last executing test programs:

7.718003472s ago: executing program 2 (id=912):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = memfd_create(&(0x7f0000000cc0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\xd5\xfd\xa9\r\xac7V\xf2\x93A\x94k\xcd\t\x00\x90\xbe\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\agB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\x9f#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xd8\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x96!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2_\x16\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0V\\w\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x17fNo\xb3\x1d\xbb\xcaI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%UH\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\x02Y\x8e\xae\xf5m\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5\x04\x00\x00\x00\x00\x00\x00\x00\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9\xcfJ\t}\xd4:\xe4\xbe\x1c\x10\n\xc6hPO\xeagxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!D\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\xca\xc5kz\x8e9\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3d5V\x80\x1a\x90\x10\xe3\xdf%\xfdz\xf7\x9aE\xe6\x9b\x00'/993, 0x3)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0x6, 0x1000000})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000ac0)={'\x00', 0x6, 0x1, 0x5b8a, 0x7f, 0x2})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000"], 0x0, 0x800003, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000007000000000000e4000000f966bd346dfc3b009500000008000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r5}, 0x18)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@ipv4={'\x00', '\xff\xff', @local}, @in=@broadcast, 0x4e24, 0x5, 0x4e21, 0xc, 0x0, 0x20, 0x0, 0x2b}, {0xffffffffffffffff, 0x0, 0xfff, 0x0, 0xbe9f, 0x3, 0x9, 0x6}, {0x8, 0x3, 0x7}, 0x1, 0x6e6bb2, 0x0, 0x0, 0x2, 0x2}, {{@in6=@remote, 0x4d6, 0x3c}, 0x2, @in=@rand_addr=0x64010100, 0x34ff, 0x0, 0x2, 0x2, 0x9, 0x0, 0xd9c5}}, 0xe8)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r6, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f00000004c0)=""/55, 0x37}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x1, 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x4000, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)

7.32320847s ago: executing program 2 (id=931):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x100, 0xe}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000085000000d000200095290e000000000051e6cce77a43e2a478d3913d4986dc036b05dd6abd9cf71744f7a3019a0c5ef27f3e3399fb9f9cae954e0e6f03097c4a11128466085fb0c0d09b23e9c3bf0b6a3559ce23f4701e8b896760f05305e5650fbd771cf220451fdf42d1667a3da3d245de3b2da3025994725fc3af84b0a871a3f6622676d36617106d19ed5d13e3214a9614a0810c46d482e81d1cb613a3f833b18e6d314bedfe61cc8daad4b343851732b5353a0117417fff0fdf95c87e5867386b3fdfcda9da05e5de5879c23c6f7d453bf9e6814f9204eca93fbecf9215da93e78c64aac593177185b0cd63b6ae3b654dafba17339140484d5af59616ded6c719df0516b8ecda2c8d6558d734bef2d2378634e4ef4b66c15dd23b48f091fd7e80a137b99ba320e98f728c226a8b85883fb4f40da6c66a3f74947717e0d49ed75b89da19497f7c1d80ab9ef568a25e3c047bbacc6be7023e029dd2f50269421e6954c0ae00000000000000000000000000000000000000000000000000000000998fa231b4b43f33eacbbaa5dc4cc7b3151e0eda9973dc632d"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='xprtrdma_inline_thresh\x00', r1}, 0x18)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r2}, 0x10)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)

7.234144432s ago: executing program 2 (id=936):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0x538d28a0, 0x0, 0x0, 0x0, 0x81, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})

7.182741363s ago: executing program 2 (id=947):
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000000)={0x3, &(0x7f00000003c0)=[{0x4006, 0x1, 0x0, 0x7ffc1ffb}, {0x8, 0x4, 0x2, 0x8ab500}, {0xfffe, 0x4, 0x11, 0x6}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000000}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058"], 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd}, 0x10000, 0x0, 0x2, 0x0, 0x88}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4040046)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r2, 0x0, 0x401}, 0x11)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x1, 0x8000, 0x4, 0xb94e, {{0xa, 0x4, 0x3, 0xf, 0x28, 0x65, 0x0, 0x4e, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x32}, @multicast1, {[@ssrr={0x89, 0x13, 0x1a, [@private=0xa010102, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102]}]}}}}})
fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18)

6.663245603s ago: executing program 0 (id=957):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = memfd_create(&(0x7f0000000cc0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\xd5\xfd\xa9\r\xac7V\xf2\x93A\x94k\xcd\t\x00\x90\xbe\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\agB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\x9f#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xd8\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x96!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2_\x16\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0V\\w\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x17fNo\xb3\x1d\xbb\xcaI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%UH\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\x02Y\x8e\xae\xf5m\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5\x04\x00\x00\x00\x00\x00\x00\x00\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9\xcfJ\t}\xd4:\xe4\xbe\x1c\x10\n\xc6hPO\xeagxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!D\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\xca\xc5kz\x8e9\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3d5V\x80\x1a\x90\x10\xe3\xdf%\xfdz\xf7\x9aE\xe6\x9b\x00'/993, 0x3)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0x6, 0x1000000})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000ac0)={'\x00', 0x6, 0x1, 0x5b8a, 0x7f, 0x2})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700"], 0x0, 0x800003, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000007000000000000e4000000f966bd346dfc3b009500000008000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r5}, 0x18)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@ipv4={'\x00', '\xff\xff', @local}, @in=@broadcast, 0x4e24, 0x5, 0x4e21, 0xc, 0x0, 0x20, 0x0, 0x2b}, {0xffffffffffffffff, 0x0, 0xfff, 0x0, 0xbe9f, 0x3, 0x9, 0x6}, {0x8, 0x3, 0x7}, 0x1, 0x6e6bb2, 0x0, 0x0, 0x2, 0x2}, {{@in6=@remote, 0x4d6, 0x3c}, 0x2, @in=@rand_addr=0x64010100, 0x34ff, 0x0, 0x2, 0x2, 0x9, 0x0, 0xd9c5}}, 0xe8)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r6, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f00000004c0)=""/55, 0x37}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x1, 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x4000, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)

6.383453648s ago: executing program 0 (id=967):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

6.348110228s ago: executing program 0 (id=968):
r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r1}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f494246a77d86dd6700000100103afffe880000000000000000000000000201ff02000000000000000000000019000186009078ff02030005000000f6ffffff"], 0x0)
write$selinux_user(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000010000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
r5 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_STAT(r5, 0x2, 0x0)
r6 = geteuid()
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="0c1200000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000e0110380dc1100800800034000000002d0110a801c0002800900020073797a32000000000900020073797a3000000000520001"], 0x120c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000000740)=[{&(0x7f0000000a00)=""/132, 0x84}], 0x1}, 0x80000000}, {{&(0x7f0000000b00)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000000980)=""/3, 0x3}, {&(0x7f0000000b80)=""/45, 0x2d}, {&(0x7f0000000bc0)=""/17, 0x11}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/73, 0x49}, {&(0x7f0000001cc0)=""/17, 0x11}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/83, 0x53}], 0x8, &(0x7f0000002e00)=""/220, 0xdc}, 0xf}, {{&(0x7f0000002f00)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000003000)=[{&(0x7f0000002f80)=""/33, 0x21}, {&(0x7f0000002fc0)}], 0x2}, 0x10001}], 0x3, 0x40000062, &(0x7f0000003100)={0x77359400})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000800)={0x0, <r9=>0x0})
shmctl$IPC_SET(r5, 0x1, &(0x7f0000000880)={{0x1, r6, r7, 0x0, r8, 0x100, 0x5}, 0x62, 0x6, 0x2b, 0x0, 0xffffffffffffffff, r9, 0x3})
keyctl$KEYCTL_MOVE(0x4, r4, 0x0, 0x0, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000ac0)={'wpan0\x00'})

6.31504066s ago: executing program 2 (id=969):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r5}, 0x10)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={r2, &(0x7f0000000280)="fad19db643001a94b2f0f3bfccadb37338cd7a2b2c485e62f2548e07bbad7166b76f7ae0d3d9e4a547e3d393c82dba704a059fb0d0f5516de5a7599bd5712a0a999531b62412d0f08cdb050c2130990f8f87e1fba609f685bd6f9f863945a84cb870912017677893e39d8821d219b50957ce704c309d6b42314ae18c70c4e47fdbfdc0f764794eaf31432e8f0d5ba4baef92bd874d2f09998c7179d2ef6edf7434691f40b28d789de5706727a7", &(0x7f00000004c0)=""/181, 0x4}, 0x20)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ioprio_get$uid(0x3, 0x0)

4.076724992s ago: executing program 2 (id=1000):
r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r1}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f494246a77d86dd6700000100103afffe880000000000000000000000000201ff0200000000000000000000001900"], 0x0)
write$selinux_user(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000010000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
r5 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_STAT(r5, 0x2, 0x0)
r6 = geteuid()
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000005c0)={{{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8)
fstat(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="0c1200000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000e0110380dc1100800800034000000002d0110a801c0002800900020073797a32000000000900020073797a3000000000520001"], 0x120c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000000740)=[{&(0x7f0000000a00)=""/132, 0x84}], 0x1}, 0x80000000}, {{&(0x7f0000000b00)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000000980)=""/3, 0x3}, {&(0x7f0000000b80)=""/45, 0x2d}, {&(0x7f0000000bc0)=""/17, 0x11}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/73, 0x49}, {&(0x7f0000001cc0)=""/17, 0x11}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/83, 0x53}], 0x8, &(0x7f0000002e00)=""/220, 0xdc}, 0xf}, {{&(0x7f0000002f00)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000003000)=[{&(0x7f0000002f80)=""/33, 0x21}, {&(0x7f0000002fc0)}], 0x2}, 0x10001}], 0x3, 0x40000062, &(0x7f0000003100)={0x77359400})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000800)={0x0, <r10=>0x0})
shmctl$IPC_SET(r5, 0x1, &(0x7f0000000880)={{0x1, r6, r7, r8, r9, 0x100, 0x5}, 0x62, 0x6, 0x2b, 0x0, 0xffffffffffffffff, r10, 0x3})
keyctl$KEYCTL_MOVE(0x4, r4, 0x0, 0x0, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r11)
ioctl$sock_SIOCGIFINDEX_802154(r11, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r11, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=ANY=[@ANYRES16, @ANYRES16=r12, @ANYBLOB="01002cbd700000dcdf251800000008000300", @ANYRES32=r13, @ANYBLOB="1c003080180001800c0005000000000000008003080001"], 0x38}}, 0x4000)

1.804285356s ago: executing program 3 (id=1035):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newtaction={0x78, 0x30, 0x1, 0x0, 0x2, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xbabd, 0x81, 0x5, 0x1, 0xfff}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x34, r2, 0x1b, 0x0, 0x3, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3ff}]}, 0x34}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f00000004c0)={0x50, r4, 0x300, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x9b, 0x4c}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x95b}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x25c}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x286}]]}, 0x50}, 0x1, 0x0, 0x0, 0x4040811}, 0x20004001)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = syz_open_dev$hiddev(&(0x7f0000000000), 0x5, 0x2)
ioctl$HIDIOCSUSAGE(r7, 0x4018480c, &(0x7f0000000040)={0x2, 0x1, 0x6, 0x1, 0xcd, 0x8})
r8 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r8, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319e2e66d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r8, 0x119, 0x1, &(0x7f0000000080), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000400)='signal_generate\x00', r6}, 0x18)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
fcntl$setown(r9, 0x8, 0x0)
ioctl$sock_SIOCGPGRP(r9, 0x8904, &(0x7f0000003ac0))
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)

1.759642496s ago: executing program 3 (id=1037):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="34000000ef45b138a6000000ffdbdf", @ANYRES32=0x0, @ANYBLOB="8345050001000000140012800b00010067656e657665000004000280"], 0x34}}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10)
setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f0000000980)="9f", 0x1)
getsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f0000000280)={@multicast1, @multicast1, @broadcast}, &(0x7f0000000300)=0xc)
setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000100)=0x6, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000001200), 0x10)
close(r4)
close(r2)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x4e21, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="200000000000000084000000020000000a000400280000000b0000022e2e5049d30c83ffff1ea739234b99145e253de0e2e9f5b324af834678c611850d9da774ac000066af2aae785ae99101043f6baaba9943213ffe2ea6548a751b1f3f4cf965442c8e14158916230aed7f496613b77db65cfcdb2e52bff9199778874a90f01f64a742914c173de4455384de2122bdac924bd7096320cc17a91d3e2c923b55d444bff5", @ANYRES32=r6], 0x20, 0x2400e044}, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r6, 0x3468, 0x9, [0x2e, 0x101, 0x81, 0x400, 0x8, 0x3800, 0xd, 0xf77, 0x7]}, &(0x7f0000000180)=0x1a)
fsmount(0xffffffffffffffff, 0x1, 0x8)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r8}, 0x10)

1.58056665s ago: executing program 1 (id=1040):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x208000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10)
syz_read_part_table(0x5bf, &(0x7f0000000280)="$eJzs079La3cUAPBz8xpuX9vXhPLoG9pBeBlfW7DDc0igIjFkaURscWjn4mAHSwcHUdShk63/QMVfi4t0LAhdihZEIU7iKP4DiotTismtFXEoqH0qn89wT+73fE/OvZzvDR60XPyR/WqlEZHGs+w2vbxr6spKvn19Gl+tVfvrXQO9g0MRSXwTEdWP32vnkvPLk38rfstiI/uXetrdXNzuO1kr7rzc2yot57L8Rq7TbfRwpdBe+G7+1t+Zx2O9slmYmR2rzY1XRvZrE0efxzudxOul8uTXL8rD2cHa6MTf77p/qdmzuttqHEfxn4+go3XbjbkXrs5/4fn0wfTZl0n8+NmrDw7+nPwlOwOnyZt+UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LFbfxqFmdmx2tx4ZeSHnyK+Xf6k+tHP1e/nXy+VJ9MX5eFcZ99G7tryt27cv7J50X+qNnFUavas7rYax78++zS/1Tzr/ivb9yq5aSfuo2z+cT7//drE0cLzty9yrUszP00iPrxa/O7/9pgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwANS7a93DfQODkUk7fu+XDF/HltpJ59k+/JZbGTr9bS7ubjdd7JW3Hm5t1VaHkijq12Xi5iKiNHDlULEF9e1fNIJ79/pe/Hf/B0AAP//iZh0Hg==") (fail_nth: 4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[], 0x69)

1.297464576s ago: executing program 1 (id=1041):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="10e566923e7ad75a9f8d8a2432f02f812acd2798e8ed9909a70423682866c46c7cc556c624efc6ebac8c2a6372538d944e2033f5dec6b8ce0f1c0d03208f90279c9aaf8bdd637f6866fc1b61e600dcdc6b41dcc5364421a7b0f3028af730ff5215bfda5b01fa1c9b22a791cb3dfb3681ff812962ace5e718ec52cedb772778f780336b465ee8a702eab0f162d77b1406f73e8aab40a8b8a7b057620b94aa0ba21515af78809eb4f93669783c42990f8bcba3f4951b97af94961c6c31bf67960835ace4a1b62765f7689710089bce11b21db4c886d450c818ed8befb986064d1177545d2a829fe6d2bbfea1c9f74d7c50a3453e473dc645ae146d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$UHID_CREATE(r1, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x120)
write$UHID_DESTROY(r1, &(0x7f0000000080), 0x4)

