast mode
[   61.315057][ T4321] bridge_slave_1: left promiscuous mode
[   61.320887][ T4321] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.332536][ T4321] bond0: (slave bond_slave_0): Releasing backup interface
[   61.344191][ T4321] bond0: (slave bond_slave_1): Releasing backup interface
[   61.356525][ T4321] team0: Port device team_slave_0 removed
[   61.365988][ T4321] team0: Port device team_slave_1 removed
[   61.373337][ T4321] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   61.380885][ T4321] batman_adv: batadv0: Removing interface: batadv_slave_0
[   61.389983][ T4321] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   61.397475][ T4321] batman_adv: batadv0: Removing interface: batadv_slave_1
[   61.480602][ T4325] netlink: 96 bytes leftover after parsing attributes in process `syz.0.308'.
[   61.659758][ T4328] netlink: 20 bytes leftover after parsing attributes in process `syz.1.309'.
[   61.723542][ T4332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.311'.
[   61.727298][ T4333] sit0: entered allmulticast mode
[   61.827392][ T4345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'.
[   61.907983][ T4351] netlink: 16 bytes leftover after parsing attributes in process `syz.3.315'.
[   62.183421][ T4363] 9pnet_fd: Insufficient options for proto=fd
[   62.720471][ T4367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.321'.
[   62.848290][ T4367] syz.2.321: attempt to access beyond end of device
[   62.848290][ T4367] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   63.105472][ T4375] FAULT_INJECTION: forcing a failure.
[   63.105472][ T4375] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   63.118772][ T4375] CPU: 0 UID: 0 PID: 4375 Comm: syz.2.324 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   63.118798][ T4375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   63.118814][ T4375] Call Trace:
[   63.118821][ T4375]  <TASK>
[   63.118829][ T4375]  dump_stack_lvl+0xf6/0x150
[   63.118935][ T4375]  dump_stack+0x15/0x1a
[   63.118955][ T4375]  should_fail_ex+0x261/0x270
[   63.118992][ T4375]  should_fail+0xb/0x10
[   63.119093][ T4375]  should_fail_usercopy+0x1a/0x20
[   63.119132][ T4375]  _copy_to_user+0x20/0xa0
[   63.119187][ T4375]  simple_read_from_buffer+0xb2/0x130
[   63.119206][ T4375]  proc_fail_nth_read+0x103/0x140
[   63.119236][ T4375]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   63.119372][ T4375]  vfs_read+0x1b2/0x710
[   63.119404][ T4375]  ? __rcu_read_unlock+0x4e/0x70
[   63.119513][ T4375]  ? __fget_files+0x186/0x1c0
[   63.119568][ T4375]  ksys_read+0xeb/0x1b0
[   63.119594][ T4375]  __x64_sys_read+0x42/0x50
[   63.119610][ T4375]  x64_sys_call+0x2a3b/0x2e10
[   63.119629][ T4375]  do_syscall_64+0xc9/0x1c0
[   63.119713][ T4375]  ? clear_bhb_loop+0x25/0x80
[   63.119736][ T4375]  ? clear_bhb_loop+0x25/0x80
[   63.119755][ T4375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.119819][ T4375] RIP: 0033:0x7f06c82dbb7c
[   63.119839][ T4375] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   63.119859][ T4375] RSP: 002b:00007f06c693f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   63.119886][ T4375] RAX: ffffffffffffffda RBX: 00007f06c84f5fa0 RCX: 00007f06c82dbb7c
[   63.119900][ T4375] RDX: 000000000000000f RSI: 00007f06c693f0a0 RDI: 0000000000000007
[   63.119915][ T4375] RBP: 00007f06c693f090 R08: 0000000000000000 R09: 0000000000000000
[   63.119928][ T4375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.119942][ T4375] R13: 0000000000000000 R14: 00007f06c84f5fa0 R15: 00007ffe022ea028
[   63.119996][ T4375]  </TASK>
[   63.416716][ T4383] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   64.389953][ T4411] netlink: 'syz.4.337': attribute type 3 has an invalid length.
[   64.453508][ T4416] syz_tun: entered allmulticast mode
[   64.458280][ T4414] FAULT_INJECTION: forcing a failure.
[   64.458280][ T4414] name failslab, interval 1, probability 0, space 0, times 1
[   64.471614][ T4414] CPU: 1 UID: 0 PID: 4414 Comm: syz.2.336 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   64.471642][ T4414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   64.471653][ T4414] Call Trace:
[   64.471658][ T4414]  <TASK>
[   64.471665][ T4414]  dump_stack_lvl+0xf6/0x150
[   64.471758][ T4414]  dump_stack+0x15/0x1a
[   64.471776][ T4414]  should_fail_ex+0x261/0x270
[   64.471812][ T4414]  should_failslab+0x8f/0xb0
[   64.471901][ T4414]  kmem_cache_alloc_node_noprof+0x5c/0x340
[   64.471931][ T4414]  ? __alloc_skb+0x10d/0x320
[   64.471960][ T4414]  __alloc_skb+0x10d/0x320
[   64.471987][ T4414]  netlink_alloc_large_skb+0xad/0xe0
[   64.472007][ T4414]  netlink_sendmsg+0x3da/0x720
[   64.472118][ T4414]  ? __pfx_netlink_sendmsg+0x10/0x10
[   64.472175][ T4414]  __sock_sendmsg+0x140/0x180
[   64.472197][ T4414]  ____sys_sendmsg+0x350/0x4e0
[   64.472239][ T4414]  __sys_sendmsg+0x1a0/0x240
[   64.472357][ T4414]  __x64_sys_sendmsg+0x46/0x50
[   64.472382][ T4414]  x64_sys_call+0x26f3/0x2e10
[   64.472404][ T4414]  do_syscall_64+0xc9/0x1c0
[   64.472512][ T4414]  ? clear_bhb_loop+0x25/0x80
[   64.472535][ T4414]  ? clear_bhb_loop+0x25/0x80
[   64.472561][ T4414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.472585][ T4414] RIP: 0033:0x7f06c82dd169
[   64.472602][ T4414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.472623][ T4414] RSP: 002b:00007f06c693f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.472649][ T4414] RAX: ffffffffffffffda RBX: 00007f06c84f5fa0 RCX: 00007f06c82dd169
[   64.472663][ T4414] RDX: 0000000000000000 RSI: 0000200000005840 RDI: 0000000000000003
[   64.472677][ T4414] RBP: 00007f06c693f090 R08: 0000000000000000 R09: 0000000000000000
[   64.472691][ T4414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.472704][ T4414] R13: 0000000000000000 R14: 00007f06c84f5fa0 R15: 00007ffe022ea028
[   64.472732][ T4414]  </TASK>
[   64.874075][ T4419] FAULT_INJECTION: forcing a failure.
