last executing test programs:

2.292567531s ago: executing program 3 (id=260):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_int(r0, 0x6, 0x1b, &(0x7f00000004c0)=0x6, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

2.052925963s ago: executing program 3 (id=269):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="b8010000000f01d9b9b30000400f32c422552e230f01c366400f73d5003e65470fc739b9800000c00f3235000800000f30260f78f366b863000f00d8b805000000b9007000000f01c1", 0x49}], 0x1, 0x14, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.853722056s ago: executing program 2 (id=277):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000700), 0xffffffffffffffff)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x2, 0x20004000}}, 0x50)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x2000)

1.825239937s ago: executing program 3 (id=279):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x350, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x3b0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000001d00070f000000000000000007000000", @ANYRES32=r2], 0x24}}, 0x0)

1.778777017s ago: executing program 3 (id=280):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x4, 0x4, 0x10004, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

1.648105329s ago: executing program 3 (id=285):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000005bc0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000005c80)={&(0x7f0000005c00)={0x68, r3, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x2, @media='eth\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x4848}, 0x20000000)

1.611007109s ago: executing program 2 (id=287):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10)
setgid(0x0)

1.59327718s ago: executing program 3 (id=289):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
close(0x3)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)

1.56932877s ago: executing program 2 (id=290):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0xf0, 0x0, 0x2}, {}, {0x3}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)

1.53580011s ago: executing program 2 (id=293):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='pids.events\x00', 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB='\n'], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000140), &(0x7f00000002c0)=""/4095}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000080)={r0, &(0x7f0000000080), 0x0}, 0x20)

1.52399017s ago: executing program 2 (id=294):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x3)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

1.50590679s ago: executing program 2 (id=296):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f00000003a8407a730b93bf0280b3"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f00000000c0)={0x3})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0)

970.258898ms ago: executing program 4 (id=308):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x15, 0x0, 0x3, 0x80ffffff}]})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})

827.821309ms ago: executing program 4 (id=311):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fef7ff7a0af0fff80000ff79a4f0ff00000000b7060000efffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ba23008500000098000000b70000000000000095000000000000006f88300eaa171100756695acf0af839ec5300a584fe44c80de0b061417e9ade22cecede5d5be6ab3d7828ee094518a5800000082c81ddfe3960a29ea15fa7e26f0f3e51416b698f6da6fe8af496d22585ffab3af24974fae00d824313ffef788c6983945dd3663f79f67e78a48b24a4bcdc33b38c5f86e96111199f0f0af9f42099a0f54041889b971cf394bd43473a5ac2acab9768cbc52ff7f000000000000711727c4a32a6b7ecdae05d2b3fed4572eb0d88976d2adda68000010000000c47b18cf93996a43e2e080f57fadf535d8b3078ebe16b10160fad64474a7b558f7a56f41022feec18e013abd8fda2b96779e534d0675fbcc13ba9f9eb96319fd5b49521d5cb2ced401d7b6fce658f203a9c2da91116d986730da1be85b0000829512099df32814820fbf7be91cd13b77f4e4e599f8bbca388247856073472312a9ff4273b9cd08000000000000616e888cda842c661577818c2069cb41a73b4b7fc28882cad315db3fffc5183deca7a32838ec0ad70d4f55382c1879b71ec504d2f3e3883428ee350123a5cad346f6d517f6fcea5b6bc4fcffffffffffff03f419a6e45fd98e77da4a8202ebbdafe6b2e38c9d7e506f5da2958cf7f0d9b31ca3275e64e29d39d158cebe43308cf8760588001172e19685e9a334aec76530861b772a1da96f0a227514bd0bc26df2b50a45e4eceae1ddfe88d58879d12afdb295ce2edecb253e0471714fa124211203000000000000001f502b6c760655ffb20ae13a1a94f7ae229fbf5da7cae4f994ee82fc98c864c3e352ad16f98208cf1469dd6c1212582a3687f7dbdf708929643f3f0f4e947c40742452685ec044fc71eaca9abc92145677e14054331801b1412b39049ed782742f9a1b6aca9123b243c1a68c047f2db79701b62c8cc0d2f608c7f62d107ebc68df9f8d296721c9d465dad604bc0dc500000000000000000000000000000000000000000568a4997dd54fa83aacd2d209f66de2e26dc2fd862a0b8ee149c148197176745fc8ff1dd5bd6611daa882298a37b041b34668d4662ea8fbe2e787dfc4c8bef2124f0439b2d18ec83361da5cc732f365b0a528db31b90bc1405b6d5301c34319ccae29b1d6034b665c79baeeeac5e71d24e2e3b6ffc5bc2dcb600e645c0048b45e286a49e888d21abfc817085d9c00e08525207e33505226fdda16e6da6dd31f7a1736029b87e8d6a05bcb356298d7dccd7de2af0885bd4939ff96ab74da3871b077e4058c8752ba4994eafed8b239d781638fa339fa0f7dd135af3f80e40f4b885770cf27d205a45d4702f97b8b7c57b180c50b2b370dfb35dc895e8f05d6e71829f36150b2cde31469c4aea0c64850eb3f3e0dc35f8cdd76bdde2018366c3201307c370433762676f72e68c962430a0000000000000000000000000000e737dc2e1a3fdebbb510c663d24f72b954965201f775b3739c14dd4832647c028be09f2809fd396fa26532a30a37737e95f0f41dd024b7bf8a6bf807c9fd9b8c7a39717729339dc3054117cb95693bdd61edcc2860b66545e194a961bdc5457d76ae1a87050e12ead896f3337d5a000000000000000000400000602bfd2f1ace65f2e74dc99cb73a37f40362b7904e8a0ea8d2d9805c924f9985d22972031a1223afa1288af3f48c93fcdb11963d0b748287448f722dc180e87637b662b11effabf45beda2e3a7e1adf8f94b619fa152b33440f2358a745848caf7000eb305c936d26964a2a85e133d01368b8d228d02f96064de261cf02c9632a0eb4ab259e8f4dd63d8b6d2d6b2a0c29fbab7d04d73a381c296af344655b64e12f216fbc646cc6bd60ca773d187f2fd317f6cb2309d1a13526a44b7d9b2bf93947dc3ac3340a7a114051d33d152310574f0d784910dc1a8f5bbf3610c544437626236458f285196161496389b02ba46a72da0149b4ddfdd4ef7862a07395752a37cb0244e94e1310e0c0a148a9a48b149bf2f345f3f89813c9eb05160f63f0b363deee5cb77ea6e951857e1942e5c56d72d724af7aa24a8aadb512f3302972c53b0eb7a693e0b0c775b21aed72995cfe9e9347a07d43ce3db9f22d461e86416ffff6f2e4e36306630052a2b03ee36ec52af0d684fabd5f38adffaa6c5a7a8100d1aefaf8576b363690b76e2eb96b07ab790cf63cfc334b7469b5b5b397c622f7c3ee064f9272443bcb928b6f7a2450cd33550a42843b0b5ac9e37134c81bd56b72e1030b05a5b3ac47b5af22a9dff0700004adacc71db2b15b4ffd98e30224763382ade45d164be76b2e9a674448f3ee2cd29707484df87ea6e8e6333b5fcb1b8b43a7c005ea800000000000000000000010000000000387592adc78ccfe479549e6f4efc14c4a5cfe845e6157d6fe70b278147edf0e25065ec6b17f8022493d105c9c31121e7957aeec5f7f2af0446d128778c8bf15b87a0eec6f4c75966b5f0e06744bda63134223416102aea1254d57c390e1f84ec7d5c3a758ce59c9e2c4ce1f28b6783661e272bf1cb5c8ac177aa9c6ccbead9a96b22394afb840247e5d69473b836f070dc0bf9302e33b03d4e07395c82e33667726b51ff24b0bbea730702835159e3517ffb3da0d01833589fec3bdab629b21e5d9e87c3c58d962ff5e75c81f583c64b7d5a643674801e18b06ca98b49d9e28d004c7ebccf076c64ef71421f672b0948b18ab5af448ca9446e71ba6dd4bd15a12553066de7cb767a121d56d9d26ce27fdbe6721191f2ed1cc3f9c5e3d5cba447c4793165b3cbf51c7d0cf9edf823641e1bc7db7803b60dc8b21e49a33a73ac00337067dfd3ecaf4e6dceee1048f300000000000000000000000000000000000000000000007958a50896df65337581398793d0a9abe75251908c07d2957ca70ad7ac31aae536294d6a944cd35f46cb554d8aecae5a72cb24596d896ff9ad83473567b6cb9d032c395a1459399cea31ebafc1e77649b55af527ca0f1ac972ee72a78391473c1b9e0000000000000000004076eac7e605f8de6f0ce5702af52c5d78bac0097d92f078a3a98229ebf281c3c876d2614109b69967871fea621fb2a29a77a1516b51d9b1c3c5ef1436f50fad4a1cd92a211fec61d37c8b410a20fbdeb642228d6cfeb8cda8eea3a7f343fcaa0459b9d916abb668d4799534307084ee7d854dd0850000000000000000000000002f40c3e24f9c0a56edf543425058c35febda26a43bdab770212186b84421d8b841cf9181d47c08cb392e414c1efba9978a97769e65ae443644dbdb32a50cdc717a34d1aa9ced37820a6d1cd0920a9a07e36a85e967bfa7f2caf1c9b52c06f4d178fbb91a169e9533e401819e57cab814761819b0fc517239a6777dbb92a7462538dbd8a4b82f87df7982b44b160a598c75bafa5a9b388a44303dbebc83ac2ad2da3ae80c851bc2fdb8d444597fdac4538aa33bb9204ffe534b15a1878be30157d0815d38fc2effeb7b87d6bd15e21c7b7c7d1ad7b3fd69b4bd06716a203e82f4c0413719eae0967fc70f03570375c2d0986b0200897e505afb87b878f3e13187001bba6a401bd56f3f8eb5384e33"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x304, 0x10, &(0x7f0000000000), 0xfffffea2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0xe, 0x0, &(0x7f0000000040)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xcfac, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