1.296900735s ago: executing program 1 (id=1042):
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000000)={0x3, &(0x7f00000003c0)=[{0x4006, 0x1, 0x0, 0x7ffc1ffb}, {0x8, 0x4, 0x2, 0x8ab500}, {0xfffe, 0x4, 0x11, 0x6}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000000}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058"], 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd}, 0x10000, 0x0, 0x2, 0x0, 0x88}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4040046)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="180100001c040000000000006dfeff00850000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r2, 0x0, 0x401}, 0x11)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x1, 0x8000, 0x4, 0xb94e, {{0xa, 0x4, 0x3, 0xf, 0x28, 0x65, 0x0, 0x4e, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x32}, @multicast1, {[@ssrr={0x89, 0x13, 0x1a, [@private=0xa010102, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102]}]}}}}})
fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18)

1.240623177s ago: executing program 0 (id=1043):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]})
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0x538d28a0, 0x0, 0x0, 0x0, 0x81, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})

1.222061047s ago: executing program 0 (id=1044):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x200000000000006}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000000680)={&(0x7f0000000200)=@id={0x1e, 0x3, 0x3, {0x404e1f, 0x5}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20008000}, 0x80)

1.178907258s ago: executing program 0 (id=1045):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000008000000005000000000018110000", @ANYRES32=r0, @ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = gettid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
syz_clone(0xb44040, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r2}, 0x18)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x189481, 0x0)
syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[], 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b0400000000000000000200000058000480540001800a0001006d617463680000004400028008000240000000002c00030026ad3dc548f0d8e54d23edfcbe6d55b57cb15e63c10080000000000000abc3d6ce2316334e8278ad0a0001006c696d69740000000900010073797a30000000000900020073797a32"], 0xac}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
rt_sigaction(0x1b, &(0x7f0000000040)={0xfffffffffffffffc, 0x4c000000, 0x0, {[0x8000000000005a]}}, 0x0, 0x8, &(0x7f00000001c0))
tkill(r1, 0x1b)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)

1.178242258s ago: executing program 3 (id=1046):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = memfd_create(&(0x7f0000000cc0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\xd5\xfd\xa9\r\xac7V\xf2\x93A\x94k\xcd\t\x00\x90\xbe\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\agB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\x9f#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xd8\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x96!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2_\x16\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0V\\w\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x17fNo\xb3\x1d\xbb\xcaI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%UH\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\x02Y\x8e\xae\xf5m\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5\x04\x00\x00\x00\x00\x00\x00\x00\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9\xcfJ\t}\xd4:\xe4\xbe\x1c\x10\n\xc6hPO\xeagxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!D\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\xca\xc5kz\x8e9\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3d5V\x80\x1a\x90\x10\xe3\xdf%\xfdz\xf7\x9aE\xe6\x9b\x00'/993, 0x3)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0x6, 0x1000000})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000ac0)={'\x00', 0x6, 0x1, 0x5b8a, 0x7f, 0x2})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000570000"], 0x0, 0x800003, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000007000000000000e4000000f966bd346dfc3b009500000008000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@ipv4={'\x00', '\xff\xff', @local}, @in=@broadcast, 0x4e24, 0x5, 0x4e21, 0xc, 0x0, 0x20, 0x0, 0x2b}, {0xffffffffffffffff, 0x0, 0xfff, 0x0, 0xbe9f, 0x3, 0x9, 0x6}, {0x8, 0x3, 0x7}, 0x1, 0x6e6bb2, 0x0, 0x0, 0x2, 0x2}, {{@in6=@remote, 0x4d6, 0x3c}, 0x2, @in=@rand_addr=0x64010100, 0x34ff, 0x0, 0x2, 0x2, 0x9, 0x0, 0xd9c5}}, 0xe8)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r5, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f00000004c0)=""/55, 0x37}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x1, 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x4000, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)

1.139186318s ago: executing program 4 (id=1047):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000008b2c14e16ad7c6e16b775000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRESDEC=r1], 0x4c}, 0x1, 0x0, 0x0, 0x20000804}, 0x0)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'veth1_macvtap\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x80000000, 0x7a4, 0x9}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)

1.138826478s ago: executing program 4 (id=1048):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f0000"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000035c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$UHID_CREATE(r2, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x120)
write$UHID_DESTROY(r2, &(0x7f0000000080), 0x4)

1.08244069s ago: executing program 4 (id=1049):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setresuid(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.06466176s ago: executing program 4 (id=1050):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syncfs(0xffffffffffffffff)

1.04678114s ago: executing program 4 (id=1051):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
execve(&(0x7f0000000040)='./file0/bus\x00', &(0x7f00000001c0), &(0x7f0000000300))

1.026819901s ago: executing program 4 (id=1052):
r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r1}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f494246a77d86dd6700000100103afffe880000000000000000000000000201ff02000000000000000000000019000186009078ff02030005000000f6ffffff"], 0x0)
write$selinux_user(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000010000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
r5 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_STAT(r5, 0x2, 0x0)
r6 = geteuid()
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="0c1200000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000e0110380dc1100800800034000000002d0110a801c0002800900020073797a32000000000900020073797a3000000000520001"], 0x120c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000000740)=[{&(0x7f0000000a00)=""/132, 0x84}], 0x1}, 0x80000000}, {{&(0x7f0000000b00)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000000980)=""/3, 0x3}, {&(0x7f0000000b80)=""/45, 0x2d}, {&(0x7f0000000bc0)=""/17, 0x11}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/73, 0x49}, {&(0x7f0000001cc0)=""/17, 0x11}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/83, 0x53}], 0x8, &(0x7f0000002e00)=""/220, 0xdc}, 0xf}, {{&(0x7f0000002f00)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000003000)=[{&(0x7f0000002f80)=""/33, 0x21}, {&(0x7f0000002fc0)}], 0x2}, 0x10001}], 0x3, 0x40000062, &(0x7f0000003100)={0x77359400})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000800)={0x0, <r9=>0x0})
shmctl$IPC_SET(r5, 0x1, &(0x7f0000000880)={{0x1, r6, r7, 0x0, r8, 0x100, 0x5}, 0x62, 0x6, 0x2b, 0x0, 0xffffffffffffffff, r9, 0x3})
keyctl$KEYCTL_MOVE(0x4, r4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000ac0)={'wpan0\x00'})

930.160173ms ago: executing program 3 (id=1053):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d0000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x3c, 0x2c, 0x807, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

912.863743ms ago: executing program 3 (id=1054):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]})
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0x538d28a0, 0x0, 0x0, 0x0, 0x81, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})

897.526363ms ago: executing program 3 (id=1055):
r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r1}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f494246a77d86dd6700000100103afffe880000000000000000000000000201ff02000000000000000000000019000186009078ff02030005000000f6ffffff"], 0x0)
write$selinux_user(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000010000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
r5 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_STAT(r5, 0x2, 0x0)
r6 = geteuid()
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="0c1200000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000e0110380dc1100800800034000000002d0110a801c0002800900020073797a32000000000900020073797a3000000000520001"], 0x120c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000000740)=[{&(0x7f0000000a00)=""/132, 0x84}], 0x1}, 0x80000000}, {{&(0x7f0000000b00)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000000980)=""/3, 0x3}, {&(0x7f0000000b80)=""/45, 0x2d}, {&(0x7f0000000bc0)=""/17, 0x11}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/73, 0x49}, {&(0x7f0000001cc0)=""/17, 0x11}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/83, 0x53}], 0x8, &(0x7f0000002e00)=""/220, 0xdc}, 0xf}, {{&(0x7f0000002f00)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000003000)=[{&(0x7f0000002f80)=""/33, 0x21}, {&(0x7f0000002fc0)}], 0x2}, 0x10001}], 0x3, 0x40000062, &(0x7f0000003100)={0x77359400})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000800)={0x0, <r9=>0x0})
shmctl$IPC_SET(r5, 0x1, &(0x7f0000000880)={{0x1, r6, r7, 0x0, r8, 0x100, 0x5}, 0x62, 0x6, 0x2b, 0x0, 0xffffffffffffffff, r9, 0x3})
keyctl$KEYCTL_MOVE(0x4, r4, 0x0, 0x0, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000ac0)={'wpan0\x00'})

448.911992ms ago: executing program 1 (id=1056):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="34000000ef45b138a6000000ffdbdf", @ANYRES32=0x0, @ANYBLOB="8345050001000000140012800b00010067656e657665000004000280"], 0x34}}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10)
setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f0000000980)="9f", 0x1)
getsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f0000000280)={@multicast1, @multicast1, @broadcast}, &(0x7f0000000300)=0xc)
setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000100)=0x6, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000001200), 0x10)
close(r4)
close(r2)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x4e21, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="200000000000000084000000020000000a000400280000000b0000022e2e5049d30c83ffff1ea739234b99145e253de0e2e9f5b324af834678c611850d9da774ac000066af2aae785ae99101043f6baaba9943213ffe2ea6548a751b1f3f4cf965442c8e14158916230aed7f496613b77db65cfcdb2e52bff9199778874a90f01f64a742914c173de4455384de2122bdac924bd7096320cc17a91d3e2c923b55d444bff5", @ANYRES32=r6], 0x20, 0x2400e044}, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r6, 0x3468, 0x9, [0x2e, 0x101, 0x81, 0x400, 0x8, 0x3800, 0xd, 0xf77, 0x7]}, &(0x7f0000000180)=0x1a)
fsmount(0xffffffffffffffff, 0x1, 0x8)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r8}, 0x10)

161.901677ms ago: executing program 1 (id=1057):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x48}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000700)=',&#^%\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00'}, 0x18)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3)

0s ago: executing program 1 (id=1058):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008e74350190400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_tcp_int(r2, 0x6, 0x12, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
sendmsg$inet(r2, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x3000046, &(0x7f00000002c0)={[{@errors_continue}, {@data_err_abort}, {@nomblk_io_submit}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b0}}, {@noblock_validity}, {@grpquota}, {@nobh}, {@user_xattr}, {@inode_readahead_blks}, {@dioread_nolock}]}, 0x21, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r4, &(0x7f00000008c0)="3bf58d7d45d32cfe1da7c797b82fee444b42785c24a868a4046cf670ba8f376c429a424fcc374c08887ba2bb530d", 0x2e)
sendfile(r4, r3, 0x0, 0x3ffff)
sendfile(r4, r3, 0x0, 0x7fffeffd)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000140), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
clock_adjtime(0x0, &(0x7f0000000000)={0x3fd, 0xffffffffffffffff, 0x0, 0x7, 0x0, 0x0, 0x61, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x1})

kernel console output (not intermixed with test programs):

