last executing test programs:

23.014002531s ago: executing program 3 (id=1303):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x6c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x3}, {}, {0x2, 0xfff1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x80000001, 0x3, 0x8, 0xb, 0x101, 0xffffcbef, 0x183, 0x5, 0x7, 0x1, 0x14, 0xb, 0x1a, 0x3, 0xd0b, 0x38f4}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0x1, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

22.904543893s ago: executing program 3 (id=1305):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000007112050000000000950000000000"], &(0x7f0000000140)='syzkaller\x00', 0x5, 0xec, &(0x7f0000000000)=""/236}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000000b7040000000000008500000033000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200001f000000b7"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000240), 0x12)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))

22.738271356s ago: executing program 3 (id=1307):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb904}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000200)})
openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0), 0x840, 0x0)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', <r3=>0x0})
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r1, r3, 0x25, 0x4}, 0x14)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r4, r5, 0x4, r1}, 0x10)

22.686412247s ago: executing program 3 (id=1308):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000140)={[{@nouid32}]}, 0x1, 0x461, &(0x7f0000000540)="$eJzs3U9sFGUfB/DvbrslAd638OZVEf9VUCmi1LYmSIKJRDnJxWDiuaGFEAs1tCZCiNHEgzcvJp49KDePHDwZD3jUBC/e1JMxEkMkntSa2e7Qbdkt3dB2q/v5JLP7zM6wz2/m4ffM7MOTIUDPGipeKsn2JN8mGVxYXbrD0MLbzRuXTv5+49LJSubnT/xaqe/3241LJ8tdyz+3rXipJsPVpPpeJQ+0qHf2wsXXJ6anp8431kfmzr4xMnvh4tNnzk6cnjo9dW700OHnxkcPjY2Pr9mxvnz57RPbXnnh2AeT136ZufzD50W82xvbmo9jrQxlaOm5bPLEWlfWZfc0lSv9XQyEjvQlKZqrVs//wfRlsfEG89X3XQ0OWFfzhS1tN78zD/yLVdLtCIDuKC/0xe/fcll6C3BsXe8/6K7rRxd+ABbtfrOxLGzpT7WxT23Z7/u1NJTkyJVjnxVL1mkcBgAAAKCXfXE0yVOtxv+qubdpv6J8X5JdSe5Psjupz+t5MMlDSR5O8kg5n6gDy/dfPv5TaTeBhjVx/WhypDG3a+n4Xzn6lx19jbX/FCupVU6dmZ56Jsl/kwyntqVYH12hjqtf//VNu23N43/FUtRfjgU24vi5f9m/T09OzE3czTGz6Pq7ye7+Vu1fuTUTqEjBR5Ps6eSLa4vFH/fsP91utzu3P+tp/uNkX8v8b3S81w7X31aYnzlS7w9Gyl7hdu+Pjr3Urv4W7V9UrP03SJH/W1dq/2RHpXm+7mzndVzddeX5dts67/+/+6To/wcqr9YDHGh8+tbE3Nz50WSgcvz2z8c6j/mfrf1NU3k+yvNVtP/w3tbX//81fdveJI8lebwxd3lf/dqf7E/yZJIDK0Tz54uHXkvzHUUT/X93Fe0/2TL/b00NWJb/nReO7PzoeLv6V5f/z9b/Qg83PnH/d2erbaBuxwkAAAAAAADA2qjWn4FXqR68Va5WDx5ceIbf/7O1Oj0zO3fg1Myb5yYXnpW3I7VqOdNrsGk+6Gi9vLg+tmx9PMnOJB/2/dF48sDM9GS3Dx563LY2+V/4qa/b0QHrzvNaoXetIv9rGxEHsPFc/6F3yX/oXfIfepf8h94l/6F3yX/oXavP/4F1jQPYeK7/0JPu5rl+m63Qn00RRstCOX+qS2GU/yX/Jjkbm7Pw6ZfJBtTVl2SzHPIKhW72SgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbx98BAAD//5IX2eo=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x105042, 0x1db)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
mount(&(0x7f0000000080)=@nullb, 0x0, 0x0, 0x18, 0x0)
gettid()
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCGREPORTINFO(0xffffffffffffffff, 0xc00c4809, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

22.01141204s ago: executing program 3 (id=1313):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mq_open(&(0x7f0000000180)=']:\x00', 0x40, 0x120, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
statx(0xffffffffffffff9c, 0x0, 0x1000, 0x7ff, &(0x7f0000000500))
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000001850000000000020000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x9a)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f00000001c0)={{0x2, 0x4e20, @remote}, {0x306}, 0x1c, {0x2, 0x4e24, @loopback}, 'xfrm0\x00'})
socket$inet6_udp(0xa, 0x2, 0x0)
getresuid(0x0, 0x0, 0x0)

21.923134672s ago: executing program 3 (id=1315):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000015204f089b96478db1d8a5f756509e977fb1a030000000002000100000000000000020d1600003f030006000000000002004e21000000800000000000000000030005003200000002"], 0x70}, 0x1, 0x7}, 0x0)
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
socket$packet(0x11, 0x2, 0x300)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque="6f841fcaf955c253e28c7ab3"}}}}}}, 0x3a)

21.880471743s ago: executing program 32 (id=1315):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000015204f089b96478db1d8a5f756509e977fb1a030000000002000100000000000000020d1600003f030006000000000002004e21000000800000000000000000030005003200000002"], 0x70}, 0x1, 0x7}, 0x0)
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
socket$packet(0x11, 0x2, 0x300)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque="6f841fcaf955c253e28c7ab3"}}}}}}, 0x3a)

4.6143942s ago: executing program 5 (id=1497):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kfree\x00', r0}, 0x18)
personality(0x40000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)
r1 = socket(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x4, 0xfd, 0x3, 0x40, @empty, @local, 0x700, 0x8, 0x2, 0x6}})

4.402757304s ago: executing program 5 (id=1498):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYRES64=r0], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x0, 0x1f9}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000300))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r2 = gettid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xc72b}, 0x18)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x40080)

3.365023355s ago: executing program 0 (id=1506):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macsec0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x1184, 0x4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r4 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x38067, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x1020d1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x4000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)

3.354518845s ago: executing program 5 (id=1508):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
accept4$vsock_stream(r0, &(0x7f0000000880)={0x28, 0x0, 0x2711}, 0x10, 0x80000)
shutdown(r1, 0x1)
close(0x4)

3.109209249s ago: executing program 0 (id=1512):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x6)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xe, 0x11, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb, 0x9, 0x0, 0x1, 0x81020000}, {0x65, 0x0, 0x0, 0xfaffff7f}}, [@map_fd={0x18, 0x3, 0x1, 0x0, r5}], {{0x7, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.706659877s ago: executing program 2 (id=1516):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
r1 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/image_size', 0xc2802, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000080)={r2, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}})
io_setup(0x1, &(0x7f00000016c0)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x1, 0x4, r1, &(0x7f00000001c0)="b1", 0x1, 0x0, 0x0, 0x0, r2}])
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x6, 0x40, 0x3, 0x0, 0x4000000000, 0xd4, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x8}, 0x100882, 0x7ff, 0x6, 0x3, 0xb, 0x2, 0x3ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12011, r4, 0x0)
poll(&(0x7f0000000000), 0x200000000000003d, 0xb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)

2.623575449s ago: executing program 4 (id=1517):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)
r1 = signalfd4(r0, 0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9fbb99446dec63fd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f000001bff4)={0x2})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), 0x0, r2}, 0x68)

2.546009431s ago: executing program 4 (id=1518):
syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x63)
inotify_init1(0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
r0 = gettid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000000, 0x0}, 0x0, 0x8, &(0x7f0000000200))
tkill(r0, 0x16)

2.261321656s ago: executing program 2 (id=1520):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)

2.261196976s ago: executing program 5 (id=1521):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00')
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f00000001c0), 0x6, 0x642, &(0x7f0000000b40)="$eJzs3U1oG1ceAPD/SLZjO951sizLJrCsIYcEljh2Nmx299I0PTSHHgLNoZRSYmI7NVE+iB1o3EBt6KGFFkrptZRQKPTce8m9t1Joe+u5kJaS0kJbojKjUSLLkr9iSbbn94OR3rwZ6b2/Rk/zZsbPE0BhjaUPpYhDEQ8vJhGjDctGorZwLF/vwY93LqVTEtXq8z8kkeR59fWT/Hl/PjMYEV+cjfhLeXW587cXr0xVqjWvR5xYuHrjxPztxeNzV6cuz1yeuTZ58r+nTk/8b/LU5LbEuT9/3hcR77zxyn9mv6wcT+JMXOh/bTqa4tguYzEWD/MQG/P7IuJ0mmjxuew2eyCEQivn38f+iPhbjEY5m6sZjbm3e1o5oKOq5YgqUFDJZtt/2kGopz9Z9PMBu1a9H1A/tt/YcfCFDvdKuuf+07UDoNXx99XOjcRgdmw0/CBpODKqnds4sA3lp2X8fufwB+kUK85D/PJo6/RtQzntLC1HxN9bxZ9kdTuQRZrGX1pRjyQiJiJiIK/fM09Qh6Qh3YnzMGvZavyliDiTP6f5Z7dY/ljTfLfjB6CYsn1vuiNfShOP939p36Pe/4kW/Z+RFvuurej1/q99/6++vx/MzpGXmvph6ed2vvVb9jdnfPvWuffald/Y/0untPx6X7Ab7i9HHG6K/8002Lz/k8aftNj+6SoXz2ysjGe/+v5cu2W9jr96N+Joy+Ofx73SNLXG9ckTs3OVmYnaY8syPvv8pY/bld/r+NPtP9wm/obtX2p+XfqZ3NhgGZ+ev3u13bKReHmd+EvfDSS1482B7PGj4VenFhZuTkYMJM/lq9SesvyTa9elvk79PdL4jx1p3f5XfP+XV77PUP0ncwNuvHDlQbtljds/SWr1WG/7N1xMfljdYB3aSeOfXn/7r2r/ad67Gyzj5xdv/aPdsrW+/0NPEhgAAAAAAAAUUCm7BpuUxh+lS6Xx8dp42b/GcKlyfX7hX7PXb12bjjiW/T1kf6l+pXu0Np+k85P538PW5082zf87Ig5GxPvloWx+/NL1ynSvgwcAAAAAAAAAAAAAAAAAAIAdYn8+/r9+n+qfyrXx/0BBdPIGc8DOpv1DcWXtf9UtnoAiaLf/n+9yPYDu0/+H4tL+obi0fygu7R+KS/uH4tL+obi0fwAAAADYkw7+8943SUQs/X8om1ID+TIjgmBv619vhYHu1APovnKvKwD0zKNL/zr7UDjr9v9Tv+b/HLDz1QF6IGmVmXUOqms3/nsrXulwAgAAAAAAAAAAAAA66OihhvH/wyvH/29obACwa21i2N9yJ+sBdN8TDNgx1gd2Of/6H4pry8f4g9tbD6B3Wo7/b9C2ud9b75WbLQkAAAAAAAAAAAAAaGckm5LSeD4WeCRKpfHxiD9FxIHoT2bnKjMTEfHniPi63L8vnZ/sdaUBAAAAAAAAAAAAAAAAAABgj5m/vXhlqlKZudmY+G1Vzt5O1O+C2oWynopNviqS7n8sQxHR843SsURfQ04SsZRu+R1RsZvzsTOqkSV6/MMEAAAAAAAAAAAAAAAAAAAF1DD2uLXDH3a5RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQfY/v/78ykazKaU4cab+oKdHrGAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3emPAAAA//+y+jZu")
umount2(&(0x7f00000002c0)='./file0\x00', 0x2)

1.737633656s ago: executing program 4 (id=1522):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_clone(0x40000080, 0x0, 0x0, 0x0, 0x0, 0x0)

1.611200649s ago: executing program 0 (id=1523):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0)
epoll_pwait(0xffffffffffffffff, 0xfffffffffffffffc, 0x40, 0x8000005, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
flistxattr(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0xb6f8000)
getxattr(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
mlockall(0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
lsm_set_self_attr(0x69, 0x0, 0x42, 0x0)