[   64.874075][ T4419] name failslab, interval 1, probability 0, space 0, times 0
[   64.886998][ T4419] CPU: 0 UID: 0 PID: 4419 Comm: syz.3.340 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   64.887062][ T4419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   64.887074][ T4419] Call Trace:
[   64.887080][ T4419]  <TASK>
[   64.887087][ T4419]  dump_stack_lvl+0xf6/0x150
[   64.887109][ T4419]  dump_stack+0x15/0x1a
[   64.887129][ T4419]  should_fail_ex+0x261/0x270
[   64.887189][ T4419]  should_failslab+0x8f/0xb0
[   64.887226][ T4419]  __kvmalloc_node_noprof+0x12c/0x520
[   64.887277][ T4419]  ? alloc_fdtable+0xa5/0x1b0
[   64.887297][ T4419]  ? __kmalloc_cache_noprof+0x22b/0x320
[   64.887402][ T4419]  alloc_fdtable+0xa5/0x1b0
[   64.887425][ T4419]  dup_fd+0x508/0x580
[   64.887478][ T4419]  ? _raw_spin_unlock+0x26/0x50
[   64.887503][ T4419]  ksys_unshare+0x345/0x700
[   64.887539][ T4419]  __x64_sys_unshare+0x1f/0x30
[   64.887573][ T4419]  x64_sys_call+0x2c93/0x2e10
[   64.887600][ T4419]  do_syscall_64+0xc9/0x1c0
[   64.887656][ T4419]  ? clear_bhb_loop+0x25/0x80
[   64.887682][ T4419]  ? clear_bhb_loop+0x25/0x80
[   64.887759][ T4419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.887779][ T4419] RIP: 0033:0x7fc28a71d169
[   64.887795][ T4419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.887885][ T4419] RSP: 002b:00007fc288d7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   64.887908][ T4419] RAX: ffffffffffffffda RBX: 00007fc28a935fa0 RCX: 00007fc28a71d169
[   64.887922][ T4419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000028020480
[   64.887936][ T4419] RBP: 00007fc288d7f090 R08: 0000000000000000 R09: 0000000000000000
[   64.888011][ T4419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.888026][ T4419] R13: 0000000000000000 R14: 00007fc28a935fa0 R15: 00007ffd7427aa28
[   64.888047][ T4419]  </TASK>
[   64.890052][   T29] kauditd_printk_skb: 100 callbacks suppressed
[   64.890065][   T29] audit: type=1400 audit(1743280741.936:1216): avc:  denied  { create } for  pid=4417 comm="syz.3.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   65.634686][ T4433] 9pnet_fd: Insufficient options for proto=fd
[   65.962340][   T29] audit: type=1326 audit(1743280743.016:1217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   65.985924][   T29] audit: type=1326 audit(1743280743.016:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.009331][   T29] audit: type=1326 audit(1743280743.016:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.032685][   T29] audit: type=1326 audit(1743280743.016:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.056089][   T29] audit: type=1326 audit(1743280743.016:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.079488][   T29] audit: type=1326 audit(1743280743.016:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.102826][   T29] audit: type=1326 audit(1743280743.016:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.126123][   T29] audit: type=1326 audit(1743280743.016:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.149593][   T29] audit: type=1326 audit(1743280743.016:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3e413d169 code=0x7ffc0000
[   66.391789][ T4443] FAULT_INJECTION: forcing a failure.
[   66.391789][ T4443] name failslab, interval 1, probability 0, space 0, times 0
[   66.404591][ T4443] CPU: 0 UID: 0 PID: 4443 Comm: syz.2.349 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   66.404625][ T4443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   66.404639][ T4443] Call Trace:
[   66.404647][ T4443]  <TASK>
[   66.404656][ T4443]  dump_stack_lvl+0xf6/0x150
[   66.404678][ T4443]  dump_stack+0x15/0x1a
[   66.404702][ T4443]  should_fail_ex+0x261/0x270
[   66.404740][ T4443]  should_failslab+0x8f/0xb0
[   66.404766][ T4443]  kmem_cache_alloc_noprof+0x59/0x340
[   66.404800][ T4443]  ? prepare_creds+0x37/0x480
[   66.404906][ T4443]  prepare_creds+0x37/0x480
[   66.404952][ T4443]  copy_creds+0x90/0x3f0
[   66.405017][ T4443]  copy_process+0x63f/0x1f60
[   66.405046][ T4443]  ? bpf_perf_event_read+0xec/0x150
[   66.405065][ T4443]  ? __rcu_read_unlock+0x4e/0x70
[   66.405093][ T4443]  kernel_clone+0x168/0x5d0
[   66.405180][ T4443]  ? switch_ldt+0x7f/0x140
[   66.405257][ T4443]  __x64_sys_clone+0xe9/0x120
[   66.405323][ T4443]  x64_sys_call+0x2dc9/0x2e10
[   66.405344][ T4443]  do_syscall_64+0xc9/0x1c0
[   66.405443][ T4443]  ? clear_bhb_loop+0x25/0x80
[   66.405463][ T4443]  ? clear_bhb_loop+0x25/0x80
[   66.405484][ T4443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.405532][ T4443] RIP: 0033:0x7f06c82dd169
[   66.405549][ T4443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.405566][ T4443] RSP: 002b:00007f06c693efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   66.405588][ T4443] RAX: ffffffffffffffda RBX: 00007f06c84f5fa0 RCX: 00007f06c82dd169
[   66.405603][ T4443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000
[   66.405635][ T4443] RBP: 00007f06c693f090 R08: 0000000000000000 R09: 0000000000000000
[   66.405645][ T4443] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   66.405655][ T4443] R13: 0000000000000000 R14: 00007f06c84f5fa0 R15: 00007ffe022ea028
[   66.405675][ T4443]  </TASK>
[   66.707122][ T4447] netlink: 'syz.1.351': attribute type 13 has an invalid length.
[   66.821993][ T4447] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.829363][ T4447] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.907437][ T4447] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.919161][ T4447] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   66.946269][ T4447] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   66.955207][ T4447] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   66.963926][ T4447] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   66.972653][ T4447] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.696060][ T4475] capability: warning: `syz.3.360' uses deprecated v2 capabilities in a way that may be insecure
[   67.973452][ T4486] __nla_validate_parse: 7 callbacks suppressed
[   67.973469][ T4486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.364'.
[   68.016729][ T4486] syz.2.364: attempt to access beyond end of device
[   68.016729][ T4486] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   68.085081][ T4486] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4486 comm=syz.2.364
[   68.161965][ T4492] 9pnet_fd: Insufficient options for proto=fd
[   68.190474][ T4491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.365'.
[   68.415751][ T4491] syz.2.365: attempt to access beyond end of device
[   68.415751][ T4491] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   68.766889][ T4497] netlink: 96 bytes leftover after parsing attributes in process `syz.4.367'.
[   69.799050][ T4501] xt_hashlimit: max too large, truncated to 1048576
[   69.991084][   T29] kauditd_printk_skb: 94 callbacks suppressed
[   69.991101][   T29] audit: type=1400 audit(1743280747.046:1320): avc:  denied  { create } for  pid=4510 comm="syz.2.371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   70.032021][   T29] audit: type=1400 audit(1743280747.086:1321): avc:  denied  { setopt } for  pid=4510 comm="syz.2.371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   70.054188][   T29] audit: type=1400 audit(1743280747.116:1322): avc:  denied  { ioctl } for  pid=4510 comm="syz.2.371" path="socket:[9314]" dev="sockfs" ino=9314 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   70.082747][   T29] audit: type=1400 audit(1743280747.146:1323): avc:  denied  { create } for  pid=4512 comm="syz.0.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   70.121186][   T29] audit: type=1400 audit(1743280747.146:1324): avc:  denied  { read } for  pid=4512 comm="syz.0.372" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   70.144087][   T29] audit: type=1400 audit(1743280747.146:1325): avc:  denied  { open } for  pid=4512 comm="syz.0.372" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   70.187271][ T4517] netlink: 'syz.1.373': attribute type 3 has an invalid length.
[   70.284690][   T29] audit: type=1400 audit(1743280747.326:1326): avc:  denied  { ioctl } for  pid=4512 comm="syz.0.372" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   70.748698][   T29] audit: type=1400 audit(1743280747.806:1327): avc:  denied  { prog_load } for  pid=4532 comm="syz.0.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   70.767899][   T29] audit: type=1400 audit(1743280747.806:1328): avc:  denied  { bpf } for  pid=4532 comm="syz.0.379" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   70.788740][   T29] audit: type=1400 audit(1743280747.806:1329): avc:  denied  { perfmon } for  pid=4532 comm="syz.0.379" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   71.052068][ T4545] netlink: 96 bytes leftover after parsing attributes in process `syz.0.384'.
[   71.716279][ T4553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.386'.
[   71.773289][ T4553] syz.1.386: attempt to access beyond end of device
[   71.773289][ T4553] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   71.869115][ T4556] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4556 comm=syz.1.386
[   72.147442][ T4575] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   72.180153][ T4575] bridge0: entered promiscuous mode
[   72.186508][ T4575] macvlan2: entered promiscuous mode
[   72.193743][ T4575] bridge0: port 3(macvlan2) entered blocking state
[   72.200295][ T4575] bridge0: port 3(macvlan2) entered disabled state
[   72.208130][ T4575] macvlan2: entered allmulticast mode
[   72.213637][ T4575] bridge0: entered allmulticast mode
[   72.219567][ T4575] macvlan2: left allmulticast mode
[   72.224756][ T4575] bridge0: left allmulticast mode
[   72.232237][ T4575] bridge0: left promiscuous mode
[   72.747429][ T4582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.396'.
