last executing test programs:

3m8.316609519s ago: executing program 32 (id=70):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f0000000040)}, 0x20)

3m7.504339434s ago: executing program 33 (id=102):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000f00)='./file0\x00', 0x800, &(0x7f0000000180), 0x1, 0x27e, &(0x7f0000000500)="$eJzs3T1oO2UcB/DfXZJ/34JWBRHFFxARLZS6CSLoolAQKSKCChURJ2mFanFrnFwcdFbp5FLEzeooLsVF6Fq1Q0UQsThYHHSIXC6RmCZaL82l/+TzgfTuubsnv0vJ97mH0lwCmFqLEfFYRFQiYikiahGRdB9wT/5YbDd35w7WI5rNZ35NWsfl7Vyn30JENCLi4YhqZ9/2/gsnvx89ef+7b9bu+3j/+bkSXlqld8PpyfFTZx89/c5nqw9tp+1t9fay+3Vcottv7LOxmkTcPIJiV0VSHfcZcBFrb336bRaSWyLi3lb+a5G2I/ve1rWvavHgh4P6vv/L4R1lnitw+ZrNWnYNbDSBqZO25sBJuhwR+XqaLi/nc/jvKvPpa5tbbyy9ulnZeKV71Chj+g6MSj3i+IkvZj5f6Mn/T5U8/8DkyvL/7Nre99n62bm/lAET6c58keV/6aWdB0L+YerIP0yG+QJ95B8mQr1gJ/mH613B7BbI/60/Hj5arBhwpVww/z+XeU5AOcz/YYLVOiuNvrvlH6bXhfPvX31h4nTy79IP06f7+g8ATJfmzLg/gQyMy7jHHwAAAAAAAAAAAAAAAAAA4LzduYP1ziMiKaXm1x9EnD4eEdXe+tH6YoO0tZxt/Zz/LckO+1uSd2u7Vqj+i3cPc/bD+2T0n76u9rRnuxs3/DDy+v/qm7tG87xv/7M58A6WOxsRjezglWr1/Psvab//irvpP/bXXh6ywP/Um+pHniuj6uDf4p97ZdQfbPUo4sts/FnpN/6kcVtr2X/8qXffYrmg1/8Y8gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAozV8BAAD///BWbAI=")
symlink(&(0x7f0000000580)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3m7.306162933s ago: executing program 34 (id=103):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r0, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
close(r2)
sendfile(r1, r0, 0x0, 0x578410e9)
sendfile(r1, r0, 0x0, 0x100000000)

3m5.258069612s ago: executing program 7 (id=112):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x11, &(0x7f0000001a80)={[{@orlov}, {@norecovery}, {@inlinecrypt}, {@resuid}]}, 0x8, 0x617, &(0x7f0000001100)="$eJzs3c9vVNUeAPDvnf6kfe9NIS/viQtpYgwkSksLGGJMhD0h+GPnqtJCkEIJrdEiiSXBjYlx48LElQvxv1ASt/4DLty4MiTEGBZiiIy5M3PL7XSmP6admTLz+SRXz7mXOefcyXz7vXPm3JkAetZ4+p9CxMGIuJ5EFHPH+qN6cLzy7x7+cetCuiVRKr39exK3PklW8m0l1f+PVh/8dzGSdOeBvvX9Li7fvDIzPz93o1qfXLp6fXJx+ebRy1dnLs1dmrs2/er0qZMnTp6aOraj8yvkymfvvP9h8bNz73779eNk6rtfziVxOp5Ux5aeV+1jh3bUc/qcjUep4lF+f/q8ntph23vFn8XsdfJUUrsj0y0n3UUuVl+PAxHx/yhGX+5VX4xP3+zo4ICWKiWrObIE9JqkqcAf3v2BAG2WXQdk7+3rvQ9er9DKSxKgTR6cqUwAVGJ/ICKy+O+vzA3GcHluYORhsmaeJ4mInc3MVaR9/PTjuTvpFg3m4YDWWLmdzffV5v+kHJtjMVyujTwsrIn/Qm5L97/VZP+VvzFP5xzFP7TPyu2IeK6a/wdjW/E/nov/9+q2vvknaOM1dfEPAAAAAAAAzbt3JiJeqbf+r7C6/mewzvqf0Yg4vQv9b/75X+F+tZDsQndAzoMzEa/XXf+7usZ3rK9a+3d5PcBAcvHy/NyxiPhPRByJgaG0PlXTbn6F8NHPD3zVqP/8+r90S/vP1gJWW7rfX7OMYHZmaWan5w1EPLgd8Xx5/e+h6p6163/S/J/Uyf9pfF/fYh8HXrp7vtGxzeMfaJXSNxGH6+b/p5fbycbfzzFZvh6YzK4K1nvh4y++b9S/+IfOSfP/yMbxP5Tkv69ncXvtD0bE8eX+UqPjzV7/Dybv9GXtpz6aWVq6MRUxmJxdv396e2OGbpXFQxYvafwfeXHj+b/V6/9cHO6LiJUt9vm/J6O/Njom/0PnpPE/u3H+H1ub/7dfmL479kOj/s9vKf+fKOf0I9U95v8gb/33cWw1QDsyXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4xhUi4l+RFCZWy4XCxETEaET8N0YK8wuLSy9fXPjg2mx6rPz7/4Xsl36LlXqS/f7/WK4+XVM/HhH7I+LLvn3l+sSFhfnZTp88AAAAAAAAAAAAAAAAAAAA7BGj5Xv+S0O19/+nfuvr9OiAVkpjPvqrFfEOvae/6UeWhnZ1IEDbNR//wLOucfzXpveBlo8FaK/G8f/ocamsrcMB2sj1P/SuJuPfxwXQBeR/6FVbnNMbbvU4gE6Q/wEAAAAAoKvsP3Tv5yQiVl7bV95Sg9VjFvtDdyt0egBAx1jDC72rf6HTIwA6xXt8IFkt/VX3Zv/Gq/+T1gwIAAAAAAAAAAAAAFjn8EH3/0Ov2vj+f2v7oZttcP9/veD3dQHQRRr/9IfcD93Oe3zoaaXiFrK9+/8BAAAAAAAAAAAAYA8YvnllZn5+7sbi8rNXeGPXW85uh27h4Fdm9sJTt7uFJ61peSAi9sYJtrsw2PrX4WaFDv5NAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1vgnAAD//48wHak=")
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x380000, @rand_addr=' \x01\x00'}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

3m5.093238739s ago: executing program 7 (id=134):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=")
unlink(&(0x7f0000000180)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x400, &(0x7f0000000500)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)={{}, {}, [], {}, [], {0x10, 0x2}}, 0x24, 0x0)

3m4.931684407s ago: executing program 7 (id=140):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
write$P9_RVERSION(r0, &(0x7f0000000380)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.L'}, 0x15)

3m4.781759073s ago: executing program 7 (id=143):
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x7c8e57edab868d16, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)

3m4.774479284s ago: executing program 35 (id=143):
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x7c8e57edab868d16, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)

2m53.13831506s ago: executing program 8 (id=429):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa10000000000000701"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0x4, &(0x7f0000000480)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

2m53.113920071s ago: executing program 8 (id=430):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8003)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)

2m53.088164202s ago: executing program 8 (id=432):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd70000000000021040000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)

2m53.070133923s ago: executing program 8 (id=434):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

2m52.975769267s ago: executing program 8 (id=437):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
r2 = timerfd_create(0x9, 0x0)
timerfd_create(0x9, 0x0)
timerfd_gettime(r2, &(0x7f0000000040))

2m52.877145811s ago: executing program 8 (id=443):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xbc7ae83238fbe995})
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000280))
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000080)=0x10001)
ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, 0x0)
close(0x3)

2m52.832096253s ago: executing program 36 (id=443):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xbc7ae83238fbe995})
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000280))
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000080)=0x10001)
ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, 0x0)
close(0x3)

2m44.64311922s ago: executing program 3 (id=683):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

2m44.64257878s ago: executing program 3 (id=684):
socket$inet6_tcp(0xa, 0x1, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, 0x0, 0x0, 0x8014)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'lo\x00', {0x2, 0x4e1e, @empty}})

2m44.594915892s ago: executing program 3 (id=688):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000040000"], 0x0, 0x80000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

2m44.455897468s ago: executing program 3 (id=697):
syz_mount_image$vfat(&(0x7f0000003880), &(0x7f0000000e80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'cp862'}}, {@shortname_winnt}, {@shortname_lower}, {@utf8no}, {@utf8no}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@shortname_winnt}, {@uni_xlateno}, {@numtail}, {@fat=@codepage={'codepage', 0x3d, '1251'}}, {@utf8}, {@utf8no}, {@numtail}, {@uni_xlate}, {@utf8no}, {@uni_xlateno}]}, 0xfd, 0x2a8, &(0x7f0000000240)="$eJzs3c9qK1UcB/DfpGkSdZEsXInigC5cXW7vE6RIL1zMSslCXah4b0GaILRQ8A/GrgRXblz6BILQnS/hxjfwAQR3dlE4MslMk9Q07UDT+ufz2fT0nPOd8zuTaUsXOfnw5fHB0zz2T778LTqdLBr96MdZFr1oROXrWNL/LgCAf7OzlOKPNFMnl0VEZ3NlAQAbVPvv/+nGSwIANuydd997a3cw2Hs7zzvxePzN8bD4z774Ohvf3Y9PYhTP4mF04zwiXZi1H6eUJs280IvXx5PjYZEcf/BLef3d3yOm+Z3oRm/atZx/MtjbyWcW8pOijufL9ftF/lF048UV6z8Z7D1akY9hK954baH+B9GNXz+OT2MUT6dFzPNf7eT5m+n7P794vyivyGeT42F7Om8ubd3xSwMAAAAAAAAAAAAAAAAAAAAAwH/Yg/LsnHZMz+8pusrzd7bOi2+2I6/0ls/nmeWz6kKXzgeapPihOl/nYZ7nqZw4zzfjpWY072fXAAAAAAAAAAAAAAAAAAAA8M9y9NnnBx+NRs8Ob6VRnQZQva2//nVOp6n+Qs+rsT7Vnq/VKJtrloitak4WsbaeYhO3dFuuazx3Vc0//lT3gp3r52wXa3VucRfVy73QE1VPtvoeti8md6qH5OeqJ6WUWnHD1VtXDaVaj19r5VC39t1ovTBtTNbMieyqwr59Zf5zWQ5ll3fRWrrPS43tsrEQv/Rs1Hqe//67InNaBwAAAAAAAAAAAAAAAAAAbNT8Tb8rBk/WRhupvbGyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBOzT//v0ZjUoZvMLkVh0f3vEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+B/4KAAD//+KpXP8=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x2014050, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00')

2m44.424886529s ago: executing program 9 (id=699):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000000)=0x3, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

2m44.353080543s ago: executing program 3 (id=700):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10)

2m44.250337497s ago: executing program 3 (id=703):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

2m44.17892742s ago: executing program 37 (id=703):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

2m44.17689477s ago: executing program 9 (id=704):
syz_emit_ethernet(0xbe, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x4d, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d6a98e3943f6892078bb952854743fe4dddd2e7c0ce70a4ac7d", {"a851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)="82", 0x1}, {&(0x7f0000000140)="11", 0x1}], 0x2}}], 0x1, 0x4404c880)
sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd)

2m44.108871393s ago: executing program 9 (id=710):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fsetxattr$security_selinux(r2, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)

2m44.052155576s ago: executing program 9 (id=711):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x804, &(0x7f00000006c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c73686f72746e616d653d6d697865642c696f636861727365743d6b6f69382d722c726f6469722c757466383d302c73686f72746e616d653d77696e6e742c636f6465706167653d3737352c636865636b3d7374726963742c757466383d302c6e6f6e756d7461696c3d302c696f636861727365743d69736f383835392d362c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c706f73697861636c2c6673636f6e746578743d756e636f6e66696e65645f752c736d61636b6673666c6f6f723d2f2c005180f4e7b2da8c3f2fe272df26ff9ca497387fc9af57e51670999e8bc199be03b478bd734a1ad4517930c37f173275bdc3477cead3e348e86c54d3ca19a73e96d5a4291dd83fea6bbb7174e668baf7433889e34758bb3912cc"], 0x1, 0x276, &(0x7f0000000840)="$eJzs3UFqG1cYB/BvLMmW2oW06KoUPNAuujJ2T2BTXCg1FFq0aLtoTS1DsYTBBkGTEMWrnCAnyHmyCblADpCQXbwwmSDPSFbCyEaJbJnk99vo8d77z/vezCCtZvTPN72DvcPj/ZN7z6NeT2JpMzbjNIlWLMXIgyj17GV5PwBwy51mWbzKciulM2pTktWlay0MALg2k7//i64FALgZv//x5y9bOzvbv6VpPaL3sN9OIv/Mx7f247/oRifWoxlnEdlY3v7p553tqKZDrfiuN+i3h8ne30+K42+9iDjPb0QzWuX5jTQ3kR/027X4olh/sxudXx9HM74qz/9Qko/2cnz/7UT9a9GMp//GYXRjr6htlL+/kaY/Zo9e3/1r2DvMJ4N+e2U8r5hdudELAwAAAAAAAAAAAAAAAAAAAADAJ20tHWu9+/6dytn5+Nq08Tw/7f1Ag4n386ynaZol+fyLfDW+rkZ1kXsHAAAAAAAAAAAAAAAAAACA2+L4/zsHu91u52iujdFj/SVD8Waea63OmopKUVo3iZhtrVqRvHpyZcZdNIb1dI6SaszvEiTjnsbk0Grkaw17GnljouejV6/HeWN0dx3sJnFFql52k8yhkZXcfpWpqeX3exrFDkomNy5ZffnLD6o5a04ZSiKiNj6Zlx+nNt9zeFPfQAAAAAAAAAAAAAAAAAAAwMjFQ78lgycLKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuDi//9naAyK8LQ5WWXYqEbRs+AtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bl4GwAA//95LWni")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x1)