[1, 0] type 2 family 0 port 6081 - 0
[   53.951687][ T4576] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   53.952530][   T37] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   53.959749][ T4576] EXT4-fs (loop1): orphan cleanup on readonly fs
[   53.975524][ T4576] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.390: corrupted inode contents
[   53.987617][ T4576] EXT4-fs (loop1): Remounting filesystem read-only
[   53.995639][ T4576] EXT4-fs (loop1): 1 truncate cleaned up
[   54.001406][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   54.011932][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   54.022615][   T37] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   54.033331][ T4576] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   54.091283][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.100771][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.223963][ T4582] __nla_validate_parse: 5 callbacks suppressed
[   54.224053][ T4582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.392'.
[   54.257246][ T4580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=4580 comm=syz.0.391
[   54.334805][ T1036] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   54.479597][ T4605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.400'.
[   54.516177][ T4610] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.568260][ T4615] loop4: detected capacity change from 0 to 128
[   54.597997][ T4617] loop4: detected capacity change from 0 to 512
[   54.613605][ T4610] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.625445][ T4617] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   54.633662][ T4617] EXT4-fs (loop4): orphan cleanup on readonly fs
[   54.641675][ T4617] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.404: corrupted inode contents
[   54.653617][ T4617] EXT4-fs (loop4): Remounting filesystem read-only
[   54.660334][ T4617] EXT4-fs (loop4): 1 truncate cleaned up
[   54.666122][   T37] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   54.676782][   T37] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   54.688601][   T37] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   54.699322][ T4617] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   54.700134][ T4610] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.716498][ T4617] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[   54.728031][ T4617] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   54.735752][ T4617] vhci_hcd vhci_hcd.0: Device attached
[   54.754443][ T4620] vhci_hcd: connection closed
[   54.754574][   T12] vhci_hcd: stop threads
[   54.763553][   T12] vhci_hcd: release socket
[   54.767970][   T12] vhci_hcd: disconnect device
[   54.773688][ T4610] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.002959][ T4626] loop1: detected capacity change from 0 to 128
[   55.031300][ T4631] netlink: 32 bytes leftover after parsing attributes in process `syz.1.409'.
[   55.040250][ T4631] netlink: 56 bytes leftover after parsing attributes in process `syz.1.409'.
[   55.064062][ T4629] netlink: 'syz.2.408': attribute type 10 has an invalid length.
[   55.075975][ T4629] team0: Failed to send options change via netlink (err -105)
[   55.083588][ T4629] team0: Port device dummy0 added
[   55.121842][ T1036] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   55.164031][ T4637] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4637 comm=syz.3.412
[   55.299406][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.333456][ T4647] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=4647 comm=syz.2.411
[   55.386329][ T4639] netlink: 4 bytes leftover after parsing attributes in process `syz.3.413'.
[   55.395511][ T4649] loop4: detected capacity change from 0 to 128
[   55.429398][ T4650] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.409'.
[   55.466044][ T4646] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.409'.
[   55.753936][ T4663] netlink: 4 bytes leftover after parsing attributes in process `syz.3.418'.
[   55.805071][ T3907] hid_parser_main: 301 callbacks suppressed
[   55.805093][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.818790][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.826346][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.833784][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.841251][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.848670][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.856115][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.863522][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.871008][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.878548][ T3907] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   55.906554][ T3907] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   55.943466][ T4674] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4674 comm=syz.3.423
[   55.959807][ T4676] loop2: detected capacity change from 0 to 512
[   55.974142][ T4676] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   55.982285][ T4676] EXT4-fs (loop2): orphan cleanup on readonly fs
[   55.995061][ T4676] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.424: corrupted inode contents
[   56.022150][ T4676] EXT4-fs (loop2): Remounting filesystem read-only
[   56.042319][ T4676] EXT4-fs (loop2): 1 truncate cleaned up
[   56.048512][   T37] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   56.059119][   T37] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   56.071097][   T37] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[   56.127220][ T4680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.425'.
[   56.189344][ T4676] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   56.209085][ T4676] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[   56.215717][ T4676] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   56.223400][ T4676] vhci_hcd vhci_hcd.0: Device attached
[   56.245631][ T4688] vhci_hcd: connection closed
[   56.245813][   T31] vhci_hcd: stop threads
[   56.254903][   T31] vhci_hcd: release socket
[   56.259368][   T31] vhci_hcd: disconnect device
[   56.312990][ T4695] loop1: detected capacity change from 0 to 1024
[   56.319852][ T4695] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.327897][ T4695] EXT4-fs: Ignoring removed nobh option
[   56.344532][ T4695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.380541][ T4693] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=4693 comm=syz.3.429
[   56.480142][ T4703] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.426: Allocating blocks 497-513 which overlap fs metadata
[   56.634664][ T4695] EXT4-fs (loop1): pa ffff888106ade3f0: logic 16, phys. 145, len 23
[   56.642771][ T4695] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   56.692815][ T4707] netlink: 4 bytes leftover after parsing attributes in process `syz.4.432'.
[   56.774338][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.848193][ T4726] loop2: detected capacity change from 0 to 128
[   56.883821][ T4731] SELinux: syz.3.441 (4731) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   56.932888][ T4732] loop2: detected capacity change from 0 to 1024
[   56.940125][ T4732] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.947136][ T4732] EXT4-fs: Ignoring removed nobh option
[   56.963399][ T4732] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.030594][ T4695] syz.1.426 (4695) used greatest stack depth: 10536 bytes left
[   57.064034][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.097985][ T4739] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.440: Allocating blocks 497-513 which overlap fs metadata
[   57.225249][ T4732] EXT4-fs (loop2): pa ffff888106aad380: logic 16, phys. 145, len 23
[   57.233377][ T4732] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   57.325498][ T3451] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.337092][ T3451] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.353879][ T3451] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.372352][ T3451] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.393655][ T4752] loop0: detected capacity change from 0 to 512
[   57.402961][ T4752] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   57.411153][ T4752] EXT4-fs (loop0): orphan cleanup on readonly fs
[   57.420819][ T4752] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.447: corrupted inode contents
[   57.433964][ T4752] EXT4-fs (loop0): Remounting filesystem read-only
[   57.440638][ T4752] EXT4-fs (loop0): 1 truncate cleaned up
[   57.446575][ T3451] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   57.457169][ T3451] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   57.467794][ T3451] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   57.478841][ T4752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   57.497219][ T4752] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[   57.503878][ T4752] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   57.511495][ T4752] vhci_hcd vhci_hcd.0: Device attached
[   57.525207][ T4762] loop1: detected capacity change from 0 to 128
[   57.538606][ T4757] vhci_hcd: connection closed
[   57.538924][ T3451] vhci_hcd: stop threads
[   57.547905][ T3451] vhci_hcd: release socket
[   57.552424][ T3451] vhci_hcd: disconnect device
[   57.564590][ T4764] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.715080][    T9] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   57.779376][ T4776] loop2: detected capacity change from 0 to 2048
[   57.908873][ T4780] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.943469][ T4780] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.994402][ T4780] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.053501][ T4780] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.110740][   T31] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.122155][   T36] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   58.132476][ T3451] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.144171][ T3451] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.156644][ T3451] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.177749][ T4789] loop0: detected capacity change from 0 to 128
[   58.270759][ T4794] loop0: detected capacity change from 0 to 512
[   58.280138][   T29] kauditd_printk_skb: 901 callbacks suppressed
[   58.280156][   T29] audit: type=1400 audit(1759443026.442:2799): avc:  granted  { setsecparam } for  pid=4792 comm="syz.0.463" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[   58.291345][ T4794] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[   58.576598][ T4806] loop1: detected capacity change from 0 to 164
[   58.604076][   T29] audit: type=1326 audit(1759443026.782:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   58.627173][   T29] audit: type=1326 audit(1759443026.782:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   58.659244][ T4805] loop4: detected capacity change from 0 to 2048
[   58.679306][ T4808] loop1: detected capacity change from 0 to 512
[   58.717510][ T4808] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   58.733744][ T4808] EXT4-fs (loop1): orphan cleanup on readonly fs
[   58.744528][ T4808] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.469: corrupted inode contents
[   58.747105][   T29] audit: type=1326 audit(1759443026.822:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   58.779367][   T29] audit: type=1326 audit(1759443026.822:2803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4758d0ef03 code=0x7ffc0000
[   58.779409][   T29] audit: type=1326 audit(1759443026.832:2804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4758d0d97f code=0x7ffc0000
[   58.779493][   T29] audit: type=1326 audit(1759443026.832:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f4758d0ef57 code=0x7ffc0000
[   58.779520][   T29] audit: type=1326 audit(1759443026.832:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4758d0d710 code=0x7ffc0000
[   58.779552][   T29] audit: type=1326 audit(1759443026.832:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4758d0eacb code=0x7ffc0000
[   58.779577][   T29] audit: type=1326 audit(1759443026.872:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4758d0db2a code=0x7ffc0000
[   58.785709][ T4808] EXT4-fs (loop1): Remounting filesystem read-only
[   58.785891][ T4808] EXT4-fs (loop1): 1 truncate cleaned up
[   58.886247][ T3451] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   58.886330][ T3451] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   58.886430][ T3451] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   58.920880][ T4808] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[   58.920909][ T4808] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   58.920942][ T4808] vhci_hcd vhci_hcd.0: Device attached
[   58.943035][ T4818] vhci_hcd: connection closed
[   58.943467][   T37] vhci_hcd: stop threads
[   58.943478][   T37] vhci_hcd: release socket
[   58.943485][   T37] vhci_hcd: disconnect device
[   59.208919][ T4828] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.275188][ T4828] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.294838][ T4840] FAULT_INJECTION: forcing a failure.
[   59.294838][ T4840] name failslab, interval 1, probability 0, space 0, times 0
[   59.307582][ T4840] CPU: 0 UID: 0 PID: 4840 Comm: syz.2.478 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   59.307617][ T4840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   59.307704][ T4840] Call Trace:
[   59.307712][ T4840]  <TASK>
[   59.307721][ T4840]  __dump_stack+0x1d/0x30
[   59.307747][ T4840]  dump_stack_lvl+0xe8/0x140
[   59.307771][ T4840]  dump_stack+0x15/0x1b
[   59.307793][ T4840]  should_fail_ex+0x265/0x280
[   59.307881][ T4840]  should_failslab+0x8c/0xb0
[   59.307900][ T4840]  kmem_cache_alloc_noprof+0x50/0x310
[   59.307923][ T4840]  ? audit_log_start+0x342/0x720
[   59.308036][ T4840]  audit_log_start+0x342/0x720
[   59.308068][ T4840]  ? kstrtouint+0x76/0xc0
[   59.308088][ T4840]  audit_seccomp+0x48/0x100
[   59.308129][ T4840]  ? __seccomp_filter+0x82d/0x1250
[   59.308173][ T4840]  __seccomp_filter+0x83e/0x1250
[   59.308205][ T4840]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   59.308278][ T4840]  ? vfs_write+0x7e8/0x960
[   59.308341][ T4840]  ? __rcu_read_unlock+0x4f/0x70
[   59.308416][ T4840]  ? __fget_files+0x184/0x1c0
[   59.308443][ T4840]  __secure_computing+0x82/0x150
[   59.308474][ T4840]  syscall_trace_enter+0xcf/0x1e0
[   59.308508][ T4840]  do_syscall_64+0xac/0x200
[   59.308531][ T4840]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   59.308616][ T4840]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   59.308661][ T4840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.308680][ T4840] RIP: 0033:0x7f9e8a73eec9
[   59.308693][ T4840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.308708][ T4840] RSP: 002b:00007f9e8919f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   59.308724][ T4840] RAX: ffffffffffffffda RBX: 00007f9e8a995fa0 RCX: 00007f9e8a73eec9
[   59.308735][ T4840] RDX: 0000200000000300 RSI: 0000000000000002 RDI: 0000000000000006
[   59.308792][ T4840] RBP: 00007f9e8919f090 R08: 0000000000000000 R09: 0000000000000000
[   59.308803][ T4840] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[   59.308839][ T4840] R13: 00007f9e8a996038 R14: 00007f9e8a995fa0 R15: 00007fff856d9f28
[   59.308863][ T4840]  </TASK>
[   59.311070][ T4828] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.538329][ T4842] loop2: detected capacity change from 0 to 2048
[   59.575649][ T4849] loop1: detected capacity change from 0 to 512
[   59.576647][ T4828] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.584019][ T4849] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   59.604272][ T4849] EXT4-fs (loop1): 1 truncate cleaned up
[   59.673938][ T4858] FAULT_INJECTION: forcing a failure.
[   59.673938][ T4858] name failslab, interval 1, probability 0, space 0, times 0
[   59.686839][ T4858] CPU: 1 UID: 0 PID: 4858 Comm: syz.1.484 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   59.686872][ T4858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   59.686888][ T4858] Call Trace:
[   59.686898][ T4858]  <TASK>
[   59.686905][ T4858]  __dump_stack+0x1d/0x30
[   59.686924][ T4858]  dump_stack_lvl+0xe8/0x140
[   59.686940][ T4858]  dump_stack+0x15/0x1b
[   59.687025][ T4858]  should_fail_ex+0x265/0x280
[   59.687180][ T4858]  ? __se_sys_memfd_create+0x1cc/0x590
[   59.687208][ T4858]  should_failslab+0x8c/0xb0
[   59.687306][ T4858]  __kmalloc_cache_noprof+0x4c/0x320
[   59.687327][ T4858]  ? fput+0x8f/0xc0
[   59.687355][ T4858]  __se_sys_memfd_create+0x1cc/0x590
[   59.687384][ T4858]  __x64_sys_memfd_create+0x31/0x40
[   59.687485][ T4858]  x64_sys_call+0x2ac2/0x3000
[   59.687504][ T4858]  do_syscall_64+0xd2/0x200
[   59.687520][ T4858]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   59.687544][ T4858]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   59.687621][ T4858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.687647][ T4858] RIP: 0033:0x7f77d775eec9
[   59.687659][ T4858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.687715][ T4858] RSP: 002b:00007f77d61bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   59.687731][ T4858] RAX: ffffffffffffffda RBX: 000000000000042f RCX: 00007f77d775eec9
[   59.687742][ T4858] RDX: 00007f77d61beef0 RSI: 0000000000000000 RDI: 00007f77d77e2960
[   59.687752][ T4858] RBP: 0000200000000940 R08: 00007f77d61bebb7 R09: 00007f77d61bee40
[   59.687763][ T4858] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000016c0
[   59.687845][ T4858] R13: 00007f77d61beef0 R14: 00007f77d61beeb0 R15: 0000200000001080
[   59.687904][ T4858]  </TASK>
[   59.880855][ T4861] __nla_validate_parse: 6 callbacks suppressed
[   59.880874][ T4861] netlink: 32 bytes leftover after parsing attributes in process `syz.2.485'.
[   59.896099][ T4861] netlink: 56 bytes leftover after parsing attributes in process `syz.2.485'.
[   60.101785][ T4864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=4864 comm=syz.1.487