696.433121ms ago: executing program 4 (id=315):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000300)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000380)="07c6ace358", &(0x7f0000000400)=@tcp6=r0, 0x1}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f0000000000)="6121eed4cd50bb2b01e841acde1a", 0x0, 0x2a1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50)

662.094131ms ago: executing program 4 (id=316):
unshare(0x42000600)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

623.065722ms ago: executing program 1 (id=317):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
setgroups(0x0, 0x0)

584.961533ms ago: executing program 1 (id=319):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_int(r1, 0x0, 0x16, &(0x7f0000000080)=0x1ff, 0x4)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0x11, 0x148, 0x1d8, 0x0, 0x2d8, 0x2a8, 0x2a8, 0x2d8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv4=@broadcast, [0xff, 0xff, 0x0, 0xff], @ipv6=@mcast2, [0xffffffff, 0xffffff00, 0x0, 0xffffffff], @ipv6=@dev={0xfe, 0x80, '\x00', 0x27}, [0xffffffff, 0x0, 0x0, 0xff000000], @ipv4=@multicast2, [0x0, 0x0, 0x0, 0xffffff00], 0x6, 0x6, 0x0, 0x4e23, 0x4e24, 0x4e22, 0x4e23, 0x81}, 0x0, 0x480, 0x0, 0x0, 0x0, 0x4e20}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0)

488.293393ms ago: executing program 4 (id=320):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x207, &(0x7f0000000000), 0x1, 0x469, &(0x7f0000000100)="$eJzs3M9vFFUcAPDv7G5BfnZF/AGiomgk/mhpQeXgRRMTD5qY6AGPtRSCLNTQmghpbDEELyZKwt2YeDHxL/DkiagnE694NyTEcAE9rRl2dtlud8u2u91t3c8nGfpe9+2+73dm3s6bGaYBDKz96T9JxPaIuB4RwxGRq2+wpbKk7e7cmpv859bcZBLl8vt/J+nb4vatuclq0yT7ua1SKaQflLuURLFJvzPnL5yeKJWmzmX10dkzn4zOnL/w8qkzEyenTk6dHT969MjhsddeHX+lK3mmMd3e+/n0vj1vf3jl3cljVz769cdKvOXy1WuHFuXRHUMRMVdbJ42e625nfbejrpwU+hgIK7I5IgrZ3no9hiN/aWftteF464u+BgesqXK5XB5v/fJCGfgfS6LfEQD9UT3Qp+e/1aVHU4914eYblROgNO872VJ5pRAXszZDDee33bQ/Io4t/PttukTD9RQAgLXwczr/eanJ/K8Y8Uhdu53ZvaFiRDwYEbsi4qGI2B0RD0el7aMR8dgK+9/fUF86/8ndWF1m7Unnf69n97YWz/9qd8GK+ay2427+Q8mJU6WpQ9k6ORhDm9P6WNNPTyIW0p9/fN2q//r5X7qk/VfnglkcNwqbF7/n+MTsRMeJZ25ejNhbaJZ/EoV7WcSeiNi7yj5OvfDDvsW/yddK989/GV24z1T+LuL5yvZfiIb8q5Ll70+OPhClqUOj1b1iqd9+v/xeq/47yr8L0u2/ten+X8u/mNTfr51Z8hGb7tfH5T+/bHlOs9r9f1PywaLOP5uYnT03FrEpeWfp7+sucFfr1fZp/gcPNB//u+Lemng8ItKd+ImIeDIinspifzoinomIA8vk/8ubz368+vzXVpr//Iq2/8oL+dPXfmrVf3vb/0i1cjeodr7/2g2wk3UHAAAAG0UuIrZHkhuplXO5kZHK/5ffHVtzpemZ2RdPTH969njlGYFiDOWqV7qG666HjmXXhqv18aw+n9UPZ9eNr+a33K2PTE6Xjvc7eRhw21qM/9Rf+X5HB6w5z2vB4DL+YXCtfvz75oCN7j6jONerOIDecxSHwdVs/M/3IQ6g9xz/YXDVxv83bTSue9yr8eFNYONx/IfBZfzDQOrkuf51UYjvI5Zvk6yXUFdU+KqTtxd6EGHk1seK6mFhPB/RxzAK7f5Vizhfnu+4035/MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTHfwEAAP//qO7n/A==")
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0xa, 0x7, 0x0, 0x3, 0x8d, 0xce, 0x1c, 0x89, 0xfb, 0x7, 0x8, 0x0, 0xe56, 0xb, 0x2, 0x8, 0x2, 0x1, '\x00', 0x9, 0x3ff})
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, 0x0, 0x100)

271.531426ms ago: executing program 1 (id=321):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