2m43.889547533s ago: executing program 9 (id=715):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x1, 0x0, @ioapic={0x8000000, 0x5f9, 0x81, 0x1ff, 0x0, [{0x6d, 0x6, 0x9, '\x00', 0xe}, {0x8, 0xb, 0x72, '\x00', 0x4}, {0x0, 0x7f, 0x9, '\x00', 0x5}, {0x81, 0x0, 0x8, '\x00', 0x5}, {0xf7, 0xf, 0x7f, '\x00', 0x60}, {0x0, 0x0, 0x2}, {0x6, 0x9, 0x6, '\x00', 0xa}, {0xd, 0x7, 0xb, '\x00', 0x4}, {0x1, 0x81, 0x0, '\x00', 0xff}, {0x6, 0x3, 0x0, '\x00', 0x6}, {0x40, 0x4, 0x3, '\x00', 0x1}, {0xd2, 0x7, 0x1c, '\x00', 0x1}, {0x2, 0x86, 0xc, '\x00', 0xf9}, {0x5, 0x4f, 0x2}, {0x4, 0x1, 0x96, '\x00', 0x7}, {0xb, 0x0, 0x7, '\x00', 0x7f}, {0x3, 0x7, 0xd1, '\x00', 0x4}, {0x6c, 0x19, 0x2, '\x00', 0x3}, {0x8, 0x9e, 0xc0}, {0x3e, 0x4c, 0xa, '\x00', 0x3}, {0x7, 0xff, 0x2, '\x00', 0xff}, {0x3, 0x0, 0x6, '\x00', 0x4}, {0x97, 0x9, 0x44, '\x00', 0xe6}, {0x6, 0x8, 0xdf}]}})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"0bd13af7e222d7b82977a894bcf2d741b99f8f02da617b9ad94014424a83db0314f34fdfe9a260e953f1aaf3610eec4c839a08a42b569d1e59b5520d8ad988ecacf773bc8c1855c13291a20986512ff73d4967f734679cb88ac4c1013a6d38828f96b71019283ce07d08bbb370738322ffae7a0afc79279598c1166ec564d5be5344fc87a5f00ca1354bced1fccde226dcd6e864d8262199e37fda0824cafccbe5f8cd0518aa106eb5f8a0986aca2d05a5eaa0177c72d3caeb3579fd729cfe1e7c8e2bb7a9dcfc32e31c7dd4cb48b11128a933481391a63c788de6306217984ef3aa5c402cf680385d96c065818632f2eb3b976ae7997d793ee5a91e26017c70319748f5b8505ce26e2fc2a50296523adc134596ff6ce79f6b58e5ca0612085af940096fb90cb23a7eac4d0e1f0933ef17dd5b760ed2864d8cc3dca7174f7d10bc4ccde5463f72f0265c673a73a1d7d41a581d8491c8f37615278b543c2c3310ae461a924409d0b5a1a75085d800e69f7351d6f2e058d6323d3ae70c7a1b7961a017dcbd827381d2133be3eda141656239ee6859843e51305726cc2444f1360e65e2993842d09428843f2c50c989084ed7722d34e930873d420e9c9fffda5fedf8370000000000000000885e2e653d083ccc91792e12e3082139763d44f68d1115d8e545444accee3bb38a9fa3b9ff7172868cfaf0a8f22a6939248404db646f2aa405a21b953498132fe3167e4783623451da9253e12187b4086f56bdd827e75a5523e04683335992552fa2cce95d2b23833d57bf2872f9e428b374d049a35636113207f68e34d7f1392c05add0d78b9d999c7a5d47dcbb803bcab54544dbceb73f41d5ac0970883308fecd0edcbb3eea10c1b56c851d13ff248353994d4fc68815b1bf45d202c9944b5cecc4d09a99b422ef51442a8c16e1dbb6a955c4618d592d43cd7e52c206929662f178afe060401868ffaf0db2f1eb3aaeb591be9eae546ae97266315e87487dd399ea4ec20423904c3953376a3ab41853f00b720b270b6ae8fd3cbd6c66e4af6d15bbae6aa085e56a3f8ca4a40117a72209d18e4e31e06389650b8115ef5f1fcd8c2d56b37d66fff06008836e501304a332dd3a9e6eea4f8f8d9e3671edc0abe7788692ba653850e980c36a4d3f60d090a58e34fa033b8e92ce7c19a1730872bd9b58530729400823e68ebb0ab9294bebfcd5404194a9dce119d204e01736b57ef37f7bc11ebf9bbf4d33a35ccebc67a3e38bc092cc208e8d70f33d830d26e16b5adcfb3a8928ececc4273771716dce7a0cd4d6f37f8cf70242fe91f09d9d07745e60c35b93bc343eb27751afc6ffb4693ef290668824287595c20cda170ff582c630e2a5df595cb8b7868b8f28665c7fb592d8763b6a0c3e20154f6400"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @pic={0x0, 0x0, 0x3, 0x93, 0x0, 0x0, 0x51, 0xbf, 0x2, 0xc0, 0x6d, 0x9, 0x61, 0x7, 0x90, 0xd}})

2m43.669548243s ago: executing program 9 (id=723):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000004100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

2m43.585470496s ago: executing program 38 (id=723):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000004100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

2m11.062311773s ago: executing program 4 (id=1741):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r0}, &(0x7f0000001c00), &(0x7f0000001c40)=r1}, 0x20)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10)
close(r2)

2m10.998021065s ago: executing program 4 (id=1744):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

2m10.982887446s ago: executing program 4 (id=1745):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4d8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c952197b0a508c0e16fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0xb)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})

2m10.767249935s ago: executing program 4 (id=1755):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mount$bind(&(0x7f0000000300)='.\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x185093, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20000, 0x0)
move_mount(r0, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x152)

2m10.636538921s ago: executing program 4 (id=1758):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x3, 0x4, 0x4, 0x10001, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)

2m10.501164757s ago: executing program 4 (id=1762):
mkdirat(0xffffffffffffff9c, 0x0, 0x1c1)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000000380)='\a', 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB="300000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000010290e801eaa3ef432"], 0x30}}, 0x0)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x4004004)
recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0)

2m10.387574002s ago: executing program 39 (id=1762):
mkdirat(0xffffffffffffff9c, 0x0, 0x1c1)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000000380)='\a', 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB="300000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000010290e801eaa3ef432"], 0x30}}, 0x0)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x4004004)
recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0)

2.52726098s ago: executing program 5 (id=4966):
syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_cache\x00')
r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101440, 0xcd)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x12, 0x0)

2.417742014s ago: executing program 5 (id=4968):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@loose}]}})
lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300))

2.417398274s ago: executing program 5 (id=4970):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, 0x0)

2.373625047s ago: executing program 2 (id=4972):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000340)='fdb_delete\x00', r2}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

2.359556717s ago: executing program 2 (id=4974):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000009c0)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1000000}, 0x0)
shutdown(r2, 0x0)

2.350782597s ago: executing program 5 (id=4975):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x5, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0)
sendto$packet(r0, &(0x7f0000000300)="44c33b69ebc9e05e9bdec04286ddd11b41", 0x11, 0x480b4, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, 0x14)

2.322554739s ago: executing program 5 (id=4976):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="1802000000002000000000000000000085000000360000009500"], &(0x7f00000000c0)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000880)={r1, r2, 0x25, 0x0, @val=@tracing={0x0, 0x5}}, 0x20)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)

2.322034859s ago: executing program 5 (id=4977):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x82, 0x2, "c9a7"}, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000f00)={0x84, &(0x7f0000000b00)=ANY=[@ANYBLOB="200603"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001640)={0x84, &(0x7f0000001180)={0x20, 0x0, 0x2, 'eH'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001480)={0x84, &(0x7f0000001040)={0x40, 0x8, 0x2, "e249"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.516591853s ago: executing program 2 (id=4993):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@init_itable}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x4000)
setresuid(r2, r2, 0x0)
openat(r1, &(0x7f0000000100)='.\x00', 0x515401, 0x408)

1.475861085s ago: executing program 2 (id=4996):
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x3]}, 0x8)
read$msr(r1, &(0x7f0000000bc0)=""/4096, 0x1000)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)

1.053145824s ago: executing program 0 (id=5002):
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x200080, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002500)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000040000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9226e3550ee5520211d9370175fba303f003073afd1ec9f7c6133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80eff7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc0584b8e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cd43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a2288ff000000000000002bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0160516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c2e88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387c7acb9bbd1da497613174f76a656ba5bacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f0f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459500f024f9b75885cd79ba32776e4a511c8a4ad922b000000000002ef507ec6fc7f5dc431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477e268326af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8ea5c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5fe535ead88d7acf0166dbd9f30a9b9c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c005da21073c6d9680d4e547cb727addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cf4eba7ceda6ff8a0c8b18c5e9e2f505e833217557abb257d61a73a758543651b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d1ae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3c99e3f1310d41ab328c1f351b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000fd267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a845e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d04d3fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980dc58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b552a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7000000000000000000d43d07d546acb7009c0c4f6e57b8577d2113bfca1939b9bf757265e175c1863a7c8d7640675830dc11d5d59546daf2385a7074f770c8333b21e2fb660141bc4f1ed45f703da6ac2557ab6952fd0c300000000000000000005b44bff4e3966fdfc9b720412bec09936b08e440c774e2224f2d338fab2acc5014f74e420988486de2ace27ce59379378ca34eeedbd9a323a889f295e5d3bae64fc48ba194fc70973b39525123668e6a0be1e732aa5e2a0d4373a0b76d84f018d45bdf6f12d6d5d23a0331c3ae5e99a2bcdb52386135ea15890007e1cba5e52a04971139272012ae5542ba109a9d2f49963a195e2fdffe6bdce6fa78ab2ded1ff74f9e54f1b82da2d444f9727be708710b90a872282f4dce55468a681e"], &(0x7f0000000340)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x204, 0x0, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

1.010037575s ago: executing program 0 (id=5004):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r2}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
io_uring_setup(0x7ac9, &(0x7f00000000c0)={0x0, 0x45da, 0x0, 0xfffffffe})

993.703686ms ago: executing program 0 (id=5005):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)

847.535093ms ago: executing program 0 (id=5006):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./bus\x00', 0x0, &(0x7f0000000300)={[{@barrier}, {@debug}, {@lazytime}]}, 0x1, 0x5b3, &(0x7f0000001400)="$eJzs3V9oJHcdAPDvbnavNnd6rdTqVdtLrbZn/2wuSTm8WpB71PZK7Z8nT86Q7OWObLIxu8EmtZBShAqehOqTPikIKj6cCAriQ0Gsj4JvSqlgEeUgFEtR9NSVmd099swmuTR/hst8PjDJzG9m8/vOfvnOzvxudi6A3BpKfhQiDkXEaxFxuL147QZD7V8rY5fOJ1MhWq2n3yqk270wdul8d9Pu6w4mP4oRH0p+/TriYHltv43FpenxWq0631kebs7MDTcWlx66MDM+VZ2qzo6OjZw4Pnpi5MTJHdvXHz7/ymffeP7xKxdXB7//+pGj/0jiPdRZ17sfO2UohjrvSTk+2ruiEPHpne4sIwMRUYqID2QdCFt25ndff7abv3Ja/4djIF2KGBw78/bhuPho1jECu6eVWm/tQAvYzwqRdQRANrqf9Mn1b3faq3OP6f1yEXwDWz3VvgB8oTO2s3I1/6UodrYp79L1/dG/RgxF8/5Ln7n7q8kUuzQOw/qWX4x0oG5t/RfSsbFbOtvdExHHIuJjEfHxiLg3Iu7bZt/PfCHJ/x+/2dsm/3vrevP/iYioRMT9EfFARDwYEQ9ts+/bTyf5P/jF3jb5z487Ppd1BGTpty9nHQHp8f94qdTv+F/c5t++e5P1rfTfFZff7G1z/M+Pp57OOgKy9MSJrCMgS995K+sIePVU+2Ju7ed/MW7v2S6Z/2D7UjGOJOfuEfHhiPhIRNwZEXdFxNHu/UTX6SuPJdtXqr1taz//i5e3s39sbPVUxKM993at9OS/45aBztJ70/GAcuHchVr1eES8Lx0TKt+ULI9s0MfXln/1WL/2H9+Z5P9TT3TH/5Ip6b87FtiJ43LppmtfNzneHN/uftO2+mLEHaV++S907gRq39fXiojhd9nHS8d+8pt+7Z98Ksn/vQ9unH92U+u77XHcfvnvKmx8f+ZwejwY7h4V1nopbrvYr/3JK0n+3/yD/Gcnqf/BjfOfHv+v3q/b2HofpZXL3+jbPpPk/8+/fDfH/wOFZ9IAD3TanhtvNudHIg4UHl/bPrr1mPer7vvRfb+S/B+7p//n//s7r0ne0KSy/xMR/42If0bEvyLiSkT8OyL+FhFvb9DnL1555Of92seeTfL/l9fUf3aS/E9uUv+Fa+p/6zPfvuvkl/v1/YPvJfkfrGxe/w+nwRzrtDj/29z1JijrOAEAAAAAAADYGcX0GXiFYuXqfLFYqbSf4XdbDBZr9UbzgXP1hdnJ6HwftFzs3ul1uOd+0JHOd0W7y6P/tzwWEbdGxMsDN6fLlYl6bTLrnYecOhTxxk+/NHHg4Dr1n3h9IOsogd2Q1P+5bw0sJ/PvqHPIlaT+f/TOTPq9LPUP+aL+Ib/UP+SX+of8Uv+QX+of8kv9Q36pf8gv9Q/51Vv/QD49efp0MrW6z/2crU9dmD4/d3L0eGVmYaIyUZ+fq0zV61PpN3ZmNv97tXp9buThWHhuuFltNIcbi0tnZ+oLs82z6XOjz1bLe7BPwOb+/qfP/+zWo6/+vhARy4/cnE7R8+xstQr7m0t/yK9S1gEAmXGODxQ2Wf+e9Vac2flYgL2x3f/jH7hx3XfE+D/klfF/yC/j/5BfzvEB4/+QP8b/Ib+q843FpenxWm3NTNaRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkU2NxaXq8VqvOmzFjJncz/wsAAP//ylZHUg==")
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@private0={0xfc, 0x0, '\x00', 0x1}, @local, @private2, 0x8, 0x6, 0x2, 0x500, 0x6, 0x20b})
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_macvtap\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="12043600d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

847.013443ms ago: executing program 0 (id=5007):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0x2, 0x4fd, &(0x7f0000000b00)="$eJzs3ctvW1kZAPDv3jycyWQmGZgFoAHKMFBQVTtxZ6LRbBhWI4RGQsySRSckThTFiaPYGZrQRbpkj0QlVrDiHwCJBVJX7JFYwI5NWSDxqEANEgsjX19nnIcbq03sNv79pCufe47t75xa9xzrc3NPACPrWkQcRMRkRHwcEbN5fZIf8X77aD3v8aO7y4eP7i4n0Wx+9M8ka2/VRddrWl7O33MqIr7/QcQPkxNB/xhR39vfWKpWKzt5VamxuV2q7+3fXN9cWqusVbbK5cWFxfl3b71TvqCR/vqo9LvffvHhHw6++eNWt2byuu5xXKT20CeO4rSMR8R3LyPYEIzl45l8mhc/1Yu4SGlEfCYi3syu/9kYyz7N445/TN+K/NIGAF5QzeZsNGe7zwGAqy7NcmBJWsxzATORpsViO4f3ekyn1Vq9cWO1tru10s6VzcVEurpercznucK5mEhW18crC1m5c16tlE+c34qI1yLip4WXsvPicq26MswvPgAwwl4+sf7/p9Be/wGAK67r1/zCMPsBAAyO/80HAKPH+g8Ao8f6DwCjx/oPAKPH+g8Ao8f6DwAj5Xsfftg6mof5/a9XPtnb3ah9cnOlUt8obu4uF5drO9vFtVptLbtnz+Z571et1bYX3o7dO6VGpd4o1ff2b2/Wdrcat7P7et+uTAxkVADAk7z25Qd/TiLi4L2XsiO67vd/7lr9xmX3DrhM6bA7AAzN2LA7AAzN6d2+gFEhHw90bdF7r6t66lThpPt9vX2a7xsKPEeuf/4Z8v/AC03+H0bX0+X/fZeHq0D+H0ZXs5nY8x8ARowcP5Cc0979+/98s+ukv9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4EqayY4kLeZ7gc9EmhaLEa9ExFxMJKvr1cp8RLwaEX8qTBRa5wsRYd8gAHiRpX9L8v2/rs++NXOydbLw30L2GBE/+vlHP7uz1GjsLERMJv86qm/cz+vLw+g/AHCezjrdWcc7Hj+6u9w5Btmfv3+7vbloK+5hfrRbxmM8e5zKcg3T/07y87bW95WxC4h/cC8iPnfW+JMsNzKX73x6Mn4r9isDjZ8ei59mbe3H1r/FZy+gLzBqHrTmn/fPuv7SuJY9nn39T2Uz1LPrzH+Hp+a/9Gj+G+sx/13rN8bbv//OqcrmbLvtXsQXxiMOO2/eNf904ic94r/VZ/y/vPGlN3u1NX8RcT3OGn9yLFapsbldqu/t31zfXFqrrFW2yuXFhcX5d2+9Uy5lOepSJ1N92j/eu/Fqr/it8U/3iD91zvi/1uf4f/m/j3/wlSfE/8ZXz/78X39C/Naa+PU+4y9N/2aqV1sr/kqP8Z/3+d/oM/7Dv+6v9PlUAGAA6nv7G0vVamXnsgvp5YfICknEwQCG0y4UfvWTDwYV6xIL8Xx0Q+F5Kgx7ZgIu26cX/bB7AgAAAAAAAAAAAAAA9DKIPyca9hgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//2KH0wQ=")
sendmsg$inet(0xffffffffffffffff, 0x0, 0xfc)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
fallocate(r2, 0x0, 0xc1c, 0x80000000)