[   60.128965][ T4874] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=4874 comm=syz.4.490
[   60.180848][ T4874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.490'.
[   60.208058][ T4874] bond2: entered promiscuous mode
[   60.224440][ T4874] 8021q: adding VLAN 0 to HW filter on device bond2
[   60.450659][ T4874] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   60.463495][ T4874] netlink: 4 bytes leftover after parsing attributes in process `syz.4.490'.
[   60.489387][ T4874] bond2 (unregistering): Released all slaves
[   60.609706][ T1036] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   60.710080][ T4887] netlink: 'syz.4.493': attribute type 15 has an invalid length.
[   60.751369][ T4887] loop4: detected capacity change from 0 to 512
[   60.788097][ T4887] EXT4-fs warning (device loop4): ext4_enable_quotas:7178: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   60.803948][ T4885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.494'.
[   60.892497][ T4900] FAULT_INJECTION: forcing a failure.
[   60.892497][ T4900] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   60.905729][ T4900] CPU: 1 UID: 0 PID: 4900 Comm: syz.4.497 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   60.905757][ T4900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   60.905769][ T4900] Call Trace:
[   60.905776][ T4900]  <TASK>
[   60.905783][ T4900]  __dump_stack+0x1d/0x30
[   60.905880][ T4900]  dump_stack_lvl+0xe8/0x140
[   60.905917][ T4900]  dump_stack+0x15/0x1b
[   60.905957][ T4900]  should_fail_ex+0x265/0x280
[   60.905981][ T4900]  should_fail+0xb/0x20
[   60.906001][ T4900]  should_fail_usercopy+0x1a/0x20
[   60.906026][ T4900]  _copy_from_user+0x1c/0xb0
[   60.906133][ T4900]  ___sys_sendmsg+0xc1/0x1d0
[   60.906175][ T4900]  __x64_sys_sendmsg+0xd4/0x160
[   60.906243][ T4900]  x64_sys_call+0x191e/0x3000
[   60.906265][ T4900]  do_syscall_64+0xd2/0x200
[   60.906284][ T4900]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   60.906311][ T4900]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   60.906401][ T4900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.906423][ T4900] RIP: 0033:0x7f4758d0eec9
[   60.906438][ T4900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.906456][ T4900] RSP: 002b:00007f475776f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.906490][ T4900] RAX: ffffffffffffffda RBX: 00007f4758f65fa0 RCX: 00007f4758d0eec9
[   60.906503][ T4900] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[   60.906520][ T4900] RBP: 00007f475776f090 R08: 0000000000000000 R09: 0000000000000000
[   60.906532][ T4900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.906544][ T4900] R13: 00007f4758f66038 R14: 00007f4758f65fa0 R15: 00007fff8d8eb808
[   60.906575][ T4900]  </TASK>
[   61.115054][ T4913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=4913 comm=syz.4.502
[   61.118306][ T4909] FAULT_INJECTION: forcing a failure.
[   61.118306][ T4909] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   61.127903][ T4913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.502'.
[   61.141020][ T4909] CPU: 0 UID: 0 PID: 4909 Comm: syz.1.501 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   61.141105][ T4909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   61.141120][ T4909] Call Trace:
[   61.141127][ T4909]  <TASK>
[   61.141135][ T4909]  __dump_stack+0x1d/0x30
[   61.141163][ T4909]  dump_stack_lvl+0xe8/0x140
[   61.141206][ T4909]  dump_stack+0x15/0x1b
[   61.141230][ T4909]  should_fail_ex+0x265/0x280
[   61.141334][ T4909]  should_fail+0xb/0x20
[   61.141361][ T4909]  should_fail_usercopy+0x1a/0x20
[   61.141396][ T4909]  _copy_from_user+0x1c/0xb0
[   61.141539][ T4909]  ___sys_sendmsg+0xc1/0x1d0
[   61.141593][ T4909]  __x64_sys_sendmsg+0xd4/0x160
[   61.141636][ T4909]  x64_sys_call+0x191e/0x3000
[   61.141666][ T4909]  do_syscall_64+0xd2/0x200
[   61.141691][ T4909]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   61.141769][ T4909]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   61.141827][ T4909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.141858][ T4909] RIP: 0033:0x7f77d775eec9
[   61.141879][ T4909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.141910][ T4909] RSP: 002b:00007f77d61bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   61.141936][ T4909] RAX: ffffffffffffffda RBX: 00007f77d79b5fa0 RCX: 00007f77d775eec9
[   61.142026][ T4909] RDX: 0000000004000000 RSI: 0000200000001200 RDI: 0000000000000003
[   61.142044][ T4909] RBP: 00007f77d61bf090 R08: 0000000000000000 R09: 0000000000000000
[   61.142060][ T4909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.142111][ T4909] R13: 00007f77d79b6038 R14: 00007f77d79b5fa0 R15: 00007ffd284591d8
[   61.142137][ T4909]  </TASK>
[   61.194986][ T1036] hid_parser_main: 150 callbacks suppressed
[   61.195011][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.204948][ T4913] bond2: entered promiscuous mode
[   61.208087][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.212851][ T4913] 8021q: adding VLAN 0 to HW filter on device bond2
[   61.217560][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.217584][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.233401][ T4913] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   61.238651][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.238682][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.391332][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.398814][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.406270][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.413677][ T1036] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   61.421638][ T4913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.502'.
[   61.421840][ T1036] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   61.442266][ T4913] bond2 (unregistering): Released all slaves
[   61.554579][ T4935] loop4: detected capacity change from 0 to 128
[   61.692118][ T4935] syz.4.511: attempt to access beyond end of device
[   61.692118][ T4935] loop4: rw=2049, sector=145, nr_sectors = 8 limit=128
[   61.766367][ T4935] syz.4.511: attempt to access beyond end of device
[   61.766367][ T4935] loop4: rw=2049, sector=161, nr_sectors = 8 limit=128
[   61.784507][ T4935] syz.4.511: attempt to access beyond end of device
[   61.784507][ T4935] loop4: rw=2049, sector=177, nr_sectors = 8 limit=128
[   61.798122][ T4935] syz.4.511: attempt to access beyond end of device
[   61.798122][ T4935] loop4: rw=2049, sector=193, nr_sectors = 8 limit=128
[   61.813452][ T4935] syz.4.511: attempt to access beyond end of device
[   61.813452][ T4935] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128
[   61.827163][ T4935] syz.4.511: attempt to access beyond end of device
[   61.827163][ T4935] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128
[   61.841881][ T4935] syz.4.511: attempt to access beyond end of device
[   61.841881][ T4935] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128
[   61.843931][ T4947] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4947 comm=syz.2.515
[   61.877775][   T31] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.887071][ T4935] syz.4.511: attempt to access beyond end of device
[   61.887071][ T4935] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128
[   61.905095][   T31] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.910051][ T4935] syz.4.511: attempt to access beyond end of device
[   61.910051][ T4935] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128
[   61.922711][   T31] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.956773][   T31] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.962198][ T4935] syz.4.511: attempt to access beyond end of device
[   61.962198][ T4935] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128
[   61.992279][ T4955] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=4955 comm=syz.0.519
[   62.009826][ T4955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.519'.
[   62.029460][ T4955] bond1: entered promiscuous mode
[   62.055275][ T4955] 8021q: adding VLAN 0 to HW filter on device bond1
[   62.072825][ T4955] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   62.082578][ T4967] netem: incorrect gi model size
[   62.087776][ T4967] netem: change failed
[   62.092633][ T4955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.519'.
[   62.115537][ T4955] bond1 (unregistering): Released all slaves
[   62.148655][ T4974] loop2: detected capacity change from 0 to 512
[   62.162338][ T4974] EXT4-fs: dax option not supported
[   62.177521][ T4975] loop1: detected capacity change from 0 to 512
[   62.195925][ T4977] loop0: detected capacity change from 0 to 512
[   62.203663][ T4979] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.205078][ T4975] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   62.221680][ T4975] EXT4-fs (loop1): orphan cleanup on readonly fs
[   62.229600][ T4977] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   62.230456][ T4975] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.524: corrupted inode contents
[   62.237888][ T4977] EXT4-fs (loop0): orphan cleanup on readonly fs
[   62.250304][ T4975] EXT4-fs (loop1): Remounting filesystem read-only
[   62.258926][ T4977] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.527: corrupted inode contents
[   62.262575][ T4975] EXT4-fs (loop1): 1 truncate cleaned up
[   62.276350][ T4977] EXT4-fs (loop0): Remounting filesystem read-only
[   62.282271][ T4979] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.286730][ T4977] EXT4-fs (loop0): 1 truncate cleaned up
[   62.296282][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   62.312413][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   62.323045][   T37] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   62.333369][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   62.344110][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   62.356233][   T37] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   62.365335][ T4979] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.377508][ T4977] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[   62.384108][ T4977] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   62.391658][ T4977] vhci_hcd vhci_hcd.0: Device attached
[   62.424366][ T4979] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.434543][ T4990] loop1: detected capacity change from 0 to 512
[   62.437078][ T4987] vhci_hcd: connection closed
[   62.441001][ T3415] vhci_hcd: stop threads
[   62.450099][ T3415] vhci_hcd: release socket
[   62.454596][ T3415] vhci_hcd: disconnect device
[   62.459863][ T4990] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   62.468207][ T4990] EXT4-fs (loop1): orphan cleanup on readonly fs
[   62.476053][ T4990] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.529: corrupted inode contents
[   62.488101][ T4990] EXT4-fs (loop1): Remounting filesystem read-only
[   62.494799][ T4990] EXT4-fs (loop1): 1 truncate cleaned up
[   62.495417][ T4994] loop4: detected capacity change from 0 to 2048
[   62.507915][ T3415] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   62.518482][ T3415] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   62.529217][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.538983][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.547487][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.549178][ T3415] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   62.557155][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.579785][ T4990] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[   62.586324][ T4990] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   62.593894][ T4990] vhci_hcd vhci_hcd.0: Device attached
[   62.626367][ T5003] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5003 comm=syz.2.532
[   62.639080][ T4997] vhci_hcd: connection closed
[   62.639273][ T3415] vhci_hcd: stop threads
[   62.648393][ T3415] vhci_hcd: release socket
[   62.652868][ T3415] vhci_hcd: disconnect device
[   62.692843][ T5007] IPv6: addrconf: prefix option has invalid lifetime
[   62.795339][ T5021] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5021 comm=syz.4.538
[   62.808296][ T5021] netlink: 12 bytes leftover after parsing attributes in process `syz.4.538'.
[   62.823364][ T5021] bond2: entered promiscuous mode
[   62.828664][ T5021] 8021q: adding VLAN 0 to HW filter on device bond2
[   62.840324][ T5021] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   62.853394][ T5021] bond2 (unregistering): Released all slaves
[   62.969685][ T5031] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.072927][ T5031] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.113088][ T5045] FAULT_INJECTION: forcing a failure.
[   63.113088][ T5045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   63.126327][ T5045] CPU: 0 UID: 0 PID: 5045 Comm: syz.0.546 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.126362][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   63.126379][ T5045] Call Trace:
[   63.126386][ T5045]  <TASK>
[   63.126395][ T5045]  __dump_stack+0x1d/0x30
[   63.126498][ T5045]  dump_stack_lvl+0xe8/0x140
[   63.126524][ T5045]  dump_stack+0x15/0x1b
[   63.126588][ T5045]  should_fail_ex+0x265/0x280
[   63.126626][ T5045]  should_fail+0xb/0x20
[   63.126651][ T5045]  should_fail_usercopy+0x1a/0x20
[   63.126682][ T5045]  _copy_to_user+0x20/0xa0
[   63.126809][ T5045]  simple_read_from_buffer+0xb5/0x130
[   63.126874][ T5045]  proc_fail_nth_read+0x10e/0x150
[   63.126904][ T5045]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   63.126932][ T5045]  vfs_read+0x1a8/0x770
[   63.126970][ T5045]  ? __rcu_read_unlock+0x4f/0x70
[   63.127001][ T5045]  ? __fget_files+0x184/0x1c0
[   63.127064][ T5045]  ksys_read+0xda/0x1a0
[   63.127105][ T5045]  __x64_sys_read+0x40/0x50
[   63.127255][ T5045]  x64_sys_call+0x27c0/0x3000
[   63.127348][ T5045]  do_syscall_64+0xd2/0x200
[   63.127372][ T5045]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   63.127407][ T5045]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   63.127510][ T5045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.127539][ T5045] RIP: 0033:0x7f62856bd8dc
[   63.127559][ T5045] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   63.127584][ T5045] RSP: 002b:00007f628411f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   63.127609][ T5045] RAX: ffffffffffffffda RBX: 00007f6285915fa0 RCX: 00007f62856bd8dc
[   63.127703][ T5045] RDX: 000000000000000f RSI: 00007f628411f0a0 RDI: 0000000000000004
[   63.127718][ T5045] RBP: 00007f628411f090 R08: 0000000000000000 R09: 0000000000000000
[   63.127807][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.127824][ T5045] R13: 00007f6285916038 R14: 00007f6285915fa0 R15: 00007ffdf9051468
[   63.127846][ T5045]  </TASK>
[   63.275042][ T5048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=5048 comm=syz.2.548
[   63.363998][ T5031] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.420582][ T5058] FAULT_INJECTION: forcing a failure.
[   63.420582][ T5058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   63.433746][ T5058] CPU: 0 UID: 0 PID: 5058 Comm: syz.1.551 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.433823][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   63.433836][ T5058] Call Trace:
[   63.433849][ T5058]  <TASK>
[   63.433893][ T5058]  __dump_stack+0x1d/0x30
[   63.433919][ T5058]  dump_stack_lvl+0xe8/0x140
[   63.433943][ T5058]  dump_stack+0x15/0x1b
[   63.433959][ T5058]  should_fail_ex+0x265/0x280
[   63.433983][ T5058]  should_fail+0xb/0x20
[   63.434004][ T5058]  should_fail_usercopy+0x1a/0x20
[   63.434044][ T5058]  _copy_from_user+0x1c/0xb0
[   63.434161][ T5058]  snd_seq_ioctl+0x127/0x2e0
[   63.434209][ T5058]  ? __pfx_snd_seq_ioctl+0x10/0x10
[   63.434247][ T5058]  __se_sys_ioctl+0xce/0x140
[   63.434311][ T5058]  __x64_sys_ioctl+0x43/0x50
[   63.434346][ T5058]  x64_sys_call+0x1816/0x3000
[   63.434373][ T5058]  do_syscall_64+0xd2/0x200
[   63.434397][ T5058]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   63.434432][ T5058]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   63.434504][ T5058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.434603][ T5058] RIP: 0033:0x7f77d775eec9
[   63.434622][ T5058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.434644][ T5058] RSP: 002b:00007f77d61bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   63.434668][ T5058] RAX: ffffffffffffffda RBX: 00007f77d79b5fa0 RCX: 00007f77d775eec9
[   63.434684][ T5058] RDX: 0000200000000400 RSI: 0000000040605346 RDI: 0000000000000003
[   63.434700][ T5058] RBP: 00007f77d61bf090 R08: 0000000000000000 R09: 0000000000000000
[   63.434715][ T5058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.434750][ T5058] R13: 00007f77d79b6038 R14: 00007f77d79b5fa0 R15: 00007ffd284591d8
[   63.434772][ T5058]  </TASK>
[   63.633261][ T5031] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.650982][ T5060] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5060 comm=syz.1.552
[   63.678097][ T5060] bond1: entered promiscuous mode
[   63.684532][ T5060] 8021q: adding VLAN 0 to HW filter on device bond1
[   63.717624][ T5060] bond1 (unregistering): Released all slaves
[   63.781745][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.813379][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.821649][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.829923][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.899504][ T5063] loop4: detected capacity change from 0 to 512
[   63.950073][ T5063] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   63.967063][ T5063] EXT4-fs (loop4): orphan cleanup on readonly fs
[   63.975905][ T5063] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.553: corrupted inode contents
[   63.990432][ T5063] EXT4-fs (loop4): Remounting filesystem read-only
[   63.997371][ T5063] EXT4-fs (loop4): 1 truncate cleaned up
[   64.004892][   T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   64.015486][   T51] __quota_error: 205 callbacks suppressed