227.798287ms ago: executing program 1 (id=322):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x11, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

133.145408ms ago: executing program 0 (id=324):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x1b3a, 0x4)
sendto$inet(r0, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=""/87, 0x57}, 0xa}], 0x1, 0x40013101, 0x0)

113.389608ms ago: executing program 0 (id=325):
r0 = socket$packet(0x11, 0x4000000000002, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', <r2=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x4004010, &(0x7f0000000a80)={0x11, 0x5, r2, 0x1, 0x80, 0x6, @remote}, 0x14)

100.553259ms ago: executing program 1 (id=326):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000080000000a00000008"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0)

89.533679ms ago: executing program 0 (id=327):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, &(0x7f0000000240)='nolazytime')

60.474389ms ago: executing program 0 (id=328):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
uname(&(0x7f00000006c0)=""/169)

19.86012ms ago: executing program 4 (id=329):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

19.10251ms ago: executing program 0 (id=330):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}}}, 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xf, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0)

16.96896ms ago: executing program 0 (id=331):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='hrtimer_init\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10)
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000))

0s ago: executing program 1 (id=332):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x18, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0x10, 0xd}}, [@TCA_RATE={0xfffffffffffffe2c, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts.
[   21.213957][   T28] audit: type=1400 audit(1748383151.594:64): avc:  denied  { mounton } for  pid=274 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.215452][  T274] cgroup: Unknown subsys name 'net'
[   21.237224][   T28] audit: type=1400 audit(1748383151.594:65): avc:  denied  { mount } for  pid=274 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.264518][   T28] audit: type=1400 audit(1748383151.634:66): avc:  denied  { unmount } for  pid=274 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.264702][  T274] cgroup: Unknown subsys name 'devices'
[   21.410403][  T274] cgroup: Unknown subsys name 'hugetlb'
[   21.416178][  T274] cgroup: Unknown subsys name 'rlimit'
[   21.521109][   T28] audit: type=1400 audit(1748383151.904:67): avc:  denied  { setattr } for  pid=274 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.544398][   T28] audit: type=1400 audit(1748383151.904:68): avc:  denied  { mounton } for  pid=274 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   21.559433][  T276] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.569657][   T28] audit: type=1400 audit(1748383151.904:69): avc:  denied  { mount } for  pid=274 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.601031][   T28] audit: type=1400 audit(1748383151.964:70): avc:  denied  { relabelto } for  pid=276 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.624896][  T274] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.627203][   T28] audit: type=1400 audit(1748383151.964:71): avc:  denied  { write } for  pid=276 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.661378][   T28] audit: type=1400 audit(1748383151.994:72): avc:  denied  { read } for  pid=274 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.687009][   T28] audit: type=1400 audit(1748383151.994:73): avc:  denied  { open } for  pid=274 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.860412][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.867483][  T282] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.875055][  T282] device bridge_slave_0 entered promiscuous mode
[   22.892344][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.899532][  T282] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.907005][  T282] device bridge_slave_1 entered promiscuous mode
[   22.958841][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.965909][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.973532][  T286] device bridge_slave_0 entered promiscuous mode
[   22.990630][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.997679][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.005172][  T286] device bridge_slave_1 entered promiscuous mode
[   23.021240][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.028335][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.035770][  T285] device bridge_slave_0 entered promiscuous mode
[   23.055039][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.062225][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.069789][  T285] device bridge_slave_1 entered promiscuous mode
[   23.082206][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.089322][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.096805][  T284] device bridge_slave_0 entered promiscuous mode
[   23.105308][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.112409][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.119968][  T284] device bridge_slave_1 entered promiscuous mode
[   23.152863][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.159940][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.167291][  T283] device bridge_slave_0 entered promiscuous mode
[   23.189186][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.196222][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.203846][  T283] device bridge_slave_1 entered promiscuous mode
[   23.340469][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.347671][  T282] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.406412][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.413924][  T286] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.421965][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.429182][  T286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.453056][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.460136][  T283] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.467500][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.474582][  T283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.486099][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.493601][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.501001][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.508044][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.526598][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.533683][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.540975][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.548014][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.597513][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.605030][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.612690][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.620891][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.628172][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.635426][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.642854][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.650230][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.657482][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.665628][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.673161][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.700304][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.708166][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.715812][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.723627][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.732716][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.740936][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.747972][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.755560][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.763988][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.771040][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.779520][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.800266][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.808973][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.816341][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.823907][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.832234][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.839315][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.846922][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.855343][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.862612][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.870171][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.878439][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.885462][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.922548][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.931027][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.938101][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.945713][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