797.544345ms ago: executing program 0 (id=5008):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa1000000000000070100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f0000001280)=[{&(0x7f0000001180)="83", 0x1}], 0x1, 0x1000000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)

580.251784ms ago: executing program 2 (id=5009):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x4, 0x1ffff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

481.764159ms ago: executing program 1 (id=5011):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008000000a5"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030003850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
listen(r2, 0x5)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)

419.609321ms ago: executing program 1 (id=5012):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x6}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

377.521293ms ago: executing program 1 (id=5013):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

368.497914ms ago: executing program 2 (id=5014):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_io_uring_setup(0x50d0, &(0x7f0000000000)={0x0, 0xfffffffd, 0x2, 0x6, 0x332}, &(0x7f0000000100), &(0x7f0000ff4000))

342.027214ms ago: executing program 1 (id=5015):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12)

261.645448ms ago: executing program 1 (id=5016):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000004c0)='./bus\x00', 0x3020049, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

236.704049ms ago: executing program 1 (id=5017):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, <r1=>0x0, 0x0, <r2=>0x0}, 0x2020)
lsetxattr$security_capability(&(0x7f0000000140)='./file0/../file0/file0\x00', &(0x7f0000000180), 0x0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000001440)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x7005302, 0x3, 0x0, 0x0, 0x61b7, 0x0, 0x0, 0x2}}, 0x50)
lstat(&(0x7f0000000ac0)='./file0/../file0/file0\x00', &(0x7f0000000b00))
syz_fuse_handle_req(r0, &(0x7f00000021c0)="75c6c1015909d4338683df9486bbc81e43f13e4926c27c2f82f846633ae45dde55cd4aa48598dfcbe26577ac059a9420bca1c94427a6d7872a1b30832e91813fe7e1af1f00f4587326ea389615a22b9b665a4b77d6cd3efb7c7ef750596fd9d755e7c9200af5a208abf303434848890294b53f279f4390b8cba0f4c94ad8b0815e520566857afa936aea2e23f24e936f8f9b2e7aafcabd0f1fdc885b32e9dcf5eddf7cd4445f872327973e0789fe437e6201e32297c99c6be42731a056ed21fee6df04daae244d4164b1f27764dc0d3b38d824461b54c9b7f13dba393b8e2029454f5174b5a59a35970316b38de13bd00db37eb9029abcf71c734e0a865ce878284540125caad33853dc11039bda8f0fb6bb9f67065a858d9d13aa1e8a79727b376ac3b5e25f688821e19fa5573034c50882e3fcbd111e137b80b428f6986d9d8cdb2a2476fbebf22de118e27f0fc48bcfb54fccde391238eea73f5a9fbe2138ae958f44fcfe66845acb714d9b49bfba663b6fe29e09f58ff81d65abe5516378bc176bf7212ed988d1e306b36a37d35ca97a62fa5c70e76829b3f63b3deaa7b98b67fc19586cc60541fadf4b6c5da31a083e57a34399348f53b9c5ab83579ce5ea883195be71b8383cbc6e6227054f1867bcb321d9da7eff2a93f0487ecf6bd2ae805d95be46bea30d267f52ace8c21410b357fef133ace7eba38a326dae7c708a25320c70f229c555289cd8703b680d78b9c6eac6bc99c8abfe8e656f6054a7cede6330f335e9c43d88f1f31380e575fec7e04b1c8cb7b43288849dc0e1ec01e259a15986e23a501ce360a25ec565e0d7d12a20513e82c89fd4f89774ad4b395191b6a9d6b26c99bccd3bc61668dd642aeddeb506782ee87da02eab31f8281587b0dff57a7dd4d8f470c96b467a711f19855c939ef8b503a302673545eb77ba3e599962eeb4e30d5261490bde68860d14d7dfd2e797674384394a39ba4635f902d15e6198e6a2df8357fd0ef40c5a309a2aafd0d94f2983d83086b93ad787ae6b6c22389cd36ee9e958b6e297123ffa6dddfa0d5f7c56de809681b23b89ddb0f38c889c5d7957d47e2aaa1330b12cde716d47c9d60c5e0ded86c8f3c592394eec7c94740e14fdfe799d75f2417c9c8d7ff3247e85bcecda02f7c22d8133a92bc44f3c96f1b7c24fb8493b117efbb2fab56013a4f442da56c46beee7ff473e8e2618e387cb2576d6a4b1d8937203bd01f5f1f8bc035c4009ac67ebc53f88e314ceeda2c1156e0150ca1c4686db66be31986aac9d0799905058a998bf04b417fefa43a9d28e89eae3e5bce4e645097646708d26789c01ecd2b592bce9caffa134a2a31bdbd14d1cc20ef586e6827a009b3472b3fc6b8e759afce903e35f588416480621d1ffb3d7fb66dfe4f0f00e343128cd677ea9833c979cdf94f3cc3eccca626af6537a268297d860e1ee10dfa3e6ee4b30cc369208ab8d44d52e6bcc961766a303053a8e459bc95be9f0f815aba00a9f9e6d4f8c13289169e6f4c2ad4f4a0ddd88e3c54460fa01814a6e154447bade1c4d2dc99d9eadf2427ba9bffb6c3c1fe76d83971d082f7f60435f226754b647ed02aa4364ed22d4331647f4c7aa8bdf5822ecf2ec217d929e5aff4625fee1dcaf38bf4dcd2233d84eba0667c868a18a39c4337f41e9ac33b94bf7856994efcf2564fb1111518ab8dd5459939043c8d72636fc2b089aa99ff158d252a864cb2281592154ff3699623da1b8dfab8f874c14672e7a3f676a0bc654495dd1779e9ba599bfcab5b77bfdce1429dc68c8738ac23056328c918ff8e6eb735c524ce0a1413cdeebe26906d123999c3445d8a6b74dadc9b2d8718c028b52ca3bc5fd30411673dd5564111dcb4f1423c880c3160d2dd83a41bd76fc80474b7e0601a8bd2708ebe85f1b23e190833485f7f3f43b4767b9aba721711dd79d55ac5aecd9ddaa66b04490f52bf6b6475309f15bb64132dc6111be416267c04a2658c490542a7e04d6a7a9dec7237555cbdb32f051c33018452976101cda7d145f39011ac31d019dddb8755998ad1721a04b3fc3f7bb07b3ac2f2087e8f63c9070c65c509238b9d0e33a596b1247108bb7985b35bc33b9c4426e90554f00b6a9c37d1e9ddc27f2f8b16ec70a8fbf13a48659fd75cf71e245772848b4999d37e1b45a3253ae3900b03acd571f5f4621b5d0b672fd87ee83bc1c0d2c08a478fb57091c1634e10d196b4a185728736e75066eb222bfdb463762e773912d5f78fcaf400531fcb2ebe375ab81be7e5412dc153b18bdd3cb0a271e5c650ee2b3fb41727144659bd9e3867733ef3dafccff61adcbc079f0034080ad6cebd2d591f5519f374c1e9cfcc1e1d149b19ed169f3d0a63ee80513db620807e89ceb0ad9c8a5bfc3e1207aab30df7e460fc715bd0e1cf8bd1f346d56e2046f2174d67e89180e5b80c2b3947a3fa80a5def940eaabd2a53d8658d07dc7290dbbdd5277ae9a5e66a8afdbe591798e2f283903bb389274e70af2b45863e6660b62b31b0b0b7c3785f9b0cc292659f97464089399a3f517a8b3b48eb751b855f37ad65d5f2c8ff377a87225ed7c9a970dcde700c62a107b59d10e8c7a6bc2d218099c457be927e35ca4fcc839a5e77ebd022b12848a85c4611d81c6dfa703dae14cbde0e4f0d4df9c888976b09b36d4b63fd474777e8841fda0fa58a3d4291303440e5c7af3ccf8bb478068577214556f48bc14fe4f25c4566c300cde1b20aeeb90c8b6e14ceea3b1c2545e9add0036af3ef47b70eeb6a4bd945bbd514b6f297992aed30393295ac72a5170b0e4b0048b4b4b16a0174405f6165721e69d5ac1c0a1b1c31f6756a0750ab9cf5e1325b77678266b4ee9e5efab246bdee0f1d48b1281cfaa0578e063caeaab14508a340043e6ea18b495ecfe518aadbd0ba4e6d534376611121917ce1eb5197997daed456437207d1e83ad98aee13e3581b0a826eb34a6ec65b6258b0791a2e86a3cdae26d3ef60cfe77ea622bc234d42530c40bc63f86a66c2e6df3efb6b0b6f1c3370eee8e123fe6d952f03ca7ffb94f2f837296771294febf0e4dc28f626da6b4a5bfc7b4c980e3a1eb2d5fa669bc661be59a73d681cefae5def0b866bf4fd7fcd967f9a3bca09c327aaff7635e218b5b7f822c759fd2a6a0a2ddcbd1daa57aef73d69ca88679dfd39934377321e080f4fccaeb5a08786fbf7c6df97ae830f1b2ab77e66bbb9ed9aea46114638b1afd0443a625f0a6e708db7431ebd946638993ffcc7f837e30f5e66abfff9cddf1f9ceba7b025b2452014616c2a66db5d6f4afaf678b1330a70bbdfbbcfb950df9f75f03eb013189982ba8d204315ecd13d70b3ed75f14386224f83b0c95fa45fb4c40a2e655204a01187aaf705bec8e6dfa8f3a387fded3205a613606b794356818ba193a89c4eb716c66ccda98becddd25e9b681307d87d8bf1f3a581ec11becc96996cdc953fa357a1b9537c25c7ea3524d8a929caef9165970aa400e4a2d9ef6dbd7bab4a79491916112073880da0ebcc22035c1f0ea07512ef2908ec62a8e7993f2871aab05016d9cdc548bb7eb8962a54a5c13977ef6b79573d2ca2977b65c22519708af129cebc852563368c225f80d4ae2e51a7bb7d5cf7031c6379697bef8bd696f1e5671d41f4121da411d9ed6a9c345c64d71c469454c1ce8fd8f9c745f6160093cd6400e625e60b7b5646c1d1d167a63379cc87201987d28ad3dae05ab8651591ece4ddb055bf5f7310ea6858040f6cd4f38fea70568f10b09a98a12d1546e7fd5efe549622f54bbc10dcd42f60f8d61aa31fa050a0f7bcbc6e45f9dce0091b5e769ed9ed4aa31e9c1b97619945c03fccf60f8bd547dc0fa072093e4265940d223555534b77489f6cef12f523deab648d6e77b7af4614eaf283a292e3034c6bcd485e8c65f7cc52ff123d1432f53ca3bd42be8b348ba3bfaf57451a5483fce32956669ec96863c3989794fb3359a4b4ac54fbedf566859b9818a5d71779f676874fd126888ad4c03a0dd018732cf5a11e58836556d5378a50c31ae83c364ae9fdeb5e183e5b34587c13e814f2fc757cbb4dbbffeb2d362d442d0617050c33c6aaa1ea593f63374566f10b741f57805d4c74fb43435b54b92c532f865300b4351e1913a34cdc80f5eb0e09e29b248df71a08cfb93351f2af9c9cb052c46d100beeb326d92d70e40da88eabb5acca56fb5fe498ee5d9e1302c3fbd05c6bc7ab12446d089635cd4d9ad88752b131e6ec91fa553afb66ace2c2e3c3709d97b68647b244843e247cf09fd7d056002e4c1754434bd4507f0b79b964bddfd3ad9ed1d1e361995f448808c886998d69f2feadc6d2babcfda86e694866728701b8ae04ef2df56d11fe16da0da9390371fa1ad5158528c5e316b292c123e3f56a579b9e9f516e6f5d321b1df3080959443ce2f88460ec57d7707b87d7f0f878aa3a0c6dff6de51b778410906cb9668c86ebb43a856d651f475142809abecf6cfafff6ed7143b4923d375678f9cb05409a23875d180c3b60a8f80dab10cee5d54fd9b12521c47e09b5df1a5c6d05e25d81232c144385bb3b46f2b5436ee0836e066d12dfe7e844c249431dfd8713ae6428607a337f06d35778ecc5ddfe3470287fc777cde9f0f8aad11e5bf89fd3c097a0fd8f8da1ebd1e4d4de1b39ad0d1cc933e1386875cae224c29a232a15d4fc1e79196ede9ec8f2ec6fa72098a93b90d8cfce870bcffc270e0874f10dd5387867aadf6413925da4ad1d581201cc914bcbe7754685a25ee3b52bdbe20491d460f7275f943f5be210faa4e9d5dbcd4a4e23adc739c521dbc78a2040d33f206e85f3ac04dfc0195368d211de09ab29855f3ea400e12ac2d43f8ca8d12502bba88fe8e027f5970ccac619e9136ee0c9bce5ee7dd16d715a046a539e042c662723b7fac74c4e2de06f7f7ef4e31648a19b0bf9628d57f3bee570147aaa29faaa60ecf78e5eee6f2b5ce48706a498d72ada4334b82815af52991a77a3546dbbc80c3e53c3a4546fe7f1c0b2dd22100a943b83125c0d0e9a7c5412aa1245c228e13bb9d176fd3734c75963d18260ae25ee11a4588a41c480220bd089223cf5bb70318d4109b5ba190525362374b457b4f198a916ff6066acc5d6e1e3d19a48b2d89ce74cf9338c9ac9ed32343536549b694eb334a5c6316522bd7c703e2df29e6266d7b715ab740098dc98c4338ea91ca592f686ac5b09ceed0fc17ad127b817556289d039bed5f7afeb9922a25a64e6259e9dfa407bc595e97b3a234c053061e9d216292b60c9f2d2465b42c31a8b0357209c6134d3b94d9bc68af60204738301072792e416c8dc612405b766bc2bc4b97acde6f6844b5fb2dfee21be5c1d91a2301bdd5740852ebc8df9c36fb1ff7d8aaee18e2c75c9763366fa7692f87f7d1076980436892251203790599dc789310964a9c03f88dc1f1c0b1cac159f5e36399c75cdb805744486f5624876e81af3f0e1590d098183a40afecf0841d0acf687b13049148eed079796bbb6c1edd3f5c0f5661a2d329b0165ac12f5cf58606970656d2c4d13a4cf2e15aaec175fc59bd9f23ea7869db744fcc0eba039259c7e541efaa066106e9b2c92bdded3e42884a8a02e71457f44775692a1c4fd845ff5ba8595c55ad4bb2177f975de0d22e0feac37f5c3f16426ebcd99d17c829759ac72dc1448661394d3a104999cd40cb09d086146cc92c6408ab1a0b0ad898cbfe76d4962ad0eec1c572a78f9d7342c3de64e881e99afc5b1df3227e198c79c1727a141a8a9da7ba3aae5b3e4ee59a84020191b70fa928d7ce136904c0b03c6c13391f55b381e2df7087b00932251ad7688117cd02ef5ceb5c7dda16d069de3a3e3ff2e341db15df06a96cab1ad2a51db41310ac48d572229695ca941cdfc8416b4307ac6dc176566635bc87d94557e7e4f7a14bdf86d1293c6dafe9ecc280d1a36cc6734485d41b6bd6a33e3605591d98e17fd34f901cdbc33710d768f791b9600218fed28a5d21a0e6589c7d6fb5120c8446eba3a8c8b39dddff369b30cffc0426484ef0b6f6664bec8655e040b2bb3fe3f6863c0a36fe182e3627f6ac38d23050092327f8b67beef764bc35207ed73e4850b43a229d48105d3649c45dc658e27b964b149f978b884268e69a4b353a06e473da3dc7d94c93f7070aae7f3cd2b422840ae55105a6ade053b47b2c72f8b7bad5edc52bc6a8daae76922517e6e3f19b82c5a286e7bfc7254d764ddb79c612e91e1bc61927ad424d1914043a6aacfecb7c90ffb16797349a1ec02de9585b51f19da3a0665f484826f77759234b4b4b7ebf0e176fde2571abc3d4714b543000a1726743dc9e0e6c0bc393b25300287603f47464988eed454ca2dc4377c4c1056f688aa1b5a40d380ba787e962f5cbb902db29a084e305b68f289df8112d19b9a34a32b76a827aa607eb306982aa8aa071c3909c9d1120a0e15a041524eeb12cba62e0378ffcfdf14821710c0d767e32e6a1bd09e76e4f6f9fe4843a967bd633a5fae28a3ae1f64861df70aec3c0cff134a5c8609f011686a430a0c7ef3a36a34a36e0d401b51e51c7eb6e8d13e8616f8c40f0bea3ed9c2b722e141567dbb558da1d7c509ee205b2e9936702b79cec40270398b97dc3525bad7b6809aece6cbe80728c4a188935aaad9edf706a557b84614741259345dfcff830299c640ab3cc534bc1ed744b3a935bb2943e4f8582600394b43269bb94b7c8b6de766770c43b96b04d59d6bb15831fe0bfbc0bb930141d0bd64c280c0a42f49380dd315adab35a4ebaa081ae1f736669156088e2d07670169ec89b85fe4149362135b290336c20451330a968e457c1c8b30ba6ee5ec335b9356a84a19dd459d49ed0b12f730289c24565d2ab0c1d5ed68fb4fa92800c8be4eba970913dd2cec7cfc1617ef0b3f7cae1d2979d2944bcdc375cf0c16a86ac6d5ed98a8d9405b674108f0bfb16b9c0408b134bec0df951bbf261ebc0be30ef15321bf82a6a482bc02db237e1a3d0c401316082ba674962a819d73671829f329b67dd5fcf3715fe6219fbf3631d265a5f0c7cfc3c107e469a55318357fc4f5f28fe48c534025fe0c1f06fa815987b7e1f5acd5a16fdd1c0dccb18d1047f8fb837affeb16dffbf91e01ea904571b21a1c0ac3cab6054314a7becb4188c96596258661a8eb71fcb374ada50b4c8e381f8e76a6b56a9e20a04ecf87445eb164760a4b9abcf96be310a9e0c2ac067f3be2bc05aeb0e91e9998bd1be01c68ce885edb372ca48d8518b45ecce90e2144c2356ceac563bfb4735ce0f21427bec2f728798578ef3c83e0a9ec0e16c4bb1ee24e99ca4dec6888eec3727702e058a3e0d5b8d5a72819b5b9dedd5e698ddb1f4542bd19f6cfdfe62cc179c7ee17307d2d8868c61d061a9310b8a037009017d24dcc6137f79926e20ff015cef3de464c2a9774b1db06a885782ac5abfcd1d48a0d65cdb898d3acaf6fbe347d4a80c9455cf7f16d8c890bc629b5d28d669e74db300023471c887f718ad5e7150890e7fdb8c78f2e63f727b205c71640840bedc58f9a52445ea55b95a6b7ddb7919e64728f716ad19c416fb51bac0e3535ff50a16acf7bdfe8066d519ce21ca4a17e4008c00b9f21c72f718d4de2d0cbeff5ca13032d498540478685bc7e45b4d5773c28acc39e58737dc2a3c907bef44e3e2af584fc7aac8f0e7d82fffc341cc984a9a7523de2ef72970646ce8b0d608315d888cc7cfa0f32d1d8da8aa646d9ad12b5dbe8049178b1ffe3bd13183d76dd06073cbca93685f096d8aedfde7c16060ca6bf3d14a24fcfa073673d77321ebfb290b2e92ea026e69ac6881a94e9ebc9b8ddb799ffb8ee771b7951312cc110a1c99a06529c0a0775b830805c54367001ceb69dcf5ab6a11d197bf1d170f686d53ec1b9635db856fd27b92e966f6c6a59ba8bb1ba812937d1b1e68193b3d7e4b213f7eb2a716717a73db04dd22878bfc34646499ded4a7acbffe6694bbae40635e6f0f322dc1662eb7e34b5a1f4a19c0c77bf2faa29b4aa2e2bb88238302cebc0210674473a3a440ddd1ce34317d74638acef8f6b8e471568887a6192a9ddf7c9d003e4890e4390a05bb5a0de8ca6ee7cebe360e6a7b326b3bf56f08fe8732fe8cf56781054ee56db70b45719f40b529d9cc9ff65362fae742c19b958cced92dac22a880ed6def03c3729612bb0ee34ff18557087a103474eff4f8066f8f25379a4d823f95718afbe5601a613abf3af27d247c88fba62280e904c4038fd8b370018a103693091ad3a44fb8be1e73fe9651c8beb51d70f945ca6ac32585b1a693b2d4598178839c10a7e60553fc83122647c5853e31bdef3a1b304da02a5b6df5d37217749c03467024a70703e32d0ec971ce4a8bab10b7a5a12303a7db83526a7fa3c4ec9fc6e125089c05f3a16e7be89249495e5b20cd6857c93378f524d0c46894e595ee76e301bd6da1743ae4e7e750ad8c4f0282f0bbf12e90383af5796e447fee78e302cf46e3a45126fd59d49a624f7033caeac61d49e147d5ed8e85a90c8914efbdfe2bebdf2ae19b58ce9b61684697dc6f0c65088437df7ec3810724ad7a021ec82b0351826dad927acd1a0662f7fc0278bcfcaafa11315bf5121d1b62f0f0471c54052bee73f2b1fb4139243a6d8de170c80604eadab39021306ff9cf5ce751af1fef52e232fc7c64247e32119e4de98d076b0dc84cf918100d8d3ebff83abefee2353acd133612e3815b8ae14d4f0d1006152807e3b42e035b9a62b58d64706730809a21440c7a9ea228ee033abf7cff2343fc4360b541311fa9ad18110be064ccab41436ca6560081111528dd2eb46a961392f024026d127b5836466fdfba1078b1a89f4c88bf8244b640da376a81142db5b1f27bc7e429cc15e6bad993f3d76f2ba3ff0815895361f20067f57fddd43f44b47375340c39283b3871a68f28b0a8166ac3ee35c8393278d5d2d3887c8a0a964f56f1769c29adbba6fbca7901415e2ab3b63f82d09caa3bf6e7f2e743aa073b57ed8a097f80c47ee546e2fe7b4f6fcbc98770fd7e9f1480517f26656171d394cf47ea395bfb995c087f93cde36b07f3507de2ae23d75b000a532c71265521631e4f8126c5eb96f15d04f183e2162ad9c967c0a1c291f1f1fc2b644271f160764af4e469823c3535ebb25cbc37f09b43fbd258b4a1d45335f162ad5f3d9e5406b671811cc0a16e76f4874041bac7b116483a0727f59a2144ca0490fb8acac82e62cba2e45442d4bf35e49f240a57f542be5df86f6942a5a4b82ff437ff2494c7837d22711aae24265a954d8b6e44b731022214e97ef1111f9bd5fde591bba1541799641670bdb290bd45c15c6b7f594179e3a81873f60e382de67bfe33ec177b64950e05706f1243388ffce2a541c5f30a72cf25623e1c35e72bdebf6d87b4684ff156efb10f96392ddb71353d8c8535173ce57ca41905afbef07ba646a067b2fd71bf3e9335e47672fb43639d7a6a4d51923243121724cb3bca92d304ba2c3fc4942b50c302f1ebb15902c5e191d0b3588df150ddb6aa67477a0046394f6ba91c38cb70d4bf5181e5e99d5c5e1fc39ed3c9b793f0520cf96831d65d51b0ecd92e3bee353b413483fa57690152bb4b524fa6d81d82f66bc2b260a40c232dabe1962f0349a078ec42ccc93bd4acbbcfe61af01388719bcf395f27c401f604684a312624820bfa594755fba5a7f61a7d59f364122398b573f37af4b0526099350b43e5bb8c42300be4f2f78a7fd5a317cb6a7cba8758d25122bb3e0fdab6d4968a668fb6db5e9a7944a78dbb0760059e1f3c2e372f28f3787c1c0163fdcf4812c48c08a381a651d4acab89797cf7a4cb1b792d049fdb4d61eb5e65e2870d94b5b23adbabb1c3e6860a021ec90e226475e5b7358199ffe783536ad7be7437b536affb32c74d5c7702b2d6eb47f3b14132bc270ee6ff482fcf6bd5125ac3b17f72e1de54f07d8f97535a0e59c5b8738c9aa630eeddb0c72d3320bf6e99eaf2b321965734106a49b82c57851f2cdbfcbe7197c3eee3a51e03beedb57a186972f0c276579c0cd429e012b3c09f697ec9a71aa074385e1a1c3d3f235bf6e72072be48d025965866667d64a9d80a18baba65ebf3594c5514dee7e4b414e72f79a47a6aab389cfdc5258d08bbb808c97e1f6e0598bc8b7935dc6faa051a95635cc31169b5b8a044a7ecdb9435b1dd5dcf7d28998cb834212777b49a02932787bd690f102fb0772284feed90aa7b5b4887c8d397c0350a010dffe01c6d35e0de2685e6dcc5e71e1542998610b12eec1cebf0bcfa4ddce0bf7b666216c1a352818e941904203dd64d7a253c9632672885e83e2bccd48410a80294a4628f24913cca629fbc5f4a5c4fa0c3c918f479c2247b8cd3768a144894ee10f41f73d18555661b68679dc09f6fb8647f85a4c752d66679468f96400f300d2636e97af596fccb3fa68038ec626d896b40b1297ab4f849dbbe109886fdb3db6cd230271a8c164be8565772125c86059dcb3aa18d40cbcc356450859b5c157f60f4c657d38c0abf8287a836ced10d852025b70000b04d6977306b5d19cac3ed6d50cf0f2a623fce68a233dd6263c0635783998d0a2da76d5080ca8aac7afe8b5750004be87b260f5c6f6dfe4ffbe55fa86924b3fae0f84e2c23f608f41e4d4e4611f22cb282d9ec2413817656806265cd4b0ec24b2ccf79235f348d5d327618c79717f4a849bf838ce3edf7b02fc27bf92abe64aded9f6f2ee8857384dbf63f88471c73cc28366c30b37361ccdb95e16523a6f65f198906b75e148e9ca78ea7e823db6ab7221697e5fc285dfb308ccfa47980e7c4bb4f6047da4cb127ba2334b6ae616098149ffb0cfd5467dc97580d838929b5363768030a59ee1b60f60194094ca8f02ba5aa3eccf7eab811a8204f6f73a886f74d0ac4669d282c7f1cfb29b26f4902f6f7e0b027b01090f362313a5ad20aa719432cea2444959d19c7889f5b3c37ae7439974bd7cb2c03279a402418600bc854b1f9456d62081a89c931b1bf427e3f495e4dcb6f85d9beb948c62a19ea47b40a00525704bda039ba87a7ea1a674da1e9d2da3878438ef4f48fb764f65841934fe0d1886714a422f1b13db25c0587f4557c042545fbae6c91aa2e9fc5a8f84b5fe90427192b0140527c56fc437be55a48d0a82d2fbb8e5254da21a3d48e5632933d1a54b3a2c0bc7ea34321640708a5790185b1f00439971d676ae6fddf92db22bc801cce738768b0618578f192fcfb4a9b9d736b61f7aeaac0ae76039ee17052f20c23754c9e3ab751a5567648eeae2de4183a7ae6d6149eeca6566a7388c3c7ff41bc7e3858978ea73dae0c9af915232f9f05308bb6b7f99fcd265a95edc4ff3ff5ccb02840c75f4d19a118deb7ef445f617bcd15a8c6fb975e51e776527eff86c7b50bcae2e3797d26237ae8e9722639decaf9489b12ad7aeaff6db3e447df91302ac942de2b6ff30b1eb506a43a0e65f02de7d512f41ee700d62b70b982d55dca30494c04a28adee874a1c7c", 0x2000, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x90, 0x0, 0x40100000003, {0x3, 0x3, 0x716, 0x81, 0x2, 0x2c7, {0x1, 0x38000, 0x8, 0x8, 0x1a24, 0x9, 0x5e7, 0x7e, 0x9, 0x6000, 0x3, 0x0, r2, 0xf, 0x10000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