862.585793ms ago: executing program 5 (id=1524):
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
set_robust_list(&(0x7f0000000540)={0x0, 0x100000000}, 0x18)
r0 = getpid()
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003460200bfa30000000000001702000000feffff7a0a00fe14ffffff79a4f0ff00000000b7060000ff0800007e640200000000005502faff037202000404000001007d60a6040000001000006a0a58fe39000f00850000005a000000bc600000000000009500000000000000a81bbfa32d51a7d0679fd43041097666ab982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c4580034fb000000e3a94bd24d2eb3860d808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b893d3b72cd6c832e986440ff0a7e8620cb231ccd00000000000000000000007777e2704653f620b2272c3c7fea60491073847c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a1f00e891728807982d90e116bba29bb70900000000000000c63ad2e7402f9cb424ac416e66af9ebbfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b464d9e57dfdb06dcf9101000100130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ebdecbd061772daa52a38539295d3fea7a7e669441e1ff04114dfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cbe8925efd0c81af69a3e97588878d7ce18b68bc37e061d33357d6a39d33c702576cc2a8891663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a90000000000a2a283801ff218538cb12c72b56ffb6b7a062581ec749f5700000000009f1f5ab2e02739ccd50523d3360300005cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ffb0e97628a88a5e37032f1e8f6c893e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2816e301fc8a24dba6fca8b270d44fe65e7bd90a5fc16387bcb5e3df18d7d2a33c72cfda827b8926a6dc6bc19ce398cb8fe48b11b7f93e6fdfb040283c9627bd40909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9598eb067b21111dbaa58b19a52f3f12880128d08eb477ad349ca214bc7f80000000000ffb52da89cff41552996e20a585c7d265bd749eeba040fa7111c84142757709d7c475fac2839beb833327db41c6b647c7ee9ad419a6c68dd5c2ce4fa23c280518fc6e54d1b055cae5492e8c4cdd314a49631a15de2bffc920dd74e670794acec7a9da17d809bf956f1af51cf3c0711792d3071dfdaec3c66053cdb00028f6fba8da8f53de39a5999e56fc26ae866674627c8a53d3fd245050060ed40782d1d98bf1e1f5dfd4d1fb399624c12732e300818b222ce029ce01055f941721226e3e5f05d2837240f8f6831b6ef2a02ec64aae1eea9cfac06d8b7042e8ebdc6cb0d4a140e1e631d06afc99d397c5b67b290344e347c953806b298f288884335f624378b3748a4a86bbd0a62127b2c28ce3737661b98bd45965b537ece7bd4e365ffd5567df4d02034c8d488a49c6fb1a0a02eaab2f271d3a14e44211e4ff602d146f72355972860bdd14719d65301964d022819b75696ce47534c9d989d69a445095ff8fbebd2c84635acc333f2aca4623cfe9f9e6c3f9fbb4374c08e1be5eec12c329a87d335fd7a52a4e4e7c2e57fa2f0df9500347b300f84230783cb665f3fa44f5d6fa987aa93c2619ef4977f9e4d38adec323778f3bc987533ffd85fe5417398a3001b394fccbd2faee83b5e2b8a2dd18cf067b619a82c4706531b3ef336a84e825c63b9bc7b98b4ad6a471692224adef86f4c9930169dfa133e22929d5a27e10bfbcfe7c02ca451afd74d26f489e0e09cf1b596ae0c959cf26cb0c8114a9311b7f2fe2ad977074ff5f62f6777a20700414ed03ba3d7404eadd43a62ad1173491a5c099290393e1f85aeb3886fbb7f6646212054a850d58a71c6d6027cd3a5ff22e98672349f9bddb23622e2f19b39e51ced84524567ec1fcb233a2fb85371e9b08b6fd4adcd4db148ed26757123a0e604bcf6ffdcc303956e1805f1746361bd3eeb55d3fefe6ac274c2e6c78963430118942d62a465698e600dadd81a53ffd29358746e8db2499e3fca62b0ff660b0aaeedadeb194a9217e9fed2ce04cc24451871d5bcd76173ab7123cc27eef33dbb4d3c3bf1fc2df68a98345c15667388c5000000000000000000000015000000c0459f900702908d4979288d06c7159ef2663dc7ea9302b10bf2da21e3990ddf20a38adc1fd15124310daf2461224cfbfd5e6265d012d60fc9e39209ce3209720f8d7bf39bf71d0d46ed6d51eede797da70cf0b7463cffc80a7a56eeb25ed0adfb146a3221c20d51f172cf2eefe1e6b28cffc1e40a789d5513626f5c4fbf65a2b5a093634b806b7ee570f70f624ce8c02d4c1ec7a9370f42a807f1d46fe77be0637a8007343b7771788f64b36cab94a99243bc780702f98f34a80f81aeb853f97c3e9586805d1a240d7e870b15defbc6b21fdc98a79759c9b8375313deea0000000009e38e9539d6b9507b6f3f8d29992d080a13aed8879a1f2cf352fb5a376427f89d432f7fe7c0cad2ce38427fc773cef47e00000000000000000000000000000000000d09b8ee6321377ffcb6cc386f8704ae9ce6c11b4bb91d0097ef2b77e0cd28af1222e68c2745eca64fa40db07f6e5925224069d14395f7170ab9c2d396f7510f65ce5b0405d8951a70a37117d13c5b2f684c52bff2dc895f5e06e497adee9de0012dd140c592137c90319f8a578007b57aaba3fb93d29a6584313e5b58f8a71cebf77a0891f3633dba69588ec728e785e6e4431fce5a143451c7a51c22b1b605347db811eb9a461f4ef2612181aa8cafc33a2047b7ba57a5"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x37}, 0x24)

860.876694ms ago: executing program 1 (id=1534):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000088d000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz3\x00', 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x3, 0x4fc, &(0x7f0000001500)="$eJzs3c9vG1kdAPDvOHFIdlOSBQ7LSuxGiFV3BbWTDbuNOLRFQnCqBJR7CIkTRXHiKHbaJqpQKs4ICSFAcIETFyT+ACTUPwEhVYJ7hRCogrYcOBSMxh63wdhJqtpx6nw+0uu8efPj+32uPPabmXgCOLdmIuJaRIxExPsRMZW157ISB82Srvf40Z3ltCRRr9/4exJJ1tbaV5JNX882G4+Ib34t4jtJ0mw4pLq3v7FULpd2svlibXO7WN3bv7S+ubRWWittzc/PfbRweeHDhdme9fXKV/7y4x/86qtXfveFWw8W//bed9N8J7Nlh/vRS83XJN94LVpGI2KnH8EGYCTrT/4kKyf9zwcAgKOl3/E/ERGfjYgnPxt0NgAAAEA/1K9OxtMkog4AAAAMrVzjHtgkV8juBZiMXK5QaN7D+6m4GuVKtfb51cru1krzXtnpyOdW18ul2exe4enIJ+n8XKP+fP6Dtvn5iHgjIn40NdGYLyxXyiuDPvkBAAAA50Q6zp/MNevp5J9TzfE/AAAAMGSmB50AAAAA0HfG/wAAADD8/n/8P9OcJKOnnwwAAADQa1+/fj0t9dbzr1du7u1uVG5eWilVNwqbu8uF5crOdmGtUllr/Gbf5nH7K1cq21+Mrd3bxVqpWitW9/YXNyu7W7XFxnO9F0snek40AAAA0FNvvHPvT0lEHHxpolFSY9kyY3UYbrkXWz3pVx7A6RsZdALAwLjBF84v73/guIH9+CnlAQAA9M/FTz+7/j8Rh67/X3jg+j8Muxe8/g8MEdf/4fxqu/73ixNt9LTen2SAU2WMDxx3HqDr9f/f9z4XAACgPyYbJckVsjHAZORyhULEhcZjAfLJ6nq5NBsRH4+IP07lP5bOzw06aQAAAAAAAAAAAAAAAAAAAAAAAAB4xdTrSdQBAACAoRaR+2sSEUmMR0x9brL9/MBY8q+pxjQibv38xk9uL9VqO3Np+z+etdd+mrV/MIgzGAAAAEC71ji9NY4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF56/OjOcqscan6333EffjkipjvFH43xxnQ88hHx2pMkRg9tl0TESA/iH9yNiDc7xU/StGI6y6I9fi4iJgYc//UexIfz7F56/LnW6f2Xi5nGtPP7bzQrL+vhTLfjX+7Z8W+ky/HvwjH7Hsumb93/TbFr/LsRb412Pv604o+95PH329/a3++2rP7LiIsdP3+S/4lVrG1uF6t7+5fWN5fWSmulrfn5uY8WLi98uDBbXF0vl7J/O8b44Wd++5+j+v9al/jTWf+T9v4nzZzq9c77fKdt/t/3bz/6ZKcVk4iH38/qHf7/3+wWP3vt380+B9LlF1v1g2b9sLd//Ye3j+r/Spf+jx8RP217r9tO27z/je/9uVnLn3ALAKCfqnv7G0vlcmnnVa+knTkDafSwMnM20hj2SmsUdVbyOSuVwR6XAACA3nv+pX/QmQAAAAAAAAAAAAAAAAAAAMD51fr7/9ZvOffj58QOxxtvVZLk1PsKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCU/wYAAP//VsvQDw==")
ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

811.667124ms ago: executing program 4 (id=1525):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x5}, {0x0, [0x0, 0x5f, 0x1e]}}, &(0x7f0000000040)=""/39, 0x1d, 0x27, 0x1, 0x9, 0x10000}, 0x28)
r1 = openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000040)=""/30, 0x1e, 0x800000000040042)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$cgroup_type(r1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000000}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

803.329155ms ago: executing program 0 (id=1526):
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYRES32], 0x6c}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x2, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a000000000000000400040030db918bc8ccf0be2dd9"], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x2, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)

783.614285ms ago: executing program 2 (id=1527):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
socket$nl_netfilter(0x10, 0x3, 0xc)
inotify_init1(0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r2 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000002dc0)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

738.898746ms ago: executing program 0 (id=1528):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003280)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a32000000000900020073797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe080003400000800108000180fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb648b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c6290a9714bd4dcbd2a388139f3e46f69916f335c0002800900020073797a3000000000080003400000000908000180000000000900020073797a3000000000080003400000000808000180fffffffd080003400000000408000340fffffff908000180fffffffb0800034000000003a80002801c000280080003400000020008000340fffffff508000340000000001400028008000340000000050800034000000007720001001c2cce526d2ee30fb33f426450278cb35ac06b1cef15fefc26b5c17a8c9251bed316fccb5588f2e071fc355537fcf458cf14217f16ce4c12a4b559f3e807c94c6cc4f418baebc6024b74b9dbc5ef66dbbe91812ea247db80670c101ed494f105ad9c09b4eaf8d5c133b46a311c1a00001c0302802000028008000180fffffffc0900020073797a320000000008000340000000035c00028008000180fffffffc08000180fffffffc08000180fffffffb0900020073797a300000000008000340000000060900020073797a30000000000900020073797a31000000000900020073797a310000000008000180fffffffbf6000100330e5af714359ac9da33381a13071148dbe4293800e6be0290efbb549850cda132ca27a55553fd77c3067504c4596086f4001f53d49e8111395ebccb983c6b04735a58ab2617dfc62123b09c8dc5a47154667414dc28e8369829764b2e3cc23303a882890bad6d3a70d9e15701ec8c4c15a46d38c9ed6bc8658f8a45a02083f563324a27c649bab7cbcb485c289bd8df0a040128df6891ab48095977e0463f8e3ed7ba6df976ee30768954dfeb3f08c942b2c9384aa0b78baf92ecf5e4d73788afb1bc5a8f7c4b454897cd8bcac7f19cdd949fac66756da3b9311e13362eee317df853f6bc7e4638eb145a1484d3780e09b50000c8000100d5c1e4159bf770e02e6e1ebe911d7513709588175328d2e11f2ebf3f6967c49bedcb2a5459a45272bb8084e3bb55ea7a80166d97ec16457ed7d2a834d9aafdb2a54110ddc7975eaeda4f897ec7d533c27df0ce5ff92cfedadc67fff850ee5d07822d72b27af229d17ad2f8d802ae40d98f373e348a04b4f0270c71f82319de3a0331f165204896e0e448cf7ea0f8eb32a312fda6716f72f0234742fe6708ad0adf587ea21d94b8c8f5080028dda1e21d3d9ac82d8edd12941631b72b692ecc262d6ae12393000100c56deda494a09379df59bad8f0f17376b307ce49571034af728b1c4bf694e3b91406b976944238ab36ccaf40e3d92952ba87aa27af6353a82868c9508577a1b6a349fce75b3e4952b04b9527f496b5555e6db110dec07430b01446635eff12f136dbcb54fd4dc90b02e1bc6488ed74efd9eeb1b6de6e2a234f6c323df5c28a0352d03b34ee4f64ab614078125aa3cc0048000280080003400000000c08000340000000010900020073797a310000000008000180fffffffd0800034000008000080003400000dc5b08000180fffffffc08000180fffffffb2c0202804b000100cece2d8ff50c68c1060c2e691ddc50c6d87b46b4e5f6695010163d98bac2d9d7693cff0ec1e2107f58d3c305c78e5a596df92f1dbe80793dce5424be9e7951890023db7d0b9b2700e5000100f46e4b21dd4b92221713eece21b0e3bfb3fe995725eca78713a8d11ac82a6aefeeeab4720bd136479523ccafa34771afedeafc55275842bb7adb37ff3c93b19d9d5139f8b67ee81e380faa9506e6c8e5956cf7efc9828438d340aa4bfe771769c6ddb2f8c31049c1fc37e8f28812ea0aadd0caa7e32f6bb4b2b7a4473e5fa876c87bf285a503660ea12a0cfff6863a87c64ea83c31e737e278edcad77cb964828c7049d335e25156fd4d1c2faada6a8363794fe487155fbfd7c2e1b8504d4a744357734f51fca0426ffe929280df27411f8a90a067b285e970fa1e403722ae91dd000000f400010073e22ba6603d1c92836887468b100c2dc430efeb2ef19c66bd0582fe94df7b5a20292fdfbd2009980dbf9651685f7713bfb0f42583e452670f29e2cabf848fcdcb7a2067f0b257efd7dc927e540584b08f026e14be231afa797e36410d8ad6cbced8c5d2cce2f5a8b75713e57b3161b5b4ce78f283bf59a04f90bc1c5a4371abed0124c621ecb51b6166ad39f14216c09456232b7ea8dd7058bbbeae8b1c13df7ffa1515a359309683421d783f4fb00547cb06b3f974e65f28397c2c16675436a414b6e28d61800c35bdc05f9837e14491ce0fa7c0fbf6f61dd8f7eceac62373ed913de212a188ad5fa12d0eab8a0b440900010073797a30"], 0xb98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40800)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x6, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7e, 0x4, @perf_bp={0x0}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
fsopen(&(0x7f00000001c0)='devpts\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000376, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r4)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)={0x44, r5, 0x615, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x801}, 0xc040)

714.653536ms ago: executing program 2 (id=1529):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0x40003, 0x288}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={<r5=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x1, @loopback={0xffffffffffffffc3}, 0x9}, {0xa, 0x4e22, 0xfffffffc, @mcast1}, r5}}, 0x48)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}})
io_uring_enter(r1, 0x3516, 0xddd3, 0x4, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7, 0x0, 0x1000000000}, 0x18)
socket$kcm(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)

705.731787ms ago: executing program 1 (id=1530):
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0xf7}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f0000000400000004000000a2"], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107", @ANYRES32=r0], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, 0x0, 0x0)

658.559087ms ago: executing program 0 (id=1531):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x1, 0x0, 0x1, 0xa, 0x21005, 0x29, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'gre0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000300)={0x11, 0x1b, r2, 0x1, 0xfc, 0x6, @local}, 0x14)
bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x2000000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)

616.566988ms ago: executing program 2 (id=1532):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x7}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x25}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