[   72.770004][ T4582] syz.4.396: attempt to access beyond end of device
[   72.770004][ T4582] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   72.856051][ T4587] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4587 comm=syz.4.396
[   72.951170][ T4594] netlink: 96 bytes leftover after parsing attributes in process `syz.2.401'.
[   72.978519][ T4597] netlink: 48 bytes leftover after parsing attributes in process `syz.4.400'.
[   73.673927][ T4622] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   73.700024][ T4622] bridge0: entered promiscuous mode
[   73.721175][ T4622] macvlan0: entered promiscuous mode
[   73.727499][ T4622] bridge0: port 1(macvlan0) entered blocking state
[   73.734079][ T4622] bridge0: port 1(macvlan0) entered disabled state
[   73.761216][ T4622] macvlan0: entered allmulticast mode
[   73.766648][ T4622] bridge0: entered allmulticast mode
[   73.781239][ T4622] macvlan0: left allmulticast mode
[   73.786407][ T4622] bridge0: left allmulticast mode
[   73.831671][ T4622] bridge0: left promiscuous mode
[   73.848600][ T4626] usb usb1: usbfs: process 4626 (syz.2.412) did not claim interface 0 before use
[   73.985312][ T4629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.413'.
[   74.049469][ T4636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.416'.
[   74.117314][ T4646] netlink: 32 bytes leftover after parsing attributes in process `syz.4.420'.
[   74.289694][ T4653] netlink: 96 bytes leftover after parsing attributes in process `syz.4.423'.
[   74.487826][ T4662] netlink: 'syz.2.425': attribute type 2 has an invalid length.
[   74.916231][ T3300] block device autoloading is deprecated and will be removed.
[   75.035727][   T29] kauditd_printk_skb: 602 callbacks suppressed
[   75.035745][   T29] audit: type=1400 audit(1743280752.096:1932): avc:  denied  { write } for  pid=4671 comm="syz.2.428" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   75.039081][ T4677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.431'.
[   75.149900][ T4685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.433'.
[   75.161972][ T4685] syz.3.433: attempt to access beyond end of device
[   75.161972][ T4685] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   75.183167][   T29] audit: type=1400 audit(1743280752.246:1933): avc:  denied  { read write } for  pid=3308 comm="syz-executor" name="loop4" dev="devtmpfs" ino=526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   75.216741][   T29] audit: type=1400 audit(1743280752.246:1934): avc:  denied  { open } for  pid=3308 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   75.240006][   T29] audit: type=1400 audit(1743280752.246:1935): avc:  denied  { ioctl } for  pid=3308 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=526 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   75.266024][ T4685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4685 comm=syz.3.433
[   75.303214][ T4688] loop4: detected capacity change from 0 to 512
[   75.320521][   T29] audit: type=1400 audit(1743280752.376:1936): avc:  denied  { mounton } for  pid=4687 comm="syz.4.434" path="/94/file0" dev="tmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   75.323088][ T4688] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   75.356054][ T4688] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   75.396664][   T29] audit: type=1400 audit(1743280752.416:1937): avc:  denied  { create } for  pid=4691 comm="syz.3.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   75.416223][   T29] audit: type=1400 audit(1743280752.456:1938): avc:  denied  { bind } for  pid=4689 comm="syz.0.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   75.457487][ T4690] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.475127][ T4688] EXT4-fs (loop4): 1 orphan inode deleted
[   75.481172][ T4688] EXT4-fs (loop4): 1 truncate cleaned up
[   75.494704][ T4688] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.538837][   T29] audit: type=1400 audit(1743280752.576:1939): avc:  denied  { setopt } for  pid=4689 comm="syz.0.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   75.541177][ T4695] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   75.563401][   T29] audit: type=1400 audit(1743280752.596:1940): avc:  denied  { mount } for  pid=4687 comm="syz.4.434" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   75.593315][ T4695] EXT4-fs (loop4): Remounting filesystem read-only
[   75.602598][   T29] audit: type=1400 audit(1743280752.666:1941): avc:  denied  { write } for  pid=4687 comm="syz.4.434" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   75.644282][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.664231][ T4690] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.746401][ T4690] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.768119][ T4706] netlink: 'syz.4.440': attribute type 3 has an invalid length.
[   75.804560][ T4690] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.923927][ T4714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.443'.
[   76.155115][ T4690] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.240499][ T4690] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.305135][ T4690] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.316757][ T4717] netlink: 96 bytes leftover after parsing attributes in process `syz.2.444'.
[   76.361905][ T4690] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.624662][ T4725] netlink: 96 bytes leftover after parsing attributes in process `syz.1.447'.
[   76.889866][ T4729] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.221210][ T4729] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.508277][ T4729] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.543024][ T4740] netlink: 'syz.1.451': attribute type 3 has an invalid length.
[   77.562673][ T4729] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.611651][ T4742] 9pnet_fd: Insufficient options for proto=fd
[   77.638479][ T4729] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.654413][ T4729] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.674969][ T4729] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.687311][ T4729] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.812345][ T4747] loop4: detected capacity change from 0 to 2048
[   78.055046][ T4754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.456'.
[   78.123930][ T4757] 9pnet_fd: Insufficient options for proto=fd
[   79.088374][ T4783] __nla_validate_parse: 3 callbacks suppressed
[   79.088391][ T4783] netlink: 96 bytes leftover after parsing attributes in process `syz.4.466'.
[   79.390933][ T4788] loop4: detected capacity change from 0 to 1024
[   79.398337][ T4788] EXT4-fs: Ignoring removed nobh option
[   79.403993][ T4788] EXT4-fs: Ignoring removed bh option
[   79.429515][ T4788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.968786][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.014038][ T4800] netlink: 4 bytes leftover after parsing attributes in process `syz.4.471'.
[   80.042512][ T4800] syz.4.471: attempt to access beyond end of device
[   80.042512][ T4800] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   80.120474][   T29] kauditd_printk_skb: 152 callbacks suppressed
[   80.120489][   T29] audit: type=1400 audit(1743280757.176:2094): avc:  denied  { append } for  pid=4799 comm="syz.4.471" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   80.160758][ T4801] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4801 comm=syz.4.471
[   80.193187][   T29] audit: type=1400 audit(1743280757.256:2095): avc:  denied  { name_bind } for  pid=4802 comm="syz.4.472" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   80.241046][   T29] audit: type=1400 audit(1743280757.256:2096): avc:  denied  { node_bind } for  pid=4802 comm="syz.4.472" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   80.279763][   T29] audit: type=1400 audit(1743280757.306:2097): avc:  denied  { create } for  pid=4804 comm="syz.4.473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   80.299234][   T29] audit: type=1400 audit(1743280757.306:2098): avc:  denied  { allowed } for  pid=4804 comm="syz.4.473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   80.318745][   T29] audit: type=1400 audit(1743280757.336:2099): avc:  denied  { sqpoll } for  pid=4804 comm="syz.4.473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   80.381044][   T29] audit: type=1400 audit(1743280757.336:2100): avc:  denied  { create } for  pid=4804 comm="syz.4.473" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   80.624081][   T29] audit: type=1400 audit(1743280757.686:2101): avc:  denied  { mounton } for  pid=4807 comm="syz.0.474" path="/97/file0" dev="tmpfs" ino=532 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   80.701126][   T29] audit: type=1400 audit(1743280757.746:2102): avc:  denied  { create } for  pid=4807 comm=2B7D5B286A05847BC8EAC2AEAE9C2E scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   80.722323][   T29] audit: type=1400 audit(1743280757.746:2103): avc:  denied  { connect } for  pid=4807 comm=2B7D5B286A05847BC8EAC2AEAE9C2E scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   80.882561][ T4814] netlink: 'syz.0.476': attribute type 3 has an invalid length.
[   80.915996][ T4816] netlink: 96 bytes leftover after parsing attributes in process `syz.0.477'.
[   81.359429][ T4829] netlink: 96 bytes leftover after parsing attributes in process `syz.4.481'.
[   82.004508][ T4837] netlink: 72 bytes leftover after parsing attributes in process `syz.1.484'.
[   82.107736][ T4845] netlink: 12 bytes leftover after parsing attributes in process `syz.1.488'.
[   82.261611][ T4857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.493'.
[   82.380056][ T4865] netlink: 96 bytes leftover after parsing attributes in process `syz.0.496'.