52.617688ms ago: executing program 6 (id=5018):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)={0x30, r2, 0x8d61ddcfedb48df, 0x0, 0x2, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'macvlan0\x00'})
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000004}, 0x8004)
setsockopt$MRT6_DONE(r0, 0x29, 0xc9, 0x0, 0x0)

42.411528ms ago: executing program 6 (id=5019):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file1\x00', 0x101000, 0x5e)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, 0x0)
getdents64(r0, &(0x7f0000000240)=""/187, 0xbb)

26.452269ms ago: executing program 6 (id=5020):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="7b87f20f", @ANYBLOB="01", @ANYRESOCT=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

17.557889ms ago: executing program 6 (id=5021):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=@delchain={0x24, 0x66, 0xf31, 0xfffffff8, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xc}, {0x0, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)

8.224869ms ago: executing program 6 (id=5022):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000240)={0x0, &(0x7f0000000c00)=[@wrmsr={0x65, 0x20, {0x90e, 0x7}}], 0x20})
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f00000000c0)={0xbc, 0x0, 0x3})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x7fffffffffffffff, 0x8, 0x8, 0x7, 0x1, 0x81, 0x5, 0x1, 0xa3e4, 0x3, 0x5, 0x1, 0x0, 0x5, 0x7, 0x2], 0x60000, 0x4300})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

0s ago: executing program 6 (id=5023):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
bind$packet(r2, &(0x7f0000000d00)={0x11, 0xf8, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
socket$packet(0x11, 0x3, 0x300)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)

kernel console output (not intermixed with test programs):