.954113][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.962356][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.969509][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.977230][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.986076][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.994144][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.002405][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.010689][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.017713][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.025283][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.033777][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.040848][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.048454][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.056423][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.064501][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.072800][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.096563][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.105049][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.113672][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.122028][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.130539][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.138873][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.146888][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.155124][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.163239][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.171793][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.180266][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.188763][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.197097][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.204925][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.222195][  T285] device veth0_vlan entered promiscuous mode
[   24.231176][  T282] device veth0_vlan entered promiscuous mode
[   24.238202][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.246343][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.254559][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.262750][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.271055][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.278664][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.294812][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.303006][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.311375][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.319926][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.329075][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.336596][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.352010][  T284] device veth0_vlan entered promiscuous mode
[   24.358622][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.369337][  T286] device veth0_vlan entered promiscuous mode
[   24.375820][  T285] device veth1_macvtap entered promiscuous mode
[   24.384524][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.393208][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.401415][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.409931][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.418434][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.425984][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.436690][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.445436][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.456080][  T282] device veth1_macvtap entered promiscuous mode
[   24.471565][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.479778][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.488121][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.496463][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.504787][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.521806][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.533682][  T283] device veth0_vlan entered promiscuous mode
[   24.540977][  T285] request_module fs-gadgetfs succeeded, but still no fs?
[   24.542951][  T284] device veth1_macvtap entered promiscuous mode
[   24.558485][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.566550][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.574944][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.583707][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.592488][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.600783][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.609032][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.616580][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.629159][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.637524][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.656764][  T286] device veth1_macvtap entered promiscuous mode
[   24.675067][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.684092][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.692432][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.702279][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.710900][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.719777][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.745142][  T283] device veth1_macvtap entered promiscuous mode
[   24.777100][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.785688][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.812492][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.821488][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.835408][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.846109][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.864784][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.890623][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.921538][  T324] loop0: detected capacity change from 0 to 512
[   24.970101][  T327] netem: change failed
[   24.974988][  T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   25.059294][  T284] EXT4-fs (loop0): unmounting filesystem.
[   25.092647][  T340] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   25.394174][  T385] loop0: detected capacity change from 0 to 128
[   25.461830][   T10] kworker/u4:1: attempt to access beyond end of device
[   25.461830][   T10] loop0: rw=1, sector=145, nr_sectors = 896 limit=128
[   25.529703][  T387] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[   25.560957][  T387] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3880989098 (7761978196 ns) > initial count (1010911534 ns). Using initial count to start timer.
[   25.563260][  T392] loop1: detected capacity change from 0 to 16
[   25.600754][  T392] erofs: (device loop1): mounted with root inode @ nid 36.
[   25.614843][  T392] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=46
[   25.631067][  T383] loop2: detected capacity change from 0 to 40427
[   25.637770][  T392] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=46
[   25.637838][  T392] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=46
[   25.656659][  T383] F2FS-fs (loop2): Wrong segment_count / block_count (31 > 0)
[   25.661366][  T392] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=46
[   25.665767][  T383] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[   25.686572][  T383] F2FS-fs (loop2): invalid crc value
[   25.694300][  T383] F2FS-fs (loop2): Found nat_bits in checkpoint
[   25.783962][  T383] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[   25.796861][  T383] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   25.864505][  T383] syz.2.32: attempt to access beyond end of device
[   25.864505][  T383] loop2: rw=34817, sector=77824, nr_sectors = 8 limit=40427
[   25.895007][  T285] syz-executor: attempt to access beyond end of device
[   25.895007][  T285] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   26.114831][  T420] loop1: detected capacity change from 0 to 1024
[   26.115478][  T422] 9pnet: p9_errstr2errno: server reported unknown error í<jqzÂPL¿�òóØáß<Òp—µ ×#‡ý»vëgÚB·B§Ìã[RêðÄ™–ì‰ÚeÖve
[   26.115478][  T422] 
[   26.185585][  T420] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   26.223346][   T28] kauditd_printk_skb: 71 callbacks suppressed
[   26.223362][   T28] audit: type=1400 audit(1748383156.604:145): avc:  denied  { write } for  pid=437 comm="syz.4.55" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   26.267796][  T420] EXT4-fs: Ignoring sb option on remount
[   26.293468][   T28] audit: type=1400 audit(1748383156.644:146): avc:  denied  { remount } for  pid=419 comm="syz.1.48" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   26.318615][  T420] EXT4-fs: Ignoring removed orlov option
[   26.324369][  T420] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[   26.348252][  T420] EXT4-fs (loop1): re-mounted. Quota mode: none.
[   26.390624][  T282] EXT4-fs (loop1): unmounting filesystem.