[   64.015503][   T51] Quota error (device loop4): write_blk: dquota write failed
[   64.028703][   T51] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[   64.038735][   T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   64.049273][   T51] Quota error (device loop4): write_blk: dquota write failed
[   64.056676][   T51] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list
[   64.104465][   T51] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   64.105912][   T29] audit: type=1400 audit(1759443032.284:2987): avc:  denied  { write } for  pid=5073 comm="syz.1.557" path="socket:[11017]" dev="sockfs" ino=11017 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   64.114639][   T51] Quota error (device loop4): v2_write_file_info: Can't write info structure
[   64.147819][   T51] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[   64.174838][   T29] audit: type=1326 audit(1759443032.334:2988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5081 comm="syz.2.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8a73eec9 code=0x7ffc0000
[   64.198355][   T29] audit: type=1326 audit(1759443032.334:2989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5081 comm="syz.2.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8a73eec9 code=0x7ffc0000
[   64.221797][   T29] audit: type=1326 audit(1759443032.334:2990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5081 comm="syz.2.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f9e8a73eec9 code=0x7ffc0000
[   64.245999][ T5063] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[   64.252583][ T5063] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   64.260215][ T5063] vhci_hcd vhci_hcd.0: Device attached
[   64.281534][ T5086] hsr_slave_0: left promiscuous mode
[   64.289762][ T5086] hsr_slave_1: left promiscuous mode
[   64.296461][ T5091] Unsupported ieee802154 address type: 0
[   64.325149][ T5096] FAULT_INJECTION: forcing a failure.
[   64.325149][ T5096] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   64.338593][ T5096] CPU: 1 UID: 0 PID: 5096 Comm: syz.0.563 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   64.338636][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   64.338653][ T5096] Call Trace:
[   64.338728][ T5096]  <TASK>
[   64.338737][ T5096]  __dump_stack+0x1d/0x30
[   64.338763][ T5096]  dump_stack_lvl+0xe8/0x140
[   64.338788][ T5096]  dump_stack+0x15/0x1b
[   64.338808][ T5096]  should_fail_ex+0x265/0x280
[   64.338872][ T5096]  should_fail_alloc_page+0xf2/0x100
[   64.338900][ T5096]  __alloc_frozen_pages_noprof+0xff/0x360
[   64.338973][ T5096]  alloc_pages_mpol+0xb3/0x250
[   64.339007][ T5096]  vma_alloc_folio_noprof+0x1aa/0x300
[   64.339045][ T5096]  handle_mm_fault+0xec2/0x2c20
[   64.339224][ T5096]  do_user_addr_fault+0x630/0x1080
[   64.339252][ T5096]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   64.339279][ T5096]  exc_page_fault+0x62/0xa0
[   64.339313][ T5096]  asm_exc_page_fault+0x26/0x30
[   64.339332][ T5096] RIP: 0033:0x7f628566c3ab
[   64.339374][ T5096] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[   64.339396][ T5096] RSP: 002b:00007f628411ce10 EFLAGS: 00010246
[   64.339414][ T5096] RAX: 00007f628411ef30 RBX: 00007f62858e7640 RCX: 0000000000000000
[   64.339426][ T5096] RDX: 00007f628411ef78 RSI: 00007f628571edf8 RDI: 00007f628411ce30
[   64.339438][ T5096] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[   64.339449][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.339464][ T5096] R13: 00007f6285916038 R14: 00007f6285915fa0 R15: 00007ffdf9051468
[   64.339485][ T5096]  </TASK>
[   64.339546][ T5096] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   64.411873][ T5085] vhci_hcd: connection closed
[   64.453294][ T5102] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5102 comm=syz.1.565
[   64.511895][ T1036] usb 9-1: new low-speed USB device number 2 using vhci_hcd
[   64.542543][   T37] vhci_hcd: stop threads
[   64.546821][   T37] vhci_hcd: release socket
[   64.551364][   T37] vhci_hcd: disconnect device
[   64.558153][ T1036] usb 9-1: enqueue for inactive port 0
[   64.563107][ T5102] bond1: entered promiscuous mode
[   64.563800][ T1036] usb 9-1: enqueue for inactive port 0
[   64.574240][ T5102] 8021q: adding VLAN 0 to HW filter on device bond1
[   64.591188][ T1036] usb 9-1: enqueue for inactive port 0
[   64.605072][ T5102] bond1 (unregistering): Released all slaves
[   64.639417][ T5116] loop0: detected capacity change from 0 to 512
[   64.662731][ T5116] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   64.670886][ T5116] EXT4-fs (loop0): orphan cleanup on readonly fs
[   64.681503][ T5116] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.567: corrupted inode contents
[   64.694706][ T5116] EXT4-fs (loop0): Remounting filesystem read-only
[   64.701268][ T1036] vhci_hcd: vhci_device speed not set
[   64.703484][ T5116] EXT4-fs (loop0): 1 truncate cleaned up
[   64.713603][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   64.724233][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   64.736345][   T12] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   64.769459][ T5116] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[   64.776097][ T5116] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   64.783712][ T5116] vhci_hcd vhci_hcd.0: Device attached
[   64.807693][ T5123] vhci_hcd: connection closed
[   64.807800][   T31] vhci_hcd: stop threads
[   64.816886][   T31] vhci_hcd: release socket
[   64.821422][   T31] vhci_hcd: disconnect device
[   64.845628][ T5138] FAULT_INJECTION: forcing a failure.
[   64.845628][ T5138] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   64.858809][ T5138] CPU: 1 UID: 0 PID: 5138 Comm: syz.3.575 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   64.858838][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   64.858850][ T5138] Call Trace:
[   64.858856][ T5138]  <TASK>
[   64.858862][ T5138]  __dump_stack+0x1d/0x30
[   64.858947][ T5138]  dump_stack_lvl+0xe8/0x140
[   64.858971][ T5138]  dump_stack+0x15/0x1b
[   64.858988][ T5138]  should_fail_ex+0x265/0x280
[   64.859010][ T5138]  should_fail+0xb/0x20
[   64.859098][ T5138]  should_fail_usercopy+0x1a/0x20
[   64.859165][ T5138]  _copy_from_user+0x1c/0xb0
[   64.859207][ T5138]  __sys_bpf+0x183/0x7c0
[   64.859253][ T5138]  __x64_sys_bpf+0x41/0x50
[   64.859288][ T5138]  x64_sys_call+0x2aee/0x3000
[   64.859332][ T5138]  do_syscall_64+0xd2/0x200
[   64.859349][ T5138]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   64.859375][ T5138]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   64.859483][ T5138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.859509][ T5138] RIP: 0033:0x7f70e222eec9
[   64.859527][ T5138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.859546][ T5138] RSP: 002b:00007f70e0c97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   64.859644][ T5138] RAX: ffffffffffffffda RBX: 00007f70e2485fa0 RCX: 00007f70e222eec9
[   64.859656][ T5138] RDX: 000000000000000c RSI: 0000200000000000 RDI: 0000000000000023
[   64.859669][ T5138] RBP: 00007f70e0c97090 R08: 0000000000000000 R09: 0000000000000000
[   64.859684][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.859697][ T5138] R13: 00007f70e2486038 R14: 00007f70e2485fa0 R15: 00007fff3b43b178
[   64.859715][ T5138]  </TASK>
[   65.091194][ T5147] __nla_validate_parse: 11 callbacks suppressed
[   65.091212][ T5147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.579'.
[   65.115906][ T5147] bond1: entered promiscuous mode
[   65.121348][ T5147] 8021q: adding VLAN 0 to HW filter on device bond1
[   65.134533][ T5147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.579'.
[   65.153164][ T5147] bond1 (unregistering): Released all slaves
[   65.170400][ T5151] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.226352][ T5150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.580'.
[   65.247179][ T5151] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.339109][ T5166] netlink: 28 bytes leftover after parsing attributes in process `syz.4.585'.
[   65.354784][ T5151] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.370595][ T5165] loop1: detected capacity change from 0 to 2048
[   65.383920][ T5168] loop4: detected capacity change from 0 to 2048
[   65.457200][ T5174] selinux_netlink_send: 2 callbacks suppressed
[   65.457218][ T5174] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5174 comm=syz.0.588
[   65.477761][ T5151] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.570136][   T31] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.599216][   T31] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.613855][   T31] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.622455][   T31] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.647968][ T5184] FAULT_INJECTION: forcing a failure.
[   65.647968][ T5184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.661092][ T5184] CPU: 1 UID: 0 PID: 5184 Comm: syz.0.593 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   65.661125][ T5184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   65.661187][ T5184] Call Trace:
[   65.661193][ T5184]  <TASK>
[   65.661200][ T5184]  __dump_stack+0x1d/0x30
[   65.661220][ T5184]  dump_stack_lvl+0xe8/0x140
[   65.661240][ T5184]  dump_stack+0x15/0x1b
[   65.661260][ T5184]  should_fail_ex+0x265/0x280
[   65.661295][ T5184]  should_fail+0xb/0x20
[   65.661316][ T5184]  should_fail_usercopy+0x1a/0x20
[   65.661338][ T5184]  _copy_from_user+0x1c/0xb0
[   65.661440][ T5184]  ___sys_sendmsg+0xc1/0x1d0
[   65.661488][ T5184]  __x64_sys_sendmsg+0xd4/0x160
[   65.661526][ T5184]  x64_sys_call+0x191e/0x3000
[   65.661552][ T5184]  do_syscall_64+0xd2/0x200
[   65.661728][ T5184]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   65.661826][ T5184]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   65.661856][ T5184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.661881][ T5184] RIP: 0033:0x7f62856beec9
[   65.661899][ T5184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.661928][ T5184] RSP: 002b:00007f628411f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   65.661983][ T5184] RAX: ffffffffffffffda RBX: 00007f6285915fa0 RCX: 00007f62856beec9
[   65.662005][ T5184] RDX: 0000000000004000 RSI: 0000200000000100 RDI: 0000000000000004
[   65.662020][ T5184] RBP: 00007f628411f090 R08: 0000000000000000 R09: 0000000000000000
[   65.662034][ T5184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.662076][ T5184] R13: 00007f6285916038 R14: 00007f6285915fa0 R15: 00007ffdf9051468
[   65.662094][ T5184]  </TASK>
[   65.867698][ T1036] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   65.985504][ T5197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.595'.
[   66.022515][ T5213] loop0: detected capacity change from 0 to 512
[   66.040289][ T5215] loop3: detected capacity change from 0 to 1024
[   66.057762][ T5213] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   66.068856][ T5215] EXT4-fs: Ignoring removed nomblk_io_submit option
[   66.076960][ T5213] EXT4-fs (loop0): orphan cleanup on readonly fs
[   66.084809][ T5215] EXT4-fs: Ignoring removed nobh option
[   66.099427][ T5213] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.605: corrupted inode contents
[   66.114429][ T5213] EXT4-fs (loop0): Remounting filesystem read-only
[   66.122441][ T5213] EXT4-fs (loop0): 1 truncate cleaned up
[   66.128242][   T31] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   66.138890][   T31] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   66.151501][ T5221] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5221 comm=syz.4.607
[   66.159961][   T31] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   66.182253][ T5213] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[   66.188913][ T5213] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   66.196554][ T5213] vhci_hcd vhci_hcd.0: Device attached
[   66.227220][ T5226] vhci_hcd: connection closed
[   66.227374][   T51] vhci_hcd: stop threads
[   66.236364][   T51] vhci_hcd: release socket
[   66.240790][   T51] vhci_hcd: disconnect device
[   66.247835][ T5219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.606'.
[   66.483298][ T5231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.608'.
[   66.492561][   T36] hid_parser_main: 72 callbacks suppressed
[   66.492583][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.505966][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.513463][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.520865][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.528294][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.535732][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x2
[   66.543161][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.550558][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.557986][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x4
[   66.565402][   T36] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   66.585212][ T5229] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.603: Allocating blocks 1-17 which overlap fs metadata
[   66.599022][   T36] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   66.610312][ T5215] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.603: Allocating blocks 1-17 which overlap fs metadata
[   66.635104][ T5229] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.603: Allocating blocks 1-17 which overlap fs metadata
[   66.659015][ T5215] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.603: Allocating blocks 1-17 which overlap fs metadata
[   66.801584][ T5215] syz.3.603 (5215) used greatest stack depth: 10240 bytes left
[   66.869632][ T5257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.617'.
[   66.969463][ T5261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.619'.
[   67.018496][ T1036] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   67.099003][ T5272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.623'.
[   67.174267][ T5288] loop0: detected capacity change from 0 to 512
[   67.193615][ T5288] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   67.202005][ T5288] EXT4-fs (loop0): orphan cleanup on readonly fs
[   67.210476][ T5288] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.629: corrupted inode contents
[   67.226187][ T5293] loop1: detected capacity change from 0 to 1024
[   67.233718][ T5288] EXT4-fs (loop0): Remounting filesystem read-only
[   67.235994][ T5293] EXT4-fs: Ignoring removed nomblk_io_submit option
[   67.242202][ T5288] EXT4-fs (loop0): 1 truncate cleaned up
[   67.260834][ T5293] EXT4-fs: Ignoring removed nobh option
[   67.266644][   T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   67.277175][   T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   67.287858][   T51] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   67.307030][ T5288] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[   67.313688][ T5288] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   67.321256][ T5288] vhci_hcd vhci_hcd.0: Device attached
[   67.342204][ T5301] vhci_hcd: connection closed
[   67.348344][   T37] vhci_hcd: stop threads
[   67.357397][   T37] vhci_hcd: release socket
[   67.361864][   T37] vhci_hcd: disconnect device
[   67.565029][ T3370] hid-generic 0000:0000:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   67.670994][ T5325] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5325 comm=syz.4.640
[   67.829856][ T5293] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.627: Allocating blocks 1-17 which overlap fs metadata
[   67.869737][ T5307] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.627: Allocating blocks 1-17 which overlap fs metadata
[   68.022682][ T3370] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   68.139393][ T5359] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5359 comm=syz.4.651
[   68.198251][ T5359] bond2: entered promiscuous mode
[   68.216318][ T5359] 8021q: adding VLAN 0 to HW filter on device bond2
[   68.291518][ T5366] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   68.387299][ T5359] bond2 (unregistering): Released all slaves
[   68.523344][ T5374] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.577613][ T5379] loop1: detected capacity change from 0 to 512
[   68.593226][ T5374] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.613649][ T5379] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   68.631548][ T5379] EXT4-fs (loop1): orphan cleanup on readonly fs
[   68.644176][ T5374] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.656567][ T5379] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.655: corrupted inode contents
[   68.690307][ T5379] EXT4-fs (loop1): Remounting filesystem read-only
[   68.698010][ T5379] EXT4-fs (loop1): 1 truncate cleaned up
[   68.704038][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   68.714655][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   68.731634][   T31] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   68.749179][ T5383] loop3: detected capacity change from 0 to 512
[   68.756385][ T5374] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.773856][ T5379] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[   68.780558][ T5379] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   68.788159][ T5379] vhci_hcd vhci_hcd.0: Device attached
[   68.812071][ T5389] vhci_hcd: connection closed
[   68.812251][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.814583][   T31] vhci_hcd: stop threads
[   68.828639][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.829704][   T31] vhci_hcd: release socket
[   68.829715][   T31] vhci_hcd: disconnect device
[   68.835584][ T5392] loop0: detected capacity change from 0 to 1024
[   68.855033][ T5392] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.862446][ T5392] EXT4-fs: Ignoring removed nobh option
[   68.868739][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.884082][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.904692][ T4512] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   68.906321][ T3474] hid-generic 0000:0000:0000.0018: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   69.097844][   T29] kauditd_printk_skb: 1029 callbacks suppressed