9] device veth1_macvtap entered promiscuous mode
[   97.604460][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   97.627782][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   97.651988][ T5748] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2204'.
[   97.735994][ T4316] device bridge_slave_1 left promiscuous mode
[   97.744410][ T4316] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.766226][ T4316] device bridge_slave_0 left promiscuous mode
[   97.782599][ T4316] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.798626][ T4316] device veth1_macvtap left promiscuous mode
[   97.814063][ T4316] device veth0_vlan left promiscuous mode
[   98.054056][ T5777] overlayfs: failed to clone upperpath
[   98.105065][ T5785] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[   98.381710][ T5841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2242'.
[   98.403111][ T5843] syz.2.2243[5843] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   98.403181][ T5843] syz.2.2243[5843] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   98.947288][   T28] kauditd_printk_skb: 17 callbacks suppressed
[   98.947305][   T28] audit: type=1326 audit(1764622672.028:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5848 comm="syz.2.2246" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc9d7f8f749 code=0x0
[   99.317016][   T28] audit: type=1400 audit(1764622672.398:676): avc:  denied  { mount } for  pid=5883 comm="syz.6.2260" name="/" dev="ramfs" ino=36336 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   99.822595][ T5920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2278'.
[  100.161215][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  100.180512][   T28] audit: type=1400 audit(1764622673.258:677): avc:  denied  { mounton } for  pid=5949 comm="syz.1.2291" path="/429/file0" dev="tmpfs" ino=2355 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  100.586001][ T5959] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2295'.
[  101.072482][ T5991] netlink: 'syz.5.2309': attribute type 12 has an invalid length.
[  101.122153][ T5994] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2310'.
[  101.155392][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2312'.
[  101.850296][   T28] audit: type=1400 audit(1764622674.929:678): avc:  denied  { create } for  pid=6035 comm="syz.6.2328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  102.019392][ T6041] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2331'.
[  102.046714][ T6043] device wireguard0 entered promiscuous mode
[  102.425801][ T6064] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2340'.
[  102.556342][ T6071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6071 comm=syz.2.2342
[  103.430999][ T6115] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  103.467205][ T6115] device veth0_vlan left promiscuous mode
[  103.480917][ T6115] device veth0_vlan entered promiscuous mode
[  103.518986][ T6115] device veth1_macvtap left promiscuous mode
[  103.540486][ T6115] device veth1_macvtap entered promiscuous mode
[  103.560391][ T6115] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  103.581013][ T6117] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2362'.
[  103.638913][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.655546][ T4316] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.662874][ T4316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.702078][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.743195][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.767791][ T4316] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.775025][ T4316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.811081][ T6123] syz.6.2364[6123] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  103.811184][ T6123] syz.6.2364[6123] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  103.829699][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.898257][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  103.922093][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  103.939973][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  103.956710][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  103.977534][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.003704][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.027384][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.043673][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.053072][   T28] audit: type=1400 audit(1764622677.140:679): avc:  denied  { mount } for  pid=6135 comm="syz.6.2370" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  104.085277][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  104.113494][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  104.142333][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  104.171427][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  104.184084][ T2717] kernel write not supported for file bpf-prog (pid: 2717 comm: kworker/0:9)
[  104.194711][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.222196][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  104.255739][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.295909][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  104.324672][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  104.342929][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  104.361906][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  104.379195][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  104.396225][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  104.414056][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  104.432665][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  104.449982][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  104.466733][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  104.483856][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  104.501662][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  104.517239][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.533699][ T6119] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2362'.
[  104.554551][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  104.735692][   T28] audit: type=1400 audit(1764622677.821:680): avc:  denied  { bind } for  pid=6161 comm="syz.0.2382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  104.784675][   T28] audit: type=1400 audit(1764622677.841:681): avc:  denied  { getopt } for  pid=6161 comm="syz.0.2382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  104.802453][ T6162] SELinux: failed to load policy
[  104.810511][   T28] audit: type=1400 audit(1764622677.841:682): avc:  denied  { load_policy } for  pid=6161 comm="syz.0.2382" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  104.844499][ T6168] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2380'.
[  105.012216][ T6187] binder: 6185:6187 ioctl c0306201 200000000640 returned -22
[  105.178812][   T58] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  105.849213][ T6230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6230 comm=syz.0.2411
[  106.080129][ T6244] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2417'.
[  106.662689][ T6258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2423'.
[  106.673022][ T6258] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2423'.
[  106.748627][ T2706] kernel write not supported for file bpf-prog (pid: 2706 comm: kworker/0:6)
[  106.821941][   T28] audit: type=1400 audit(1764622679.902:683): avc:  denied  { write } for  pid=6271 comm="syz.0.2429" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  106.846138][   T28] audit: type=1400 audit(1764622679.902:684): avc:  denied  { open } for  pid=6271 comm="syz.0.2429" path="/35/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  106.875398][ T6278] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2432'.
[  107.219053][   T58] kernel write not supported for file bpf-prog (pid: 58 comm: kworker/1:2)
[  107.922354][ T6336] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2453'.
[  107.931731][ T6336] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2453'.
[  107.958028][ T2716] kernel write not supported for file bpf-prog (pid: 2716 comm: kworker/1:9)
[  108.286110][ T6374] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2468'.
[  108.295633][ T6374] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2468'.
[  108.318952][   T28] audit: type=1400 audit(1764622681.402:685): avc:  denied  { relabelfrom } for  pid=6375 comm="syz.0.2470" name="NETLINK" dev="sockfs" ino=38061 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  108.354778][   T28] audit: type=1400 audit(1764622681.422:686): avc:  denied  { relabelto } for  pid=6375 comm="syz.0.2470" name="NETLINK" dev="sockfs" ino=38061 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_tcpdiag_socket permissive=1
[  108.381505][   T28] audit: type=1400 audit(1764622681.432:687): avc:  denied  { read write } for  pid=6380 comm="syz.6.2471" name="file0" dev="tmpfs" ino=2689 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  108.404964][   T28] audit: type=1400 audit(1764622681.432:688): avc:  denied  { open } for  pid=6380 comm="syz.6.2471" path="/510/file0" dev="tmpfs" ino=2689 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  108.557183][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  109.029056][ T6387] overlayfs: failed to clone upperpath
[  109.218648][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  109.218663][   T28] audit: type=1326 audit(1764622938.302:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6407 comm="syz.0.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670df8f749 code=0x7ffc0000
[  109.682457][ T6419] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  109.858478][ T6429] fuse: Bad value for 'fd'
[  109.950798][ T6439] overlayfs: failed to clone upperpath
[  110.277939][ T6472] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2514'.
[  110.555001][   T28] audit: type=1400 audit(1764622939.632:691): avc:  denied  { remount } for  pid=6497 comm="syz.6.2526" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  110.742451][   T28] audit: type=1326 audit(1764622939.822:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.786819][   T28] audit: type=1326 audit(1764622939.822:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.825718][   T28] audit: type=1326 audit(1764622939.832:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.854861][   T28] audit: type=1326 audit(1764622939.832:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.917214][   T28] audit: type=1326 audit(1764622939.832:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.941563][   T28] audit: type=1326 audit(1764622939.832:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.966818][   T28] audit: type=1326 audit(1764622939.832:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  110.991205][   T28] audit: type=1326 audit(1764622939.832:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6520 comm="syz.6.2537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  112.433095][ T6558] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6558 comm=syz.2.2554
[  112.458348][ T6562] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2556'.
[  112.738438][ T6592] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6592 comm=syz.0.2568
[  112.778043][ T6597] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2569'.
[  113.504321][ T6629] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6629 comm=syz.6.2582
[  113.921023][ T6674] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2601'.
[  113.944968][ T6674] device vlan1 entered promiscuous mode
[  113.957100][ T6674] device gretap0 entered promiscuous mode
[  114.106779][ T2716] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  114.296795][ T2716] usb 1-1: Using ep0 maxpacket: 16
[  114.310741][ T2716] usb 1-1: config 61 has an invalid descriptor of length 0, skipping remainder of the config
[  114.323110][ T2716] usb 1-1: config 61 has 0 interfaces, different from the descriptor's value: 2
[  114.353090][ T2716] usb 1-1: language id specifier not provided by device, defaulting to English
[  114.382916][ T2716] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  114.406532][ T2716] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.423030][ T2716] usb 1-1: Product: syz
[  114.436023][ T2716] usb 1-1: Manufacturer: syz
[  114.445047][ T2716] usb 1-1: SerialNumber: syz
[  114.655138][ T2716] usb 1-1: USB disconnect, device number 4
[  114.707730][ T6713] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2619'.
[  115.346435][ T6751] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2636'.
[  116.104406][   T28] kauditd_printk_skb: 10 callbacks suppressed
[  116.104422][   T28] audit: type=1326 audit(1764623713.185:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.135557][   T28] audit: type=1326 audit(1764623713.185:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.159722][   T28] audit: type=1326 audit(1764623713.185:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.200280][   T28] audit: type=1326 audit(1764623713.185:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.234253][   T28] audit: type=1326 audit(1764623713.185:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.265878][ T6782] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2651'.
[  116.284509][   T28] audit: type=1326 audit(1764623713.185:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.322303][   T28] audit: type=1326 audit(1764623713.185:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.351790][   T28] audit: type=1326 audit(1764623713.185:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.378777][   T28] audit: type=1326 audit(1764623713.185:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.403331][   T28] audit: type=1326 audit(1764623713.185:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="syz.2.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  116.486801][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  117.918668][ T6857] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2693'.
[  118.462198][ T6879] netlink: 'syz.2.2690': attribute type 12 has an invalid length.
[  118.754477][ T6896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2699'.
[  118.858664][ T6900] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.485457][ T6933] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2715'.
[  119.497067][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2715'.
[  122.516135][ T6973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6973 comm=syz.5.2732
[  122.617734][ T6975] sch_fq: defrate 0 ignored.
[  122.649098][ T6983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2735'.
[  122.696510][ T6983] HTB: quantum of class 800E000A is small. Consider r2q change.
[  122.815391][   T28] kauditd_printk_skb: 77 callbacks suppressed
[  122.815408][   T28] audit: type=1400 audit(1764623719.895:797): avc:  denied  { map } for  pid=6996 comm="syz.0.2743" path="socket:[39937]" dev="sockfs" ino=39937 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  122.848606][   T28] audit: type=1400 audit(1764623719.895:798): avc:  denied  { accept } for  pid=6996 comm="syz.0.2743" path="socket:[39937]" dev="sockfs" ino=39937 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  122.863130][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  122.925975][ T7002] syz.0.2745[7002] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  122.926057][ T7002] syz.0.2745[7002] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  122.939425][ T6999] device veth0_vlan left promiscuous mode
[  122.961260][ T7002] syz.0.2745[7002] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  122.961333][ T7002] syz.0.2745[7002] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  122.979609][ T6999] device veth0_vlan entered promiscuous mode
[  123.033241][ T6999] device veth1_macvtap left promiscuous mode
[  123.047630][ T6999] device veth1_macvtap entered promiscuous mode
[  123.059516][ T7006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2747'.
[  123.092755][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  123.102853][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.117341][  T357] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  123.125674][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.133774][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.147145][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.165801][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.175883][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.192441][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  123.202110][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.211194][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  123.220175][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.229153][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.237514][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.245788][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.267225][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.277326][ T7013] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7013 comm=syz.5.2750
[  123.291378][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  123.291469][   T28] audit: type=1400 audit(1764623720.375:799): avc:  denied  { mounton } for  pid=7014 comm="syz.6.2751" path="/582/file0" dev="tmpfs" ino=3073 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  123.323102][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  123.343084][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  123.363088][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  123.374107][   T28] audit: type=1400 audit(1764623720.415:800): avc:  denied  { append } for  pid=7014 comm="syz.6.2751" name="file0" dev="tmpfs" ino=3073 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  123.400623][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.418970][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.437443][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.446964][   T28] audit: type=1400 audit(1764623720.415:801): avc:  denied  { open } for  pid=7014 comm="syz.6.2751" path="/582/file0" dev="tmpfs" ino=3073 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  123.465968][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.478912][   T58] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  123.495455][ T7023] xt_CT: You must specify a L4 protocol and not use inversions on it
[  123.504215][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  123.513695][   T28] audit: type=1400 audit(1764623720.435:802): avc:  denied  { bind } for  pid=7016 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.517917][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  123.541018][   T28] audit: type=1400 audit(1764623720.435:803): avc:  denied  { setopt } for  pid=7016 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.545424][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  123.593707][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  123.612321][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  123.625671][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  123.633822][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  123.642837][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  123.652076][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  123.660769][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  123.668847][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  123.676634][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth5: link becomes ready
[  123.684413][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth4: link becomes ready
[  123.758502][ T7047] xt_hashlimit: max too large, truncated to 1048576
[  123.769450][ T7050] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2766'.
[  123.784476][ T7050] netem: change failed
[  123.909341][ T7070] netlink: 'syz.0.2777': attribute type 3 has an invalid length.
[  123.917584][ T7070] netlink: 'syz.0.2777': attribute type 3 has an invalid length.
[  123.925915][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2776'.
[  123.936584][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2776'.
[  123.946582][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2776'.
[  123.956034][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2776'.
[  123.988488][ T7079] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2781'.
[  123.997906][ T7079] netem: change failed
[  124.002148][  T357] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  124.058362][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2785'.
[  124.357068][   T28] audit: type=1400 audit(1764623721.445:804): avc:  denied  { map } for  pid=7120 comm="syz.0.2799" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  124.359565][ T7121] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  124.918617][ T7154] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  124.926424][ T7154] IPv6: NLM_F_CREATE should be set when creating new route
[  124.933773][ T7154] IPv6: NLM_F_CREATE should be set when creating new route
[  124.960972][   T28] audit: type=1400 audit(1764623722.045:805): avc:  denied  { read } for  pid=7158 comm="syz.0.2818" name="event0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  125.037277][  T357] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  125.045157][  T357] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  125.756904][  T357] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  125.874315][ T7227] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7227 comm=syz.2.2844
[  125.956861][ T2716] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  126.030516][   T58] kernel write not supported for file bpf-map (pid: 58 comm: kworker/1:2)
[  126.148126][ T2716] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  126.160148][ T2716] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 1.41
[  126.169982][ T2716] usb 2-1: New USB device strings: Mfr=0, Product=246, SerialNumber=2
[  126.178305][ T2716] usb 2-1: Product: syz
[  126.182691][ T2716] usb 2-1: SerialNumber: syz
[  126.190925][ T2716] usb 2-1: config 0 descriptor??
[  126.198445][ T2716] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  126.207651][ T2716] usb 2-1: Detected SIO
[  126.215058][ T2716] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  126.401896][ T2707] usb 2-1: USB disconnect, device number 10
[  126.408710][ T2707] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  126.418942][ T2707] ftdi_sio 2-1:0.0: device disconnected
[  126.666218][ T7250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2857'.
[  126.708958][ T7250] netlink: 'syz.2.2857': attribute type 6 has an invalid length.
[  127.456956][ T2716] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  127.638023][ T2716] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.649213][ T2716] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.659984][ T2716] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  127.669164][ T2716] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.678165][ T2716] usb 2-1: config 0 descriptor??
[  128.086230][ T2716] pyra 0003:1E7D:2CF6.000B: unknown main item tag 0x0
[  128.093368][ T2716] pyra 0003:1E7D:2CF6.000B: item fetching failed at offset 4/7