[   26.514238][   T28] audit: type=1400 audit(1748383156.894:147): avc:  denied  { create } for  pid=460 comm="syz.0.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   26.568107][   T28] audit: type=1400 audit(1748383156.924:148): avc:  denied  { mount } for  pid=457 comm="syz.4.63" name="/" dev="configfs" ino=13277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   26.593039][   T28] audit: type=1400 audit(1748383156.924:149): avc:  denied  { search } for  pid=457 comm="syz.4.63" name="/" dev="configfs" ino=13277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   26.618410][   T28] audit: type=1400 audit(1748383156.924:150): avc:  denied  { mounton } for  pid=457 comm="syz.4.63" path="/" dev="configfs" ino=13277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   26.661611][   T28] audit: type=1400 audit(1748383156.944:151): avc:  denied  { unmount } for  pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   26.687646][   T28] audit: type=1400 audit(1748383156.944:152): avc:  denied  { unmount } for  pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   26.709815][   T28] audit: type=1400 audit(1748383156.994:153): avc:  denied  { bind } for  pid=464 comm="syz.1.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   26.767036][  T474] Driver unsupported XDP return value 0 on prog  (id 47) dev N/A, expect packet loss!
[   26.855566][   T28] audit: type=1400 audit(1748383157.234:154): avc:  denied  { wake_alarm } for  pid=485 comm="syz.4.76" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   26.899324][  T490] 9pnet: p9_errstr2errno: server reported unknown error õ1 g;-‡~	
[   26.954946][  T469] loop0: detected capacity change from 0 to 40427
[   27.008890][  T469] F2FS-fs (loop0): Found nat_bits in checkpoint
[   27.075143][  T469] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   27.108065][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   27.238193][  T528] 9pnet: p9_errstr2errno: server reported unknown error �@þLì²¼	O00000000000000000005
[   27.313028][  T542] loop0: detected capacity change from 0 to 16
[   27.345452][  T542] =======================================================
[   27.345452][  T542] WARNING: The mand mount option has been deprecated and
[   27.345452][  T542]          and is ignored by this kernel. Remove the mand
[   27.345452][  T542]          option from the mount to silence this warning.
[   27.345452][  T542] =======================================================
[   27.418297][  T542] erofs: (device loop0): mounted with root inode @ nid 36.
[   27.432734][  T551] loop1: detected capacity change from 0 to 1024
[   27.448398][  T542] overlayfs: "xino" feature enabled using 2 upper inode bits.
[   27.465114][  T553] netlink: 24 bytes leftover after parsing attributes in process `syz.3.104'.
[   27.531640][  T551] EXT4-fs: Ignoring removed i_version option
[   27.554040][  T551] EXT4-fs (loop1): Test dummy encryption mode enabled
[   27.564264][  T560] syz.3.109 (560) used greatest stack depth: 22208 bytes left
[   27.596616][  T551] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   27.618314][  T567] loop3: detected capacity change from 0 to 256
[   27.642229][  T567] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[   27.661619][  T567] exFAT-fs (loop3): error, tried to truncate zeroed cluster.
[   27.670246][  T567] exFAT-fs (loop3): Filesystem has been set read-only
[   27.706931][  T567] exFAT-fs (loop3): hint_cluster is invalid (1)
[   27.716880][  T282] EXT4-fs (loop1): unmounting filesystem.
[   27.724266][  T567] exFAT-fs (loop3): error, invalid access to exfat cache (entry 0x00000000)
[   27.740431][  T567] exFAT-fs (loop3): error, failed to bmap (inode : ffff8881339440d0 iblock : 9, err : -5)
[   27.766237][  T567] exFAT-fs (loop3): error, tried to truncate zeroed cluster.
[   27.792264][  T567] syz.3.110: attempt to access beyond end of device
[   27.792264][  T567] loop3: rw=2049, sector=34359738488, nr_sectors = 8 limit=256
[   27.959102][  T587] loop1: detected capacity change from 0 to 512
[   27.987333][  T566] loop0: detected capacity change from 0 to 40427
[   28.003346][  T566] F2FS-fs (loop0): fault_injection options not supported
[   28.010907][  T587] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   28.021581][  T566] F2FS-fs (loop0): invalid crc value
[   28.038159][  T587] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.049843][  T566] F2FS-fs (loop0): Found nat_bits in checkpoint
[   28.113607][  T566] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   28.172195][  T282] EXT4-fs (loop1): unmounting filesystem.
[   29.498246][  T596] loop2: detected capacity change from 0 to 40427
[   29.509286][  T284] syz-executor: attempt to access beyond end of device
[   29.509286][  T284] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   29.519483][  T596] F2FS-fs (loop2): invalid crc value
[   29.558250][  T600] device wireguard0 entered promiscuous mode
[   29.588951][  T608] netlink: 5 bytes leftover after parsing attributes in process `syz.4.126'.
[   29.607164][  T596] F2FS-fs (loop2): Found nat_bits in checkpoint
[   29.672906][  T596] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   29.780249][  T606] f2fs_ckpt-7:2: attempt to access beyond end of device
[   29.780249][  T606] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   29.833210][  T596] syz.2.121: attempt to access beyond end of device
[   29.833210][  T596] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[   29.980923][  T636] loop0: detected capacity change from 0 to 512
[   30.010676][  T636] EXT4-fs: Ignoring removed nomblk_io_submit option
[   30.027502][  T636] EXT4-fs: Ignoring removed mblk_io_submit option
[   30.047913][  T634] SELinux: failed to load policy
[   30.070645][  T636] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[   30.114423][  T640] loop2: detected capacity change from 0 to 8192
[   30.123531][  T636] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[   30.133139][  T636] EXT4-fs (loop0): 1 truncate cleaned up
[   30.151742][  T636] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   30.202156][  T636] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[   30.219562][  T649] loop1: detected capacity change from 0 to 512
[   30.226467][  T649] EXT4-fs: Ignoring removed nobh option
[   30.250645][  T649] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   30.253254][  T284] EXT4-fs (loop0): unmounting filesystem.
[   30.267626][  T649] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.142: invalid indirect mapped block 2683928664 (level 1)
[   30.328124][  T649] EXT4-fs (loop1): 1 truncate cleaned up
[   30.336512][  T649] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   30.409438][  T649] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.142: Invalid block bitmap block 3 in block_group 0
[   30.414010][  T660] loop2: detected capacity change from 0 to 16
[   30.458610][  T649] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.142: invalid indirect mapped block 480848489 (level 1)
[   30.480308][  T660] erofs: (device loop2): mounted with root inode @ nid 36.
[   30.527263][  T666] loop4: detected capacity change from 0 to 512
[   30.534291][  T666] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   30.547444][  T666] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   30.548433][  T282] EXT4-fs (loop1): unmounting filesystem.
[   30.563054][  T666] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   30.573359][  T666] EXT4-fs (loop4): group descriptors corrupted!
[   30.626538][  T660] syz.2.147: attempt to access beyond end of device
[   30.626538][  T660] loop2: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[   30.699870][  T654] syz.3.144 (654) used greatest stack depth: 21376 bytes left
[   31.064002][  T709] ip6t_rpfilter: unknown options
[   31.132410][  T715] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[   32.697853][    C1] sched: RT throttling activated
[   32.891082][   T28] kauditd_printk_skb: 46 callbacks suppressed
[   32.891101][   T28] audit: type=1400 audit(1748383163.274:201): avc:  denied  { read write } for  pid=740 comm="syz.3.182" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   32.947970][   T28] audit: type=1400 audit(1748383163.274:202): avc:  denied  { open } for  pid=740 comm="syz.3.182" path="/dev/raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   32.998347][   T28] audit: type=1400 audit(1748383163.274:203): avc:  denied  { ioctl } for  pid=740 comm="syz.3.182" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   33.188011][  T570] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   33.245133][   T28] audit: type=1400 audit(1748383163.624:204): avc:  denied  { name_bind } for  pid=760 comm="syz.4.191" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   33.273188][   T28] audit: type=1400 audit(1748383163.624:205): avc:  denied  { node_bind } for  pid=760 comm="syz.4.191" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   33.334587][   T28] audit: type=1400 audit(1748383163.714:206): avc:  denied  { name_bind } for  pid=769 comm="syz.1.196" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   33.376026][   T28] audit: type=1400 audit(1748383163.744:207): avc:  denied  { map } for  pid=769 comm="syz.1.196" path="socket:[18694]" dev="sockfs" ino=18694 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[   33.401964][  T570] usb 4-1: Using ep0 maxpacket: 16