[   69.097863][   T29] audit: type=1326 audit(1759443805.272:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5417 comm="syz.3.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   69.130512][   T29] audit: type=1326 audit(1759443805.272:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5417 comm="syz.3.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   69.153965][   T29] audit: type=1326 audit(1759443805.272:3998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5417 comm="syz.3.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   69.177340][   T29] audit: type=1326 audit(1759443805.289:3999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5417 comm="syz.3.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   69.200810][   T29] audit: type=1326 audit(1759443805.309:4000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5408 comm="syz.4.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   69.224330][   T29] audit: type=1326 audit(1759443805.309:4001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5408 comm="syz.4.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   69.248309][   T29] audit: type=1326 audit(1759443805.429:4002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5408 comm="syz.4.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   69.271845][   T29] audit: type=1326 audit(1759443805.429:4003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5408 comm="syz.4.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   69.295466][   T29] audit: type=1326 audit(1759443805.429:4004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5408 comm="syz.4.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   69.318996][   T29] audit: type=1326 audit(1759443805.429:4005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5408 comm="syz.4.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4758d0eec9 code=0x7ffc0000
[   69.395341][ T5424] loop3: detected capacity change from 0 to 512
[   69.425609][ T5424] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   69.485119][ T5424] EXT4-fs (loop3): orphan cleanup on readonly fs
[   69.497050][ T3305] EXT4-fs unmount: 40 callbacks suppressed
[   69.497066][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.531327][ T5424] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.670: corrupted inode contents
[   69.558876][ T5424] EXT4-fs (loop3): Remounting filesystem read-only
[   69.566137][ T5424] EXT4-fs (loop3): 1 truncate cleaned up
[   69.572146][   T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   69.582763][   T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   69.603545][   T37] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[   69.620067][ T5424] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   69.666286][ T4512] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   69.686616][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.703551][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.738700][ T5447] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5447 comm=syz.0.672
[   69.814563][ T5453] loop0: detected capacity change from 0 to 2048
[   69.821272][ T5455] loop1: detected capacity change from 0 to 512
[   69.868413][ T5453] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.889612][ T5455] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   69.897821][ T5455] EXT4-fs (loop1): orphan cleanup on readonly fs
[   69.921441][ T5455] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.680: corrupted inode contents
[   69.933698][ T5455] EXT4-fs (loop1): Remounting filesystem read-only
[   69.940281][ T5455] EXT4-fs (loop1): 1 truncate cleaned up
[   69.940358][ T5465] loop3: detected capacity change from 0 to 1024
[   69.949187][ T5443] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=5443 comm=syz.4.676
[   69.952749][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   69.975705][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   69.995465][ T5467] loop2: detected capacity change from 0 to 512
[   70.003390][ T5465] EXT4-fs: Ignoring removed nomblk_io_submit option
[   70.010177][ T5465] EXT4-fs: Ignoring removed nobh option
[   70.028267][   T37] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   70.045499][ T5465] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.080469][ T5455] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   70.224790][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.313768][ T5482] FAULT_INJECTION: forcing a failure.
[   70.313768][ T5482] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.326922][ T5482] CPU: 1 UID: 0 PID: 5482 Comm: syz.0.685 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.326955][ T5482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   70.326970][ T5482] Call Trace:
[   70.326978][ T5482]  <TASK>
[   70.326987][ T5482]  __dump_stack+0x1d/0x30
[   70.327048][ T5482]  dump_stack_lvl+0xe8/0x140
[   70.327073][ T5482]  dump_stack+0x15/0x1b
[   70.327092][ T5482]  should_fail_ex+0x265/0x280
[   70.327115][ T5482]  should_fail+0xb/0x20
[   70.327134][ T5482]  should_fail_usercopy+0x1a/0x20
[   70.327191][ T5482]  _copy_from_user+0x1c/0xb0
[   70.327226][ T5482]  vt_ioctl+0xf54/0x1880
[   70.327263][ T5482]  ? tty_jobctrl_ioctl+0x29e/0x810
[   70.327318][ T5482]  tty_ioctl+0x7d8/0xb80
[   70.327335][ T5482]  ? __pfx_tty_ioctl+0x10/0x10
[   70.327351][ T5482]  __se_sys_ioctl+0xce/0x140
[   70.327441][ T5482]  __x64_sys_ioctl+0x43/0x50
[   70.327466][ T5482]  x64_sys_call+0x1816/0x3000
[   70.327486][ T5482]  do_syscall_64+0xd2/0x200
[   70.327508][ T5482]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.327576][ T5482]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   70.327655][ T5482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.327682][ T5482] RIP: 0033:0x7f62856beec9
[   70.327700][ T5482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.327717][ T5482] RSP: 002b:00007f628411f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.327736][ T5482] RAX: ffffffffffffffda RBX: 00007f6285915fa0 RCX: 00007f62856beec9
[   70.327773][ T5482] RDX: 0000200000000040 RSI: 0000000000004b67 RDI: 0000000000000003
[   70.327854][ T5482] RBP: 00007f628411f090 R08: 0000000000000000 R09: 0000000000000000
[   70.327867][ T5482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.327881][ T5482] R13: 00007f6285916038 R14: 00007f6285915fa0 R15: 00007ffdf9051468
[   70.327904][ T5482]  </TASK>
[   70.540221][ T5474] __nla_validate_parse: 13 callbacks suppressed
[   70.540240][ T5474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.684'.
[   70.565417][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.645540][ T5492] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5492 comm=syz.0.689
[   70.690390][ T5498] netlink: 68 bytes leftover after parsing attributes in process `syz.0.692'.
[   70.715311][ T5500] netlink: 32 bytes leftover after parsing attributes in process `syz.2.693'.
[   70.724363][ T5500] netlink: 56 bytes leftover after parsing attributes in process `syz.2.693'.
[   70.778658][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.853907][ T5513] loop1: detected capacity change from 0 to 1024
[   70.854347][ T5513] EXT4-fs: Ignoring removed nomblk_io_submit option
[   70.906834][ T5514] netlink: 24 bytes leftover after parsing attributes in process `syz.4.697'.
[   70.907267][ T5514] random: crng reseeded on system resumption
[   70.918924][ T5513] EXT4-fs: Ignoring removed nobh option
[   70.934310][ T5513] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.170045][ T5525] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=5525 comm=syz.0.698
[   71.554420][ T5513] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.694: Allocating blocks 1-17 which overlap fs metadata
[   71.570698][ T5523] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.694: Allocating blocks 1-17 which overlap fs metadata
[   71.664218][ T5513] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.694: Allocating blocks 1-17 which overlap fs metadata
[   71.704025][ T5523] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.694: Allocating blocks 1-17 which overlap fs metadata
[   71.730454][ T5535] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5535 comm=syz.4.702
[   71.847055][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.894298][ T5548] netlink: 68 bytes leftover after parsing attributes in process `syz.1.707'.
[   71.944425][ T5549] loop4: detected capacity change from 0 to 1024
[   71.954944][ T5549] EXT4-fs: Ignoring removed nomblk_io_submit option
[   71.969421][ T5549] EXT4-fs: Ignoring removed nobh option
[   71.975740][ T5539] netlink: 4 bytes leftover after parsing attributes in process `syz.0.704'.
[   72.004632][ T5549] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.084982][ T5565] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5565 comm=syz.0.714
[   72.247575][ T5579] netlink: 68 bytes leftover after parsing attributes in process `syz.2.718'.
[   72.472882][ T5584] netlink: 4 bytes leftover after parsing attributes in process `syz.3.724'.
[   72.544339][ T5549] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.706: Allocating blocks 1-17 which overlap fs metadata
[   72.559911][ T5566] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.706: Allocating blocks 1-17 which overlap fs metadata
[   72.575503][ T5601] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5601 comm=syz.1.725
[   72.598090][ T5599] loop2: detected capacity change from 0 to 2048
[   72.601383][ T5594] syz.0.721 (5594) used greatest stack depth: 9336 bytes left
[   72.624240][ T5599] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.691716][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.737947][ T5618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5618 comm=syz.0.733
[   72.782749][ T5618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.733'.
[   72.807215][ T5618] bond1: entered promiscuous mode
[   72.824867][ T5618] 8021q: adding VLAN 0 to HW filter on device bond1
[   72.841564][ T5618] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   72.856504][ T5618] bond1 (unregistering): Released all slaves
[   72.880634][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.891425][ T5632] FAULT_INJECTION: forcing a failure.
[   72.891425][ T5632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.904698][ T5632] CPU: 0 UID: 0 PID: 5632 Comm: syz.3.738 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.904734][ T5632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   72.904790][ T5632] Call Trace:
[   72.904798][ T5632]  <TASK>
[   72.904807][ T5632]  __dump_stack+0x1d/0x30
[   72.904832][ T5632]  dump_stack_lvl+0xe8/0x140
[   72.904922][ T5632]  dump_stack+0x15/0x1b
[   72.904945][ T5632]  should_fail_ex+0x265/0x280
[   72.904974][ T5632]  should_fail+0xb/0x20
[   72.905011][ T5632]  should_fail_usercopy+0x1a/0x20
[   72.905112][ T5632]  _copy_from_iter+0xd2/0xe80
[   72.905145][ T5632]  ? __build_skb_around+0x1a0/0x200
[   72.905168][ T5632]  ? __alloc_skb+0x223/0x320
[   72.905191][ T5632]  netlink_sendmsg+0x471/0x6b0
[   72.905229][ T5632]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.905319][ T5632]  __sock_sendmsg+0x142/0x180
[   72.905349][ T5632]  ____sys_sendmsg+0x31e/0x4e0
[   72.905428][ T5632]  ___sys_sendmsg+0x17b/0x1d0
[   72.905464][ T5632]  __x64_sys_sendmsg+0xd4/0x160
[   72.905492][ T5632]  x64_sys_call+0x191e/0x3000
[   72.905648][ T5632]  do_syscall_64+0xd2/0x200
[   72.905672][ T5632]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   72.905782][ T5632]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   72.905811][ T5632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.905832][ T5632] RIP: 0033:0x7f70e222eec9
[   72.905853][ T5632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.905876][ T5632] RSP: 002b:00007f70e0c97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   72.905899][ T5632] RAX: ffffffffffffffda RBX: 00007f70e2485fa0 RCX: 00007f70e222eec9
[   72.905971][ T5632] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000008
[   72.905984][ T5632] RBP: 00007f70e0c97090 R08: 0000000000000000 R09: 0000000000000000
[   72.905995][ T5632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.906005][ T5632] R13: 00007f70e2486038 R14: 00007f70e2485fa0 R15: 00007fff3b43b178
[   72.906039][ T5632]  </TASK>
[   73.296563][ T5650] loop3: detected capacity change from 0 to 1024
[   73.307028][ T5652] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=5652 comm=syz.2.746
[   73.319979][ T5650] EXT4-fs: Ignoring removed nomblk_io_submit option
[   73.328202][ T5650] EXT4-fs: Ignoring removed nobh option
[   73.344085][ T5650] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.417862][ T5657] loop0: detected capacity change from 0 to 512
[   73.429276][ T5660] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.742: Allocating blocks 497-513 which overlap fs metadata
[   73.461065][ T5664] loop1: detected capacity change from 0 to 512
[   73.468031][ T5664] EXT4-fs: Ignoring removed oldalloc option
[   73.484412][ T5667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5667 comm=syz.2.751
[   73.487799][ T5664] EXT4-fs (loop1): 1 truncate cleaned up
[   73.512470][ T5667] bond1: entered promiscuous mode
[   73.512987][ T5664] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.518032][ T5667] 8021q: adding VLAN 0 to HW filter on device bond1
[   73.547550][ T5667] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   73.570270][ T5667] bond1 (unregistering): Released all slaves
[   73.581095][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.633032][ T5677] loop1: detected capacity change from 0 to 512
[   73.657236][ T5677] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   73.687484][ T5677] EXT4-fs (loop1): orphan cleanup on readonly fs
[   73.713155][ T5677] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.752: corrupted inode contents
[   73.746741][ T5677] EXT4-fs (loop1): Remounting filesystem read-only
[   73.753465][ T5677] EXT4-fs (loop1): 1 truncate cleaned up
[   73.759607][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   73.770262][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   73.781027][   T37] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   73.791662][ T5677] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   73.809487][ T5677] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[   73.816033][ T5677] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   73.823641][ T5677] vhci_hcd vhci_hcd.0: Device attached
[   73.858071][ T5686] vhci_hcd: connection closed
[   73.858262][   T37] vhci_hcd: stop threads
[   73.867361][   T37] vhci_hcd: release socket
[   73.871889][   T37] vhci_hcd: disconnect device
[   73.894735][ T5650] EXT4-fs (loop3): pa ffff888106aada10: logic 16, phys. 145, len 23
[   73.902850][ T5650] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   74.068516][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.120275][   T29] kauditd_printk_skb: 947 callbacks suppressed
[   74.120293][   T29] audit: type=1326 audit(1759444834.293:4935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5702 comm="syz.3.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   74.150030][   T29] audit: type=1326 audit(1759444834.293:4936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5702 comm="syz.3.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   74.173426][   T29] audit: type=1326 audit(1759444834.303:4937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5702 comm="syz.3.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   74.197073][   T29] audit: type=1326 audit(1759444834.313:4938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5702 comm="syz.3.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   74.202520][ T5707] loop3: detected capacity change from 0 to 512
[   74.225481][   T29] audit: type=1400 audit(1759444834.343:4939): avc:  denied  { getopt } for  pid=5704 comm="syz.3.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   74.285197][   T29] audit: type=1400 audit(1759444834.463:4940): avc:  denied  { read write } for  pid=5710 comm="syz.3.765" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   74.287149][ T4511] hid_parser_main: 239 callbacks suppressed
[   74.287172][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x1
[   74.308726][   T29] audit: type=1400 audit(1759444834.463:4941): avc:  denied  { open } for  pid=5710 comm="syz.3.765" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   74.314533][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.352545][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.360033][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.367442][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.374883][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.382482][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.389964][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.397387][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[   74.404793][ T4511] hid-generic 0000:0000:0000.001A: unknown main item tag 0x2
[   74.414064][ T4511] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   74.440332][   T29] audit: type=1326 audit(1759444834.613:4942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5672 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4758d0eec9 code=0x7fc00000
[   74.465013][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.508755][ T3474] hid-generic 0000:0000:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   74.553489][   T29] audit: type=1326 audit(1759444834.663:4943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5713 comm="syz.3.767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   74.577005][   T29] audit: type=1326 audit(1759444834.663:4944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5713 comm="syz.3.767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   74.690794][ T5731] loop0: detected capacity change from 0 to 1024
[   74.698509][ T5731] EXT4-fs: Ignoring removed nomblk_io_submit option