[  128.101215][ T2716] pyra 0003:1E7D:2CF6.000B: parse failed
[  128.107342][ T2716] pyra: probe of 0003:1E7D:2CF6.000B failed with error -22
[  128.288058][ T2707] usb 2-1: USB disconnect, device number 11
[  128.548301][   T28] audit: type=1400 audit(1764623731.638:806): avc:  denied  { ioctl } for  pid=7314 comm="syz.2.2888" path="socket:[40410]" dev="sockfs" ino=40410 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  128.658671][ T7323] syz.2.2892[7323] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.658764][ T7323] syz.2.2892[7323] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.671780][ T7323] syz.2.2892[7323] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.684057][ T7323] syz.2.2892[7323] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.876794][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  128.935612][ T7345] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2902'.
[  128.950083][ T7345] netlink: 'syz.6.2902': attribute type 6 has an invalid length.
[  129.656499][ T7386] device veth0 entered promiscuous mode
[  129.662982][ T7386] device batadv_slave_1 entered promiscuous mode
[  129.671318][ T7386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2920'.
[  129.681330][ T7386] device veth0 left promiscuous mode
[  129.750998][ T7385] device batadv_slave_1 left promiscuous mode
[  130.693183][ T7432] device veth0 entered promiscuous mode
[  130.711162][ T7432] device batadv_slave_1 entered promiscuous mode
[  130.719643][ T7432] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2942'.
[  130.752862][ T7432] device veth0 left promiscuous mode
[  130.805725][ T7431] device batadv_slave_1 left promiscuous mode
[  132.175610][   T28] audit: type=1400 audit(1764623735.258:807): avc:  denied  { associate } for  pid=7445 comm="syz.5.2947" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  132.517654][ T7470] bridge: RTM_NEWNEIGH with invalid ether address
[  132.534852][ T7473] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2958'.
[  132.661458][ T7492] netlink: 'syz.6.2968': attribute type 12 has an invalid length.
[  132.741492][   T28] audit: type=1400 audit(1764623735.828:808): avc:  denied  { watch watch_reads } for  pid=7499 comm="syz.6.2972" path="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  132.945706][ T7517] overlayfs: failed to clone upperpath
[  132.967549][ T7519] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2983'.
[  132.979950][ T7517] overlayfs: failed to clone upperpath
[  133.024712][ T7519] netlink: 92 bytes leftover after parsing attributes in process `syz.6.2983'.
[  133.116869][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  133.128158][ T7531] netlink: 'syz.1.2986': attribute type 12 has an invalid length.
[  134.557243][ T7593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=7593 comm=syz.0.3017
[  134.656534][ T7600] netlink: 'syz.5.3019': attribute type 12 has an invalid length.
[  135.123436][ T7614] overlayfs: failed to clone upperpath
[  135.184332][ T7618] xt_bpf: check failed: parse error
[  135.195055][ T7616] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3027'.
[  135.628081][ T7636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3036'.
[  135.659238][ T7636] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3036'.
[  135.755289][ T7650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3042'.
[  136.699796][ T7693] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3060'.
[  136.932325][ T7711] netlink: 'syz.0.3068': attribute type 12 has an invalid length.
[  136.957095][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  137.028720][ T7725] syz.6.3076[7725] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  137.028813][ T7725] syz.6.3076[7725] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  137.319825][   T28] audit: type=1400 audit(1764623740.408:809): avc:  denied  { append } for  pid=7742 comm="syz.1.3084" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  137.344996][ T7743] netlink: 'syz.1.3084': attribute type 16 has an invalid length.
[  137.363632][ T7743] netlink: 'syz.1.3084': attribute type 17 has an invalid length.
[  137.372007][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  137.380815][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  137.388694][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  137.397244][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  137.405738][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  137.413852][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  137.421882][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  137.429921][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): sit0: link becomes ready
[  137.438108][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): ip6tnl0: link becomes ready
[  137.445899][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gre0: link becomes ready
[  137.453900][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  137.462059][ T7743] device ip6gretap0 left promiscuous mode
[  137.468265][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gretap0: link becomes ready
[  137.476548][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  137.483992][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  137.491672][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  137.499987][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): wg0: link becomes ready
[  137.508556][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): wg1: link becomes ready
[  137.516340][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): wg2: link becomes ready
[  137.527454][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): xfrm0: link becomes ready
[  137.536622][ T7743] device veth0_vlan left promiscuous mode
[  137.542773][ T7743] device veth0_vlan entered promiscuous mode
[  137.549731][ T7743] device veth1_macvtap left promiscuous mode
[  137.556382][ T7743] device veth1_macvtap entered promiscuous mode
[  137.563163][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge1: link becomes ready
[  137.571178][ T7743] device ip6gretap0 entered promiscuous mode
[  137.577450][ T7743] device macsec1 left promiscuous mode
[  137.583132][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  137.590647][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  137.599152][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): ip6tnl1: link becomes ready
[  137.607867][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): macsec1: link becomes ready
[  137.615663][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  137.624340][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  137.633420][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  137.643501][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  137.652752][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  137.661547][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  137.670807][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  137.679899][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  137.688356][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  137.700821][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  137.709929][   T28] audit: type=1400 audit(1764623740.798:810): avc:  denied  { ioctl } for  pid=7756 comm="syz.0.3089" path="/dev/uinput" dev="devtmpfs" ino=262 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  137.710341][ T7757] input: syz1 as /devices/virtual/input/input9
[  137.738675][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  137.748398][   T28] audit: type=1400 audit(1764623740.828:811): avc:  denied  { read } for  pid=88 comm="acpid" name="event3" dev="devtmpfs" ino=947 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  137.753884][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  137.773714][   T28] audit: type=1400 audit(1764623740.828:812): avc:  denied  { open } for  pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=947 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  137.781444][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  137.815136][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  137.824737][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  137.834751][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  137.843183][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  137.851829][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  137.860619][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  137.869404][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  137.872174][   T28] audit: type=1400 audit(1764623740.828:813): avc:  denied  { ioctl } for  pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=947 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  137.878365][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  137.911614][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  137.920047][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  137.928268][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  137.936020][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  137.944557][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  137.953299][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  137.967993][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  137.976220][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  138.031308][ T7773] netlink: 'syz.5.3097': attribute type 12 has an invalid length.
[  138.146271][   T28] audit: type=1400 audit(1764623741.228:814): avc:  denied  { getopt } for  pid=7786 comm="syz.0.3103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  138.717824][ T7820] device bridge0 entered promiscuous mode
[  138.724358][ T7820] bridge0: port 1(macsec0) entered blocking state
[  138.731626][ T7820] bridge0: port 1(macsec0) entered disabled state
[  138.740031][ T7820] device bridge0 left promiscuous mode
[  138.900522][ T7840] syz.5.3125[7840] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  138.900633][ T7840] syz.5.3125[7840] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  138.986118][   T28] audit: type=1400 audit(1764623742.068:815): avc:  denied  { map } for  pid=7849 comm="syz.6.3132" path="socket:[42453]" dev="sockfs" ino=42453 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  139.784261][ T7878] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7878 comm=syz.6.3154
[  139.842335][   T28] audit: type=1400 audit(1764623742.928:816): avc:  denied  { create } for  pid=7885 comm="syz.6.3147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  139.918788][   T28] audit: type=1326 audit(1764623743.008:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7891 comm="syz.5.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe95978f749 code=0x7ffc0000
[  139.976827][   T28] audit: type=1326 audit(1764623743.008:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7891 comm="syz.5.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe95978f749 code=0x7ffc0000
[  140.148974][ T7915] netlink: 'syz.2.3161': attribute type 15 has an invalid length.
[  140.169701][ T7915] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3161'.
[  140.290608][ T7932] bridge: RTM_NEWNEIGH with invalid ether address
[  140.655086][ T7955] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3180'.
[  140.682711][ T7957] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3181'.
[  140.698155][ T7957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3181'.
[  141.207990][ T8137] overlayfs: failed to clone upperpath
[  142.935701][ T8164] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  142.954793][ T8164] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.964615][ T8164] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.001807][ T8168] netlink: 'syz.0.3201': attribute type 15 has an invalid length.
[  143.014937][ T8168] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3201'.
[  143.027374][ T2717] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  143.082886][ T8169] netlink: 'syz.6.3208': attribute type 16 has an invalid length.
[  143.110783][ T8169] netlink: 'syz.6.3208': attribute type 17 has an invalid length.
[  143.151899][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  143.171315][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  143.188537][ T8169] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.195717][ T8169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.223931][ T8169] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.231229][ T8169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.274259][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  143.296030][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  143.303989][ T2717] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  143.318113][ T8169] device vlan1 left promiscuous mode
[  143.323494][ T8169] device gretap0 left promiscuous mode
[  143.332977][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0.257: link becomes ready
[  143.341991][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth5: link becomes ready
[  143.367275][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth4: link becomes ready
[  143.391294][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  143.408999][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  143.426678][ T8190] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3212'.
[  143.439284][   T28] kauditd_printk_skb: 11 callbacks suppressed
[  143.439300][   T28] audit: type=1400 audit(1764623746.528:830): avc:  denied  { write } for  pid=8191 comm="syz.1.3213" name="tcp" dev="proc" ino=4026532343 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  143.678409][ T8220] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.747034][ T8220] netlink: 'syz.0.3225': attribute type 16 has an invalid length.
[  143.755740][ T8220] netlink: 'syz.0.3225': attribute type 17 has an invalid length.
[  143.775597][ T8220] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  143.783480][ T8220] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  143.795834][ T8220] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.803007][ T8220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.823641][ T8220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0.257: link becomes ready
[  143.832357][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  143.841120][ T7970] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.848384][ T7970] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.871824][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  143.889029][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  143.907497][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  143.921156][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  143.929867][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  143.938390][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  143.947036][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  143.955270][ T7970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  144.181544][ T8229] netlink: 'syz.6.3230': attribute type 4 has an invalid length.
[  144.191305][   T28] audit: type=1400 audit(1764623747.278:831): avc:  denied  { write } for  pid=8226 comm="syz.2.3229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  144.317020][ T2717] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  144.445350][ T8256] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3240'.
[  144.502632][ T8256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3240'.
[  144.985508][ T8273] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3249'.
[  145.002120][ T8273] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3249'.
[  145.034664][ T8275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3250'.
[  145.205045][ T8281] xt_hashlimit: size too large, truncated to 1048576
[  145.383027][   T28] audit: type=1400 audit(1764623748.468:832): avc:  denied  { unmount } for  pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  145.457294][  T357] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  145.657950][  T357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.686745][  T357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  145.715478][  T357] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  145.715513][ T8297] netlink: 'syz.2.3260': attribute type 16 has an invalid length.
[  145.715527][ T8297] netlink: 'syz.2.3260': attribute type 17 has an invalid length.
[  145.728968][  T357] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  145.753477][  T357] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.771277][ T8297] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  145.779524][  T357] usb 1-1: config 0 descriptor??
[  145.785109][ T8297] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  145.801644][ T8297] IPv6: ADDRCONF(NETDEV_CHANGE): xfrm0: link becomes ready
[  145.831452][ T8297] device vlan2 left promiscuous mode
[  145.846863][ T8297] device gretap0 left promiscuous mode
[  145.855971][ T8297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0.257: link becomes ready
[  145.866528][ T5207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.203918][  T357] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  146.216407][  T357] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  146.726559][  T290] usb 1-1: USB disconnect, device number 5
[  146.917105][ T8402] netlink: 'syz.2.3271': attribute type 4 has an invalid length.
[  147.666600][ T8423] xt_hashlimit: size too large, truncated to 1048576
[  148.578101][   T28] audit: type=1400 audit(1764623751.668:833): avc:  denied  { ioctl } for  pid=8460 comm="syz.0.3294" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  148.641422][   T28] audit: type=1400 audit(1764623751.728:834): avc:  denied  { name_bind 0x1000000 } for  pid=8464 comm="syz.0.3296" path="socket:[43680]" dev="sockfs" ino=43680 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  148.684239][ T8470] xt_hashlimit: size too large, truncated to 1048576
[  149.007219][ T8496] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3311'.
[  149.038841][ T8500] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8500 comm=syz.5.3314
[  149.179962][ T8524] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3325'.
[  150.259155][ T8579] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3349'.
[  150.272161][ T8577] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3348'.
[  150.733655][   T28] audit: type=1326 audit(1764623753.818:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.780079][   T28] audit: type=1326 audit(1764623753.848:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.811603][   T28] audit: type=1326 audit(1764623753.848:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.838275][ T8607] overlayfs: failed to clone upperpath
[  150.841482][   T28] audit: type=1326 audit(1764623753.848:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.869588][   T28] audit: type=1326 audit(1764623753.848:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.869591][ T8609] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3362'.
[  150.903126][   T28] audit: type=1326 audit(1764623753.848:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.930009][   T28] audit: type=1326 audit(1764623753.848:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  150.961672][   T28] audit: type=1326 audit(1764623753.848:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9d7f8f749 code=0x7ffc0000
[  151.118475][ T8618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8618 comm=syz.2.3367
[  151.232187][ T8593] overlayfs: failed to clone upperpath
[  151.540928][ T8638] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3374'.
[  151.763598][ T8667] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3389'.
[  152.130823][ T8699] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3401'.
[  152.316874][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  152.611515][ T8724] I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  152.621290][ T8724] FAT-fs (loop13): unable to read boot sector
[  152.684039][ T8735] device veth1_to_bond entered promiscuous mode
[  152.691752][ T8735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3416'.
[  152.702443][ T8713] overlayfs: failed to clone upperpath
[  152.712427][ T8735] device veth1_to_bond left promiscuous mode
[  153.857909][ T8785] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3435'.
[  153.890046][   T28] kauditd_printk_skb: 41 callbacks suppressed
[  153.890063][   T28] audit: type=1400 audit(1764623756.978:884): avc:  denied  { name_bind } for  pid=8786 comm="syz.0.3437" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  153.962825][ T8794] serio: Serial port ptm0
[  154.129489][   T28] audit: type=1400 audit(1764623757.218:885): avc:  denied  { setopt } for  pid=8823 comm="syz.2.3457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  154.154971][   T28] audit: type=1400 audit(1764623757.218:886): avc:  denied  { read } for  pid=8823 comm="syz.2.3457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  155.061904][ T8892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3486'.
[  155.072777][ T8892] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3486'.
[  155.117524][ T8894] overlayfs: failed to clone upperpath
[  155.754259][ T8924] overlayfs: failed to clone upperpath
[  155.791878][ T8932] netlink: 'syz.2.3502': attribute type 4 has an invalid length.
[  155.807786][ T8932] netlink: 'syz.2.3502': attribute type 4 has an invalid length.
[  156.025500][   T28] audit: type=1326 audit(1764623759.108:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8957 comm="syz.5.3516" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe95978f749 code=0x0
[  156.857291][ T8967] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3519'.
[  156.874721][ T8972] netlink: 'syz.6.3520': attribute type 4 has an invalid length.
[  156.889465][ T8967] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3519'.
[  156.900347][ T8972] netlink: 'syz.6.3520': attribute type 4 has an invalid length.
[  157.020010][   T28] audit: type=1326 audit(1764623760.108:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8993 comm="syz.1.3530" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f098d58f749 code=0x0
[  157.070491][ T9002] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3536'.
[  157.081164][ T9002] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3536'.
[  157.095432][ T9005] netlink: 'syz.0.3534': attribute type 4 has an invalid length.
[  157.126961][ T9005] netlink: 'syz.0.3534': attribute type 4 has an invalid length.
[  157.188006][ T9023] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3544'.
[  157.288071][   T28] audit: type=1400 audit(1764623760.378:889): avc:  denied  { watch } for  pid=9038 comm="syz.0.3551" path="/247/file0" dev="tmpfs" ino=1333 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  157.320109][ T9041] netlink: 'syz.5.3552': attribute type 4 has an invalid length.
[  157.350087][ T9041] netlink: 'syz.5.3552': attribute type 4 has an invalid length.
[  159.126150][ T9165] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3571'.
[  159.135743][ T9165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3571'.
[  159.149426][ T9165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3571'.