[   33.410074][   T28] audit: type=1400 audit(1748383163.754:208): avc:  denied  { map } for  pid=771 comm="syz.0.195" path="socket:[17594]" dev="sockfs" ino=17594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   33.435070][  T570] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   33.446343][  T570] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   33.457088][  T570] usb 4-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[   33.466318][   T28] audit: type=1400 audit(1748383163.754:209): avc:  denied  { read } for  pid=771 comm="syz.0.195" path="socket:[17594]" dev="sockfs" ino=17594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   33.491171][  T570] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   33.509313][   T28] audit: type=1400 audit(1748383163.894:210): avc:  denied  { connect } for  pid=777 comm="syz.0.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   33.514354][  T570] usb 4-1: config 0 descriptor??
[   33.557963][   T19] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   33.625581][  T783] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   33.635291][  T783] FAT-fs (loop3): unable to read boot sector
[   33.748876][   T19] usb 3-1: Using ep0 maxpacket: 16
[   33.763142][   T19] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   33.778719][   T19] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   33.788943][   T19] usb 3-1: config 0 interface 0 has no altsetting 0
[   33.795612][   T19] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[   33.805856][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   33.817733][   T19] usb 3-1: config 0 descriptor??
[   33.894444][  T802] loop0: detected capacity change from 0 to 1024
[   33.924054][  T806] loop1: detected capacity change from 0 to 128
[   33.936036][  T802] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.945860][  T802] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.950920][  T806] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   33.958826][  T570] gt683r_led 0003:1770:FF00.0001: unbalanced collection at end of report description
[   33.969549][  T806] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.981863][  T802] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   33.999680][  T570] gt683r_led 0003:1770:FF00.0001: hid parsing failed
[   34.006538][  T570] gt683r_led: probe of 0003:1770:FF00.0001 failed with error -22
[   34.013802][  T802] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28
[   34.030577][  T282] EXT4-fs (loop1): unmounting filesystem.
[   34.043809][  T802] EXT4-fs (loop0): This should not happen!! Data will be lost
[   34.043809][  T802] 
[   34.054512][  T802] EXT4-fs (loop0): Total free blocks count 0
[   34.061051][  T802] EXT4-fs (loop0): Free/Dirty block details
[   34.079567][  T802] EXT4-fs (loop0): free_blocks=4293918720
[   34.100948][  T802] EXT4-fs (loop0): dirty_blocks=64
[   34.106134][  T802] EXT4-fs (loop0): Block reservation details
[   34.116156][  T816] loop1: detected capacity change from 0 to 2048
[   34.116545][  T818] loop4: detected capacity change from 0 to 1024
[   34.128936][  T802] EXT4-fs (loop0): i_reserved_data_blocks=4
[   34.156239][  T818] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   34.164861][  T816] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   34.183626][  T284] EXT4-fs (loop0): unmounting filesystem.
[   34.200375][  T286] EXT4-fs (loop4): unmounting filesystem.
[   34.206469][  T775] usb 4-1: USB disconnect, device number 2
[   34.237137][   T19] hid (null): report_id 0 is invalid
[   34.242999][   T19] hid (null): unknown global tag 0xc
[   34.257513][   T19] hid (null): unknown global tag 0xc
[   34.295750][  T282] EXT4-fs (loop1): unmounting filesystem.
[   34.436524][  T775] usb 3-1: USB disconnect, device number 2
[   34.588006][  T570] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   34.769471][  T570] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[   34.779535][  T570] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[   34.792367][  T570] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[   34.801796][  T570] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   34.810271][  T570] usb 2-1: Product: syz
[   34.814900][  T570] usb 2-1: Manufacturer: syz
[   34.819535][  T570] usb 2-1: SerialNumber: syz
[   34.825414][  T570] usb 2-1: config 0 descriptor??
[   34.830945][  T832] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   34.838267][  T832] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   34.873978][  T838] loop3: detected capacity change from 0 to 512
[   34.890161][  T838] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   34.899436][  T838] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.957082][  T842] loop2: detected capacity change from 0 to 512
[   34.964516][  T842] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   34.974402][  T842] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   34.990327][  T842] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[   35.003386][  T283] EXT4-fs (loop3): unmounting filesystem.
[   35.011744][  T842] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[   35.020609][  T842] System zones: 0-2, 18-18, 34-34
[   35.030581][  T842] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   35.046307][  T842] EXT4-fs (loop2): 1 truncate cleaned up
[   35.052648][  T842] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   35.052684][  T832] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   35.086644][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[   35.089072][  T832] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   35.136794][  T285] EXT4-fs (loop2): unmounting filesystem.
[   35.244984][  T867] loop2: detected capacity change from 0 to 1024
[   35.252554][  T867] EXT4-fs: Ignoring removed nobh option
[   35.258982][  T867] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   35.291589][  T867] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   35.296679][  T874] loop0: detected capacity change from 0 to 512
[   35.336466][  T867] EXT4-fs warning (device loop2): ext4_rename_delete:3778: inode #12: comm syz.2.232: Deleting old file: nlink 2, error=-2
[   35.363881][  T874] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   35.373983][  T874] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   35.375174][  T285] EXT4-fs (loop2): unmounting filesystem.
[   35.402298][  T874] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #2: comm syz.0.234: corrupted inode contents
[   35.414877][  T874] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #2: comm syz.0.234: mark_inode_dirty error
[   35.432152][  T874] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #2: comm syz.0.234: corrupted inode contents
[   35.464995][  T885] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #2: comm syz.0.234: corrupted inode contents
[   35.490454][  T885] EXT4-fs error (device loop0): ext4_setattr:5514: inode #2: comm syz.0.234: mark_inode_dirty error
[   35.491960][  T889] loop3: detected capacity change from 0 to 128
[   35.509073][  T889] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   35.526690][  T570] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[   35.535569][  T889] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   35.546278][  T284] EXT4-fs (loop0): unmounting filesystem.
[   35.929257][  T570] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[   35.944641][  T570] usb 2-1: USB disconnect, device number 2
[   36.557002][  T916] loop2: detected capacity change from 0 to 512
[   36.572627][  T916] EXT4-fs: Ignoring removed nobh option
[   36.601952][  T916] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   36.620677][  T916] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[   36.621041][    T8] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   36.670422][  T916] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.251: Corrupt directory, running e2fsck is recommended
[   36.684779][  T916] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[   36.693224][  T916] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.251: corrupted in-inode xattr
[   36.713089][  T916] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.251: couldn't read orphan inode 15 (err -117)
[   36.746308][  T916] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   36.805901][  T916] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   36.836473][  T916] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[   36.859896][  T916] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.251: Corrupt directory, running e2fsck is recommended
[   36.895059][  T940] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   36.938053][  T940] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[   36.958042][  T940] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.251: Corrupt directory, running e2fsck is recommended
[   36.993610][  T916] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   37.017186][  T916] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[   37.029547][  T916] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.251: Corrupt directory, running e2fsck is recommended
[   37.043924][  T940] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   37.063258][  T952] 9pnet: p9_errstr2errno: server reported unknown error ¤ÑÅl0î„&IØü0‚Ñ(|9Ê’å0%cÞ»ØÞÙ$ƒQûÂMÍ-
[   37.085217][  T285] EXT4-fs (loop2): unmounting filesystem.