611.442729ms ago: executing program 1 (id=1533):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0xc220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_bp={0x0, 0x8}, 0x7602, 0x5, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$kcm(0xa, 0x5, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700400009000000"], 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000006000000800000000000000022", @ANYRES32=r2], 0x50)
r3 = socket$kcm(0xa, 0x5, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x890b, &(0x7f0000000000)={r3})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'sit0\x00', @random="00e10000d3a8"})

536.06563ms ago: executing program 1 (id=1535):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400)=<r1=>0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
io_submit(r1, 0x1, &(0x7f0000001c00)=[&(0x7f0000000400)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="5400ffff0000", 0x6, 0x0, 0x0, 0x2}])
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

464.611531ms ago: executing program 4 (id=1536):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000002c0)={0x7f, 0x0, 0x0, 0xb9ff, 0xa})
write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0))
syz_open_pts(r0, 0x101000)

424.904532ms ago: executing program 1 (id=1537):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
fgetxattr(r0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x200000000}, 0x18)
socket$inet(0x2, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, 0x0, &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x40000000015, 0x5, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$nl_route(0x10, 0x3, 0x0)
time(0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_wolinfo={0x5, 0xffc00000, 0x2, "f8ea4811edc2"}})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_route(0x10, 0x3, 0x0)

368.237133ms ago: executing program 2 (id=1538):
socket$inet(0x2b, 0x801, 0x0)
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41)
recvmsg(r1, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x41)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x36, &(0x7f0000000280)=[{0x2, 0xa6, 0x2, 0x3}, {0x2, 0x8, 0x8, 0xfffc}, {0xaee, 0x2, 0xac, 0x1000}, {0x40, 0xaf, 0x5, 0x2}, {0x6, 0x80, 0x0, 0x2}, {0x0, 0x3, 0x5, 0x9}]}, 0x10)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000000)=0x20000, 0x4)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r3)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r5=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r5}}], 0x20, 0x2400e044}, 0x0)

198.526376ms ago: executing program 1 (id=1539):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x4000, &(0x7f0000000300)={[{@resuid}, {@dioread_nolock}, {@noblock_validity}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f00000009c0)=';', 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
sendfile(r1, r0, 0x0, 0x3ffff)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r5, &(0x7f00000009c0)="3bf5", 0x2)
sendfile(r5, r4, 0x0, 0x3ffff)

166.894647ms ago: executing program 4 (id=1540):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x100002, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r1}, 0x8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x42)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0xfffffffe, {0x0, 0x0, 0x0, r4, {0x1, 0x6}, {0x7}, {0x3}}}, 0x24}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000400)='kfree\x00', r5}, 0x18)

0s ago: executing program 5 (id=1541):
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00')
fallocate(0xffffffffffffffff, 0x5, 0x0, 0xfd55)
syz_pidfd_open(0x0, 0x0)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x19, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x200}})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x21, {0x4, 0x1}, 0x6}, 0x1)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
recvfrom(r3, &(0x7f00000001c0)=""/108, 0x6c, 0x4000, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