[   74.705358][ T5731] EXT4-fs: Ignoring removed nobh option
[   74.719878][ T5734] loop3: detected capacity change from 0 to 512
[   74.734726][ T5731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.829336][ T3474] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   74.865548][ T5750] loop3: detected capacity change from 0 to 2048
[   74.909088][ T5750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.987304][ T5765] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.771: Allocating blocks 497-513 which overlap fs metadata
[   75.039494][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.138370][ T5773] loop1: detected capacity change from 0 to 512
[   75.347745][ T3907] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   75.434409][ T5792] FAULT_INJECTION: forcing a failure.
[   75.434409][ T5792] name failslab, interval 1, probability 0, space 0, times 0
[   75.443836][ T5731] EXT4-fs (loop0): pa ffff888106aada80: logic 16, phys. 145, len 23
[   75.447134][ T5792] CPU: 1 UID: 0 PID: 5792 Comm: wÞ£ÿ Not tainted syzkaller #0 PREEMPT(voluntary) 
[   75.447159][ T5792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   75.447249][ T5792] Call Trace:
[   75.447257][ T5792]  <TASK>
[   75.447267][ T5792]  __dump_stack+0x1d/0x30
[   75.447295][ T5792]  dump_stack_lvl+0xe8/0x140
[   75.447338][ T5792]  dump_stack+0x15/0x1b
[   75.447405][ T5792]  should_fail_ex+0x265/0x280
[   75.447495][ T5792]  should_failslab+0x8c/0xb0
[   75.447521][ T5792]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   75.447559][ T5792]  ? sidtab_sid2str_get+0xa0/0x130
[   75.447721][ T5792]  kmemdup_noprof+0x2b/0x70
[   75.447802][ T5792]  sidtab_sid2str_get+0xa0/0x130
[   75.447846][ T5792]  security_sid_to_context_core+0x1eb/0x2e0
[   75.447891][ T5792]  security_sid_to_context+0x27/0x40
[   75.447957][ T5792]  selinux_lsmprop_to_secctx+0x67/0xf0
[   75.448002][ T5792]  security_lsmprop_to_secctx+0x1a3/0x1c0
[   75.448099][ T5792]  audit_log_subj_ctx+0xa4/0x3e0
[   75.448126][ T5792]  ? skb_put+0xa9/0xf0
[   75.448158][ T5792]  audit_log_task_context+0x48/0x70
[   75.448185][ T5792]  audit_log_task+0xf4/0x250
[   75.448295][ T5792]  ? kstrtouint+0x76/0xc0
[   75.448342][ T5792]  audit_seccomp+0x61/0x100
[   75.448398][ T5792]  ? __seccomp_filter+0x82d/0x1250
[   75.448459][ T5792]  __seccomp_filter+0x83e/0x1250
[   75.448530][ T5792]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   75.448563][ T5792]  ? vfs_write+0x7e8/0x960
[   75.448607][ T5792]  ? __rcu_read_unlock+0x4f/0x70
[   75.448642][ T5792]  ? __fget_files+0x184/0x1c0
[   75.448728][ T5792]  __secure_computing+0x82/0x150
[   75.448768][ T5792]  syscall_trace_enter+0xcf/0x1e0
[   75.448806][ T5792]  do_syscall_64+0xac/0x200
[   75.448832][ T5792]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   75.448877][ T5792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.448970][ T5792] RIP: 0033:0x7f70e222eec9
[   75.448990][ T5792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.449083][ T5792] RSP: 002b:00007f70e0c97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[   75.449109][ T5792] RAX: ffffffffffffffda RBX: 00007f70e2485fa0 RCX: 00007f70e222eec9
[   75.449127][ T5792] RDX: 000000000000000a RSI: 00002000000005c0 RDI: 000000000000000a
[   75.449144][ T5792] RBP: 00007f70e0c97090 R08: ffffffffffffffff R09: 0000000000000000
[   75.449161][ T5792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.449178][ T5792] R13: 00007f70e2486038 R14: 00007f70e2485fa0 R15: 00007fff3b43b178
[   75.449244][ T5792]  </TASK>
[   75.707311][ T5731] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   75.745554][ T5795] loop3: detected capacity change from 0 to 2048
[   75.773459][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.812859][ T5795] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.889896][ T5808] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5808 comm=syz.2.800
[   75.908830][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.944124][ T5808] __nla_validate_parse: 11 callbacks suppressed
[   75.944143][ T5808] netlink: 14 bytes leftover after parsing attributes in process `syz.2.800'.
[   76.024515][ T5817] loop3: detected capacity change from 0 to 512
[   76.095385][ T5806] 8021q: adding VLAN 0 to HW filter on device bond1
[   76.105309][ T5806] bond0: (slave bond1): Enslaving as an active interface with an up link
[   76.150037][ T5831] FAULT_INJECTION: forcing a failure.
[   76.150037][ T5831] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   76.163183][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz.4.808 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.163324][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   76.163336][ T5831] Call Trace:
[   76.163341][ T5831]  <TASK>
[   76.163347][ T5831]  __dump_stack+0x1d/0x30
[   76.163420][ T5831]  dump_stack_lvl+0xe8/0x140
[   76.163444][ T5831]  dump_stack+0x15/0x1b
[   76.163464][ T5831]  should_fail_ex+0x265/0x280
[   76.163588][ T5831]  should_fail+0xb/0x20
[   76.163613][ T5831]  should_fail_usercopy+0x1a/0x20
[   76.163650][ T5831]  _copy_from_user+0x1c/0xb0
[   76.163686][ T5831]  __se_sys_mount+0x10d/0x2e0
[   76.163756][ T5831]  ? fput+0x8f/0xc0
[   76.163786][ T5831]  ? ksys_write+0x192/0x1a0
[   76.163829][ T5831]  __x64_sys_mount+0x67/0x80
[   76.163923][ T5831]  x64_sys_call+0x2b51/0x3000
[   76.163951][ T5831]  do_syscall_64+0xd2/0x200
[   76.163973][ T5831]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   76.163999][ T5831]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   76.164166][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.164188][ T5831] RIP: 0033:0x7f4758d0eec9
[   76.164202][ T5831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.164234][ T5831] RSP: 002b:00007f475776f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.164381][ T5831] RAX: ffffffffffffffda RBX: 00007f4758f65fa0 RCX: 00007f4758d0eec9
[   76.164395][ T5831] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000
[   76.164410][ T5831] RBP: 00007f475776f090 R08: 0000200000000240 R09: 0000000000000000
[   76.164425][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.164440][ T5831] R13: 00007f4758f66038 R14: 00007f4758f65fa0 R15: 00007fff8d8eb808
[   76.164464][ T5831]  </TASK>
[   76.371060][ T5837] loop3: detected capacity change from 0 to 1024
[   76.388997][ T5838] loop2: detected capacity change from 0 to 2048
[   76.420279][ T5837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.444468][ T4511] kernel write not supported for file bpf-prog (pid: 4511 comm: kworker/1:6)
[   76.457479][ T5846] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5846 comm=syz.4.815
[   76.483539][ T5838] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.508979][ T5846] netlink: 14 bytes leftover after parsing attributes in process `syz.4.815'.
[   76.518045][ T5846] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.562591][ T5840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.814'.
[   76.643199][ T1036] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   76.666269][ T5834] SELinux: ebitmap start bit (1) is not a multiple of the map unit size (64)
[   76.690601][ T5834] SELinux: failed to load policy
[   76.699618][ T5860] netlink: 32 bytes leftover after parsing attributes in process `syz.4.819'.
[   76.708543][ T5860] netlink: 56 bytes leftover after parsing attributes in process `syz.4.819'.
[   76.759283][ T5861] netlink: 4 bytes leftover after parsing attributes in process `syz.1.817'.
[   76.831292][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.896731][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.904765][ T5870] loop3: detected capacity change from 0 to 512
[   76.981997][ T3384] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   76.999625][ T5880] netlink: 44 bytes leftover after parsing attributes in process `syz.3.825'.
[   77.043183][ T5884] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5884 comm=syz.1.826
[   77.089887][ T5884] netlink: 14 bytes leftover after parsing attributes in process `syz.1.826'.
[   77.105784][ T3474] hid-generic 0000:0000:0000.0020: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   77.207400][ T5893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.827'.
[   77.227108][ T5897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.830'.
[   77.343871][ T5910] loop0: detected capacity change from 0 to 512
[   77.427475][ T3474] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   77.567153][ T5926] mmap: syz.3.840 (5926) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   77.589524][ T5926] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.615291][ T3384] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   77.734234][ T3474] hid-generic 0000:0000:0000.0023: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   78.177445][ T5944] hsr0: entered promiscuous mode
[   78.186817][ T3907] hid-generic 0000:0000:0000.0024: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   78.191797][ T5944] macvtap1: entered promiscuous mode
[   78.201898][ T5944] macvtap1: entered allmulticast mode
[   78.207289][ T5944] hsr0: entered allmulticast mode
[   78.212432][ T5944] hsr_slave_0: entered allmulticast mode
[   78.218081][ T5944] hsr_slave_1: entered allmulticast mode
[   78.241893][ T5944] hsr0: left allmulticast mode
[   78.246709][ T5944] hsr_slave_0: left allmulticast mode
[   78.252132][ T5944] hsr_slave_1: left allmulticast mode
[   78.317839][ T5986] netlink: 'syz.1.866': attribute type 39 has an invalid length.
[   78.361220][ T1036] kernel write not supported for file bpf-prog (pid: 1036 comm: kworker/0:2)
[   78.375450][ T5989] macsec1: entered promiscuous mode
[   78.380695][ T5989] bridge0: entered promiscuous mode
[   78.405388][ T5989] bridge0: port 3(macsec1) entered blocking state
[   78.411964][ T5989] bridge0: port 3(macsec1) entered disabled state
[   78.431445][ T5989] macsec1: entered allmulticast mode
[   78.436874][ T5989] bridge0: entered allmulticast mode
[   78.444414][ T5981] SELinux: ebitmap start bit (1) is not a multiple of the map unit size (64)
[   78.444524][ T5989] macsec1: left allmulticast mode
[   78.458348][ T5989] bridge0: left allmulticast mode
[   78.460803][ T5981] SELinux: failed to load policy
[   78.493145][ T5989] bridge0: left promiscuous mode
[   78.509021][ T5999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=5999 comm=syz.4.871
[   78.532155][ T5999] bond2: entered promiscuous mode
[   78.548201][ T6004] loop2: detected capacity change from 0 to 1024
[   78.563948][ T6004] EXT4-fs: Ignoring removed nomblk_io_submit option
[   78.570832][ T6004] EXT4-fs: Ignoring removed nobh option
[   78.577103][ T5999] 8021q: adding VLAN 0 to HW filter on device bond2
[   78.596946][ T6001] loop3: detected capacity change from 0 to 2048
[   78.610782][ T5999] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   78.648663][ T6004] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.663168][ T6001] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.668022][ T5999] bond2 (unregistering): Released all slaves
[   78.692570][ T6004] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.869: Allocating blocks 385-513 which overlap fs metadata
[   79.067679][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.083450][ T6033] SELinux:  Context system_u:object_r:tmp_t:s0 is not valid (left unmapped).
[   79.125453][   T29] kauditd_printk_skb: 651 callbacks suppressed
[   79.125467][   T29] audit: type=1326 audit(1759445351.310:5595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   79.198349][   T29] audit: type=1326 audit(1759445351.350:5596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   79.221926][   T29] audit: type=1326 audit(1759445351.350:5597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   79.245526][   T29] audit: type=1326 audit(1759445351.350:5598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   79.268895][   T29] audit: type=1326 audit(1759445351.350:5599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f70e222d710 code=0x7ffc0000
[   79.292516][   T29] audit: type=1326 audit(1759445351.350:5600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f70e22306f7 code=0x7ffc0000
[   79.316091][   T29] audit: type=1326 audit(1759445351.350:5601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   79.339532][   T29] audit: type=1326 audit(1759445351.350:5602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f70e22306f7 code=0x7ffc0000
[   79.362916][   T29] audit: type=1326 audit(1759445351.350:5603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f70e222db2a code=0x7ffc0000
[   79.386155][   T29] audit: type=1326 audit(1759445351.350:5604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6034 comm="syz.3.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   79.390643][ T5995] EXT4-fs (loop2): pa ffff888106aad9a0: logic 16, phys. 129, len 24
[   79.417544][ T5995] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   79.465062][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.526349][ T4511] hid_parser_main: 399 callbacks suppressed
[   79.526370][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.539863][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.547291][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.554707][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.562128][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.569519][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x2
[   79.576930][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.584403][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.591870][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x4
[   79.599266][ T4511] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[   79.608107][ T4511] hid-generic 0000:0000:0000.0025: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   79.807299][ T6069] loop0: detected capacity change from 0 to 2048
[   79.853721][ T6069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.036152][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.054706][ T6081] loop2: detected capacity change from 0 to 1024
[   80.065035][ T6085] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=6085 comm=syz.1.896
[   80.091904][ T6081] EXT4-fs: Ignoring removed nomblk_io_submit option
[   80.098678][ T6081] EXT4-fs: Ignoring removed nobh option
[   80.141164][ T6085] bond1: entered promiscuous mode
[   80.146725][ T6085] 8021q: adding VLAN 0 to HW filter on device bond1
[   80.160343][ T6085] bond1 (unregistering): Released all slaves
[   80.173167][ T6081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.195294][ T6097] loop0: detected capacity change from 0 to 512
[   80.224507][ T6081] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.892: Allocating blocks 385-513 which overlap fs metadata
[   80.252130][ T6097] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   80.264782][ T6097] EXT4-fs (loop0): orphan cleanup on readonly fs
[   80.272873][ T6097] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.900: corrupted inode contents
[   80.303858][ T6097] EXT4-fs (loop0): Remounting filesystem read-only
[   80.326057][ T6097] EXT4-fs (loop0): 1 truncate cleaned up
[   80.331940][ T3415] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   80.342546][ T3415] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   80.396549][ T3415] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   80.415354][ T6097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   80.430256][ T6097] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[   80.436805][ T6097] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   80.444492][ T6097] vhci_hcd vhci_hcd.0: Device attached
[   80.466755][ T6112] vhci_hcd: connection closed
[   80.466980][   T31] vhci_hcd: stop threads
[   80.476150][   T31] vhci_hcd: release socket
[   80.480573][   T31] vhci_hcd: disconnect device
[   80.579554][ T3370] hid-generic 0000:0000:0000.0026: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   80.717240][ T4511] hid-generic 0000:0000:0000.0027: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   80.762448][ T4511] hid-generic 0000:0000:0000.0028: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   80.768533][ T6119] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=6119 comm=syz.4.905
[   80.817459][ T6076] EXT4-fs (loop2): pa ffff888106aadaf0: logic 16, phys. 129, len 24
[   80.822360][ T4511] hid-generic 0000:0000:0000.0029: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   80.825542][ T6076] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   80.864973][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.924628][ T3474] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   81.009373][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.039880][ T6158] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6158 comm=syz.0.916
[   81.098427][ T6159] __nla_validate_parse: 19 callbacks suppressed
[   81.098443][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.915'.
[   81.128646][ T6145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.912'.
[   81.148728][ T4511] hid-generic 0000:0000:0000.002B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   81.288099][ T3370] hid-generic 0000:0000:0000.002C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   81.326532][ T6175] loop0: detected capacity change from 0 to 2048
[   81.354476][ T6185] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=6185 comm=syz.4.933
[   81.368997][ T6175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.389647][ T6185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.933'.
[   81.404789][ T6185] bond2: entered promiscuous mode
[   81.408747][ T4511] hid-generic 0000:0000:0000.002D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   81.410242][ T6185] 8021q: adding VLAN 0 to HW filter on device bond2
[   81.441379][ T6185] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x7
[   81.453320][ T6185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.933'.
[   81.474578][ T6185] bond2 (unregistering): Released all slaves