[  159.152691][ T9171] netlink: 'syz.1.3567': attribute type 4 has an invalid length.
[  159.214810][ T9171] netlink: 'syz.1.3567': attribute type 4 has an invalid length.
[  159.257158][   T28] audit: type=1400 audit(1764623762.338:890): avc:  denied  { ioctl } for  pid=9184 comm="syz.5.3582" path="socket:[45852]" dev="sockfs" ino=45852 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  159.320951][ T9194] sch_tbf: burst 88 is lower than device veth5 mtu (1514) !
[  159.593454][ T9218] device pim6reg1 entered promiscuous mode
[  159.740422][ T9224] sch_tbf: burst 88 is lower than device veth5 mtu (1514) !
[  159.801203][ T9232] overlayfs: failed to resolve './file1': -2
[  160.095739][ T9262] __nla_validate_parse: 6 callbacks suppressed
[  160.095775][ T9262] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3615'.
[  160.127612][ T9262] sch_tbf: burst 88 is lower than device veth9 mtu (1514) !
[  160.194937][ T9280] overlayfs: failed to resolve './file0': -2
[  160.231026][ T9288] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3630'.
[  160.789694][ T9305] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  161.081032][ T9311] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3649'.
[  161.100044][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3649'.
[  161.109567][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3649'.
[  161.110536][ T8117] Bluetooth: hci0: Frame reassembly failed (-84)
[  161.119086][ T9311] netlink: 108 bytes leftover after parsing attributes in process `syz.6.3649'.
[  161.137976][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3649'.
[  161.149322][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3649'.
[  161.382578][ T9344] overlayfs: failed to resolve './file1': -2
[  161.602995][   T28] audit: type=1400 audit(1764623764.688:891): avc:  denied  { read } for  pid=9367 comm="syz.0.3666" path="socket:[45053]" dev="sockfs" ino=45053 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  161.663343][ T9372] syz.5.3668[9372] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  161.663410][ T9372] syz.5.3668[9372] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  161.685547][ T9374] validate_nla: 3 callbacks suppressed
[  161.685566][ T9374] netlink: 'syz.5.3669': attribute type 4 has an invalid length.
[  161.715715][ T9374] netlink: 'syz.5.3669': attribute type 4 has an invalid length.
[  161.747185][ T9377] overlayfs: failed to resolve './file1': -2
[  162.032393][ T9393] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3677'.
[  162.365338][ T9405] overlayfs: failed to resolve './file1': -2
[  163.116755][ T5792] Bluetooth: hci0: command 0x1003 tx timeout
[  163.123003][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  163.163197][   T28] audit: type=1400 audit(1764623766.248:892): avc:  denied  { mounton } for  pid=9418 comm="syz.0.3698" path="/276/file0" dev="incremental-fs" ino=1487 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  163.188801][   T28] audit: type=1400 audit(1764623766.248:893): avc:  denied  { read } for  pid=9418 comm="syz.0.3698" name="file0" dev="incremental-fs" ino=1488 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  163.215966][   T28] audit: type=1400 audit(1764623766.248:894): avc:  denied  { open } for  pid=9418 comm="syz.0.3698" path="/276/file0/file0" dev="incremental-fs" ino=1488 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  163.244176][   T28] audit: type=1400 audit(1764623766.248:895): avc:  denied  { write } for  pid=9418 comm="syz.0.3698" path="/276/file0/file0" dev="incremental-fs" ino=1488 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  163.674453][ T9427] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3691'.
[  163.735012][ T9443] overlayfs: failed to resolve './file1': -2
[  163.792191][ T9431] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.805972][ T9431] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.814172][ T9431] device bridge_slave_0 entered promiscuous mode
[  163.822184][ T9431] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.838859][ T9431] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.848272][ T9431] device bridge_slave_1 entered promiscuous mode
[  163.877047][ T3843] Bluetooth: hci0: Frame reassembly failed (-84)
[  163.973724][ T9431] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.981887][ T9431] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.990177][ T9431] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.998064][ T9431] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.026258][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  164.035266][ T3843] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.044422][ T3843] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.063751][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  164.072294][ T3843] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.079464][ T3843] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.088472][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  164.097974][ T3843] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.106843][ T3843] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.126540][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  164.135213][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  164.144340][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  164.154288][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  164.172211][ T9431] device veth0_vlan entered promiscuous mode
[  164.185321][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  164.194180][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  164.204471][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  164.220391][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  164.238857][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  164.248731][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  164.259931][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  164.271300][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  164.296125][ T9431] device veth1_macvtap entered promiscuous mode
[  164.319072][ T3893] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  164.336119][ T3893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  164.353078][ T3893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  164.382746][ T3893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  164.411860][ T3893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  164.430497][ T9476] sch_fq: defrate 8 ignored.
[  164.476991][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  164.532547][   T28] audit: type=1400 audit(1764623767.618:896): avc:  denied  { sys_module } for  pid=9491 comm="syz.2.3711" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  164.583124][ T9496] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  164.595628][ T9498] overlayfs: failed to clone upperpath
[  164.672817][ T9504] sch_fq: defrate 8 ignored.
[  164.800900][   T28] audit: type=1326 audit(1764623767.888:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f88cb1865e7 code=0x7ffc0000
[  164.870887][   T28] audit: type=1326 audit(1764623767.908:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f88cb12b829 code=0x7ffc0000
[  164.981708][   T28] audit: type=1326 audit(1764623767.908:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f88cb1865e7 code=0x7ffc0000
[  165.073738][   T28] audit: type=1326 audit(1764623767.918:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f88cb12b829 code=0x7ffc0000
[  165.118919][   T28] audit: type=1326 audit(1764623767.918:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  165.218969][   T28] audit: type=1326 audit(1764623767.918:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  165.302591][   T28] audit: type=1326 audit(1764623767.918:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  165.331497][   T28] audit: type=1326 audit(1764623767.918:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  165.362593][   T28] audit: type=1326 audit(1764623767.918:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9515 comm="syz.6.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88cb18f749 code=0x7ffc0000
[  165.599068][ T9558] tipc: Failed to remove unknown binding: 66,1,1/0:2388226791/2388226793
[  165.619148][ T9558] tipc: Failed to remove unknown binding: 66,1,1/0:2388226791/2388226793
[  165.630437][ T9558] tipc: Failed to remove unknown binding: 66,1,1/0:2388226791/2388226793
[  165.916954][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  165.917324][ T5792] Bluetooth: hci0: command 0x1003 tx timeout
[  166.356837][  T290] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  166.548038][  T290] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  166.558813][  T290] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  166.569358][  T290] usb 2-1: config 1 interface 0 has no altsetting 0
[  166.580590][  T290] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  166.590763][  T290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.599481][  T290] usb 2-1: Product: syz
[  166.603862][  T290] usb 2-1: Manufacturer: syz
[  166.609226][  T290] usb 2-1: SerialNumber: syz
[  166.615661][ T9583] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  166.623705][ T9583] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  166.671944][ T9603] EXT4-fs: dax option not supported
[  166.679473][ T8105] Bluetooth: hci0: Frame reassembly failed (-84)
[  166.887373][  T290] rtl8150 2-1:1.0: couldn't reset the device
[  166.896260][  T290] rtl8150: probe of 2-1:1.0 failed with error -5
[  166.907841][  T290] usb 2-1: USB disconnect, device number 12
[  167.352022][ T9637] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9637 comm=syz.6.3779
[  167.388034][ T9639] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3780'.
[  167.846878][   T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  168.048213][   T24] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  168.060221][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.071153][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.081892][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  168.086829][  T290] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  168.096285][   T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  168.112225][   T24] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  168.120781][   T24] usb 2-1: Manufacturer: syz
[  168.126864][   T24] usb 2-1: config 0 descriptor??
[  168.276968][  T290] usb 1-1: Using ep0 maxpacket: 16
[  168.283248][  T290] usb 1-1: config 8 has an invalid interface number: 57 but max is 0
[  168.291726][  T290] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  168.301985][  T290] usb 1-1: config 8 has no interface number 0
[  168.308156][  T290] usb 1-1: config 8 interface 57 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  168.321670][  T290] usb 1-1: config 8 interface 57 has no altsetting 0
[  168.337042][ T9671] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9671 comm=syz.2.3793
[  168.351208][  T290] usb 1-1: New USB device found, idVendor=39c6, idProduct=8f68, bcdDevice=dd.44
[  168.370324][  T290] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.378427][  T290] usb 1-1: Product: syz
[  168.382729][  T290] usb 1-1: Manufacturer: syz
[  168.387360][  T290] usb 1-1: SerialNumber: syz
[  168.392873][ T9676] SELinux:  Context @ is not valid (left unmapped).
[  168.548555][   T24] appleir 0003:05AC:8243.000D: unknown main item tag 0x0
[  168.556131][   T24] appleir 0003:05AC:8243.000D: No inputs registered, leaving
[  168.566076][   T24] appleir 0003:05AC:8243.000D: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  168.598221][  T290] usb 1-1: MIDIStreaming interface descriptor not found
[  168.619600][  T290] usb 1-1: USB disconnect, device number 6
[  168.716839][ T5788] Bluetooth: hci0: command 0x1003 tx timeout
[  168.716877][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  168.757855][ T9706] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9706 comm=syz.5.3808
[  168.827874][  T372] udevd[372]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:8.57/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  168.846028][  T290] usb 2-1: USB disconnect, device number 13
[  168.917735][ T9091] Bluetooth: hci0: Frame reassembly failed (-84)
[  169.138427][ T9733] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9733 comm=syz.0.3823
[  169.289607][ T9741] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3827'.
[  169.351606][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3828'.
[  169.457527][ T9759] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  169.478153][ T9762] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3836'.
[  169.541551][   T28] kauditd_printk_skb: 4 callbacks suppressed
[  169.541570][   T28] audit: type=1400 audit(1764623772.628:910): avc:  denied  { relabelfrom } for  pid=9763 comm="syz.0.3837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  169.567884][   T28] audit: type=1400 audit(1764623772.628:911): avc:  denied  { relabelto } for  pid=9763 comm="syz.0.3837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  169.772915][ T9778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3844'.
[  169.843949][ T9784] netlink: 'syz.0.3847': attribute type 12 has an invalid length.
[  170.302955][ T9808] device bridge0 entered promiscuous mode
[  170.311873][ T9808] bridge0: port 3(vlan2) entered blocking state
[  170.326504][ T9808] bridge0: port 3(vlan2) entered disabled state
[  170.334324][ T9808] device bridge0 left promiscuous mode
[  170.457159][ T9814] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3856'.
[  170.558860][ T9822] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3863'.
[  170.729557][ T9848] overlayfs: failed to get inode (-116)
[  170.735288][ T9848] overlayfs: failed to get inode (-116)
[  170.741205][ T9848] overlayfs: failed to get inode (-116)
[  170.746925][ T9848] overlayfs: failed to get inode (-116)
[  170.956920][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  171.130688][ T9894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3897'.
[  171.206770][  T290] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  171.397849][  T290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  171.416862][  T290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  171.446747][  T290] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  171.473235][  T290] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  171.492689][  T290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.504150][ T9909] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3904'.
[  171.508209][  T290] usb 2-1: config 0 descriptor??
[  171.923149][  T290] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  171.957894][  T290] plantronics 0003:047F:FFFF.000E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  172.292848][ T9211] usb 2-1: USB disconnect, device number 14
[  172.340466][ T9927] overlayfs: failed to clone upperpath
[  172.388823][   T28] audit: type=1400 audit(1764623775.478:912): avc:  denied  { setopt } for  pid=9934 comm="syz.6.3911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  172.622336][ T9947] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3920'.
[  172.632124][ T9947] netem: change failed
[  172.667270][ T9951] syz.0.3922[9951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  172.667329][ T9951] syz.0.3922[9951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.174790][ T9980] syz.6.3935[9980] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.204972][ T9980] syz.6.3935[9980] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.230752][ T9980] syz.6.3935[9980] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.243484][ T9980] syz.6.3935[9980] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.344595][ T9992] overlayfs: failed to clone upperpath
[  173.486806][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  173.644516][T10008] syz.0.3948[10008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.644593][T10008] syz.0.3948[10008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.667594][T10008] syz.0.3948[10008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.686793][   T24] usb 6-1: Using ep0 maxpacket: 16
[  173.709564][T10008] syz.0.3948[10008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.710496][   T24] usb 6-1: config 0 has an invalid interface number: 148 but max is 0
[  173.746740][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.757670][T10016] netem: incorrect gi model size
[  173.766795][   T24] usb 6-1: config 0 has no interface number 0
[  173.768223][T10016] netem: change failed
[  173.773143][   T24] usb 6-1: config 0 interface 148 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  173.796765][   T24] usb 6-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  173.805906][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.820110][   T24] usb 6-1: config 0 descriptor??
[  173.846378][  T375] udevd[375]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.148/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  174.057550][  T290] usb 6-1: USB disconnect, device number 4
[  174.676235][T10090] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3986'.
[  174.715624][T10095] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  174.732745][T10095] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  174.734596][   T28] audit: type=1400 audit(1764623777.818:913): avc:  denied  { read write } for  pid=10096 comm="syz.0.3989" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  174.771919][   T28] audit: type=1400 audit(1764623777.838:914): avc:  denied  { open } for  pid=10096 comm="syz.0.3989" path="/dev/uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  174.797187][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  174.805127][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  174.813090][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth5: link becomes ready
[  174.820968][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth4: link becomes ready
[  174.829074][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth7: link becomes ready
[  174.837274][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth6: link becomes ready
[  175.688704][T10145] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  175.841669][T10146] loop5: detected capacity change from 0 to 40427
[  175.858901][T10146] F2FS-fs (loop5): fault_injection options not supported
[  175.883819][T10146] F2FS-fs (loop5): invalid crc value
[  175.904399][T10146] F2FS-fs (loop5): Found nat_bits in checkpoint
[  175.979649][T10146] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  176.051928][   T28] audit: type=1400 audit(1764623779.138:915): avc:  denied  { append } for  pid=10143 comm="syz.5.4010" path="/31/file0/blkio.bfq.io_queued_recursive" dev="loop5" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  176.098778][ T9431] syz-executor: attempt to access beyond end of device
[  176.098778][ T9431] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  176.124878][   T28] audit: type=1400 audit(1764623779.168:916): avc:  denied  { map } for  pid=10143 comm="syz.5.4010" path="/31/file0/blkio.bfq.io_queued_recursive" dev="loop5" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  176.772460][T10209] SELinux:  Context system_u:object_r:gpg_exec_t:s0 is not valid (left unmapped).
[  176.787630][   T28] audit: type=1400 audit(1764623779.878:917): avc:  denied  { relabelto } for  pid=10208 comm="syz.6.4036" name="bus" dev="tmpfs" ino=4544 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:gpg_exec_t:s0"
[  176.843567][   T28] audit: type=1400 audit(1764623779.878:918): avc:  denied  { associate } for  pid=10208 comm="syz.6.4036" name="bus" dev="tmpfs" ino=4544 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:gpg_exec_t:s0"
[  176.954950][   T28] audit: type=1400 audit(1764623779.928:919): avc:  denied  { unlink } for  pid=600 comm="syz-executor" name="bus" dev="tmpfs" ino=4544 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:gpg_exec_t:s0"
[  177.587289][T10266] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4063'.
[  178.079472][T10298] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  178.118180][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  178.139495][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  178.151240][T10305] overlayfs: failed to clone upperpath
[  178.158489][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  178.175836][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  178.185649][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  178.196264][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.205645][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  178.214922][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.317387][T10326] I/O error, dev loop11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  178.336750][T10326] FAT-fs (loop11): unable to read boot sector
[  180.722396][T10366] 9pnet_fd: p9_fd_create_unix (10366): problem connecting socket: ./file0: -111
[  180.739896][T10359] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  180.796333][T10369] device ip6gre3 entered promiscuous mode
[  180.814512][   T58] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  180.825799][T10369] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  180.834050][T10339] loop5: detected capacity change from 0 to 40427
[  180.834704][   T58] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  180.853903][T10339] F2FS-fs (loop5): fault_injection options not supported
[  180.876872][   T58] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  180.877844][T10339] F2FS-fs (loop5): invalid crc value
[  180.898744][T10339] F2FS-fs (loop5): Found nat_bits in checkpoint
[  180.936542][T10339] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  180.996495][ T9431] syz-executor: attempt to access beyond end of device
[  180.996495][ T9431] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  181.011566][   T58] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  181.201584][T10402] netlink: 7 bytes leftover after parsing attributes in process `syz.2.4124'.
[  181.256895][   T58] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  181.286935][T10417] netlink: 'syz.6.4130': attribute type 25 has an invalid length.
[  181.299737][T10417] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4130'.
[  181.313981][T10417] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4130'.
[  181.325905][T10417] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4130'.
[  181.344847][T10417] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.367017][T10425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4135'.
[  181.510876][T10445] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4143'.
[  181.530208][T10445] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4143'.
[  181.672220][T10471] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4154'.
[  181.757991][T10477] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4157'.
[  181.773602][T10477] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4157'.
[  182.406498][T10475] 9pnet_fd: p9_fd_create_unix (10475): problem connecting socket: ./file0: -103
[  183.045774][T10554] loop5: detected capacity change from 0 to 40427
[  183.059667][T10554] F2FS-fs (loop5): fault_injection options not supported