[   83.366800][ T4869] SELinux:  Context system_u:object_r:sudo_exec_t:s0 is not valid (left unmapped).
[   83.554884][ T4882] netlink: 12 bytes leftover after parsing attributes in process `syz.1.503'.
[   83.600489][ T4881] block device autoloading is deprecated and will be removed.
[   83.682923][ T4893] netlink: 96 bytes leftover after parsing attributes in process `syz.3.508'.
[   83.737711][ T4895] atomic_op ffff888118ca3128 conn xmit_atomic 0000000000000000
[   83.828086][ T4907] 9pnet_fd: Insufficient options for proto=fd
[   83.933956][ T4909] syz.4.512: attempt to access beyond end of device
[   83.933956][ T4909] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   84.043043][ T4913] syz.0.513: attempt to access beyond end of device
[   84.043043][ T4913] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   84.065984][ T4909] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4909 comm=syz.4.512
[   84.117045][ T4913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4913 comm=syz.0.513
[   84.200569][ T4918] __nla_validate_parse: 2 callbacks suppressed
[   84.200589][ T4918] netlink: 12 bytes leftover after parsing attributes in process `syz.4.514'.
[   85.122036][   T29] kauditd_printk_skb: 421 callbacks suppressed
[   85.122050][   T29] audit: type=1326 audit(1743280762.186:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   85.359002][   T29] audit: type=1326 audit(1743280762.216:2526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   85.382421][   T29] audit: type=1326 audit(1743280762.216:2527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   85.532440][ T4948] netlink: 12 bytes leftover after parsing attributes in process `syz.2.528'.
[   86.130355][   T29] audit: type=1326 audit(1743280762.566:2528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   86.153765][   T29] audit: type=1326 audit(1743280762.566:2529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   86.178652][   T29] audit: type=1326 audit(1743280762.566:2530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   86.202194][   T29] audit: type=1326 audit(1743280762.566:2531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   86.225719][   T29] audit: type=1326 audit(1743280762.566:2532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   86.249132][   T29] audit: type=1326 audit(1743280762.566:2533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fc28a71d169 code=0x7ffc0000
[   86.272460][   T29] audit: type=1326 audit(1743280762.566:2534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4943 comm="syz.3.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc28a714127 code=0x7ffc0000
[   86.509913][ T4972] netlink: 8 bytes leftover after parsing attributes in process `syz.0.536'.
[   86.518825][ T4972] netlink: 32 bytes leftover after parsing attributes in process `syz.0.536'.
[   86.530929][ T4972] SELinux:  Context system_u:object_r:net_conf_t:s0 is not valid (left unmapped).
[   86.571641][ T4976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.540'.
[   86.650498][ T4981] netlink: 'syz.0.542': attribute type 3 has an invalid length.
[   87.196227][ T5016] netlink: 12 bytes leftover after parsing attributes in process `syz.4.556'.
[   87.228505][ T5018] netlink: 'syz.4.557': attribute type 3 has an invalid length.
[   87.329063][ T5023] netlink: 96 bytes leftover after parsing attributes in process `syz.3.559'.
[   88.023210][ T5037] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   88.055543][ T5037] bridge0: entered promiscuous mode
[   88.068315][ T5037] macvlan0: entered promiscuous mode
[   88.079830][ T5037] bridge0: port 1(macvlan0) entered blocking state
[   88.086585][ T5037] bridge0: port 1(macvlan0) entered disabled state
[   88.111225][ T5037] macvlan0: entered allmulticast mode
[   88.116742][ T5037] bridge0: entered allmulticast mode
[   88.123714][ T5037] macvlan0: left allmulticast mode
[   88.128865][ T5037] bridge0: left allmulticast mode
[   88.134775][ T5037] bridge0: left promiscuous mode
[   88.243787][ T5047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.568'.
[   88.292577][ T5050] netlink: 'syz.4.569': attribute type 3 has an invalid length.
[   88.355324][ T5056] syz.3.572: attempt to access beyond end of device
[   88.355324][ T5056] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   88.429848][ T5056] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5056 comm=syz.3.572
[   88.708556][ T5069] netlink: 96 bytes leftover after parsing attributes in process `syz.3.577'.
[   88.808324][ T5070] 9pnet_fd: Insufficient options for proto=fd
[   89.294006][ T5082] netlink: 12 bytes leftover after parsing attributes in process `syz.1.581'.
[   89.620150][ T5110] netlink: 12 bytes leftover after parsing attributes in process `syz.0.595'.
[   89.749708][ T5123] netlink: 16 bytes leftover after parsing attributes in process `syz.1.601'.
[   89.869772][ T5128] 9pnet_fd: Insufficient options for proto=fd
[   90.207928][   T29] kauditd_printk_skb: 201 callbacks suppressed
[   90.207951][   T29] audit: type=1400 audit(1743280767.266:2736): avc:  denied  { sqpoll } for  pid=5131 comm="syz.2.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   90.357339][   T29] audit: type=1400 audit(1743280767.416:2737): avc:  denied  { create } for  pid=5136 comm="syz.1.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   90.408057][ T5139] netlink: 96 bytes leftover after parsing attributes in process `syz.0.605'.
[   90.415473][   T29] audit: type=1400 audit(1743280767.436:2738): avc:  denied  { create } for  pid=5134 comm="syz.0.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.437240][   T29] audit: type=1400 audit(1743280767.446:2739): avc:  denied  { write } for  pid=5134 comm="syz.0.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.457415][   T29] audit: type=1400 audit(1743280767.446:2740): avc:  denied  { nlmsg_write } for  pid=5134 comm="syz.0.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.739794][ T5150] netlink: 12 bytes leftover after parsing attributes in process `syz.3.609'.
[   90.772441][   T29] audit: type=1400 audit(1743280767.676:2741): avc:  denied  { create } for  pid=5145 comm="syz.1.608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   90.792043][   T29] audit: type=1400 audit(1743280767.686:2742): avc:  denied  { prog_load } for  pid=5145 comm="syz.1.608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   90.811029][   T29] audit: type=1400 audit(1743280767.686:2743): avc:  denied  { bpf } for  pid=5145 comm="syz.1.608" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   90.831500][   T29] audit: type=1400 audit(1743280767.686:2744): avc:  denied  { perfmon } for  pid=5145 comm="syz.1.608" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   90.852299][   T29] audit: type=1400 audit(1743280767.736:2745): avc:  denied  { create } for  pid=5138 comm="syz.0.605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   91.307082][ T5167] netlink: 16 bytes leftover after parsing attributes in process `syz.3.615'.
[   91.393306][ T5171] netlink: 'syz.0.617': attribute type 13 has an invalid length.
[   91.638875][ T5171] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.647311][ T5171] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.655818][ T5171] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.664278][ T5171] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.852494][ T5188] netlink: 12 bytes leftover after parsing attributes in process `syz.1.622'.
[   93.398944][ T5235] FAULT_INJECTION: forcing a failure.
[   93.398944][ T5235] name failslab, interval 1, probability 0, space 0, times 0
[   93.411629][ T5235] CPU: 0 UID: 0 PID: 5235 Comm: syz.2.643 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   93.411663][ T5235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   93.411701][ T5235] Call Trace:
[   93.411709][ T5235]  <TASK>
[   93.411717][ T5235]  dump_stack_lvl+0xf6/0x150
[   93.411742][ T5235]  dump_stack+0x15/0x1a
[   93.411758][ T5235]  should_fail_ex+0x261/0x270
[   93.411789][ T5235]  should_failslab+0x8f/0xb0
[   93.411850][ T5235]  __kvmalloc_node_noprof+0x12c/0x520
[   93.411885][ T5235]  ? vmemdup_user+0x26/0xd0
[   93.411908][ T5235]  vmemdup_user+0x26/0xd0
[   93.411925][ T5235]  path_setxattrat+0x1cd/0x320
[   93.412036][ T5235]  __x64_sys_setxattr+0x6e/0x90
[   93.412058][ T5235]  x64_sys_call+0x28e7/0x2e10
[   93.412077][ T5235]  do_syscall_64+0xc9/0x1c0
[   93.412171][ T5235]  ? clear_bhb_loop+0x25/0x80
[   93.412253][ T5235]  ? clear_bhb_loop+0x25/0x80
[   93.412274][ T5235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.412353][ T5235] RIP: 0033:0x7f06c82dd169
[   93.412367][ T5235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.412423][ T5235] RSP: 002b:00007f06c693f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   93.412479][ T5235] RAX: ffffffffffffffda RBX: 00007f06c84f5fa0 RCX: 00007f06c82dd169
[   93.412514][ T5235] RDX: 0000200000001400 RSI: 0000200000000080 RDI: 00002000000000c0
[   93.412529][ T5235] RBP: 00007f06c693f090 R08: 0000000000000002 R09: 0000000000000000
[   93.412543][ T5235] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000001
[   93.412557][ T5235] R13: 0000000000000000 R14: 00007f06c84f5fa0 R15: 00007ffe022ea028
[   93.412573][ T5235]  </TASK>
[   93.817537][ T5247] FAULT_INJECTION: forcing a failure.