nk: 'syz.2.682': attribute type 4 has an invalid length.
[   92.999241][ T5615] netlink: 'syz.2.682': attribute type 4 has an invalid length.
[   93.275136][ T5637] netlink: 'syz.3.691': attribute type 4 has an invalid length.
[   93.342310][ T5643] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.408562][ T5643] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.444828][ T5643] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.547875][ T5643] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.669048][   T31] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.689181][   T31] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.709027][   T31] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.728159][   T31] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.814837][ T5648] Set syz1 is full, maxelem 65536 reached
[   93.929112][ T5654] loop3: detected capacity change from 0 to 2048
[   93.995449][ T5661] 9p: Unknown access argument �z%*�0��18�!A�͏���AQåH�]�00000000000000000000: -22
[   94.006067][ T5654]  loop3: p1 < > p4
[   94.012207][ T5654] loop3: p4 size 8388608 extends beyond EOD, truncated
[   94.134372][ T5671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.706'.
[   94.147916][ T5673] loop2: detected capacity change from 0 to 128
[   94.159228][ T5671] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.204516][ T5671] bond0: (slave bridge1): Enslaving as an active interface with an up link
[   94.470798][ T5682] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.535702][ T5682] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.593482][ T5682] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.616139][ T5687] loop2: detected capacity change from 0 to 512
[   94.623522][ T5687] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   94.635723][ T5687] EXT4-fs (loop2): 1 truncate cleaned up
[   94.642961][ T5687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.657863][ T5682] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.691200][ T5691] netlink: 360 bytes leftover after parsing attributes in process `syz.3.712'.
[   94.777793][ T5695] GUP no longer grows the stack in syz.2.711 (5695): 200000004000-20000000a000 (200000002000)
[   94.788128][ T5695] CPU: 0 UID: 0 PID: 5695 Comm: syz.2.711 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   94.788159][ T5695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   94.788172][ T5695] Call Trace:
[   94.788179][ T5695]  <TASK>
[   94.788188][ T5695]  __dump_stack+0x1d/0x30
[   94.788212][ T5695]  dump_stack_lvl+0xe8/0x140
[   94.788247][ T5695]  dump_stack+0x15/0x1b
[   94.788279][ T5695]  __get_user_pages+0x198d/0x1fa0
[   94.788300][ T5695]  ? __rcu_read_unlock+0x4f/0x70
[   94.788315][ T5695]  get_user_pages_remote+0x1d5/0x6d0
[   94.788333][ T5695]  __access_remote_vm+0x15c/0x590
[   94.788351][ T5695]  access_remote_vm+0x32/0x40
[   94.788436][ T5695]  proc_pid_cmdline_read+0x32b/0x6c0
[   94.788454][ T5695]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   94.788502][ T5695]  vfs_readv+0x3f8/0x690
[   94.788525][ T5695]  __x64_sys_preadv+0xfd/0x1c0
[   94.788542][ T5695]  x64_sys_call+0x282a/0x2ff0
[   94.788555][ T5695]  do_syscall_64+0xd2/0x200
[   94.788630][ T5695]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   94.788646][ T5695]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   94.788665][ T5695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.788679][ T5695] RIP: 0033:0x7f3d5c7cec29
[   94.788768][ T5695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.788780][ T5695] RSP: 002b:00007f3d5b20e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   94.788794][ T5695] RAX: ffffffffffffffda RBX: 00007f3d5ca16090 RCX: 00007f3d5c7cec29
[   94.788802][ T5695] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000005
[   94.788810][ T5695] RBP: 00007f3d5c851e41 R08: 00000000fffffffe R09: 0000000000000000
[   94.788886][ T5695] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[   94.788894][ T5695] R13: 00007f3d5ca16128 R14: 00007f3d5ca16090 R15: 00007ffcd4ee8fe8
[   94.788906][ T5695]  </TASK>
[   95.060440][ T5701] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   95.103254][ T5701] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   95.162921][ T5701] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   95.227782][ T5701] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   95.279509][   T31] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   95.310202][   T31] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   95.328878][   T31] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   95.348791][   T31] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   95.375307][ T5711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.718'.
[   95.401181][ T2957] kernel write not supported for file bpf-prog (pid: 2957 comm: kworker/0:2)
[   95.456940][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.514156][   T29] kauditd_printk_skb: 227 callbacks suppressed
[   95.514175][   T29] audit: type=1400 audit(1758441187.066:1788): avc:  denied  { setopt } for  pid=5720 comm="syz.3.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   95.549822][   T29] audit: type=1400 audit(1758441187.086:1789): avc:  denied  { append } for  pid=5720 comm="syz.3.723" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   95.594955][   T29] audit: type=1400 audit(1758441187.146:1790): avc:  denied  { read } for  pid=5722 comm="syz.3.724" dev="nsfs" ino=4026532730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   95.616174][   T29] audit: type=1400 audit(1758441187.146:1791): avc:  denied  { open } for  pid=5722 comm="syz.3.724" path="net:[4026532730]" dev="nsfs" ino=4026532730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   95.639349][   T29] audit: type=1400 audit(1758441187.146:1792): avc:  denied  { create } for  pid=5722 comm="syz.3.724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   95.678019][   T29] audit: type=1400 audit(1758441187.226:1793): avc:  denied  { bind } for  pid=5722 comm="syz.3.724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   95.706354][   T29] audit: type=1400 audit(1758441187.256:1794): avc:  denied  { write } for  pid=5722 comm="syz.3.724" path="socket:[14994]" dev="sockfs" ino=14994 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   95.731067][ T5727] netlink: 12 bytes leftover after parsing attributes in process `syz.2.726'.
[   95.836826][ T5731] validate_nla: 1 callbacks suppressed
[   95.836857][ T5731] netlink: 'syz.3.728': attribute type 30 has an invalid length.
[   96.104338][   T29] audit: type=1400 audit(1758441187.656:1795): avc:  denied  { create } for  pid=5733 comm="syz.0.729" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   96.136646][   T29] audit: type=1400 audit(1758441187.656:1796): avc:  denied  { mounton } for  pid=5733 comm="syz.0.729" path="/46/file0" dev="tmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   96.182682][   T29] audit: type=1400 audit(1758441187.736:1797): avc:  denied  { unlink } for  pid=4971 comm="syz-executor" name="file0" dev="tmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   96.229313][ T5739] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.567244][ T5750] wireguard0: entered promiscuous mode
[   96.572897][ T5750] wireguard0: entered allmulticast mode
[   96.637672][ T5755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.737'.
[   96.652726][ T5755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.737'.
[   96.749718][ T5766] loop2: detected capacity change from 0 to 128
[   96.786906][ T1459] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.799994][ T1459] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.801194][ T5770] Invalid ELF header magic: != ELF
[   96.815218][ T4906] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.832791][ T4906] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.847324][ T5774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.848452][ T5775] netlink: 277 bytes leftover after parsing attributes in process `syz.2.746'.
[   96.856724][ T5774] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   96.874218][ T5775] futex_wake_op: syz.2.746 tries to shift op by -1; fix this program
[   97.428044][ T5784] loop2: detected capacity change from 0 to 1024
[   97.455239][ T5784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.470981][ T5789] batadv1: entered promiscuous mode
[   97.553771][ T5792] netlink: 4 bytes leftover after parsing attributes in process `syz.4.753'.
[   97.574137][ T5784] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.750: Allocating blocks 497-513 which overlap fs metadata
[   97.586640][   T23] IPVS: starting estimator thread 0...
[   97.589387][ T5784] EXT4-fs (loop2): pa ffff888106e3f380: logic 256, phys. 385, len 8
[   97.593961][ T5794] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   97.601634][ T5784] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   97.665371][ T5800] loop3: detected capacity change from 0 to 512
[   97.681538][ T5797] IPVS: using max 2832 ests per chain, 141600 per kthread
[   97.682273][ T5800] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   97.732109][ T5800] EXT4-fs (loop3): 1 truncate cleaned up
[   97.738429][ T5800] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.780527][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.859998][ T5811] netlink: 16 bytes leftover after parsing attributes in process `syz.2.757'.
[   97.978522][ T5823] SELinux: failed to load policy
[   98.263805][ T5842] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   98.286712][ T5842] loop2: detected capacity change from 0 to 2048
[   98.295780][ T5847] netlink: 16 bytes leftover after parsing attributes in process `syz.1.773'.
[   98.326262][ T5853] netlink: 'syz.1.778': attribute type 4 has an invalid length.
[   98.326295][ T5842] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.357877][ T5858] process 'syz.4.779' launched './file0' with NULL argv: empty string added
[   98.359988][ T5846] netlink: 24 bytes leftover after parsing attributes in process `syz.0.775'.
[   98.377222][ T5853] netlink: 'syz.1.778': attribute type 4 has an invalid length.
[   98.402239][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.509272][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.531650][ T5874] loop4: detected capacity change from 0 to 512
[   98.543555][ T5874] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   98.555255][ T5874] EXT4-fs (loop4): 1 truncate cleaned up
[   98.561415][ T5874] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.614131][ T5878] loop3: detected capacity change from 0 to 8192
[   98.662009][ T5878]  loop3: p1[EZD] p2 p4
[   98.666328][ T5878] loop3: p1 start 150996992 is beyond EOD, truncated
[   98.674140][ T5878] loop3: p4 size 281856 extends beyond EOD, truncated
[   98.711202][ T5881] netlink: 16 bytes leftover after parsing attributes in process `syz.3.789'.
[   98.748347][ T5887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.792'.
[   98.757927][ T5885] netlink: 'syz.1.790': attribute type 4 has an invalid length.
[   98.784253][ T5885] netlink: 'syz.1.790': attribute type 4 has an invalid length.
[   98.899776][ T5894] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   98.943645][ T5894] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   99.003377][ T5894] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   99.053942][ T5894] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   99.132859][ T1459] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   99.146974][   T31] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   99.160840][   T31] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   99.174726][ T1459] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   99.656390][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.722535][ T5929] loop2: detected capacity change from 0 to 1024
[   99.743581][ T5929] EXT4-fs: Ignoring removed nomblk_io_submit option
[   99.767629][ T5929] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.801609][ T5936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.810202][ T5936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.892575][ T5940] IPv4: Oversized IP packet from 127.202.26.0
[   99.939707][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.949702][ T5946] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.034496][ T5946] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.059521][ T5958] wireguard0: entered promiscuous mode
[  100.065149][ T5958] wireguard0: entered allmulticast mode
[  100.110298][ T5946] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.172496][ T5946] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.250995][ T2156] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.406682][ T2156] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.446203][ T2156] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.485610][ T2156] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.558154][   T29] kauditd_printk_skb: 487 callbacks suppressed
[  100.558170][   T29] audit: type=1400 audit(1758441192.106:2285): avc:  denied  { block_suspend } for  pid=5973 comm="syz.3.831" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  100.643050][ T5981] bridge1: entered allmulticast mode
[  100.961042][   T29] audit: type=1400 audit(1758441192.506:2286): avc:  denied  { read } for  pid=5993 comm="syz.1.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  101.012772][ T5997] loop1: detected capacity change from 0 to 128
[  101.021202][ T5997] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  101.034656][ T5997] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.039117][   T29] audit: type=1400 audit(1758441192.556:2287): avc:  denied  { nlmsg_read } for  pid=5996 comm="syz.1.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  101.045906][ T5997] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  101.121756][ T5997] SELinux: security policydb version 17 (MLS) not backwards compatible
[  101.130162][ T5997] SELinux: failed to load policy
[  101.152445][   T29] audit: type=1326 audit(1758441192.706:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  101.176111][   T29] audit: type=1326 audit(1758441192.706:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  101.199474][   T29] audit: type=1326 audit(1758441192.706:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  101.222817][   T29] audit: type=1326 audit(1758441192.706:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  101.246278][   T29] audit: type=1326 audit(1758441192.706:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  101.269689][   T29] audit: type=1326 audit(1758441192.706:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  101.293035][   T29] audit: type=1326 audit(1758441192.706:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.1.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  102.053770][ T6022] __nla_validate_parse: 8 callbacks suppressed
[  102.053790][ T6022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'.
[  102.356481][ T6038] SELinux:  policydb version 676477988 does not match my version range 15-35
[  102.368687][ T6041] openvswitch: netlink: Message has 6 unknown bytes.
[  102.377482][ T6038] SELinux: failed to load policy
[  102.386247][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.393771][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.401184][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.408644][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.416224][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x2
[  102.423705][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.423838][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.857'.
[  102.431186][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.440022][ T6045] netlink: 20 bytes leftover after parsing attributes in process `syz.1.857'.
[  102.447248][ T1459] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  102.447661][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.472339][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.479838][ T3412] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  102.489038][ T3412] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  102.498813][ T1459] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  102.508032][ T1459] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  102.516440][ T1459] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  102.542660][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.859'.
[  103.561703][ T6082] syzkaller0: entered promiscuous mode
[  103.567296][ T6082] syzkaller0: entered allmulticast mode
[  103.639604][ T6086] netem: change failed
[  103.835824][ T6096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.874'.
[  103.893849][ T6104] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370
[  103.939928][ T6113] netlink: 12 bytes leftover after parsing attributes in process `syz.1.883'.
[  103.972663][ T6113] netlink: 12 bytes leftover after parsing attributes in process `syz.1.883'.
[  104.005391][ T6124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.883'.
[  104.036261][ T6124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.883'.
[  104.051319][ T6113] netlink: 12 bytes leftover after parsing attributes in process `syz.1.883'.
[  104.277736][ T6165] sch_fq: defrate 7 ignored.
[  104.773994][ T6225] loop4: detected capacity change from 0 to 1024
[  104.802284][ T6225] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.867420][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.904235][ T6232] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.904644][ T6232] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.272348][ T6251] tipc: New replicast peer: 255.255.255.255
[  105.278522][ T6251] tipc: Enabled bearer <udp:s>, priority 10
[  105.522590][ T6249] loop1: detected capacity change from 0 to 32768
[  105.562144][ T6266] pim6reg1: entered promiscuous mode
[  105.567555][ T6266] pim6reg1: entered allmulticast mode
[  105.639281][   T29] kauditd_printk_skb: 90 callbacks suppressed
[  105.639329][   T29] audit: type=1400 audit(1758441197.186:2385): avc:  denied  { setopt } for  pid=6268 comm="syz.0.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  105.684492][ T6273] loop4: detected capacity change from 0 to 164
[  105.701176][   T29] audit: type=1400 audit(1758441197.246:2386): avc:  denied  { mount } for  pid=6272 comm="syz.4.914" name="/" dev="loop4" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  106.289378][   T29] audit: type=1400 audit(1758441197.836:2387): avc:  denied  { unmount } for  pid=4952 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  106.353067][ T6293] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6293 comm=syz.4.921
[  106.381823][ T6297] loop2: detected capacity change from 0 to 512
[  106.390092][ T6297] EXT4-fs (loop2): failed to initialize system zone (-117)
[  106.391549][ T2957] tipc: Node number set to 1164608726
[  106.398336][ T6297] EXT4-fs (loop2): mount failed
[  106.420847][ T6300] syzkaller0: entered promiscuous mode
[  106.426392][ T6300] syzkaller0: entered allmulticast mode
[  106.622006][ T6306] loop4: detected capacity change from 0 to 1024
[  106.725093][ T6306] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.734618][ T6297] Set syz1 is full, maxelem 65536 reached
[  106.806923][ T6306] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[  106.834586][ T6312] netlink: 'syz.3.928': attribute type 30 has an invalid length.
[  106.835950][ T6314] loop1: detected capacity change from 0 to 1024
[  106.875151][ T6314] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.877891][ T6316] binfmt_misc: register: failed to install interpreter file ./file2
[  106.903115][ T6314] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.911377][   T29] audit: type=1400 audit(1758441198.456:2388): avc:  denied  { read } for  pid=6319 comm="syz.2.931" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  106.918828][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.937167][   T29] audit: type=1400 audit(1758441198.456:2389): avc:  denied  { open } for  pid=6319 comm="syz.2.931" path="/dev/usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  106.970647][   T29] audit: type=1400 audit(1758441198.466:2390): avc:  denied  { ioctl } for  pid=6319 comm="syz.2.931" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  106.995961][   T29] audit: type=1326 audit(1758441198.486:2391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6313 comm="syz.1.929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a145e5be7 code=0x7ffc0000