[   37.109149][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   37.109155][  T348] Bluetooth: hci0: command 0x1003 tx timeout
[   37.122385][  T849] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[   37.134567][  T957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.267'.
[   37.230161][  T968] loop4: detected capacity change from 0 to 128
[   37.286283][  T516] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   37.320048][  T980] loop0: detected capacity change from 0 to 512
[   37.334278][  T982] loop4: detected capacity change from 0 to 128
[   37.357424][  T980] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   37.382013][  T980] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   37.417750][  T980] EXT4-fs (loop0): 1 truncate cleaned up
[   37.425208][  T980] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   37.433663][  T989] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[   37.478765][  T284] EXT4-fs (loop0): unmounting filesystem.
[   37.512001][  T989] SELinux: failed to load policy
[   37.699394][ T1025] syz.0.297[1025] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.699477][ T1025] syz.0.297[1025] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.714434][ T1025] device gretap0 entered promiscuous mode
[   37.732694][ T1025] device vlan2 entered promiscuous mode
[   37.765599][ T1033] loop1: detected capacity change from 0 to 512
[   37.792876][ T1033] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   37.802451][ T1033] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   37.867446][  T282] EXT4-fs (loop1): unmounting filesystem.
[   37.923423][   T28] kauditd_printk_skb: 36 callbacks suppressed
[   37.923439][   T28] audit: type=1326 audit(1748383168.304:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   37.924086][ T1050] loop0: detected capacity change from 0 to 512
[   37.931065][   T28] audit: type=1326 audit(1748383168.324:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   37.982880][   T40] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   37.983347][   T28] audit: type=1326 audit(1748383168.354:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.016601][   T28] audit: type=1326 audit(1748383168.374:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.040716][   T28] audit: type=1326 audit(1748383168.374:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.041825][ T1050] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   38.064129][   T28] audit: type=1326 audit(1748383168.374:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1052 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f675dbc1225 code=0x7ffc0000
[   38.097245][   T28] audit: type=1326 audit(1748383168.464:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.107995][ T1050] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.128391][   T28] audit: type=1326 audit(1748383168.464:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.164489][   T28] audit: type=1326 audit(1748383168.464:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.187990][   T28] audit: type=1326 audit(1748383168.464:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f675db8e969 code=0x7ffc0000
[   38.214866][   T40] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   38.232234][   T40] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   38.244379][   T40] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   38.253051][ T1050] capability: warning: `syz.0.307' uses deprecated v2 capabilities in a way that may be insecure
[   38.257512][   T40] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   38.277053][   T40] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.285849][   T40] usb 3-1: config 0 descriptor??
[   38.301864][  T284] EXT4-fs (loop0): unmounting filesystem.
[   38.319853][ T1059] loop0: detected capacity change from 0 to 1024
[   38.326696][ T1059] EXT4-fs: Ignoring removed nobh option
[   38.332474][ T1059] EXT4-fs: Ignoring removed bh option
[   38.372232][ T1059] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   38.418954][ T1059] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz.0.309: Allocating blocks 497-513 which overlap fs metadata
[   38.419521][ T1069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.313'.
[   38.444247][ T1059] EXT4-fs (loop0): pa ffff8881199b35e8: logic 256, phys. 385, len 8
[   38.452629][ T1059] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[   38.584390][ T1080] netlink: 24 bytes leftover after parsing attributes in process `syz.4.316'.
[   38.594971][  T284] EXT4-fs (loop0): unmounting filesystem.
[   38.651752][ T1077] netlink: 24 bytes leftover after parsing attributes in process `syz.4.316'.
[   38.683097][ T1085] xt_CT: You must specify a L4 protocol and not use inversions on it
[   38.699302][   T40] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   38.712158][   T40] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[   38.732550][   T40] plantronics 0003:047F:FFFF.0003: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[   38.771233][ T1088] loop4: detected capacity change from 0 to 512
[   38.799204][ T1088] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   38.831849][ T1088] EXT4-fs (loop4): orphan cleanup on readonly fs
[   38.849059][ T1088] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:511: comm syz.4.320: Block bitmap for bg 0 marked uninitialized
[   38.868254][ T1088] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem
[   38.882042][ T1088] EXT4-fs (loop4): 1 orphan inode deleted
[   38.900917][ T1088] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   39.095223][ T1104] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   39.111225][ T1104] FAT-fs (loop3): unable to read boot sector
[   39.126684][  T286] EXT4-fs (loop4): unmounting filesystem.
[   39.143537][ T1111] netlink: 104 bytes leftover after parsing attributes in process `syz.0.330'.
[   39.187896][    C1] ==================================================================
[   39.196651][    C1] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0
[   39.203803][    C1] Write of size 8 at addr ffff888113504a00 by task ksoftirqd/1/23
[   39.212098][    C1] 
[   39.214442][    C1] CPU: 1 PID: 23 Comm: ksoftirqd/1 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0
[   39.224324][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   39.234391][    C1] Call Trace:
[   39.237666][    C1]  <TASK>
[   39.240681][    C1]  __dump_stack+0x21/0x24
[   39.245016][    C1]  dump_stack_lvl+0xee/0x150
[   39.249692][    C1]  ? __cfi_dump_stack_lvl+0x8/0x8
[   39.254828][    C1]  ? __run_timers+0x32b/0x9a0
[   39.259517][    C1]  print_address_description+0x71/0x210
[   39.265333][    C1]  print_report+0x4a/0x60
[   39.269659][    C1]  kasan_report+0x122/0x150
[   39.274161][    C1]  ? __run_timers+0x32b/0x9a0
[   39.278936][    C1]  __asan_report_store8_noabort+0x17/0x20
[   39.284658][    C1]  __run_timers+0x32b/0x9a0
[   39.289162][    C1]  ? sched_clock+0x9/0x10
[   39.293579][    C1]  ? sched_clock_cpu+0x6e/0x250
[   39.298598][    C1]  ? calc_index+0x200/0x200
[   39.303188][    C1]  ? finish_task_switch+0x16b/0x7b0
[   39.308385][    C1]  ? __schedule+0xb8f/0x14e0
[   39.312977][    C1]  run_timer_softirq+0x6a/0xf0
[   39.317773][    C1]  handle_softirqs+0x1d7/0x600
[   39.322556][    C1]  ? __cfi_run_ksoftirqd+0x10/0x10
[   39.327943][    C1]  run_ksoftirqd+0x28/0x30
[   39.332366][    C1]  smpboot_thread_fn+0x4a0/0x910
[   39.337315][    C1]  kthread+0x281/0x320
[   39.341735][    C1]  ? __cfi_smpboot_thread_fn+0x10/0x10
[   39.347284][    C1]  ? __cfi_kthread+0x10/0x10
[   39.351871][    C1]  ret_from_fork+0x1f/0x30
[   39.356297][    C1]  </TASK>
[   39.359586][    C1] 
[   39.361994][    C1] Allocated by task 849:
[   39.366312][    C1]  kasan_set_track+0x4b/0x70
[   39.370973][    C1]  kasan_save_alloc_info+0x25/0x30
[   39.376084][    C1]  __kasan_kmalloc+0x95/0xb0
[   39.380673][    C1]  __kmalloc+0xb1/0x1e0
[   39.384824][    C1]  hci_alloc_dev_priv+0x27/0x1bd0
[   39.389968][    C1]  hci_uart_tty_ioctl+0x3d6/0xa20
[   39.395171][    C1]  tty_ioctl+0x8ef/0xc60
[   39.399411][    C1]  __se_sys_ioctl+0x12f/0x1b0
[   39.404127][    C1]  __x64_sys_ioctl+0x7b/0x90
[   39.408822][    C1]  x64_sys_call+0x58b/0x9a0
[   39.413415][    C1]  do_syscall_64+0x4c/0xa0
[   39.417953][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.423850][    C1] 
[   39.426167][    C1] Freed by task 849:
[   39.430137][    C1]  kasan_set_track+0x4b/0x70
[   39.434722][    C1]  kasan_save_free_info+0x31/0x50
[   39.439745][    C1]  ____kasan_slab_free+0x132/0x180
[   39.444959][    C1]  __kasan_slab_free+0x11/0x20
[   39.449711][    C1]  slab_free_freelist_hook+0xc2/0x190
[   39.455078][    C1]  __kmem_cache_free+0xb7/0x1b0
[   39.459957][    C1]  kfree+0x6f/0xf0
[   39.463680][    C1]  hci_release_dev+0x13ad/0x1500
[   39.468694][    C1]  bt_host_release+0x82/0x90
[   39.473372][    C1]  device_release+0xa4/0x1d0
[   39.477957][    C1]  kobject_put+0x19d/0x280
[   39.482452][    C1]  put_device+0x1f/0x30
[   39.486614][    C1]  hci_dev_cmd+0x265/0x720
[   39.491036][    C1]  hci_sock_ioctl+0x41e/0x7f0
[   39.495706][    C1]  sock_do_ioctl+0x101/0x310