[   93.817537][ T5247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.830921][ T5247] CPU: 0 UID: 0 PID: 5247 Comm: syz.0.648 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   93.830946][ T5247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   93.830958][ T5247] Call Trace:
[   93.830963][ T5247]  <TASK>
[   93.830969][ T5247]  dump_stack_lvl+0xf6/0x150
[   93.831069][ T5247]  dump_stack+0x15/0x1a
[   93.831085][ T5247]  should_fail_ex+0x261/0x270
[   93.831156][ T5247]  should_fail+0xb/0x10
[   93.831181][ T5247]  should_fail_usercopy+0x1a/0x20
[   93.831283][ T5247]  _copy_to_user+0x20/0xa0
[   93.831303][ T5247]  simple_read_from_buffer+0xb2/0x130
[   93.831375][ T5247]  proc_fail_nth_read+0x103/0x140
[   93.831434][ T5247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   93.831456][ T5247]  vfs_read+0x1b2/0x710
[   93.831484][ T5247]  ? __rcu_read_unlock+0x4e/0x70
[   93.831512][ T5247]  ? __fget_files+0x186/0x1c0
[   93.831598][ T5247]  ksys_read+0xeb/0x1b0
[   93.831615][ T5247]  __x64_sys_read+0x42/0x50
[   93.831631][ T5247]  x64_sys_call+0x2a3b/0x2e10
[   93.831657][ T5247]  do_syscall_64+0xc9/0x1c0
[   93.831692][ T5247]  ? clear_bhb_loop+0x25/0x80
[   93.831791][ T5247]  ? clear_bhb_loop+0x25/0x80
[   93.831817][ T5247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.831862][ T5247] RIP: 0033:0x7f67bc29bb7c
[   93.831875][ T5247] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   93.831897][ T5247] RSP: 002b:00007f67ba8ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   93.831918][ T5247] RAX: ffffffffffffffda RBX: 00007f67bc4b5fa0 RCX: 00007f67bc29bb7c
[   93.831932][ T5247] RDX: 000000000000000f RSI: 00007f67ba8ff0a0 RDI: 0000000000000005
[   93.831968][ T5247] RBP: 00007f67ba8ff090 R08: 0000000000000000 R09: 0000000000000000
[   93.832082][ T5247] R10: 0000000004000001 R11: 0000000000000246 R12: 0000000000000001
[   93.832093][ T5247] R13: 0000000000000000 R14: 00007f67bc4b5fa0 R15: 00007ffc4ed619e8
[   93.832108][ T5247]  </TASK>
[   94.210814][ T5254] syzkaller0: entered promiscuous mode
[   94.216395][ T5254] syzkaller0: entered allmulticast mode
[   94.454048][ T5277] netlink: 'syz.4.661': attribute type 1 has an invalid length.
[   94.477287][ T5277] syz.4.661 uses obsolete (PF_INET,SOCK_PACKET)
[   94.561367][ T5293] FAULT_INJECTION: forcing a failure.
[   94.561367][ T5293] name failslab, interval 1, probability 0, space 0, times 0
[   94.574301][ T5293] CPU: 0 UID: 0 PID: 5293 Comm: syz.4.666 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   94.574333][ T5293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   94.574348][ T5293] Call Trace:
[   94.574356][ T5293]  <TASK>
[   94.574364][ T5293]  dump_stack_lvl+0xf6/0x150
[   94.574393][ T5293]  dump_stack+0x15/0x1a
[   94.574414][ T5293]  should_fail_ex+0x261/0x270
[   94.574493][ T5293]  should_failslab+0x8f/0xb0
[   94.574517][ T5293]  kmem_cache_alloc_noprof+0x59/0x340
[   94.574603][ T5293]  ? dst_alloc+0xc0/0x100
[   94.574706][ T5293]  dst_alloc+0xc0/0x100
[   94.574730][ T5293]  ip_route_output_key_hash_rcu+0xb90/0x12e0
[   94.574765][ T5293]  ip_route_output_flow+0x7e/0x130
[   94.574824][ T5293]  udp_sendmsg+0xe9f/0x1350
[   94.574907][ T5293]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   94.574954][ T5293]  ? avc_has_perm+0xd6/0x150
[   94.574997][ T5293]  ? __pfx_udp_sendmsg+0x10/0x10
[   94.575028][ T5293]  inet_sendmsg+0xaf/0xd0
[   94.575055][ T5293]  __sock_sendmsg+0x102/0x180
[   94.575111][ T5293]  ____sys_sendmsg+0x350/0x4e0
[   94.575222][ T5293]  __sys_sendmmsg+0x22a/0x4b0
[   94.575270][ T5293]  __x64_sys_sendmmsg+0x57/0x70
[   94.575296][ T5293]  x64_sys_call+0x2b53/0x2e10
[   94.575396][ T5293]  do_syscall_64+0xc9/0x1c0
[   94.575432][ T5293]  ? clear_bhb_loop+0x25/0x80
[   94.575459][ T5293]  ? clear_bhb_loop+0x25/0x80
[   94.575484][ T5293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.575536][ T5293] RIP: 0033:0x7fb3e413d169
[   94.575553][ T5293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.575646][ T5293] RSP: 002b:00007fb3e27a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.575668][ T5293] RAX: ffffffffffffffda RBX: 00007fb3e4355fa0 RCX: 00007fb3e413d169
[   94.575682][ T5293] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[   94.575696][ T5293] RBP: 00007fb3e27a7090 R08: 0000000000000000 R09: 0000000000000000
[   94.575710][ T5293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.575766][ T5293] R13: 0000000000000000 R14: 00007fb3e4355fa0 R15: 00007ffe2e5640b8
[   94.575785][ T5293]  </TASK>
[   94.883239][ T5307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.674'.
[   94.892274][ T5307] netlink: 7 bytes leftover after parsing attributes in process `syz.1.674'.
[   94.910875][ T5309] netlink: 'syz.2.675': attribute type 10 has an invalid length.
[   95.224499][   T29] kauditd_printk_skb: 699 callbacks suppressed
[   95.224514][   T29] audit: type=1400 audit(1743280772.286:3445): avc:  denied  { map_create } for  pid=5334 comm="syz.2.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   95.269248][ T5338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5338 comm=syz.0.687
[   95.293680][   T29] audit: type=1400 audit(1743280772.306:3446): avc:  denied  { prog_load } for  pid=5334 comm="syz.2.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   95.312806][   T29] audit: type=1400 audit(1743280772.316:3447): avc:  denied  { prog_load } for  pid=5334 comm="syz.2.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   95.318391][ T5343] FAULT_INJECTION: forcing a failure.