[  107.019671][   T29] audit: type=1326 audit(1758441198.486:2392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6313 comm="syz.1.929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1458ae09 code=0x7ffc0000
[  107.042921][   T29] audit: type=1326 audit(1758441198.486:2393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6313 comm="syz.1.929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a145e5be7 code=0x7ffc0000
[  107.066235][   T29] audit: type=1326 audit(1758441198.486:2394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6313 comm="syz.1.929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1458ae09 code=0x7ffc0000
[  107.154210][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.342397][ T6353] __nla_validate_parse: 4 callbacks suppressed
[  107.342435][ T6353] netlink: 32 bytes leftover after parsing attributes in process `syz.2.944'.
[  107.375632][ T6355] netlink: 100 bytes leftover after parsing attributes in process `syz.4.942'.
[  107.424211][ T6353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.944'.
[  107.735193][ T6385] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  107.745979][ T6385] loop3: detected capacity change from 0 to 512
[  107.763103][ T6385] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  107.771220][ T6385] EXT4-fs (loop3): orphan cleanup on readonly fs
[  107.779556][ T6385] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.956: corrupted inode contents
[  107.794835][ T6385] EXT4-fs (loop3): Remounting filesystem read-only
[  107.801560][ T6385] EXT4-fs (loop3): 1 truncate cleaned up
[  107.807607][ T2156] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  107.818261][ T2156] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  107.840213][ T6389] netlink: 'syz.0.957': attribute type 4 has an invalid length.
[  107.849068][ T2156] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  107.869586][ T6385] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  107.885525][ T6385] bond2: (slave ip6gretap1): Releasing backup interface
[  107.892542][ T6385] bond2: (slave ip6gretap1): the permanent HWaddr of slave - be:a0:39:20:22:34 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  107.911735][ T6385] bond2: (slave veth3): Releasing backup interface
[  107.937335][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.963514][ T6393] netlink: 'syz.3.959': attribute type 1 has an invalid length.
[  107.998479][ T6393] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.027741][ T6393] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.036772][ T6393] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  108.048494][ T6393] bond0: (slave vxcan3): Error -95 calling set_mac_address
[  108.083083][ T6397] ip6erspan0: entered promiscuous mode
[  108.093129][ T6397] bond0: (slave ip6erspan0): making interface the new active one
[  108.103675][ T6397] bond0: (slave ip6erspan0): Enslaving as an active interface with an up link
[  108.127281][ T6393] macvlan2: entered promiscuous mode
[  108.143876][ T6393] bond0: entered promiscuous mode
[  108.156245][ T6393] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  108.166421][ T6393] bond0: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of ip6erspan0
[  108.178558][ T6393] bond0: left promiscuous mode
[  108.330886][ T6401] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  108.424047][ T6401] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  108.922448][ T6411] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.965' sets config #1
[  108.932911][ T6401] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  108.944739][ T6411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.965'.
[  108.984810][ T6411] team1: entered promiscuous mode
[  108.989886][ T6411] team1: entered allmulticast mode
[  109.015262][ T6401] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  109.151772][ T2156] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  109.180435][ T2156] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  109.368992][ T6420] random: crng reseeded on system resumption
[  110.289386][ T2156] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  110.323714][ T2156] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  110.569403][ T6431] netlink: 'syz.4.973': attribute type 4 has an invalid length.
[  111.285767][ T6436] loop3: detected capacity change from 0 to 2048
[  111.318352][ T6436] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  111.356492][   T29] kauditd_printk_skb: 4387 callbacks suppressed
[  111.356510][   T29] audit: type=1400 audit(1758441202.906:6776): avc:  denied  { create } for  pid=6435 comm="syz.3.974" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  111.420728][ T6436] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  111.421042][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'.
[  111.444408][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'.
[  111.488482][ T6449] IPv6: Can't replace route, no match found
[  111.515600][   T29] audit: type=1400 audit(1758441203.066:6777): avc:  denied  { create } for  pid=6448 comm="syz.0.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  111.525864][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'.
[  111.536007][   T29] audit: type=1400 audit(1758441203.066:6778): avc:  denied  { write } for  pid=6448 comm="syz.0.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  111.599516][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'.
[  111.608445][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'.
[  111.628872][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'.
[  111.670351][ T6461] loop4: detected capacity change from 0 to 1024
[  111.710794][ T6461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.733912][ T6461] ������: renamed from vlan1 (while UP)
[  111.758015][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  111.772090][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.826139][ T6472] veth0: entered promiscuous mode
[  111.842204][ T6472] veth0 (unregistering): left promiscuous mode
[  111.877831][ T6478] loop4: detected capacity change from 0 to 512
[  111.885127][ T6478] EXT4-fs: Ignoring removed i_version option
[  111.892759][   T29] audit: type=1400 audit(1758441203.436:6779): avc:  denied  { wake_alarm } for  pid=6481 comm="syz.0.989" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  111.893716][ T6478] EXT4-fs (loop4): 1 truncate cleaned up
[  111.920173][ T6478] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.985772][ T3384] hid_parser_main: 29 callbacks suppressed
[  111.985805][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  111.999133][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.006598][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.014123][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.021560][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.028966][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.036410][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.043841][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.051307][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.054976][   T29] audit: type=1400 audit(1758441203.536:6780): avc:  denied  { write } for  pid=6488 comm="syz.2.992" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  112.058766][ T3384] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  112.102132][ T3384] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  112.143364][ T6478] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.290270][ T6499] serio: Serial port ptm0
[  112.342695][ T6501] smc: net device bond0 applied user defined pnetid SYZ0
[  112.350204][ T6501] smc: net device bond0 erased user defined pnetid SYZ0
[  112.362117][   T29] audit: type=1400 audit(1758441203.906:6781): avc:  denied  { setopt } for  pid=6500 comm="syz.2.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  112.382633][ T6501] __nla_validate_parse: 4 callbacks suppressed
[  112.382725][ T6501] netlink: 4 bytes leftover after parsing attributes in process `syz.2.996'.
[  112.691801][ T6512] loop1: detected capacity change from 0 to 1024
[  112.714677][ T6515] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1001'.
[  112.722989][ T6512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.829345][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.860321][    C0] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  112.861702][ T6520] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  112.893954][ T6520] netlink: 'syz.1.1003': attribute type 10 has an invalid length.
[  112.904281][ T6520] bridge_slave_1: entered promiscuous mode
[  112.910464][ T6520] $H�: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  113.192283][   T29] audit: type=1400 audit(1758441204.716:6782): avc:  denied  { associate } for  pid=6525 comm="syz.1.1007" name="cgroup.kill" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  113.295566][ T6530] wireguard0: entered promiscuous mode
[  113.301102][ T6530] wireguard0: entered allmulticast mode
[  113.355625][   T29] audit: type=1400 audit(1758441204.906:6783): avc:  denied  { name_bind } for  pid=6533 comm="syz.2.1010" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  113.456924][ T6541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1013'.
[  113.717439][ T6556] hub 8-0:1.0: USB hub found
[  113.725361][ T6556] hub 8-0:1.0: 8 ports detected
[  114.218644][   T29] audit: type=1326 audit(1758441205.766:6784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6560 comm="syz.1.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  114.243141][   T29] audit: type=1326 audit(1758441205.796:6785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6560 comm="syz.1.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a145eec29 code=0x7ffc0000
[  114.525255][ T6572] loop1: detected capacity change from 0 to 512
[  114.550103][ T6572] EXT4-fs: Ignoring removed i_version option
[  114.596879][ T6572] EXT4-fs (loop1): 1 truncate cleaned up
[  114.602549][ T6570] tipc: Started in network mode
[  114.607502][ T6570] tipc: Node identity 6a752a2a33a6, cluster identity 4711
[  114.612035][ T6572] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.614924][ T6570] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.692316][ T6569] tipc: Resetting bearer <eth:syzkaller0>
[  114.730017][ T6569] tipc: Disabling bearer <eth:syzkaller0>
[  114.799926][ T6572] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.832031][ T6582] veth0: entered promiscuous mode
[  114.843711][ T6582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1025'.
[  114.859414][ T6582] veth0 (unregistering): left promiscuous mode
[  115.229521][ T6599] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6599 comm=syz.2.1033
[  115.289958][ T6606] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.353090][ T6606] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.397814][ T6615] loop2: detected capacity change from 0 to 512
[  115.404584][ T6615] EXT4-fs: Ignoring removed i_version option
[  115.412394][ T6615] EXT4-fs (loop2): 1 truncate cleaned up
[  115.418531][ T6615] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.432360][ T6606] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.483100][ T6606] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.494084][ T6615] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.510726][ T6618] netlink: 'syz.2.1041': attribute type 1 has an invalid length.
[  115.524289][ T6618] 8021q: adding VLAN 0 to HW filter on device bond1
[  115.543333][ T6618] 8021q: adding VLAN 0 to HW filter on device bond1
[  115.550304][ T6618] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  115.563609][ T6618] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  115.576747][ T4902] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.593626][ T6620] ip6erspan0: entered promiscuous mode
[  115.600427][ T6620] bond1: (slave ip6erspan0): making interface the new active one
[  115.608709][ T6620] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  115.617739][   T51] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.632618][   T51] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.643739][ T6618] macvlan2: entered promiscuous mode
[  115.649485][ T6618] bond1: entered promiscuous mode
[  115.671657][ T6618] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  115.681624][ T6618] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of ip6erspan0
[  115.693729][ T6618] bond1: left promiscuous mode
[  115.700940][   T51] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.733388][ T6626] veth0: entered promiscuous mode
[  115.744897][ T6626] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1042'.
[  115.768843][ T6626] veth0 (unregistering): left promiscuous mode
[  115.789140][ T6626] bond1: (slave veth1): Releasing backup interface
[  115.876370][ T6633] loop1: detected capacity change from 0 to 512
[  115.895212][ T6633] EXT4-fs (loop1): orphan cleanup on readonly fs
[  115.905303][ T6633] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1046: bad orphan inode 13
[  115.918884][ T6625] loop3: detected capacity change from 0 to 32768
[  115.926798][ T6633] ext4_test_bit(bit=12, block=18) = 1
[  115.932314][ T6633] is_bad_inode(inode)=0
[  115.936492][ T6633] NEXT_ORPHAN(inode)=2130706432
[  115.941412][ T6633] max_ino=32
[  115.944874][ T6633] i_nlink=1
[  115.948668][ T6633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  116.016137][ T6640] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  116.045845][ T6640] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1046: bg 0: block 248: padding at end of block bitmap is not set
[  116.064016][ T6640] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.1046: Failed to acquire dquot type 1
[  116.075966][ T6640] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  116.101897][ T6645] loop3: detected capacity change from 0 to 512
[  116.108600][ T6645] EXT4-fs: Ignoring removed bh option
[  116.133877][ T6645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.147542][ T6645] ext4 filesystem being mounted at /220/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  116.205348][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.240741][ T6651] pim6reg1: entered promiscuous mode
[  116.246179][ T6651] pim6reg1: entered allmulticast mode
[  116.661347][ T6659] loop3: detected capacity change from 0 to 1024
[  116.697443][ T6659] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.729178][ T6659] ������: renamed from vlan1
[  116.745513][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.778598][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.913210][ T6671] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1058' sets config #1
[  116.930210][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1058'.
[  116.975720][ T6671] team0: entered promiscuous mode
[  116.980860][ T6671] team0: entered allmulticast mode
[  117.151744][ T6688] wireguard0: entered promiscuous mode
[  117.157435][ T6688] wireguard0: entered allmulticast mode
[  117.222355][ T6701] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1071'.
[  117.237227][   T29] kauditd_printk_skb: 36 callbacks suppressed
[  117.237383][   T29] audit: type=1326 audit(1758441208.786:6820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.268460][   T29] audit: type=1326 audit(1758441208.816:6821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.293117][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1071'.
[  117.439791][   T29] audit: type=1326 audit(1758441208.946:6822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.463283][   T29] audit: type=1326 audit(1758441208.946:6823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.486903][   T29] audit: type=1326 audit(1758441208.986:6824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.510413][   T29] audit: type=1326 audit(1758441208.986:6825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.534135][   T29] audit: type=1326 audit(1758441208.986:6826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.557682][   T29] audit: type=1326 audit(1758441208.986:6827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.581100][   T29] audit: type=1326 audit(1758441208.986:6828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.604563][   T29] audit: type=1326 audit(1758441208.986:6829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6702 comm="syz.3.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  117.783986][ T6719] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.036020][ T6719] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.065105][ T6723] loop4: detected capacity change from 0 to 1024
[  118.094401][ T6723] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  118.105416][ T6723] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  118.263094][ T6723] JBD2: no valid journal superblock found
[  118.268878][ T6723] EXT4-fs (loop4): Could not load journal inode
[  118.272295][ T6719] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.366658][ T6719] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.439649][ T2156] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.458614][ T3448] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.541331][ T6737] loop1: detected capacity change from 0 to 164
[  118.541595][ T3448] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.001631][ T3448] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.405850][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1086'.
[  119.431660][ T6756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1086'.
[  119.473688][ T6763] loop2: detected capacity change from 0 to 512
[  119.492563][ T6763] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  119.500594][ T6763] EXT4-fs (loop2): orphan cleanup on readonly fs
[  119.518644][ T6763] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.1088: corrupted inode contents
[  119.531350][ T6763] EXT4-fs (loop2): Remounting filesystem read-only
[  119.538090][ T6763] EXT4-fs (loop2): 1 truncate cleaned up
[  119.545954][ T4908] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.556697][ T4908] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.567876][ T4908] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  119.579013][ T6763] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  119.581189][ T6768] netlink: 'syz.1.1089': attribute type 3 has an invalid length.
[  119.595903][ T6763] gretap0: left allmulticast mode
[  119.604364][ T6763] gretap0: left promiscuous mode
[  119.609467][ T6763] bridge0: port 3(gretap0) entered disabled state
[  119.617172][ T6763] bridge_slave_0: left allmulticast mode
[  119.622855][ T6763] bridge_slave_0: left promiscuous mode
[  119.628485][ T6763] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.636152][ T6763] bridge_slave_1: left allmulticast mode
[  119.641900][ T6763] bridge_slave_1: left promiscuous mode
[  119.647617][ T6763] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.655772][ T6763] $H�: (slave bond_slave_0): Releasing backup interface
[  119.663159][ T6763] bond_slave_0: left promiscuous mode
[  119.669075][ T6763] $H�: (slave bond_slave_1): Releasing backup interface
[  119.676708][ T6763] bond_slave_1: left promiscuous mode
[  119.683031][ T6763] team0: Port device team_slave_0 removed
[  119.689464][ T6763] team0: Port device team_slave_1 removed
[  119.696172][ T6763] bond1: (slave ip6erspan0): Releasing active interface
[  119.722854][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.230074][ T6771] loop2: detected capacity change from 0 to 164
[  120.250968][ T6775] veth0: entered promiscuous mode
[  120.257062][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1090'.
[  120.350445][ T6784] loop3: detected capacity change from 0 to 8192
[  121.136975][ T6797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1102'.
[  121.171272][ T6800] loop2: detected capacity change from 0 to 256
[  121.233255][ T6811] loop1: detected capacity change from 0 to 512
[  121.240408][ T6811] EXT4-fs: Ignoring removed mblk_io_submit option
[  121.251594][ T6811] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  121.273779][ T6811] EXT4-fs (loop1): 1 truncate cleaned up
[  121.279944][ T6811] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.406286][ T6819] loop4: detected capacity change from 0 to 128
[  121.564358][ T6819] syz.4.1110: attempt to access beyond end of device
[  121.564358][ T6819] loop4: rw=0, sector=121, nr_sectors = 920 limit=128
[  121.833671][ T6832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'.