[   81.475375][ T6197] netlink: 44 bytes leftover after parsing attributes in process `syz.3.937'.
[   81.667354][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.696526][ T6211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.940'.
[   81.765883][ T3474] kernel write not supported for file bpf-prog (pid: 3474 comm: kworker/0:6)
[   81.885094][ T3474] hid-generic 0000:0000:0000.002E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   81.895317][ T6235] loop4: detected capacity change from 0 to 1024
[   81.903310][ T6235] EXT4-fs: Ignoring removed nomblk_io_submit option
[   81.910154][ T6235] EXT4-fs: Ignoring removed nobh option
[   81.943030][ T6235] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.974194][ T6235] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.950: Allocating blocks 385-513 which overlap fs metadata
[   82.057039][ T3370] kernel write not supported for file bpf-prog (pid: 3370 comm: kworker/0:3)
[   82.093708][ T6246] netlink: 4 bytes leftover after parsing attributes in process `syz.0.957'.
[   82.226153][ T6263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.963'.
[   82.283928][ T6273] SELinux: syz.0.968 (6273) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   82.363425][ T6281] netlink: 'syz.1.971': attribute type 39 has an invalid length.
[   82.410407][ T3370] kernel write not supported for file bpf-prog (pid: 3370 comm: kworker/0:3)
[   82.623285][ T6293] loop1: detected capacity change from 0 to 512
[   82.655416][ T6227] EXT4-fs (loop4): pa ffff888106aadb60: logic 16, phys. 129, len 24
[   82.663500][ T6227] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   82.699927][ T6293] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   82.726362][ T6293] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.976: invalid indirect mapped block 2683928664 (level 1)
[   82.754276][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.776212][ T6293] EXT4-fs (loop1): 1 truncate cleaned up
[   82.796032][ T6293] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.816705][ T6293] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.901617][ T6295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.977'.
[   82.917156][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.978'.
[   83.454740][ T6322] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=6322 comm=syz.3.985
[   83.749987][ T6336] netlink: 'syz.1.989': attribute type 39 has an invalid length.
[   84.131383][   T29] kauditd_printk_skb: 913 callbacks suppressed
[   84.131400][   T29] audit: type=1326 audit(1759445868.303:6512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.212453][   T29] audit: type=1326 audit(1759445868.333:6513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.235864][   T29] audit: type=1326 audit(1759445868.333:6514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.259249][   T29] audit: type=1326 audit(1759445868.343:6515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.282604][   T29] audit: type=1326 audit(1759445868.343:6516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.305934][   T29] audit: type=1326 audit(1759445868.343:6517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.329436][   T29] audit: type=1326 audit(1759445868.343:6518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.352832][   T29] audit: type=1326 audit(1759445868.343:6519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.376190][   T29] audit: type=1326 audit(1759445868.343:6520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.399518][   T29] audit: type=1326 audit(1759445868.343:6521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6339 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e222eec9 code=0x7ffc0000
[   84.464052][ T6357] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6357 comm=syz.3.997
[   84.533017][ T6364] SELinux: syz.2.1000 (6364) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   84.568767][ T6369] netlink: 'syz.4.1003': attribute type 39 has an invalid length.
[   84.699833][ T6379] loop3: detected capacity change from 0 to 1024
[   84.707727][ T6379] EXT4-fs: Ignoring removed nomblk_io_submit option
[   84.714606][ T6379] EXT4-fs: Ignoring removed nobh option
[   84.739072][ T6379] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.762728][ T6379] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1006: Allocating blocks 385-513 which overlap fs metadata
[   85.060296][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.070458][ T6398] gretap0: refused to change device tx_queue_len
[   85.077626][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.093295][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.102963][ T6398] gretap0: refused to change device tx_queue_len
[   85.109772][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.126865][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.138874][ T6398] gretap0: refused to change device tx_queue_len
[   85.145631][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.161414][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.170034][ T6398] gretap0: refused to change device tx_queue_len
[   85.177089][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.192870][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.202453][ T6398] gretap0: refused to change device tx_queue_len
[   85.209447][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.225564][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.234609][ T6398] gretap0: refused to change device tx_queue_len
[   85.241392][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.257103][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.266241][ T6398] gretap0: refused to change device tx_queue_len
[   85.273083][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.288731][ T6398] netlink: '+}[@': attribute type 13 has an invalid length.
[   85.297789][ T6398] gretap0: refused to change device tx_queue_len
[   85.304775][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.321924][ T6398] gretap0: refused to change device tx_queue_len
[   85.328610][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.345854][ T6398] gretap0: refused to change device tx_queue_len
[   85.352753][ T6398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   85.369759][ T6398] gretap0: refused to change device tx_queue_len
[   85.380250][ T6398] gretap0: refused to change device tx_queue_len
[   85.386996][ T6401] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6401 comm=syz.1.1012
[   85.399583][ T6398] gretap0: refused to change device tx_queue_len
[   85.407977][ T6398] gretap0: refused to change device tx_queue_len
[   85.416775][ T6398] gretap0: refused to change device tx_queue_len
[   85.425653][ T6398] gretap0: refused to change device tx_queue_len
[   85.434175][ T6398] gretap0: refused to change device tx_queue_len
[   85.442397][ T6398] gretap0: refused to change device tx_queue_len
[   85.451166][ T6398] gretap0: refused to change device tx_queue_len
[   85.460060][ T6398] gretap0: refused to change device tx_queue_len
[   85.468696][ T6398] gretap0: refused to change device tx_queue_len
[   85.477290][ T6398] gretap0: refused to change device tx_queue_len
[   85.477620][ T6375] EXT4-fs (loop3): pa ffff888106ade690: logic 16, phys. 129, len 24
[   85.491778][ T6375] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   85.501919][ T6398] gretap0: refused to change device tx_queue_len
[   85.510555][ T6398] gretap0: refused to change device tx_queue_len
[   85.519488][ T6398] gretap0: refused to change device tx_queue_len
[   85.527060][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.536244][ T6398] gretap0: refused to change device tx_queue_len
[   85.545916][ T6398] gretap0: refused to change device tx_queue_len
[   85.553918][ T6398] gretap0: refused to change device tx_queue_len
[   85.562632][ T6398] gretap0: refused to change device tx_queue_len
[   85.570872][ T6398] gretap0: refused to change device tx_queue_len
[   85.578963][ T6398] gretap0: refused to change device tx_queue_len
[   85.587354][ T6398] gretap0: refused to change device tx_queue_len
[   85.595660][ T6398] gretap0: refused to change device tx_queue_len
[   85.642949][ T6413] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=6413 comm=syz.3.1018
[   85.669332][ T6413] bond1: entered promiscuous mode
[   85.669489][ T6413] 8021q: adding VLAN 0 to HW filter on device bond1
[   85.686860][ T6413] bond1 (unregistering): Released all slaves
[   85.760229][ T3384] hid_parser_main: 356 callbacks suppressed
[   85.760249][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x1
[   85.773600][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.780999][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.788449][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.795867][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.803293][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.810837][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.818260][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.825759][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[   85.833166][ T3384] hid-generic 0000:0000:0000.002F: unknown main item tag 0x2
[   85.847899][ T3384] hid-generic 0000:0000:0000.002F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   85.896013][ T6434] loop1: detected capacity change from 0 to 512
[   85.912111][ T6434] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   85.920210][ T6434] EXT4-fs (loop1): orphan cleanup on readonly fs
[   85.927868][ T6434] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1026: corrupted inode contents
[   85.940009][ T6434] EXT4-fs (loop1): Remounting filesystem read-only
[   85.946787][ T6434] EXT4-fs (loop1): 1 truncate cleaned up
[   85.952738][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   85.963286][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   85.974009][   T31] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   85.984812][ T6434] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   86.000270][ T6434] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[   86.006865][ T6434] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   86.014481][ T6434] vhci_hcd vhci_hcd.0: Device attached
[   86.036563][ T6437] vhci_hcd: connection closed
[   86.036714][   T12] vhci_hcd: stop threads
[   86.045772][   T12] vhci_hcd: release socket
[   86.050249][   T12] vhci_hcd: disconnect device
[   86.547119][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.566984][ T6442] __nla_validate_parse: 10 callbacks suppressed
[   86.567003][ T6442] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1027'.
[   86.601177][ T3384] hid-generic 0000:0000:0000.0030: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   86.632057][ T6450] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=769 sclass=netlink_route_socket pid=6450 comm=syz.3.1032
[   86.649692][ T6451] loop4: detected capacity change from 0 to 1024
[   86.656723][ T6451] EXT4-fs: Ignoring removed nomblk_io_submit option
[   86.659262][ T6450] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1032'.
[   86.663776][ T6451] EXT4-fs: Ignoring removed nobh option
[   86.686205][ T6450] bond1: entered promiscuous mode
[   86.691541][ T6450] 8021q: adding VLAN 0 to HW filter on device bond1
[   86.703334][ T6451] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.720094][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1032'.
[   86.736701][ T6450] bond1 (unregistering): Released all slaves
[   86.747364][ T6451] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1029: Allocating blocks 497-513 which overlap fs metadata
[   86.792507][ T6455] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1034'.
[   86.869030][ T3384] hid-generic 0000:0000:0000.0031: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   87.029210][ T6471] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=6471 comm=syz.3.1037
[   87.048820][ T6479] FAULT_INJECTION: forcing a failure.
[   87.048820][ T6479] name failslab, interval 1, probability 0, space 0, times 0
[   87.061578][ T6479] CPU: 1 UID: 0 PID: 6479 Comm: syz.1.1040 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   87.061677][ T6479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   87.061723][ T6479] Call Trace:
[   87.061731][ T6479]  <TASK>
[   87.061741][ T6479]  __dump_stack+0x1d/0x30
[   87.061766][ T6479]  dump_stack_lvl+0xe8/0x140
[   87.061790][ T6479]  dump_stack+0x15/0x1b
[   87.061810][ T6479]  should_fail_ex+0x265/0x280
[   87.061914][ T6479]  should_failslab+0x8c/0xb0
[   87.061938][ T6479]  kmem_cache_alloc_noprof+0x50/0x310
[   87.061966][ T6479]  ? security_inode_alloc+0x37/0x100
[   87.061998][ T6479]  security_inode_alloc+0x37/0x100
[   87.062068][ T6479]  inode_init_always_gfp+0x4b7/0x500
[   87.062184][ T6479]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   87.062218][ T6479]  alloc_inode+0x58/0x170
[   87.062251][ T6479]  new_inode+0x1d/0xe0
[   87.062269][ T6479]  shmem_get_inode+0x244/0x750
[   87.062361][ T6479]  __shmem_file_setup+0x113/0x210
[   87.062393][ T6479]  shmem_file_setup+0x3b/0x50
[   87.062428][ T6479]  __se_sys_memfd_create+0x2c3/0x590
[   87.062539][ T6479]  __x64_sys_memfd_create+0x31/0x40
[   87.062585][ T6479]  x64_sys_call+0x2ac2/0x3000
[   87.062605][ T6479]  do_syscall_64+0xd2/0x200
[   87.062623][ T6479]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   87.062709][ T6479]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   87.062741][ T6479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.062811][ T6479] RIP: 0033:0x7f77d775eec9
[   87.062826][ T6479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.062844][ T6479] RSP: 002b:00007f77d61bed68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   87.062926][ T6479] RAX: ffffffffffffffda RBX: 00000000000005bf RCX: 00007f77d775eec9
[   87.062938][ T6479] RDX: 00007f77d61bedec RSI: 0000000000000000 RDI: 00007f77d77e2960
[   87.062953][ T6479] RBP: 0000200000000280 R08: 00007f77d61beb07 R09: 0000000000000000
[   87.062969][ T6479] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[   87.062981][ T6479] R13: 00007f77d61bedec R14: 00007f77d61bedf0 R15: 00007ffd284591d8
[   87.063005][ T6479]  </TASK>
[   87.303885][ T1036] hid-generic 0000:0000:0000.0032: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   87.408463][ T6443] EXT4-fs (loop4): pa ffff888106aadbd0: logic 16, phys. 145, len 23
[   87.416603][ T6443] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   87.451082][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.480090][ T6496] random: crng reseeded on system resumption
[   87.494505][ T1036] hid-generic 0000:0000:0000.0033: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   87.505443][ T6496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   87.515398][ T6496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.587474][ T6493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1046'.
[   87.601998][ T6509] SELinux: syz.4.1052 (6509) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   87.732695][ T6516] SELinux: syz.3.1055 (6516) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   88.290211][ T6519] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17903 sclass=netlink_route_socket pid=6519 comm=syz.1.1056
[   88.479059][ T6522] loop1: detected capacity change from 0 to 2048
[   88.492741][ T6522] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.622955][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.749238][ T6528] loop1: detected capacity change from 0 to 1024
[   88.755995][ T6528] EXT4-fs: Ignoring removed nomblk_io_submit option
[   88.762738][ T6528] EXT4-fs: Ignoring removed nobh option
[   88.772665][ T6528] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.087710][ T6528] ==================================================================
[   89.095842][ T6528] BUG: KCSAN: data-race in page_cache_sync_ra / page_cache_sync_ra
[   89.103765][ T6528] 
[   89.106104][ T6528] write to 0xffff88810881fe10 of 8 bytes by task 6532 on cpu 1:
[   89.113747][ T6528]  page_cache_sync_ra+0x434/0x6c0
[   89.116667][ T6532] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.1058: Allocating blocks 1-17 which overlap fs metadata
[   89.118804][ T6528]  filemap_get_pages+0x2d0/0x1150
[   89.137382][ T6528]  filemap_splice_read+0x3a9/0x740
[   89.142537][ T6528]  ext4_file_splice_read+0x8f/0xb0
[   89.147694][ T6528]  splice_direct_to_actor+0x26c/0x680
[   89.153110][ T6528]  do_splice_direct+0xda/0x150
[   89.157921][ T6528]  do_sendfile+0x380/0x650
[   89.162368][ T6528]  __x64_sys_sendfile64+0x105/0x150
[   89.167600][ T6528]  x64_sys_call+0x2bb4/0x3000
[   89.172304][ T6528]  do_syscall_64+0xd2/0x200
[   89.176833][ T6528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.182754][ T6528] 
[   89.185084][ T6528] write to 0xffff88810881fe10 of 8 bytes by task 6528 on cpu 0:
[   89.192706][ T6528]  page_cache_sync_ra+0x434/0x6c0
[   89.197736][ T6528]  filemap_get_pages+0x2d0/0x1150
[   89.202766][ T6528]  filemap_splice_read+0x3a9/0x740
[   89.207893][ T6528]  ext4_file_splice_read+0x8f/0xb0
[   89.213016][ T6528]  splice_direct_to_actor+0x26c/0x680
[   89.218398][ T6528]  do_splice_direct+0xda/0x150
[   89.223177][ T6528]  do_sendfile+0x380/0x650
[   89.227595][ T6528]  __x64_sys_sendfile64+0x105/0x150
[   89.232798][ T6528]  x64_sys_call+0x2bb4/0x3000
[   89.237474][ T6528]  do_syscall_64+0xd2/0x200
[   89.241982][ T6528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.247893][ T6528] 
[   89.250211][ T6528] value changed: 0x0000000000000005 -> 0x0000000000000006
[   89.257312][ T6528] 
[   89.259642][ T6528] Reported by Kernel Concurrency Sanitizer on:
[   89.265788][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: syz.1.1058 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   89.275502][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   89.285571][ T6528] ==================================================================
[   89.295597][ T6528] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.1058: Allocating blocks 1-17 which overlap fs metadata
[   89.488140][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.