[   95.318391][ T5343] name failslab, interval 1, probability 0, space 0, times 0
[   95.331881][   T29] audit: type=1400 audit(1743280772.326:3448): avc:  denied  { create } for  pid=5336 comm="syz.0.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=0
[   95.331911][   T29] audit: type=1400 audit(1743280772.326:3449): avc:  denied  { create } for  pid=5336 comm="syz.0.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=0
[   95.331937][   T29] audit: type=1400 audit(1743280772.326:3450): avc:  denied  { prog_load } for  pid=5336 comm="syz.0.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   95.344533][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.690 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   95.344640][ T5343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   95.344656][ T5343] Call Trace:
[   95.344665][ T5343]  <TASK>
[   95.344674][ T5343]  dump_stack_lvl+0xf6/0x150
[   95.344747][ T5343]  dump_stack+0x15/0x1a
[   95.344769][ T5343]  should_fail_ex+0x261/0x270
[   95.344808][ T5343]  should_failslab+0x8f/0xb0
[   95.344870][ T5343]  __kmalloc_cache_noprof+0x55/0x320
[   95.344963][ T5343]  ? find_get_context+0x9c/0x570
[   95.344996][ T5343]  find_get_context+0x9c/0x570
[   95.345042][ T5343]  ? __pfx_ptrace_triggered+0x10/0x10
[   95.345070][ T5343]  perf_event_create_kernel_counter+0x13b/0x370
[   95.345104][ T5343]  ? __pfx_ptrace_triggered+0x10/0x10
[   95.345184][ T5343]  register_user_hw_breakpoint+0x32/0x40
[   95.345227][ T5343]  ptrace_set_debugreg+0x278/0x740
[   95.345310][ T5343]  ? get_pid_task+0x94/0xd0
[   95.345341][ T5343]  ? proc_fail_nth_write+0x12d/0x160
[   95.345371][ T5343]  ? _raw_spin_lock_irqsave+0x40/0xb0
[   95.345430][ T5343]  arch_ptrace+0x36b/0x400
[   95.345517][ T5343]  __se_sys_ptrace+0xf7/0x2b0
[   95.345547][ T5343]  __x64_sys_ptrace+0x55/0x70
[   95.345574][ T5343]  x64_sys_call+0x1fd0/0x2e10
[   95.345624][ T5343]  do_syscall_64+0xc9/0x1c0
[   95.345659][ T5343]  ? clear_bhb_loop+0x25/0x80
[   95.345747][ T5343]  ? clear_bhb_loop+0x25/0x80
[   95.345779][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.345805][ T5343] RIP: 0033:0x7f67bc29d169
[   95.345823][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.345844][ T5343] RSP: 002b:00007f67ba8ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[   95.345867][ T5343] RAX: ffffffffffffffda RBX: 00007f67bc4b5fa0 RCX: 00007f67bc29d169
[   95.345951][ T5343] RDX: 0000000000000358 RSI: 0000000000000174 RDI: 0000000000000006
[   95.345965][ T5343] RBP: 00007f67ba8ff090 R08: 0000000000000000 R09: 0000000000000000
[   95.345980][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.345994][ T5343] R13: 0000000000000000 R14: 00007f67bc4b5fa0 R15: 00007ffc4ed619e8
[   95.346017][ T5343]  </TASK>
[   95.415473][ T5346] veth1_macvtap: left promiscuous mode
[   95.425173][   T29] audit: type=1400 audit(1743280772.326:3451): avc:  denied  { prog_load } for  pid=5336 comm="syz.0.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   95.648010][   T29] audit: type=1400 audit(1743280772.326:3452): avc:  denied  { prog_load } for  pid=5334 comm="syz.2.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   95.667129][   T29] audit: type=1400 audit(1743280772.326:3453): avc:  denied  { create } for  pid=5336 comm="syz.0.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=0
[   95.686654][   T29] audit: type=1400 audit(1743280772.326:3454): avc:  denied  { create } for  pid=5336 comm="syz.0.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[   95.751436][ T5359] syz.0.696: attempt to access beyond end of device
[   95.751436][ T5359] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   95.877925][ T5380] FAULT_INJECTION: forcing a failure.
[   95.877925][ T5380] name failslab, interval 1, probability 0, space 0, times 0
[   95.890674][ T5380] CPU: 0 UID: 0 PID: 5380 Comm: syz.1.704 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   95.890765][ T5380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   95.890778][ T5380] Call Trace:
[   95.890785][ T5380]  <TASK>
[   95.890792][ T5380]  dump_stack_lvl+0xf6/0x150
[   95.890814][ T5380]  dump_stack+0x15/0x1a
[   95.890830][ T5380]  should_fail_ex+0x261/0x270
[   95.890863][ T5380]  should_failslab+0x8f/0xb0
[   95.890887][ T5380]  __kmalloc_cache_noprof+0x55/0x320
[   95.890957][ T5380]  ? find_get_context+0x9c/0x570
[   95.891017][ T5380]  find_get_context+0x9c/0x570
[   95.891106][ T5380]  ? __pfx_ptrace_triggered+0x10/0x10
[   95.891252][ T5380]  perf_event_create_kernel_counter+0x13b/0x370
[   95.891286][ T5380]  ? __pfx_ptrace_triggered+0x10/0x10
[   95.891380][ T5380]  register_user_hw_breakpoint+0x32/0x40
[   95.891422][ T5380]  ptrace_set_debugreg+0x278/0x740
[   95.891445][ T5380]  ? get_pid_task+0x94/0xd0
[   95.891530][ T5380]  ? proc_fail_nth_write+0x12d/0x160
[   95.891556][ T5380]  ? _raw_spin_lock_irqsave+0x40/0xb0
[   95.891672][ T5380]  arch_ptrace+0x36b/0x400
[   95.891696][ T5380]  __se_sys_ptrace+0xf7/0x2b0
[   95.891761][ T5380]  __x64_sys_ptrace+0x55/0x70
[   95.891789][ T5380]  x64_sys_call+0x1fd0/0x2e10
[   95.891862][ T5380]  do_syscall_64+0xc9/0x1c0
[   95.891964][ T5380]  ? clear_bhb_loop+0x25/0x80
[   95.891987][ T5380]  ? clear_bhb_loop+0x25/0x80
[   95.892009][ T5380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.892044][ T5380] RIP: 0033:0x7fb9c542d169
[   95.892060][ T5380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.892082][ T5380] RSP: 002b:00007fb9c3a8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[   95.892137][ T5380] RAX: ffffffffffffffda RBX: 00007fb9c5645fa0 RCX: 00007fb9c542d169
[   95.892151][ T5380] RDX: 0000000000000358 RSI: 0000000000000141 RDI: 0000000000000006
[   95.892164][ T5380] RBP: 00007fb9c3a8f090 R08: 0000000000000000 R09: 0000000000000000
[   95.892178][ T5380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.892193][ T5380] R13: 0000000000000000 R14: 00007fb9c5645fa0 R15: 00007ffd41ef9658
[   95.892213][ T5380]  </TASK>
[   96.391360][ T5407] syz.2.717: attempt to access beyond end of device
[   96.391360][ T5407] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   96.781171][ T5454] IPv6: addrconf: prefix option has invalid lifetime
[   97.070030][ T5490] FAULT_INJECTION: forcing a failure.
[   97.070030][ T5490] name failslab, interval 1, probability 0, space 0, times 0
[   97.070057][ T5490] CPU: 0 UID: 0 PID: 5490 Comm: syz.1.754 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   97.070086][ T5490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   97.070098][ T5490] Call Trace:
[   97.070107][ T5490]  <TASK>
[   97.070113][ T5490]  dump_stack_lvl+0xf6/0x150
[   97.070134][ T5490]  dump_stack+0x15/0x1a
[   97.070149][ T5490]  should_fail_ex+0x261/0x270
[   97.070182][ T5490]  should_failslab+0x8f/0xb0
[   97.070202][ T5490]  kmem_cache_alloc_noprof+0x59/0x340
[   97.070239][ T5490]  ? getname_flags+0x81/0x3b0
[   97.070263][ T5490]  ? should_fail_ex+0xd7/0x270
[   97.070356][ T5490]  getname_flags+0x81/0x3b0
[   97.070380][ T5490]  user_path_at+0x26/0x140
[   97.070409][ T5490]  __se_sys_mount+0x25e/0x2e0
[   97.070458][ T5490]  __x64_sys_mount+0x67/0x80
[   97.070478][ T5490]  x64_sys_call+0xd11/0x2e10
[   97.070576][ T5490]  do_syscall_64+0xc9/0x1c0
[   97.070609][ T5490]  ? clear_bhb_loop+0x25/0x80
[   97.070633][ T5490]  ? clear_bhb_loop+0x25/0x80
[   97.070663][ T5490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.070722][ T5490] RIP: 0033:0x7fb9c542d169
[   97.070738][ T5490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.070819][ T5490] RSP: 002b:00007fb9c3a8f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   97.070875][ T5490] RAX: ffffffffffffffda RBX: 00007fb9c5645fa0 RCX: 00007fb9c542d169
[   97.070888][ T5490] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[   97.070900][ T5490] RBP: 00007fb9c3a8f090 R08: 0000000000000000 R09: 0000000000000000
[   97.070923][ T5490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.070936][ T5490] R13: 0000000000000000 R14: 00007fb9c5645fa0 R15: 00007ffd41ef9658
[   97.070952][ T5490]  </TASK>
[   97.601309][ T5544] FAULT_INJECTION: forcing a failure.