[   39.500464][    C1]  sock_ioctl+0x4d8/0x6e0
[   39.504785][    C1]  __se_sys_ioctl+0x12f/0x1b0
[   39.510555][    C1]  __x64_sys_ioctl+0x7b/0x90
[   39.515517][    C1]  x64_sys_call+0x58b/0x9a0
[   39.520107][    C1]  do_syscall_64+0x4c/0xa0
[   39.524611][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.530509][    C1] 
[   39.532956][    C1] Last potentially related work creation:
[   39.538678][    C1]  kasan_save_stack+0x3a/0x60
[   39.543363][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[   39.548729][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[   39.554539][    C1]  insert_work+0x51/0x300
[   39.558957][    C1]  __queue_work+0x9b1/0xd30
[   39.563461][    C1]  queue_work_on+0xd2/0x140
[   39.567980][    C1]  __hci_cmd_sync_sk+0xa3e/0xcf0
[   39.572942][    C1]  hci_cmd_sync_status+0x53/0x120
[   39.577970][    C1]  hci_dev_cmd+0x628/0x720
[   39.582390][    C1]  hci_sock_ioctl+0x41e/0x7f0
[   39.587205][    C1]  sock_do_ioctl+0x101/0x310
[   39.591888][    C1]  sock_ioctl+0x4d8/0x6e0
[   39.596327][    C1]  __se_sys_ioctl+0x12f/0x1b0
[   39.601090][    C1]  __x64_sys_ioctl+0x7b/0x90
[   39.605867][    C1]  x64_sys_call+0x58b/0x9a0
[   39.610919][    C1]  do_syscall_64+0x4c/0xa0
[   39.615755][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.621776][    C1] 
[   39.624113][    C1] Second to last potentially related work creation:
[   39.630776][    C1]  kasan_save_stack+0x3a/0x60
[   39.635543][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[   39.641382][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[   39.647200][    C1]  insert_work+0x51/0x300
[   39.651547][    C1]  __queue_work+0x9b1/0xd30
[   39.656146][    C1]  queue_work_on+0xd2/0x140
[   39.660666][    C1]  hci_cmd_timeout+0x191/0x200
[   39.665431][    C1]  process_one_work+0x71f/0xc40
[   39.670295][    C1]  worker_thread+0xa29/0x11f0
[   39.674985][    C1]  kthread+0x281/0x320
[   39.679069][    C1]  ret_from_fork+0x1f/0x30
[   39.683512][    C1] 
[   39.685832][    C1] The buggy address belongs to the object at ffff888113504000
[   39.685832][    C1]  which belongs to the cache kmalloc-8k of size 8192
[   39.699887][    C1] The buggy address is located 2560 bytes inside of
[   39.699887][    C1]  8192-byte region [ffff888113504000, ffff888113506000)
[   39.713859][    C1] 
[   39.716192][    C1] The buggy address belongs to the physical page:
[   39.722598][    C1] page:ffffea00044d4000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113500
[   39.732842][    C1] head:ffffea00044d4000 order:3 compound_mapcount:0 compound_pincount:0
[   39.741354][    C1] flags: 0x4000000000010200(slab|head|zone=1)
[   39.747450][    C1] raw: 4000000000010200 ffffea00046b5e00 dead000000000003 ffff888100043500
[   39.756031][    C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   39.764605][    C1] page dumped because: kasan: bad access detected
[   39.771191][    C1] page_owner tracks the page as allocated
[   39.776930][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 336, tgid 335 (syz.2.14), ts 25056474022, free_ts 24765876681
[   39.799535][    C1]  post_alloc_hook+0x1f5/0x210
[   39.804404][    C1]  prep_new_page+0x1c/0x110
[   39.809088][    C1]  get_page_from_freelist+0x2c6e/0x2ce0
[   39.815095][    C1]  __alloc_pages+0x19e/0x3a0
[   39.819776][    C1]  alloc_slab_page+0x6e/0xf0
[   39.824394][    C1]  new_slab+0x98/0x3d0
[   39.828478][    C1]  ___slab_alloc+0x6f6/0xb50
[   39.833063][    C1]  __slab_alloc+0x5e/0xa0
[   39.837398][    C1]  __kmem_cache_alloc_node+0x203/0x2c0
[   39.842858][    C1]  __kmalloc_node_track_caller+0xa0/0x1e0
[   39.848575][    C1]  krealloc+0x6f/0x110
[   39.852644][    C1]  copy_verifier_state+0x6bb/0xab0
[   39.857752][    C1]  do_check+0x2e2e/0xf060
[   39.862164][    C1]  do_check_common+0x11ae/0x1950
[   39.867361][    C1]  bpf_check+0x3de0/0x10d50
[   39.871866][    C1]  bpf_prog_load+0x1071/0x15a0
[   39.876618][    C1] page last free stack trace:
[   39.881276][    C1]  free_unref_page_prepare+0x742/0x750
[   39.886730][    C1]  free_unref_page+0x8f/0x530
[   39.891411][    C1]  __free_pages+0x67/0x100
[   39.895832][    C1]  __free_slab+0xca/0x1a0
[   39.900182][    C1]  __unfreeze_partials+0x160/0x190
[   39.905299][    C1]  put_cpu_partial+0xa9/0x100
[   39.910000][    C1]  __slab_free+0x1c4/0x280
[   39.914418][    C1]  ___cache_free+0xbf/0xd0
[   39.918954][    C1]  qlist_free_all+0xc6/0x140
[   39.923571][    C1]  kasan_quarantine_reduce+0x14a/0x170
[   39.929047][    C1]  __kasan_slab_alloc+0x24/0x80
[   39.933908][    C1]  slab_post_alloc_hook+0x4f/0x2d0
[   39.939035][    C1]  kmem_cache_alloc_node+0x181/0x340
[   39.944334][    C1]  __alloc_skb+0xdf/0x7e0
[   39.949066][    C1]  netlink_sendmsg+0x626/0xbc0
[   39.954002][    C1]  __sys_sendto+0x464/0x5e0
[   39.958530][    C1] 
[   39.960854][    C1] Memory state around the buggy address:
[   39.966490][    C1]  ffff888113504900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.974640][    C1]  ffff888113504980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.982695][    C1] >ffff888113504a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.990742][    C1]                    ^
[   39.994891][    C1]  ffff888113504a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.003035][    C1]  ffff888113504b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.011167][    C1] ==================================================================
[   40.019212][    C1] Disabling lock debugging due to kernel taint
[   40.025404][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   40.037107][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   40.045506][    C1] CPU: 1 PID: 23 Comm: ksoftirqd/1 Tainted: G    B              6.1.138-syzkaller-00046-gdb710ea87c32 #0
[   40.056690][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   40.066739][    C1] RIP: 0010:__queue_work+0x575/0xd30
[   40.072028][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 f8 d2 28 00 4c 89 ff e8 c0 c6 a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 5c 2b 6d 00 49 8b 7d 00 e8 a3 c2
[   40.091625][    C1] RSP: 0018:ffffc90000187b10 EFLAGS: 00010046
[   40.097696][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003aa880
[   40.105764][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   40.113752][    C1] RBP: ffffc90000187ba8 R08: fffffffffffffffb R09: 0000000000000007
[   40.121901][    C1] R10: ffffed10226a0939 R11: 1ffff110226a0939 R12: dffffc0000000000
[   40.130757][    C1] R13: 0000000000000000 R14: ffff8881135049c8 R15: 0000000000000008
[   40.139273][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   40.149129][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.156766][    C1] CR2: 00007fa022ce56c0 CR3: 000000012ef9c000 CR4: 00000000003506a0
[   40.164921][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.172907][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.180965][    C1] Call Trace:
[   40.184241][    C1]  <TASK>
[   40.187170][    C1]  delayed_work_timer_fn+0x61/0x80
[   40.192284][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   40.198451][    C1]  call_timer_fn+0x46/0x2a0
[   40.203318][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   40.209583][    C1]  __run_timers+0x667/0x9a0
[   40.214146][    C1]  ? calc_index+0x200/0x200
[   40.218653][    C1]  ? finish_task_switch+0x16b/0x7b0
[   40.223879][    C1]  ? __schedule+0xb8f/0x14e0
[   40.228482][    C1]  run_timer_softirq+0x6a/0xf0
[   40.233254][    C1]  handle_softirqs+0x1d7/0x600
[   40.238040][    C1]  ? __cfi_run_ksoftirqd+0x10/0x10
[   40.243281][    C1]  run_ksoftirqd+0x28/0x30
[   40.247693][    C1]  smpboot_thread_fn+0x4a0/0x910
[   40.252629][    C1]  kthread+0x281/0x320
[   40.256689][    C1]  ? __cfi_smpboot_thread_fn+0x10/0x10
[   40.262145][    C1]  ? __cfi_kthread+0x10/0x10
[   40.266727][    C1]  ret_from_fork+0x1f/0x30
[   40.271141][    C1]  </TASK>
[   40.274239][    C1] Modules linked in:
[   40.278144][    C1] ---[ end trace 0000000000000000 ]---
[   40.283597][    C1] RIP: 0010:__queue_work+0x575/0xd30
[   40.288882][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 f8 d2 28 00 4c 89 ff e8 c0 c6 a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 5c 2b 6d 00 49 8b 7d 00 e8 a3 c2
[   40.308486][    C1] RSP: 0018:ffffc90000187b10 EFLAGS: 00010046
[   40.314564][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003aa880
[   40.322878][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   40.330851][    C1] RBP: ffffc90000187ba8 R08: fffffffffffffffb R09: 0000000000000007
[   40.338827][    C1] R10: ffffed10226a0939 R11: 1ffff110226a0939 R12: dffffc0000000000
[   40.347386][    C1] R13: 0000000000000000 R14: ffff8881135049c8 R15: 0000000000000008
[   40.355970][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   40.364906][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.371491][    C1] CR2: 00007fa022ce56c0 CR3: 000000012ef9c000 CR4: 00000000003506a0
[   40.379468][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.387432][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.395404][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   40.402826][    C1] Kernel Offset: disabled
[   40.407146][    C1] Rebooting in 86400 seconds..