[  121.894586][ T6833] blktrace: Concurrent blktraces are not allowed on loop5
[  122.179455][ T6838] loop2: detected capacity change from 0 to 128
[  122.230038][ T6838] syz.2.1115: attempt to access beyond end of device
[  122.230038][ T6838] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128
[  122.367573][ T6844] loop2: detected capacity change from 0 to 512
[  122.374595][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.383178][ T6844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.396126][ T6844] ext4 filesystem being mounted at /266/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.450085][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.500887][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'.
[  122.519076][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'.
[  122.548775][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'.
[  122.560294][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'.
[  122.579232][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'.
[  122.845572][ T6863] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1121' sets config #1
[  122.914305][ T6863] team1: entered promiscuous mode
[  122.919448][ T6863] team1: entered allmulticast mode
[  122.932097][ T6865] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.958315][ T6864] tipc: Resetting bearer <eth:syzkaller0>
[  123.009853][ T6864] tipc: Disabling bearer <eth:syzkaller0>
[  123.170280][ T6869] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6869 comm=syz.4.1125
[  123.194788][ T6871] loop3: detected capacity change from 0 to 512
[  123.215190][ T6871] EXT4-fs: Ignoring removed i_version option
[  123.239650][ T6871] EXT4-fs (loop3): 1 truncate cleaned up
[  123.453754][ T6871] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.703113][ T6871] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.974044][   T29] kauditd_printk_skb: 395 callbacks suppressed
[  123.974124][   T29] audit: type=1400 audit(1758441215.526:7219): avc:  denied  { ioctl } for  pid=6885 comm="syz.2.1129" path="socket:[19909]" dev="sockfs" ino=19909 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  124.217577][   T29] audit: type=1326 audit(1758441215.756:7220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.241128][   T29] audit: type=1326 audit(1758441215.756:7221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.264566][   T29] audit: type=1326 audit(1758441215.756:7222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.288371][   T29] audit: type=1326 audit(1758441215.756:7223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.311915][   T29] audit: type=1326 audit(1758441215.756:7224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.335348][   T29] audit: type=1326 audit(1758441215.756:7225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.358894][   T29] audit: type=1326 audit(1758441215.756:7226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.382304][   T29] audit: type=1326 audit(1758441215.756:7227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.405927][   T29] audit: type=1326 audit(1758441215.756:7228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6892 comm="syz.3.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  124.873121][ T6903] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1135' sets config #1
[  124.891593][ T6903] __nla_validate_parse: 5 callbacks suppressed
[  124.891610][ T6903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1135'.
[  124.927408][ T6903] team1: entered promiscuous mode
[  124.932609][ T6903] team1: entered allmulticast mode
[  125.675427][ T6924] netlink: 'syz.0.1144': attribute type 1 has an invalid length.
[  125.732712][ T6924] 8021q: adding VLAN 0 to HW filter on device bond1
[  125.776913][ T6928] 8021q: adding VLAN 0 to HW filter on device bond1
[  125.798286][ T6928] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  125.819529][ T6928] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  125.838481][ T6924] ip6erspan0: entered promiscuous mode
[  125.846824][ T6924] bond1: (slave ip6erspan0): making interface the new active one
[  125.872483][ T6924] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  125.893423][ T6939] macvlan2: entered promiscuous mode
[  125.899216][ T6939] bond1: entered promiscuous mode
[  125.926188][ T6939] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  125.950944][ T6939] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of ip6erspan0
[  125.992746][ T6939] bond1: left promiscuous mode
[  126.008431][ T6947] loop3: detected capacity change from 0 to 512
[  126.035855][ T6950] netlink: 'syz.4.1154': attribute type 6 has an invalid length.
[  126.056980][ T6947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.069657][ T6947] ext4 filesystem being mounted at /241/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  126.071714][ T6957] loop4: detected capacity change from 0 to 1024
[  126.080758][ T6947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.087747][ T6957] EXT4-fs: Ignoring removed nomblk_io_submit option
[  126.165137][ T6960] macsec1: entered promiscuous mode
[  126.170467][ T6960] bridge0: entered promiscuous mode
[  126.176138][ T6960] bridge0: port 1(macsec1) entered blocking state
[  126.182694][ T6960] bridge0: port 1(macsec1) entered disabled state
[  126.189304][ T6960] macsec1: entered allmulticast mode
[  126.194640][ T6960] bridge0: entered allmulticast mode
[  126.201234][ T6960] macsec1: left allmulticast mode
[  126.206337][ T6960] bridge0: left allmulticast mode
[  126.212007][ T6960] bridge0: left promiscuous mode
[  126.332698][ T6957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.706752][ T6973] random: crng reseeded on system resumption
[  127.506948][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.589665][ T6986] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1161'.
[  127.629057][ T6986] 0�X���: renamed from caif0
[  127.657206][ T6986] 0�X���: entered allmulticast mode
[  127.662496][ T6986] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  127.731312][ T6994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1166'.
[  127.752897][ T6995] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1167'.
[  127.826802][ T6999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1170'.
[  127.890239][ T2156] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  127.952633][ T2156] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  127.973826][ T2156] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  127.992300][ T2156] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  128.160140][ T7015] loop2: detected capacity change from 0 to 1024
[  128.187460][ T7015] EXT4-fs: Ignoring removed bh option
[  128.207310][ T7015] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  128.273876][ T7015] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.393769][ T7022] loop1: detected capacity change from 0 to 512
[  128.433781][ T7022] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  128.466523][ T7022] EXT4-fs (loop1): mount failed
[  128.499636][ T7026] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  128.507482][ T7025] tipc: Resetting bearer <eth:syzkaller0>
[  128.528236][ T7025] tipc: Disabling bearer <eth:syzkaller0>
[  128.681946][ T7031] loop3: detected capacity change from 0 to 512
[  128.689569][ T7031] EXT4-fs (loop3): orphan cleanup on readonly fs
[  128.696880][ T7031] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1181: bad orphan inode 13
[  128.707296][ T7031] ext4_test_bit(bit=12, block=18) = 1
[  128.712740][ T7031] is_bad_inode(inode)=0
[  128.716903][ T7031] NEXT_ORPHAN(inode)=2130706432
[  128.721963][ T7031] max_ino=32
[  128.725337][ T7031] i_nlink=1
[  128.729698][ T7031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  128.894471][ T7031] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  129.062306][ T7031] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1181: bg 0: block 248: padding at end of block bitmap is not set
[  129.214503][ T7031] __quota_error: 3135 callbacks suppressed
[  129.214521][ T7031] Quota error (device loop3): write_blk: dquota write failed
[  129.227933][ T7031] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  129.237955][ T7031] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.1181: Failed to acquire dquot type 1
[  129.685243][ T7031] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  129.701652][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.742172][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.765242][ T7043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1187'.
[  129.777362][    C1] vcan0: j1939_session_tx_dat: 0xffff88811a884000: queue data error: -100
[  129.962182][ T7049] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1190'.
[  130.278526][ T7051] random: crng reseeded on system resumption
[  130.902275][   T29] audit: type=1326 audit(1758441222.456:10363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  130.952850][   T29] audit: type=1326 audit(1758441222.476:10364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  130.976296][ T7059] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1182'.
[  130.976399][   T29] audit: type=1326 audit(1758441222.476:10365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  130.991294][ T7059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1182'.
[  131.009188][   T29] audit: type=1326 audit(1758441222.476:10366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  131.041636][   T29] audit: type=1326 audit(1758441222.476:10367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  131.065311][   T29] audit: type=1326 audit(1758441222.476:10368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  131.089109][   T29] audit: type=1326 audit(1758441222.476:10369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  131.112728][   T29] audit: type=1326 audit(1758441222.476:10370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1030a5ec29 code=0x7ffc0000
[  131.255967][ T7069] loop1: detected capacity change from 0 to 1024
[  131.350390][ T7069] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.705949][ T7069] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.1195: Allocating blocks 449-513 which overlap fs metadata
[  131.729264][ T7068] EXT4-fs (loop1): pa ffff888106e3f540: logic 48, phys. 177, len 21
[  131.737336][ T7068] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4
[  131.837484][ T7080] loop4: detected capacity change from 0 to 512
[  131.850258][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.861073][ T7080] EXT4-fs (loop4): orphan cleanup on readonly fs
[  131.876788][ T7080] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1199: bad orphan inode 13
[  131.894213][ T7080] ext4_test_bit(bit=12, block=18) = 1
[  131.899732][ T7080] is_bad_inode(inode)=0
[  131.903937][ T7080] NEXT_ORPHAN(inode)=2130706432
[  131.908887][ T7080] max_ino=32
[  131.911511][ T7087] loop1: detected capacity change from 0 to 1024
[  131.912153][ T7080] i_nlink=1
[  131.918844][ T7087] EXT4-fs: Ignoring removed nomblk_io_submit option
[  131.922633][ T7080] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  131.957496][ T7087] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.083776][ T7094] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1204'.
[  132.101267][ T7096] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  132.155792][ T7096] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1199: bg 0: block 248: padding at end of block bitmap is not set
[  132.171482][ T7096] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.1199: Failed to acquire dquot type 1
[  132.194070][ T7101] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7101 comm=syz.2.1204
[  132.207451][ T7096] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  132.256343][ T7098] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.263713][ T7098] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.265448][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.295241][ T7103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1205'.
[  132.308025][ T7098] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.318052][ T7098] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.372506][ T7103] veth1_macvtap: left promiscuous mode
[  132.402953][ T4902] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.417238][ T4902] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.432322][ T4902] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.456209][ T7105] syzkaller0: entered promiscuous mode
[  132.461850][ T7105] syzkaller0: entered allmulticast mode
[  132.472078][ T4904] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.688860][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.850061][ T7189] loop4: detected capacity change from 0 to 8192
[  132.957369][ T7168] hub 9-0:1.0: USB hub found
[  132.970237][ T7168] hub 9-0:1.0: 8 ports detected
[  133.858238][ T7222] netlink: 'syz.0.1221': attribute type 5 has an invalid length.
[  133.874979][ T7224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1222'.
[  134.157454][ T7243] loop2: detected capacity change from 0 to 8192
[  134.263838][ T7252] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.1232'.
[  134.288468][   T29] kauditd_printk_skb: 55 callbacks suppressed
[  134.288486][   T29] audit: type=1400 audit(1758441225.836:10424): avc:  denied  { read } for  pid=7254 comm="syz.0.1233" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.318367][   T29] audit: type=1400 audit(1758441225.836:10425): avc:  denied  { open } for  pid=7254 comm="syz.0.1233" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.342403][   T29] audit: type=1400 audit(1758441225.846:10426): avc:  denied  { ioctl } for  pid=7254 comm="syz.0.1233" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.369952][   T29] audit: type=1400 audit(1758441225.916:10427): avc:  denied  { read } for  pid=7254 comm="syz.0.1233" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  134.394252][   T29] audit: type=1400 audit(1758441225.916:10428): avc:  denied  { open } for  pid=7254 comm="syz.0.1233" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  134.419232][   T29] audit: type=1400 audit(1758441225.956:10429): avc:  denied  { ioctl } for  pid=7254 comm="syz.0.1233" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  134.493821][ T7261] netlink: 'syz.0.1235': attribute type 3 has an invalid length.
[  134.651376][ T7270] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1238'.
[  134.675489][ T7270] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7270 comm=syz.0.1238
[  134.843974][   T29] audit: type=1400 audit(1758441226.396:10430): avc:  denied  { write } for  pid=7280 comm="syz.1.1243" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.901760][ T7283] netlink: 'syz.1.1244': attribute type 5 has an invalid length.
[  135.151486][   T29] audit: type=1400 audit(1758441226.696:10431): avc:  denied  { connect } for  pid=7289 comm="syz.3.1247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  135.310966][ T7301] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1251'.
[  135.333596][ T7301] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7301 comm=syz.3.1251
[  135.398747][   T29] audit: type=1400 audit(1758441226.946:10432): avc:  denied  { setopt } for  pid=7305 comm="syz.2.1253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  135.422946][ T7306] loop2: detected capacity change from 0 to 512
[  135.433948][ T7306] vfat: Invalid gid '0x00000000ffffffff'
[  135.439966][   T29] audit: type=1400 audit(1758441226.966:10433): avc:  denied  { getopt } for  pid=7305 comm="syz.2.1253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  136.378015][ T7323] loop4: detected capacity change from 0 to 512
[  136.631000][ T7323] EXT4-fs (loop4): orphan cleanup on readonly fs
[  136.680401][ T7323] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1258: iget: bad extended attribute block 1
[  136.780003][ T7323] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1258: couldn't read orphan inode 15 (err -117)
[  136.838206][ T7331] lo speed is unknown, defaulting to 1000
[  136.863467][ T7323] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  136.878900][ T7331] lo speed is unknown, defaulting to 1000
[  136.900206][ T7332] netlink: 4656 bytes leftover after parsing attributes in process `syz.3.1261'.
[  136.912575][ T7331] lo speed is unknown, defaulting to 1000
[  136.949058][ T7331] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  136.989021][ T7331] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  137.018590][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.028671][ T7331] lo speed is unknown, defaulting to 1000
[  137.048250][ T7331] lo speed is unknown, defaulting to 1000
[  137.070125][ T7331] lo speed is unknown, defaulting to 1000
[  137.090709][ T7331] lo speed is unknown, defaulting to 1000
[  137.110960][ T7331] lo speed is unknown, defaulting to 1000
[  137.135842][ T7335] @: renamed from vlan0 (while UP)
[  137.454635][ T7344] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  138.437141][ T7135] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xe
[  138.504268][ T7373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1276'.
[  138.656854][ T7355] lo speed is unknown, defaulting to 1000
[  138.662551][ T7373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1276'.
[  138.685489][ T7135] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  138.693947][ T7135] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  138.845794][ T7135] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  138.854261][ T7135] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  138.944580][ T7135] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  138.953118][ T7135] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  138.990511][ T7412] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7412 comm=syz.1.1284
[  139.003640][ T7371] loop4: detected capacity change from 0 to 2048
[  139.010750][ T7371] EXT4-fs: Ignoring removed i_version option
[  139.043150][ T7371] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.082037][ T7371] ext4 filesystem being mounted at /146/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.103580][ T7135] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  139.112029][ T7135] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  139.128982][ T7415] lo speed is unknown, defaulting to 1000
[  139.143315][ T7420] loop1: detected capacity change from 0 to 512
[  139.163421][ T7420] EXT4-fs error (device loop1): ext4_xattr_inode_iget:442: comm syz.1.1285: error while reading EA inode 32 err=-116
[  139.186671][ T7420] EXT4-fs (loop1): Remounting filesystem read-only
[  139.193403][ T7420] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  139.206872][ T7420] EXT4-fs (loop1): 1 orphan inode deleted
[  139.208042][ T7408] lo speed is unknown, defaulting to 1000
[  139.214332][ T7420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.231212][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.234041][ T7420] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.272429][ T7424] loop9: detected capacity change from 0 to 7
[  139.278779][ T7424] Buffer I/O error on dev loop9, logical block 0, async page read
[  139.287652][ T7424] Buffer I/O error on dev loop9, logical block 0, async page read
[  139.295632][ T7424]  loop9: unable to read partition table
[  139.302478][ T7424] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  139.302478][ T7424] 
) failed (rc=-5)
[  139.444386][ T7431] capability: warning: `syz.1.1289' uses 32-bit capabilities (legacy support in use)
[  139.461746][ T7431] loop1: detected capacity change from 0 to 512
[  139.468563][   T29] kauditd_printk_skb: 101 callbacks suppressed
[  139.468648][   T29] audit: type=1400 audit(1758441231.016:10535): avc:  denied  { mounton } for  pid=7430 comm="syz.1.1289" path="/250/bus" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  139.485790][ T7431] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  139.510286][ T7431] EXT4-fs (loop1): 1 truncate cleaned up
[  139.516619][ T7431] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.529849][ T7431] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.569115][   T29] audit: type=1400 audit(1758441231.116:10536): avc:  denied  { unmount } for  pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  139.703882][ T7442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.712638][ T7442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.776322][ T7446] netlink: 'syz.3.1295': attribute type 15 has an invalid length.