[   97.601309][ T5544] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.614632][ T5544] CPU: 1 UID: 0 PID: 5544 Comm: syz.1.779 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   97.614719][ T5544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   97.614732][ T5544] Call Trace:
[   97.614738][ T5544]  <TASK>
[   97.614747][ T5544]  dump_stack_lvl+0xf6/0x150
[   97.614774][ T5544]  dump_stack+0x15/0x1a
[   97.614794][ T5544]  should_fail_ex+0x261/0x270
[   97.614829][ T5544]  should_fail+0xb/0x10
[   97.614884][ T5544]  should_fail_usercopy+0x1a/0x20
[   97.614914][ T5544]  _copy_from_iter+0xd8/0xd10
[   97.614934][ T5544]  ? alloc_pages_mpol+0x214/0x260
[   97.614991][ T5544]  copy_page_from_iter+0x14f/0x280
[   97.615022][ T5544]  tun_get_user+0x69d/0x2640
[   97.615056][ T5544]  ? avc_has_perm+0xd6/0x150
[   97.615098][ T5544]  ? ref_tracker_alloc+0x1ff/0x310
[   97.615138][ T5544]  tun_chr_write_iter+0x188/0x240
[   97.615169][ T5544]  vfs_write+0x79b/0x950
[   97.615234][ T5544]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   97.615262][ T5544]  ksys_write+0xeb/0x1b0
[   97.615283][ T5544]  __x64_sys_write+0x42/0x50
[   97.615305][ T5544]  x64_sys_call+0x2a45/0x2e10
[   97.615347][ T5544]  do_syscall_64+0xc9/0x1c0
[   97.615456][ T5544]  ? clear_bhb_loop+0x25/0x80
[   97.615482][ T5544]  ? clear_bhb_loop+0x25/0x80
[   97.615507][ T5544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.615566][ T5544] RIP: 0033:0x7fb9c542bc1f
[   97.615608][ T5544] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   97.615631][ T5544] RSP: 002b:00007fb9c3a8f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   97.615656][ T5544] RAX: ffffffffffffffda RBX: 00007fb9c5645fa0 RCX: 00007fb9c542bc1f
[   97.615671][ T5544] RDX: 000000000000002a RSI: 0000200000000100 RDI: 00000000000000c8
[   97.615749][ T5544] RBP: 00007fb9c3a8f090 R08: 0000000000000000 R09: 0000000000000000
[   97.615768][ T5544] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001
[   97.615783][ T5544] R13: 0000000000000000 R14: 00007fb9c5645fa0 R15: 00007ffd41ef9658
[   97.615804][ T5544]  </TASK>
[   97.663036][ T5551] netlink: 6 bytes leftover after parsing attributes in process `syz.1.782'.
[   97.707927][ T5554] syz.3.783: attempt to access beyond end of device
[   97.707927][ T5554] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   97.846034][ T5562] syz.3.785: attempt to access beyond end of device
[   97.846034][ T5562] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[   98.181520][ T5593] mmap: syz.1.797 (5593) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   98.217856][    T9] Process accounting resumed
[   98.234855][ T5593] Process accounting resumed
[   98.903930][ T5627] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[   98.910503][ T5627] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   98.918256][ T5627] vhci_hcd vhci_hcd.0: Device attached
[   99.221245][ T3467] usb 10-1: SetAddress Request (2) to port 0
[   99.233853][ T3467] usb 10-1: new SuperSpeed USB device number 2 using vhci_hcd
[   99.657606][ T5628] vhci_hcd: connection reset by peer
[   99.668344][ T3319] vhci_hcd: stop threads
[   99.672660][ T3319] vhci_hcd: release socket
[   99.677120][ T3319] vhci_hcd: disconnect device
[   99.682401][ T5664] FAULT_INJECTION: forcing a failure.
[   99.682401][ T5664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   99.695629][ T5664] CPU: 0 UID: 0 PID: 5664 Comm: syz.2.828 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[   99.695689][ T5664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   99.695704][ T5664] Call Trace:
[   99.695710][ T5664]  <TASK>
[   99.695719][ T5664]  dump_stack_lvl+0xf6/0x150
[   99.695746][ T5664]  dump_stack+0x15/0x1a
[   99.695770][ T5664]  should_fail_ex+0x261/0x270
[   99.695882][ T5664]  should_fail+0xb/0x10
[   99.695909][ T5664]  should_fail_usercopy+0x1a/0x20
[   99.695939][ T5664]  _copy_from_iter+0xd8/0xd10
[   99.696033][ T5664]  ? alloc_pages_mpol+0x214/0x260
[   99.696063][ T5664]  copy_page_from_iter+0x14f/0x280
[   99.696082][ T5664]  tun_get_user+0x69d/0x2640
[   99.696120][ T5664]  ? avc_has_perm+0xd6/0x150
[   99.696209][ T5664]  ? ref_tracker_alloc+0x1ff/0x310
[   99.696241][ T5664]  tun_chr_write_iter+0x188/0x240
[   99.696309][ T5664]  vfs_write+0x79b/0x950
[   99.696329][ T5664]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   99.696359][ T5664]  ksys_write+0xeb/0x1b0
[   99.696375][ T5664]  __x64_sys_write+0x42/0x50
[   99.696391][ T5664]  x64_sys_call+0x2a45/0x2e10
[   99.696479][ T5664]  do_syscall_64+0xc9/0x1c0
[   99.696505][ T5664]  ? clear_bhb_loop+0x25/0x80
[   99.696526][ T5664]  ? clear_bhb_loop+0x25/0x80
[   99.696553][ T5664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.696578][ T5664] RIP: 0033:0x7f06c82dbc1f
[   99.696595][ T5664] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   99.696612][ T5664] RSP: 002b:00007f06c693f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   99.696632][ T5664] RAX: ffffffffffffffda RBX: 00007f06c84f5fa0 RCX: 00007f06c82dbc1f
[   99.696646][ T5664] RDX: 000000000000002a RSI: 0000200000000100 RDI: 00000000000000c8
[   99.696676][ T5664] RBP: 00007f06c693f090 R08: 0000000000000000 R09: 0000000000000000
[   99.696690][ T5664] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001
[   99.696703][ T5664] R13: 0000000000000000 R14: 00007f06c84f5fa0 R15: 00007ffe022ea028
[   99.696718][ T5664]  </TASK>
[  100.249166][   T29] kauditd_printk_skb: 1253 callbacks suppressed
[  100.249184][   T29] audit: type=1400 audit(1743280777.306:4708): avc:  denied  { prog_load } for  pid=5683 comm="syz.3.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.276067][   T29] audit: type=1400 audit(1743280777.316:4709): avc:  denied  { map_create } for  pid=5683 comm="syz.3.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.295288][   T29] audit: type=1400 audit(1743280777.316:4710): avc:  denied  { prog_load } for  pid=5683 comm="syz.3.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.314279][   T29] audit: type=1400 audit(1743280777.316:4711): avc:  denied  { prog_load } for  pid=5683 comm="syz.3.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.333403][   T29] audit: type=1400 audit(1743280777.316:4712): avc:  denied  { prog_load } for  pid=5683 comm="syz.3.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.377289][   T29] audit: type=1400 audit(1743280777.336:4713): avc:  denied  { map_create } for  pid=5679 comm="syz.4.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.396465][   T29] audit: type=1400 audit(1743280777.336:4714): avc:  denied  { create } for  pid=5679 comm="syz.4.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=0
[  100.415917][   T29] audit: type=1400 audit(1743280777.356:4715): avc:  denied  { name_bind } for  pid=5686 comm="syz.3.837" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=0
[  100.437581][   T29] audit: type=1400 audit(1743280777.376:4716): avc:  denied  { create } for  pid=5688 comm="syz.3.838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=0
[  100.457088][   T29] audit: type=1400 audit(1743280777.416:4717): avc:  denied  { prog_load } for  pid=5690 comm="syz.3.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  100.550623][ T5707] netlink: 12 bytes leftover after parsing attributes in process `syz.3.846'.