[  139.817944][ T7449] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1296'.
[  139.827583][ T7449] 0��{X��: renamed from gretap0
[  139.834253][ T7449] 0��{X��: entered allmulticast mode
[  139.840297][ T7449] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  139.878561][ T7453] netlink: 'syz.3.1298': attribute type 12 has an invalid length.
[  139.891941][ T7455] loop1: detected capacity change from 0 to 512
[  139.904146][ T7455] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.907662][   T29] audit: type=1400 audit(1758441231.456:10537): avc:  denied  { ioctl } for  pid=7456 comm="syz.3.1300" path="socket:[21831]" dev="sockfs" ino=21831 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  139.917158][ T7455] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.137167][ T7464] loop3: detected capacity change from 0 to 164
[  140.290437][ T7468] SELinux:  Context system_u:object_r:initrc_var_run_t:s0 is not valid (left unmapped).
[  140.291622][   T29] audit: type=1400 audit(1758441231.836:10538): avc:  denied  { relabelfrom } for  pid=7467 comm="syz.2.1304" name="NETLINK" dev="sockfs" ino=21330 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  140.324773][   T29] audit: type=1400 audit(1758441231.836:10539): avc:  denied  { mac_admin } for  pid=7467 comm="syz.2.1304" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  140.363338][ T7468] loop2: detected capacity change from 0 to 512
[  140.396450][ T7468] EXT4-fs (loop2): orphan cleanup on readonly fs
[  140.411522][   T29] audit: type=1400 audit(1758441231.856:10540): avc:  denied  { relabelto } for  pid=7467 comm="syz.2.1304" name="NETLINK" dev="sockfs" ino=21330 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:initrc_var_run_t:s0"
[  140.440748][   T29] audit: type=1400 audit(1758441231.906:10541): avc:  denied  { ioctl } for  pid=7454 comm="syz.1.1299" path="socket:[21834]" dev="sockfs" ino=21834 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  140.477337][ T7468] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1304: bg 0: block 248: padding at end of block bitmap is not set
[  140.519721][ T7468] Quota error (device loop2): write_blk: dquota write failed
[  140.525138][ T7478] loop3: detected capacity change from 0 to 512
[  140.527224][ T7468] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  140.543428][ T7468] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.1304: Failed to acquire dquot type 1
[  140.560315][ T7478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.576026][   T29] audit: type=1400 audit(1758441232.130:10542): avc:  denied  { mounton } for  pid=7477 comm="syz.3.1308" path="/276/file0/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  140.620548][ T7468] EXT4-fs (loop2): 1 truncate cleaned up
[  140.626967][ T7478] loop3: detected capacity change from 512 to 64
[  140.627014][ T7468] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  140.684822][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.698803][ T7473] lo speed is unknown, defaulting to 1000
[  140.746597][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.768706][ T7482] veth0: entered promiscuous mode
[  140.774791][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1309'.
[  140.802271][ T7482] veth0 (unregistering): left promiscuous mode
[  141.153228][ T3314] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz-executor: invalid indirect mapped block 1280 (level 0)
[  141.167286][ T3314] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: unexpected EA_INODE flag
[  141.179039][ T3314] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: unexpected EA_INODE flag
[  141.214615][ T7497] loop4: detected capacity change from 0 to 512
[  141.215071][ T5760] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.238353][ T7497] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1314: bad orphan inode 11862016
[  141.250064][ T7497] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  141.263269][ T7497] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.306975][ T7135] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.333514][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  141.383703][ T7135] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.442451][ T7135] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.475543][ T7506] lo speed is unknown, defaulting to 1000
[  141.511186][ T7519] loop4: detected capacity change from 0 to 512
[  141.518155][ T7135] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.529322][ T7519] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  141.537546][ T7519] EXT4-fs (loop4): orphan cleanup on readonly fs
[  141.545447][ T7519] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1319: corrupted inode contents
[  141.548846][ T7506] chnl_net:caif_netlink_parms(): no params data found
[  141.558514][ T7519] EXT4-fs (loop4): Remounting filesystem read-only
[  141.571187][ T7519] EXT4-fs (loop4): 1 truncate cleaned up
[  141.577843][ T4916] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  141.588530][ T4916] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  141.600256][ T4916] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  141.611209][ T7519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  141.637916][ T7135] bond0 (unregistering): (slave ip6erspan0): Releasing active interface
[  141.755071][ T7135] $H� (unregistering): Released all slaves
[  141.763601][ T7135] bond1 (unregistering): Released all slaves
[  141.779302][ T7135] bond2 (unregistering): Released all slaves
[  141.789343][ T7135] bond0 (unregistering): Released all slaves
[  141.937062][ T7135] tipc: Left network mode
[  141.941549][ T7506] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.948720][ T7506] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.978867][ T7506] bridge_slave_0: entered allmulticast mode
[  141.996225][ T7506] bridge_slave_0: entered promiscuous mode
[  142.005045][ T7135] hsr_slave_0: left promiscuous mode
[  142.119676][ T7506] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.126871][ T7506] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.147951][ T7506] bridge_slave_1: entered allmulticast mode
[  142.166875][ T7506] bridge_slave_1: entered promiscuous mode
[  142.179589][ T7394] lo speed is unknown, defaulting to 1000
[  142.185360][ T7394] infiniband syz0: ib_query_port failed (-19)
[  142.206992][ T7506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.238587][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.249291][ T7506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.296547][ T7506] team0: Port device team_slave_0 added
[  142.312049][ T7539] loop2: detected capacity change from 0 to 128
[  142.314331][ T7506] team0: Port device team_slave_1 added
[  142.349313][ T7538] netlink: 'syz.4.1325': attribute type 4 has an invalid length.
[  142.375585][ T7506] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.382599][ T7506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.408728][ T7506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.437639][ T7539] syz.2.1324: attempt to access beyond end of device
[  142.437639][ T7539] loop2: rw=0, sector=121, nr_sectors = 920 limit=128
[  142.491875][ T7506] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.498879][ T7506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.525262][ T7506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  142.624248][ T7506] hsr_slave_0: entered promiscuous mode
[  142.658047][ T7506] hsr_slave_1: entered promiscuous mode
[  142.671563][ T7506] debugfs: 'hsr0' already exists in 'hsr'
[  142.677443][ T7506] Cannot create hsr debugfs directory
[  143.042701][ T7554] macsec1: entered promiscuous mode
[  143.048070][ T7554] bridge0: entered promiscuous mode
[  143.053635][ T7554] bridge0: port 3(macsec1) entered blocking state
[  143.060126][ T7554] bridge0: port 3(macsec1) entered disabled state
[  143.066907][ T7554] macsec1: entered allmulticast mode
[  143.072205][ T7554] bridge0: entered allmulticast mode
[  143.078470][ T7554] macsec1: left allmulticast mode
[  143.083573][ T7554] bridge0: left allmulticast mode
[  143.089221][ T7554] bridge0: left promiscuous mode
[  143.178625][ T7557] loop2: detected capacity change from 0 to 512
[  143.245130][ T7506] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  143.256937][ T7557] EXT4-fs: Ignoring removed mblk_io_submit option
[  143.337757][ T7557] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  143.363888][ T7506] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  143.374431][ T7557] EXT4-fs (loop2): 1 truncate cleaned up
[  143.383742][ T7557] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.411403][ T7506] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  143.432173][ T7506] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  143.440611][ T7565] loop4: detected capacity change from 0 to 1024
[  143.452869][ T7565] EXT4-fs: Ignoring removed orlov option
[  143.469776][ T7565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.490327][ T7575] loop1: detected capacity change from 0 to 128
[  143.506276][ T7506] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.512595][ T7565] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1334'.
[  143.529200][ T7506] 8021q: adding VLAN 0 to HW filter on device team0
[  143.542935][ T3423] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.550100][ T3423] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.559099][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.632805][ T7575] syz.1.1335: attempt to access beyond end of device
[  143.632805][ T7575] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  143.646361][ T7575] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  143.660875][ T7150] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.668042][ T7150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.677127][ T7575] syz.1.1335: attempt to access beyond end of device
[  143.677127][ T7575] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128
[  143.690755][ T7575] Buffer I/O error on dev loop1, logical block 128, lost async page write
[  143.708490][ T7506] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.464616][ T7587] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.471973][ T7587] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.490273][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.568559][ T7587] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.579334][ T7587] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  144.802698][ T7137] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  144.811164][ T7137] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  144.841903][ T7506] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.884804][ T7137] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  144.893394][ T7137] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  144.926793][   T29] kauditd_printk_skb: 43 callbacks suppressed
[  144.932994][   T29] audit: type=1400 audit(1758441236.591:10580): avc:  denied  { write } for  pid=7601 comm="syz.1.1342" path="socket:[22460]" dev="sockfs" ino=22460 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  144.957037][   T29] audit: type=1400 audit(1758441236.591:10581): avc:  denied  { setopt } for  pid=7601 comm="syz.1.1342" lport=47273 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  144.984164][   T29] audit: type=1400 audit(1758441236.632:10582): avc:  denied  { getopt } for  pid=7605 comm="syz.4.1344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  144.986878][ T7113] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  145.012515][ T7113] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  145.119565][ T7615] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7615 comm=syz.1.1346
[  145.120963][ T7113] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  145.140345][ T7113] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  145.374900][ T7506] veth0_vlan: entered promiscuous mode
[  145.410815][ T7506] veth1_vlan: entered promiscuous mode
[  145.579826][ T7506] veth0_macvtap: entered promiscuous mode
[  145.614000][ T7506] veth1_macvtap: entered promiscuous mode
[  145.651303][ T7506] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.685562][ T7506] batman_adv: batadv0: Interface activated: batadv_slave_1
[  145.756180][ T7160] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  145.776178][ T7160] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  145.807003][ T7160] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  145.849927][ T7160] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.254485][   T29] audit: type=1400 audit(1758441237.910:10583): avc:  denied  { mounton } for  pid=7506 comm="syz-executor" path="/root/syzkaller.6irZ5G/syz-tmp" dev="sda1" ino=2051 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  146.279118][   T29] audit: type=1400 audit(1758441237.910:10584): avc:  denied  { mount } for  pid=7506 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  146.301221][   T29] audit: type=1400 audit(1758441237.910:10585): avc:  denied  { mounton } for  pid=7506 comm="syz-executor" path="/root/syzkaller.6irZ5G/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  146.328198][   T29] audit: type=1400 audit(1758441237.921:10586): avc:  denied  { mounton } for  pid=7506 comm="syz-executor" path="/root/syzkaller.6irZ5G/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=22905 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  146.355923][   T29] audit: type=1400 audit(1758441237.941:10587): avc:  denied  { mounton } for  pid=7506 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  146.379009][   T29] audit: type=1400 audit(1758441237.941:10588): avc:  denied  { mount } for  pid=7506 comm="syz-executor" name="/" dev="gadgetfs" ino=4319 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  146.573178][   T29] audit: type=1326 audit(1758441238.064:10589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7641 comm="syz.5.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906f7fec29 code=0x7ffc0000
[  146.831195][ T7658] loop4: detected capacity change from 0 to 512
[  146.933160][ T7658] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.962979][ T7658] ext4 filesystem being mounted at /166/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  147.020424][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.256349][ T7648] Set syz1 is full, maxelem 65536 reached
[  147.317196][ T7668] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  147.342910][ T7668] tipc: Disabling bearer <eth:syzkaller0>
[  147.390644][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1364'.
[  147.468359][ T7677] loop4: detected capacity change from 0 to 4096
[  147.476163][ T7677] EXT4-fs: Ignoring removed nomblk_io_submit option
[  147.485895][ T7677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.769721][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.215449][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1367'.
[  148.235976][ T7684] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.243250][ T7684] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.287861][ T7684] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  148.298295][ T7684] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  148.355791][ T7688] team0 (unregistering): Port device team_slave_0 removed
[  148.380858][ T7688] team0 (unregistering): Port device team_slave_1 removed
[  148.411154][ T7160] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.420281][ T7691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.460235][ T7695] tipc: Resetting bearer <eth:syzkaller0>
[  148.473257][ T7700] 8021q: adding VLAN 0 to HW filter on device bond2
[  148.481414][ T7160] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.481490][ T7160] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.481521][ T7160] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.485464][ T7701] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  148.486768][ T7701] bond2: (slave macvlan0): Enslaving as an active interface with an up link
[  148.487094][ T7687] tipc: Resetting bearer <eth:syzkaller0>
[  148.500003][ T7687] tipc: Disabling bearer <eth:syzkaller0>
[  148.527586][ T7705] netlink: 'syz.5.1371': attribute type 83 has an invalid length.
[  148.587740][ T7708] netlink: 'syz.2.1373': attribute type 1 has an invalid length.
[  148.591619][ T7378] hid_parser_main: 31 callbacks suppressed
[  148.591639][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4
[  148.591723][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2
[  148.591760][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.591861][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.591914][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.591937][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.591960][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.591982][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.592006][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.592031][ T7378] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  148.594057][ T7378] hid-generic 0000:3000000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  148.602794][ T7708] 8021q: adding VLAN 0 to HW filter on device bond3
[  148.641390][ T7708] bond3: (slave ip6gretap1): making interface the new active one
[  148.643304][ T7708] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  148.689820][ T7708] veth1: entered promiscuous mode
[  148.691600][ T7708] bond3: (slave veth1): Enslaving as an active interface with a down link
[  148.716635][ T7708] erspan0: entered allmulticast mode
[  148.718798][ T7708] bond3: (slave erspan0): Enslaving as an active interface with an up link
[  148.767839][ T7714] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1375'.
[  149.455440][ T7732] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1382'.
[  149.495069][ T7732] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1382'.
[  149.568935][ T7736] loop5: detected capacity change from 0 to 512
[  149.579646][ T7736] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1384: bg 0: block 5: invalid block bitmap
[  149.600708][ T7736] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  149.612667][ T7740] loop1: detected capacity change from 0 to 512
[  149.619934][ T7736] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1384: invalid indirect mapped block 3 (level 2)
[  149.635650][ T7740] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.648459][ T7736] EXT4-fs (loop5): 2 truncates cleaned up
[  149.654927][ T7740] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.666012][ T7736] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.774709][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.846476][   T29] kauditd_printk_skb: 70 callbacks suppressed
[  149.846492][   T29] audit: type=1400 audit(1758441241.622:10660): avc:  denied  { write } for  pid=7748 comm="syz.4.1387" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  149.846558][ T7749] random: crng reseeded on system resumption
[  150.069099][ T7763] loop4: detected capacity change from 0 to 512
[  150.093829][ T7763] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.093896][ T7763] ext4 filesystem being mounted at /173/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.113180][ T7763] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1392: bg 0: block 328: padding at end of block bitmap is not set
[  150.118988][   T29] audit: type=1400 audit(1758441241.897:10661): avc:  denied  { create } for  pid=7761 comm="syz.4.1392" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[  150.124607][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.219740][ T7774] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  150.233172][ T7777] program syz.1.1390 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  150.339037][ T7781] netlink: 'syz.2.1399': attribute type 4 has an invalid length.
[  150.348823][ T7781] netlink: 'syz.2.1399': attribute type 4 has an invalid length.
[  150.445406][ T7789] loop2: detected capacity change from 0 to 512
[  150.453515][ T7789] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  150.472675][ T7506] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.485181][ T7789] EXT4-fs (loop2): 1 truncate cleaned up
[  150.493141][ T7787] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1403'.
[  150.516329][ T7789] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.995371][ T7804] wg2: entered promiscuous mode
[  151.000314][ T7804] wg2: entered allmulticast mode