[  101.277099][ T5767] FAULT_INJECTION: forcing a failure.
[  101.277099][ T5767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.290234][ T5767] CPU: 0 UID: 0 PID: 5767 Comm: syz.4.871 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[  101.290260][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  101.290274][ T5767] Call Trace:
[  101.290282][ T5767]  <TASK>
[  101.290290][ T5767]  dump_stack_lvl+0xf6/0x150
[  101.290362][ T5767]  dump_stack+0x15/0x1a
[  101.290381][ T5767]  should_fail_ex+0x261/0x270
[  101.290416][ T5767]  should_fail+0xb/0x10
[  101.290449][ T5767]  should_fail_usercopy+0x1a/0x20
[  101.290584][ T5767]  _copy_from_user+0x1c/0xa0
[  101.290603][ T5767]  kstrtouint_from_user+0x84/0x100
[  101.290632][ T5767]  ? 0xffffffff81000000
[  101.290678][ T5767]  ? selinux_file_permission+0x22d/0x360
[  101.290713][ T5767]  proc_fail_nth_write+0x54/0x160
[  101.290765][ T5767]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  101.290797][ T5767]  vfs_write+0x295/0x950
[  101.290812][ T5767]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.290840][ T5767]  ? __fget_files+0x186/0x1c0
[  101.290872][ T5767]  ksys_write+0xeb/0x1b0
[  101.290905][ T5767]  __x64_sys_write+0x42/0x50
[  101.290927][ T5767]  x64_sys_call+0x2a45/0x2e10
[  101.290953][ T5767]  do_syscall_64+0xc9/0x1c0
[  101.290992][ T5767]  ? clear_bhb_loop+0x25/0x80
[  101.291028][ T5767]  ? clear_bhb_loop+0x25/0x80
[  101.291054][ T5767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.291079][ T5767] RIP: 0033:0x7fb3e413bc1f
[  101.291093][ T5767] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  101.291110][ T5767] RSP: 002b:00007fb3e27a7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  101.291137][ T5767] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3e413bc1f
[  101.291152][ T5767] RDX: 0000000000000001 RSI: 00007fb3e27a70a0 RDI: 0000000000000003
[  101.291166][ T5767] RBP: 00007fb3e27a7090 R08: 0000000000000000 R09: 0000000000000000
[  101.291179][ T5767] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  101.291257][ T5767] R13: 0000000000000000 R14: 00007fb3e4355fa0 R15: 00007ffe2e5640b8
[  101.291277][ T5767]  </TASK>
[  101.721970][ T5799] syz.3.886: attempt to access beyond end of device
[  101.721970][ T5799] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[  102.206188][ T5854] syz.1.910: attempt to access beyond end of device
[  102.206188][ T5854] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[  102.803240][ T5896] syz.2.927: attempt to access beyond end of device
[  102.803240][ T5896] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[  103.182121][ T5950] FAULT_INJECTION: forcing a failure.
[  103.182121][ T5950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  103.195387][ T5950] CPU: 0 UID: 0 PID: 5950 Comm: syz.4.949 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[  103.195413][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.195438][ T5950] Call Trace:
[  103.195446][ T5950]  <TASK>
[  103.195454][ T5950]  dump_stack_lvl+0xf6/0x150
[  103.195481][ T5950]  dump_stack+0x15/0x1a
[  103.195499][ T5950]  should_fail_ex+0x261/0x270
[  103.195528][ T5950]  should_fail+0xb/0x10
[  103.195553][ T5950]  should_fail_usercopy+0x1a/0x20
[  103.195650][ T5950]  _copy_to_user+0x20/0xa0
[  103.195671][ T5950]  simple_read_from_buffer+0xb2/0x130
[  103.195694][ T5950]  proc_fail_nth_read+0x103/0x140
[  103.195717][ T5950]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  103.195797][ T5950]  vfs_read+0x1b2/0x710
[  103.195904][ T5950]  ? __rcu_read_unlock+0x4e/0x70
[  103.195930][ T5950]  ? __fget_files+0x186/0x1c0
[  103.195960][ T5950]  ksys_read+0xeb/0x1b0
[  103.195981][ T5950]  __x64_sys_read+0x42/0x50
[  103.196002][ T5950]  x64_sys_call+0x2a3b/0x2e10
[  103.196075][ T5950]  do_syscall_64+0xc9/0x1c0
[  103.196102][ T5950]  ? clear_bhb_loop+0x25/0x80
[  103.196121][ T5950]  ? clear_bhb_loop+0x25/0x80
[  103.196142][ T5950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.196244][ T5950] RIP: 0033:0x7fb3e413bb7c
[  103.196257][ T5950] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  103.196302][ T5950] RSP: 002b:00007fb3e27a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  103.196322][ T5950] RAX: ffffffffffffffda RBX: 00007fb3e4355fa0 RCX: 00007fb3e413bb7c
[  103.196344][ T5950] RDX: 000000000000000f RSI: 00007fb3e27a70a0 RDI: 0000000000000004
[  103.196466][ T5950] RBP: 00007fb3e27a7090 R08: 0000000000000000 R09: 0000000000000000
[  103.196479][ T5950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.196493][ T5950] R13: 0000000000000000 R14: 00007fb3e4355fa0 R15: 00007ffe2e5640b8
[  103.196513][ T5950]  </TASK>
[  103.986344][ T6017] ==================================================================
[  103.994482][ T6017] BUG: KCSAN: data-race in call_rcu / mtree_range_walk
[  104.001371][ T6017] 
[  104.003706][ T6017] write to 0xffff88810421fd08 of 8 bytes by task 6015 on cpu 0:
[  104.011333][ T6017]  call_rcu+0x49/0x430
[  104.015405][ T6017]  mas_wmb_replace+0xff5/0x1510
[  104.020255][ T6017]  mas_wr_store_entry+0x158c/0x2460
[  104.025547][ T6017]  mas_store_prealloc+0x6d5/0x960
[  104.030591][ T6017]  vma_complete+0x3a7/0x760
[  104.035097][ T6017]  __split_vma+0x5d9/0x6a0
[  104.039527][ T6017]  vma_modify+0x105/0x200
[  104.043859][ T6017]  vma_modify_flags+0xf3/0x120
[  104.048645][ T6017]  mprotect_fixup+0x323/0x600
[  104.053346][ T6017]  do_mprotect_pkey+0x6ce/0x9a0
[  104.058201][ T6017]  __x64_sys_mprotect+0x48/0x60
[  104.063086][ T6017]  x64_sys_call+0x272f/0x2e10
[  104.067768][ T6017]  do_syscall_64+0xc9/0x1c0
[  104.072292][ T6017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.078357][ T6017] 
[  104.080675][ T6017] read to 0xffff88810421fd08 of 8 bytes by task 6017 on cpu 1:
[  104.088223][ T6017]  mtree_range_walk+0x143/0x460
[  104.093083][ T6017]  mas_walk+0x16e/0x320
[  104.097247][ T6017]  lock_vma_under_rcu+0x97/0x290
[  104.102296][ T6017]  exc_page_fault+0x150/0x650
[  104.106974][ T6017]  asm_exc_page_fault+0x26/0x30
[  104.111824][ T6017] 
[  104.114169][ T6017] value changed: 0x00005555724d5fff -> 0xffff88810421f408
[  104.121288][ T6017] 
[  104.123615][ T6017] Reported by Kernel Concurrency Sanitizer on:
[  104.129762][ T6017] CPU: 1 UID: 0 PID: 6017 Comm: syz.4.978 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(voluntary) 
[  104.141834][ T6017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  104.151891][ T6017] ==================================================================
[  104.331078][ T3467] usb 10-1: device descriptor read/8, error -110
[  104.441077][ T3467] usb 10-1: new SuperSpeed USB device number 2 using vhci_hcd
[  104.462179][ T3467] usb 10-1: enqueue for inactive port 0
[  104.467953][ T3467] usb 10-1: enqueue for inactive port 0
[  104.473722][ T3467] usb 10-1: enqueue for inactive port 0
[  105.501283][ T3467] usb usb10-port1: attempt power cycle
[  107.321359][ T3467] usb usb10-port1: unable to enumerate USB device