[  151.249864][   T29] audit: type=1326 audit(1758441243.045:10662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.305387][   T29] audit: type=1326 audit(1758441243.045:10663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.328994][   T29] audit: type=1326 audit(1758441243.045:10664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.352619][   T29] audit: type=1326 audit(1758441243.045:10665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.376202][   T29] audit: type=1326 audit(1758441243.045:10666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.399943][   T29] audit: type=1326 audit(1758441243.045:10667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.423498][   T29] audit: type=1326 audit(1758441243.045:10668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.447706][   T29] audit: type=1326 audit(1758441243.045:10669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7812 comm="syz.0.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f79e7ec29 code=0x7ffc0000
[  151.524173][ T7818] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1414'.
[  151.563660][ T7820] loop1: detected capacity change from 0 to 1024
[  151.564979][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.571382][ T7820] EXT4-fs: Ignoring removed nobh option
[  151.584698][ T7820] EXT4-fs: inline encryption not supported
[  151.602039][ T7820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.632770][ T7820] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.1415: Allocating blocks 385-513 which overlap fs metadata
[  151.655790][ T7819] EXT4-fs (loop1): pa ffff888106ddcbd0: logic 16, phys. 129, len 24
[  151.663913][ T7819] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  151.689127][ T7823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1416'.
[  151.698224][ T7823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1416'.
[  151.708931][ T7823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1416'.
[  151.718963][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.768850][ T7834] loop2: detected capacity change from 0 to 512
[  151.776171][ T7834] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  151.788100][ T7834] EXT4-fs (loop2): 1 truncate cleaned up
[  151.794897][ T7834] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.826345][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.990890][ T7845] loop2: detected capacity change from 0 to 2048
[  152.027276][ T7847] loop4: detected capacity change from 0 to 2048
[  152.042020][ T7847] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.104249][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.730515][ T7871] tipc: Started in network mode
[  152.735471][ T7871] tipc: Node identity d6af2c1c679a, cluster identity 4711
[  152.742824][ T7871] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  152.767886][ T7870] tipc: Resetting bearer <eth:syzkaller0>
[  152.879806][ T7870] tipc: Disabling bearer <eth:syzkaller0>
[  153.216589][ T7888] hub 9-0:1.0: USB hub found
[  153.225691][ T7888] hub 9-0:1.0: 8 ports detected
[  153.363675][ T7888] loop5: detected capacity change from 0 to 2048
[  153.414829][ T7888] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.476649][ T7506] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.945649][ T7913] __nla_validate_parse: 1 callbacks suppressed
[  153.945737][ T7913] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1446'.
[  154.017080][ T7919] bridge0: entered allmulticast mode
[  154.077522][ T7926] loop5: detected capacity change from 0 to 512
[  154.085390][ T7926] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  154.109145][ T7928] netlink: zone id is out of range
[  154.114855][ T7928] netlink: zone id is out of range
[  154.120203][ T7928] netlink: zone id is out of range
[  154.125434][ T7928] netlink: zone id is out of range
[  154.239940][ T7928] netlink: zone id is out of range
[  154.261974][ T7928] netlink: zone id is out of range
[  154.281235][ T7926] EXT4-fs (loop5): 1 truncate cleaned up
[  154.299433][ T7928] netlink: zone id is out of range
[  154.312593][ T7926] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.331066][ T7928] netlink: zone id is out of range
[  154.352537][ T7928] netlink: zone id is out of range
[  154.374378][ T7928] netlink: zone id is out of range
[  155.119344][ T7950] netlink: 'syz.2.1458': attribute type 4 has an invalid length.
[  155.215851][ T7951] loop4: detected capacity change from 0 to 1024
[  155.236452][ T7506] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.246282][ T7951] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  155.276375][   T29] kauditd_printk_skb: 290 callbacks suppressed
[  155.276393][   T29] audit: type=1326 audit(1758441247.121:10960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.308088][ T7951] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #11: comm syz.4.1456: iget: bogus i_mode (1)
[  155.331118][ T7951] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1456: couldn't read orphan inode 11 (err -117)
[  155.354519][ T7951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.367990][   T29] audit: type=1326 audit(1758441247.162:10961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.391950][   T29] audit: type=1326 audit(1758441247.162:10962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.415509][   T29] audit: type=1326 audit(1758441247.162:10963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.439300][   T29] audit: type=1326 audit(1758441247.162:10964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.462794][   T29] audit: type=1326 audit(1758441247.172:10965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.486435][   T29] audit: type=1326 audit(1758441247.172:10966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.510091][   T29] audit: type=1326 audit(1758441247.172:10967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.533682][   T29] audit: type=1326 audit(1758441247.172:10968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.557196][   T29] audit: type=1326 audit(1758441247.172:10969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7954 comm="syz.2.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d5c7cec29 code=0x7ffc0000
[  155.645286][ T7965] loop1: detected capacity change from 0 to 256
[  155.664904][ T7965] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001)
[  155.693307][ T7965] syz.1.1462: attempt to access beyond end of device
[  155.693307][ T7965] loop1: rw=2049, sector=256, nr_sectors = 32 limit=256
[  155.711889][ T7944] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.737918][ T7965] syz.1.1462: attempt to access beyond end of device
[  155.737918][ T7965] loop1: rw=2049, sector=320, nr_sectors = 32 limit=256
[  155.768669][ T7965] syz.1.1462: attempt to access beyond end of device
[  155.768669][ T7965] loop1: rw=2049, sector=384, nr_sectors = 32 limit=256
[  155.798368][ T7965] syz.1.1462: attempt to access beyond end of device
[  155.798368][ T7965] loop1: rw=2049, sector=448, nr_sectors = 40 limit=256
[  155.956503][ T7976] loop1: detected capacity change from 0 to 1024
[  155.978822][ T7976] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  155.993236][ T7976] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.1466: Invalid block bitmap block 0 in block_group 0
[  156.006949][ T7976] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.1466: Failed to acquire dquot type 0
[  156.019614][ T7976] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.1466: Freeing blocks not in datazone - block = 0, count = 4096
[  156.033370][ T7976] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.1466: Invalid inode bitmap blk 0 in block_group 0
[  156.046282][ T7127] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:31: Failed to release dquot type 0
[  156.075916][ T7976] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[  156.084968][ T7976] EXT4-fs (loop1): 1 orphan inode deleted
[  156.110171][ T7976] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.129823][ T7983] loop5: detected capacity change from 0 to 1024
[  156.152146][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.177630][ T7983] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.230661][ T7983] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.1470: Allocating blocks 385-513 which overlap fs metadata
[  156.267914][ T7983] EXT4-fs (loop5): pa ffff888106ddcbd0: logic 16, phys. 129, len 24
[  156.276044][ T7983] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  156.306539][ T7983] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  156.318931][ T7983] EXT4-fs (loop5): This should not happen!! Data will be lost
[  156.318931][ T7983] 
[  156.328638][ T7983] EXT4-fs (loop5): Total free blocks count 0
[  156.334654][ T7983] EXT4-fs (loop5): Free/Dirty block details
[  156.340568][ T7983] EXT4-fs (loop5): free_blocks=128
[  156.345740][ T7983] EXT4-fs (loop5): dirty_blocks=0
[  156.350806][ T7983] EXT4-fs (loop5): Block reservation details
[  156.357107][ T7983] EXT4-fs (loop5): i_reserved_data_blocks=0
[  156.370644][ T7994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1473'.
[  156.541459][ T8010] netlink: 'syz.5.1477': attribute type 10 has an invalid length.
[  156.549411][ T8010] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1477'.
[  156.558615][ T8010] veth1_vlan: left promiscuous mode
[  156.564724][ T8010] batman_adv: batadv0: Adding interface: veth1_vlan
[  156.571349][ T8010] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.597161][ T8010] batman_adv: batadv0: Interface activated: veth1_vlan
[  157.088322][ T8024] loop2: detected capacity change from 0 to 1024
[  157.095937][ T8024] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  157.619116][ T8024] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1483: Invalid block bitmap block 0 in block_group 0
[  157.637324][ T8024] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.1483: Failed to acquire dquot type 0
[  157.679420][ T8024] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.1483: Freeing blocks not in datazone - block = 0, count = 4096
[  157.719295][ T8024] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.1483: Invalid inode bitmap blk 0 in block_group 0
[  157.739198][ T7125] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:29: Failed to release dquot type 0
[  157.756477][ T8024] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  157.791411][ T8024] EXT4-fs (loop2): 1 orphan inode deleted
[  157.805715][ T8024] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.926216][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.990658][ T8057] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  157.998773][ T8056] tipc: Resetting bearer <eth:syzkaller0>
[  158.023421][ T8062] loop1: detected capacity change from 0 to 2048
[  158.024580][ T8056] tipc: Disabling bearer <eth:syzkaller0>
[  158.030534][ T8062] EXT4-fs: inline encryption not supported
[  158.048179][ T8062] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.122150][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.538669][ T8080] netlink: 'syz.1.1496': attribute type 10 has an invalid length.
[  158.546698][ T8080] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1496'.
[  158.655155][ T8082] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1497'.
[  158.667175][ T8080] veth1_vlan: left promiscuous mode
[  158.841118][ T8096] loop4: detected capacity change from 0 to 1024
[  159.108989][ T8115] loop1: detected capacity change from 0 to 512
[  159.123506][ T8115] vfat: Invalid gid '0x00000000ffffffff'
[  159.694238][ T8130] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  159.864131][ T8128] tipc: Resetting bearer <eth:syzkaller0>
[  159.908068][ T8128] tipc: Disabling bearer <eth:syzkaller0>
[  160.233662][ T8151] loop4: detected capacity change from 0 to 1024
[  160.246238][ T8151] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  160.277531][ T8151] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.1513: Invalid block bitmap block 0 in block_group 0
[  160.291814][ T8151] __quota_error: 626 callbacks suppressed
[  160.291878][ T8151] Quota error (device loop4): write_blk: dquota write failed
[  160.305088][ T8151] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  160.315217][ T8151] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.1513: Failed to acquire dquot type 0
[  160.327152][ T8151] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.1513: Freeing blocks not in datazone - block = 0, count = 4096
[  160.341897][ T8151] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.1513: Invalid inode bitmap blk 0 in block_group 0
[  160.355497][ T7115] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-7
[  160.364525][ T7115] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:19: Failed to release dquot type 0
[  160.376907][ T8151] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  160.394023][ T8151] EXT4-fs (loop4): 1 orphan inode deleted
[  160.406963][ T8151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.484994][ T4952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.537536][ T8161] loop7: detected capacity change from 0 to 7
[  160.593647][    C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  160.598207][   T29] audit: type=1326 audit(1758441252.506:11590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  160.603450][    C1] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  160.675843][   T29] audit: type=1326 audit(1758441252.546:11591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  160.699349][   T29] audit: type=1326 audit(1758441252.546:11592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  160.722873][   T29] audit: type=1326 audit(1758441252.546:11593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  160.746475][   T29] audit: type=1326 audit(1758441252.546:11594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  160.769887][   T29] audit: type=1326 audit(1758441252.546:11595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  160.793472][   T29] audit: type=1326 audit(1758441252.546:11596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafb0ec29 code=0x7ffc0000
[  161.327938][ T8179] loop5: detected capacity change from 0 to 1024
[  161.344256][ T8179] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  161.366267][ T8179] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #11: comm syz.5.1521: iget: bogus i_mode (1)
[  161.386376][ T8179] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.1521: couldn't read orphan inode 11 (err -117)
[  161.411150][ T8179] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.649010][ T8176] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.375103][ T8191] loop1: detected capacity change from 0 to 512
[  162.405043][ T8191] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  162.427772][ T8191] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  162.499718][ T3303] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  162.612537][ T8215] sit0: entered promiscuous mode
[  162.755349][ T8213] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1532'.
[  162.764355][ T8213] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1532'.
[  162.792474][ T8222] loop1: detected capacity change from 0 to 1024
[  162.811840][ T8222] EXT4-fs: Ignoring removed bh option
[  162.827249][ T8222] EXT4-fs: inline encryption not supported
[  162.839536][ T8222] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  162.852102][ T8222] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  162.863614][ T8222] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.1537: lblock 2 mapped to illegal pblock 2 (length 1)
[  162.877924][ T8222] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.1537: lblock 0 mapped to illegal pblock 48 (length 1)
[  162.892310][ T8222] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.1537: Failed to acquire dquot type 0
[  162.904439][ T8222] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  162.914293][ T8222] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.1537: mark_inode_dirty error
[  162.926587][ T8222] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  162.937041][ T8222] EXT4-fs (loop1): 1 orphan inode deleted
[  162.943320][ T8222] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.955922][ T7127] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:31: lblock 1 mapped to illegal pblock 1 (length 1)
[  162.986231][ T7127] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:31: Failed to release dquot type 0
[  163.006893][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.016313][ T3303] EXT4-fs error (device loop1): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0
[  163.029802][ T3303] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  163.039549][ T3303] EXT4-fs error (device loop1): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error
[  163.061285][ T8231] loop1: detected capacity change from 0 to 512
[  163.062004][ T8229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1540'.
[  163.068940][ T8231] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  163.088437][ T8231] EXT4-fs (loop1): 1 truncate cleaned up
[  163.094897][ T8231] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.266315][ T8234] ==================================================================
[  163.274451][ T8234] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark
[  163.281598][ T8234] 
[  163.283946][ T8234] write to 0xffff88810c3d254c of 4 bytes by task 8231 on cpu 0:
[  163.291594][ T8234]  xas_set_mark+0x12b/0x140
[  163.296137][ T8234]  __folio_start_writeback+0x1dd/0x440
[  163.301713][ T8234]  ext4_bio_write_folio+0x5ad/0x9f0
[  163.306944][ T8234]  mpage_process_page_bufs+0x4a1/0x620
[  163.312429][ T8234]  mpage_prepare_extent_to_map+0x786/0xc00
[  163.318256][ T8234]  ext4_do_writepages+0xa05/0x2750
[  163.323398][ T8234]  ext4_writepages+0x176/0x300
[  163.328339][ T8234]  do_writepages+0x1c3/0x310
[  163.332961][ T8234]  filemap_write_and_wait_range+0x144/0x340
[  163.338897][ T8234]  filemap_invalidate_pages+0xa4/0x1a0
[  163.344379][ T8234]  kiocb_invalidate_pages+0x6e/0x80
[  163.349595][ T8234]  __iomap_dio_rw+0x5d4/0x1250
[  163.354370][ T8234]  iomap_dio_rw+0x40/0x90
[  163.358732][ T8234]  ext4_file_write_iter+0xad9/0xf00
[  163.363964][ T8234]  iter_file_splice_write+0x666/0xa60
[  163.369373][ T8234]  direct_splice_actor+0x156/0x2a0
[  163.374505][ T8234]  splice_direct_to_actor+0x312/0x680
[  163.379891][ T8234]  do_splice_direct+0xda/0x150
[  163.384764][ T8234]  do_sendfile+0x380/0x650
[  163.389219][ T8234]  __x64_sys_sendfile64+0x105/0x150
[  163.394462][ T8234]  x64_sys_call+0x2bb0/0x2ff0
[  163.399343][ T8234]  do_syscall_64+0xd2/0x200
[  163.403878][ T8234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.409800][ T8234] 
[  163.412140][ T8234] read to 0xffff88810c3d254c of 4 bytes by task 8234 on cpu 1:
[  163.419697][ T8234]  xas_find_marked+0x5dc/0x620
[  163.424495][ T8234]  find_get_entry+0x5d/0x380
[  163.429103][ T8234]  filemap_get_folios_tag+0x92/0x210
[  163.434408][ T8234]  mpage_prepare_extent_to_map+0x320/0xc00
[  163.440236][ T8234]  ext4_do_writepages+0xa05/0x2750
[  163.445475][ T8234]  ext4_writepages+0x176/0x300
[  163.450276][ T8234]  do_writepages+0x1c3/0x310
[  163.454884][ T8234]  file_write_and_wait_range+0x156/0x2c0
[  163.460539][ T8234]  generic_buffers_fsync_noflush+0x45/0x120
[  163.466451][ T8234]  ext4_sync_file+0x1ab/0x690
[  163.471142][ T8234]  vfs_fsync_range+0x10a/0x130
[  163.475937][ T8234]  ext4_buffered_write_iter+0x34f/0x3c0
[  163.481519][ T8234]  ext4_file_write_iter+0xdbf/0xf00
[  163.486753][ T8234]  iter_file_splice_write+0x666/0xa60
[  163.492144][ T8234]  direct_splice_actor+0x156/0x2a0
[  163.497450][ T8234]  splice_direct_to_actor+0x312/0x680
[  163.502843][ T8234]  do_splice_direct+0xda/0x150
[  163.507626][ T8234]  do_sendfile+0x380/0x650
[  163.512069][ T8234]  __x64_sys_sendfile64+0x105/0x150
[  163.517300][ T8234]  x64_sys_call+0x2bb0/0x2ff0
[  163.521999][ T8234]  do_syscall_64+0xd2/0x200
[  163.526537][ T8234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.532450][ T8234] 
[  163.534822][ T8234] value changed: 0x0a000021 -> 0x04000021
[  163.540558][ T8234] 
[  163.542890][ T8234] Reported by Kernel Concurrency Sanitizer on:
[  163.549148][ T8234] CPU: 1 UID: 0 PID: 8234 Comm: syz.1.1539 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  163.558884][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  163.568955][ T8234] ==================================================================
[  164.061270][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.