[  183.074679][T10554] F2FS-fs (loop5): invalid crc value
[  183.092982][T10554] F2FS-fs (loop5): Found nat_bits in checkpoint
[  183.153556][T10554] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  183.210772][T10554] syz.5.4192: attempt to access beyond end of device
[  183.210772][T10554] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  183.553083][T10566] 9pnet_fd: p9_fd_create_unix (10566): problem connecting socket: ./file0: -103
[  183.747617][T10604] syz.2.4209[10604] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  183.747691][T10604] syz.2.4209[10604] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  183.976098][T10609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10609 comm=syz.0.4211
[  184.206803][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  184.398060][   T24] usb 2-1: Using ep0 maxpacket: 32
[  184.415848][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  184.448525][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  184.498508][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  184.533819][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.559022][   T24] usb 2-1: config 0 descriptor??
[  184.598827][   T24] hub 2-1:0.0: USB hub found
[  184.643842][T10622] overlayfs: failed to clone upperpath
[  184.708220][   T28] audit: type=1400 audit(1764623787.798:920): avc:  denied  { setopt } for  pid=10639 comm="syz.0.4226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  184.789107][   T24] hub 2-1:0.0: 1 port detected
[  184.985427][T10657] device wg2 entered promiscuous mode
[  185.017056][ T2716] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  185.116803][    C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  185.208091][ T2716] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.218400][ T2716] usb 6-1: New USB device found, idVendor=056a, idProduct=00c6, bcdDevice= 0.00
[  185.227483][ T2716] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.236293][ T2716] usb 6-1: config 0 descriptor??
[  185.372964][T10674] syz.6.4240[10674] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  185.373059][T10674] syz.6.4240[10674] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  185.400692][   T58] hub 2-1:0.0: activate --> -90
[  185.644820][ T2716] wacom 0003:056A:00C6.000F: unknown main item tag 0x0
[  185.652825][ T2716] wacom 0003:056A:00C6.000F: unknown main item tag 0x0
[  185.661578][ T2716] wacom 0003:056A:00C6.000F: unbalanced collection at end of report description
[  185.671723][ T2716] wacom 0003:056A:00C6.000F: parse failed
[  185.688502][ T2716] wacom: probe of 0003:056A:00C6.000F failed with error -22
[  185.821990][   T58] hub 2-1:0.0: hub_ext_port_status failed (err = -71)
[  185.858753][   T58] usb 2-1-port1: connect-debounce failed
[  185.864723][ T2716] usb 2-1: USB disconnect, device number 15
[  185.919276][T10647] loop5: detected capacity change from 0 to 2048
[  185.943380][T10647] Alternate GPT is invalid, using primary GPT.
[  185.952498][T10647]  loop5: p2 p3 p7
[  186.014957][  T335] usb 6-1: USB disconnect, device number 5
[  186.536827][ T2716] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  186.555335][T10711] __nla_validate_parse: 8 callbacks suppressed
[  186.555359][T10711] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4258'.
[  186.607906][T10711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4258'.
[  186.702527][T10718] syz.1.4260[10718] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  186.702614][T10718] syz.1.4260[10718] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  186.737999][ T2716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.783757][ T2716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  186.813260][ T2716] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  186.839463][ T2716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.874630][ T2716] usb 1-1: config 0 descriptor??
[  187.168484][ T2716] usbhid 1-1:0.0: can't add hid device: -71
[  187.174985][ T2716] usbhid: probe of 1-1:0.0 failed with error -71
[  187.212772][ T2716] usb 1-1: USB disconnect, device number 7
[  187.252641][T10745] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4270'.
[  187.321153][T10745] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4270'.
[  187.831182][T10751] loop5: detected capacity change from 0 to 40427
[  187.848542][T10751] F2FS-fs (loop5): invalid crc value
[  187.867658][T10751] F2FS-fs (loop5): Found nat_bits in checkpoint
[  187.925841][T10751] F2FS-fs (loop5): Start checkpoint disabled!
[  187.935020][T10765] device wg2 left promiscuous mode
[  187.946059][T10751] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  187.957070][T10765] device veth0_vlan left promiscuous mode
[  187.963208][T10765] device veth0_vlan entered promiscuous mode
[  188.002034][T10765] device ip6gre3 left promiscuous mode
[  188.022199][T10751] F2FS-fs (loop5): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  188.041300][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  188.058356][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  188.068247][  T335] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  188.087057][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  188.095495][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  188.114930][T10751] syz.5.4273: attempt to access beyond end of device
[  188.114930][T10751] loop5: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  188.118477][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  188.152028][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  188.164281][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  188.177532][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  188.185961][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  188.194426][ T3906] kworker/u4:64: attempt to access beyond end of device
[  188.194426][ T3906] loop5: rw=2049, sector=45224, nr_sectors = 16 limit=40427
[  188.196548][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  188.218644][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  188.227466][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  188.235957][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  188.244520][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  188.254414][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  188.266213][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  188.275071][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  188.283658][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  188.292285][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  188.301628][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  188.310860][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  188.323546][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  188.331955][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  188.340502][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  188.348684][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  188.356495][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  188.364802][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  188.373045][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  188.377073][  T335] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  188.381376][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth5: link becomes ready
[  188.398699][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): veth4: link becomes ready
[  188.406921][T10772] device wg2 entered promiscuous mode
[  188.426179][T10774] bridge0: port 1(vlan2) entered blocking state
[  188.438900][T10774] bridge0: port 1(vlan2) entered disabled state
[  188.460450][T10779] bridge: RTM_NEWNEIGH with invalid ether address
[  188.463403][T10790] syz.0.4287[10790] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  188.467306][T10790] syz.0.4287[10790] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  188.534920][T10797] overlayfs: failed to clone upperpath
[  188.794843][T10812] device wg2 entered promiscuous mode
[  188.818207][  T335] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  188.835334][  T335] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  188.852676][  T335] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  188.872846][T10816] bridge: RTM_NEWNEIGH with invalid ether address
[  189.125350][T10801] overlayfs: failed to clone upperpath
[  189.256940][  T335] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  189.283192][T10836] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4319'.
[  189.433461][T10840] device wg2 left promiscuous mode
[  189.446453][T10842] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10842 comm=syz.2.4311
[  189.472437][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  189.487275][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  189.499156][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth5: link becomes ready
[  189.517348][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth4: link becomes ready
[  189.535277][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth7: link becomes ready
[  189.549170][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth6: link becomes ready
[  189.557958][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth9: link becomes ready
[  189.565927][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth8: link becomes ready
[  189.677321][ T2716] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  189.685160][ T2716] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  189.706871][ T2716] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  189.774096][T10849] device wg2 entered promiscuous mode
[  189.866131][T10866] syz.5.4322[10866] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  189.866225][T10866] syz.5.4322[10866] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  189.916897][  T335] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  190.644625][T10878] netem: change failed
[  190.878777][   T28] audit: type=1400 audit(1764623793.968:921): avc:  denied  { connect } for  pid=10895 comm="syz.5.4338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  190.917000][ T9211] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  191.108105][ T9211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.137175][ T9211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.153192][ T9211] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  191.187134][ T9211] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.207583][ T9211] usb 2-1: config 0 descriptor??
[  191.512197][ T9211] usbhid 2-1:0.0: can't add hid device: -71
[  191.520881][ T9211] usbhid: probe of 2-1:0.0 failed with error -71
[  191.533188][ T9211] usb 2-1: USB disconnect, device number 16
[  191.971496][T10984] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4377'.
[  192.223587][T11008] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.231142][T11008] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.323589][T11033] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4397'.
[  192.409886][T11043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4402'.
[  192.503571][T11056] sch_fq: defrate 4294967295 ignored.
[  193.246355][T11106] bridge: RTM_NEWNEIGH with invalid ether address
[  193.276787][    C1] ip6_tnl_xmit_ctl: 3 callbacks suppressed
[  193.276810][    C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[  193.588133][T11141] overlayfs: failed to clone upperpath
[  194.031177][T11186] netem: incorrect gi model size
[  194.329065][T11212] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4478'.
[  194.341574][T11216] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4480'.
[  194.356085][T11216] HTB: quantum of class 8025000A is big. Consider r2q change.
[  194.382139][T11222] mmap: syz.1.4483 (11222): VmData 40820736 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  194.640004][T11256] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11256 comm=syz.0.4498
[  194.832805][   T28] audit: type=1400 audit(1764623797.918:922): avc:  denied  { map } for  pid=11275 comm="syz.1.4507" path="/dev/binderfs/binder1" dev="binder" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  194.858171][T11276] binder: binder_mmap: 11275 2000004cd000-2000004ce000 bad vm_flags failed -1
[  194.929459][T11284] bridge0: port 1(vlan2) entered blocking state
[  194.935815][T11284] bridge0: port 1(vlan2) entered disabled state
[  194.943089][T11284] device vlan2 entered promiscuous mode
[  194.948980][T11284] device bridge_slave_0 entered promiscuous mode
[  194.960756][T11284] bridge0: mtu less than device minimum
[  195.006610][T11290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4513'.
[  195.059756][T11297] netem: change failed
[  195.303071][   T28] audit: type=1400 audit(1764623798.388:923): avc:  denied  { append } for  pid=11318 comm="syz.5.4528" name="file0" dev="incremental-fs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  195.340835][T11323] netlink: 'syz.1.4530': attribute type 4 has an invalid length.
[  195.368051][T11323] netlink: 'syz.1.4530': attribute type 4 has an invalid length.
[  195.507865][   T28] audit: type=1400 audit(1764623798.598:924): avc:  denied  { setopt } for  pid=11330 comm="syz.2.4533" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  195.659351][T11321] loop5: detected capacity change from 0 to 40427
[  195.673768][T11321] F2FS-fs (loop5): Unrecognized mount option "˙˙˙˙˙˙˙˙0xffffffffffffffff0x00000000000000050xffffffffffffffff˙˙˙˙˙˙˙˙" or missing value
[  195.967227][T11360] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4547'.
[  195.998034][T11358] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  196.534361][T11414] syz.6.4569[11414] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  196.534465][T11414] syz.6.4569[11414] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  196.729288][T11435] overlayfs: failed to clone upperpath
[  196.910556][T11454] overlayfs: failed to clone upperpath
[  197.435193][T11512] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4614'.
[  197.456936][   T28] audit: type=1400 audit(1764623800.538:925): avc:  denied  { remount } for  pid=11513 comm="syz.0.4616" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  197.488472][T11516] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  197.508941][T11516] overlayfs: failed to set xattr on upper
[  197.521703][   T28] audit: type=1400 audit(1764623800.578:926): avc:  denied  { mounton } for  pid=11513 comm="syz.0.4616" path="/458/file0/file0" dev="ramfs" ino=55422 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  197.582983][   T28] audit: type=1400 audit(1764623800.648:927): avc:  denied  { unmount } for  pid=5679 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  197.714445][T11535] loop5: detected capacity change from 0 to 2048
[  197.771346][T11535]  loop5: p1 < > p4
[  197.779650][T11535] loop5: p4 size 8388608 extends beyond EOD, truncated
[  197.861157][   T28] audit: type=1400 audit(1764623800.948:928): avc:  denied  { append } for  pid=11534 comm="syz.5.4624" name="loop5p4" dev="devtmpfs" ino=1023 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  197.959760][T11558] loop5: detected capacity change from 0 to 256
[  198.013105][T11562] tipc: Failed to remove unknown binding: 66,1,1/0:2900722264/2900722266
[  198.210120][T11579] loop5: detected capacity change from 0 to 512
[  198.260556][T11579] EXT4-fs (loop5): Test dummy encryption mode enabled
[  198.284673][T11579] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  198.323658][T11579] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.4644: bad orphan inode 131083
[  198.344952][T11579] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  198.379129][   T28] audit: type=1400 audit(1764623801.468:929): avc:  denied  { map } for  pid=11577 comm="syz.5.4644" path="/dev/loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  198.419201][T11579] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  198.437693][T11600] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4653'.
[  198.468094][T11600] device vlan3 entered promiscuous mode
[  198.485139][T11600] device gretap0 entered promiscuous mode
[  198.517662][ T9431] EXT4-fs (loop5): unmounting filesystem.
[  198.566476][   T28] audit: type=1400 audit(1764623801.648:930): avc:  denied  { getopt } for  pid=11607 comm="syz.6.4656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  198.945139][T11638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4670'.
[  199.102264][T11646] device wg2 left promiscuous mode
[  199.129919][T11648] netlink: 'syz.2.4673': attribute type 4 has an invalid length.
[  199.165781][T11648] netlink: 'syz.2.4673': attribute type 4 has an invalid length.
[  199.335347][T11654] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4676'.
[  199.478097][T11675] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4685'.
[  199.514069][T11677] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4687'.
[  199.586844][ T9211] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  199.779200][ T9211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  199.795508][T11697] netlink: 'syz.6.4696': attribute type 1 has an invalid length.
[  199.807452][ T9211] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  199.816894][T11697] netlink: 252 bytes leftover after parsing attributes in process `syz.6.4696'.
[  199.839039][ T9211] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  199.858240][T11699] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4698'.
[  199.870481][ T9211] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.888247][ T9211] usb 2-1: Product: syz
[  199.896569][ T9211] usb 2-1: Manufacturer: syz
[  199.906565][ T9211] usb 2-1: SerialNumber: syz
[  199.918694][ T9211] usb 2-1: config 0 descriptor??
[  199.930250][ T9211] snd-usb-audio: probe of 2-1:0.0 failed with error -90
[  199.970633][T11711] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4704'.
[  200.072229][   T28] audit: type=1326 audit(1764623803.158:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz.5.4721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  200.096205][   T28] audit: type=1326 audit(1764623803.158:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz.5.4721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  200.108849][  T335] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  200.128434][   T28] audit: type=1326 audit(1764623803.158:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz.5.4721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  200.132347][  T290] usb 2-1: USB disconnect, device number 17
[  200.159512][   T28] audit: type=1326 audit(1764623803.158:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz.5.4721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  200.193102][T11733] netlink: 116 bytes leftover after parsing attributes in process `syz.5.4721'.
[  200.358080][  T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  200.369365][  T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.379383][  T335] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  200.388541][  T335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.399282][  T335] usb 1-1: config 0 descriptor??
[  200.405148][  T335] hub 1-1:0.0: USB hub found
[  200.607045][  T335] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  200.616280][  T335] usbhid 1-1:0.0: can't add hid device: -71
[  200.622604][  T335] usbhid: probe of 1-1:0.0 failed with error -71
[  200.659463][  T335] usb 1-1: USB disconnect, device number 8
[  201.445524][T11774] tipc: Failed to remove unknown binding: 66,1,1/0:259528150/259528152
[  201.876802][   T58] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  202.056811][   T58] usb 2-1: Using ep0 maxpacket: 32
[  202.077107][   T58] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  202.085406][   T58] usb 2-1: config 0 has no interface number 0
[  202.101866][   T58] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  202.125419][   T58] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  202.135343][   T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.143540][   T58] usb 2-1: Product: syz
[  202.147860][   T58] usb 2-1: Manufacturer: syz
[  202.152540][   T58] usb 2-1: SerialNumber: syz
[  202.157703][   T58] usb 2-1: config 0 descriptor??
[  202.162912][T11784] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  202.204107][T11790] loop5: detected capacity change from 0 to 1024
[  202.224792][T11790] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  202.233406][T11790] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  202.252843][T11790] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: comm syz.5.4737: lblock 0 mapped to illegal pblock 0 (length 6)
[  202.266416][T11790] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[  202.278902][T11790] EXT4-fs (loop5): This should not happen!! Data will be lost
[  202.278902][T11790] 
[  202.292198][T11790] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #15: block 4: comm syz.5.4737: lblock 4 mapped to illegal pblock 4 (length 2)
[  202.306684][T11790] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #15: block 4: comm syz.5.4737: lblock 4 mapped to illegal pblock 4 (length 2)
[  202.321465][T11790] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #15: block 4: comm syz.5.4737: lblock 4 mapped to illegal pblock 4 (length 2)
[  202.335899][T11790] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #15: block 4: comm syz.5.4737: lblock 4 mapped to illegal pblock 4 (length 2)
[  202.350557][T11790] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.4737: bg 0: block 112: padding at end of block bitmap is not set
[  202.365325][T11790] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 8 with error 117
[  202.373272][T11784] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  202.378297][T11790] EXT4-fs (loop5): This should not happen!! Data will be lost
[  202.378297][T11790] 
[  202.409944][ T8085] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:313: lblock 8 mapped to illegal pblock 8 (length 8)
[  202.424762][ T8085] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  202.437350][ T8085] EXT4-fs (loop5): This should not happen!! Data will be lost
[  202.437350][ T8085] 
[  202.447822][ T8008] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 36 with error 117
[  202.460657][ T8008] EXT4-fs (loop5): This should not happen!! Data will be lost
[  202.460657][ T8008] 
[  202.471796][ T9431] EXT4-fs (loop5): unmounting filesystem.
[  202.488359][   T28] kauditd_printk_skb: 16 callbacks suppressed
[  202.488374][   T28] audit: type=1326 audit(1764623805.578:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.520131][   T28] audit: type=1326 audit(1764623805.578:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.544151][   T28] audit: type=1326 audit(1764623805.608:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.567856][   T28] audit: type=1326 audit(1764623805.608:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.592221][   T28] audit: type=1326 audit(1764623805.608:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.616578][   T28] audit: type=1326 audit(1764623805.608:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.641631][   T28] audit: type=1326 audit(1764623805.608:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.666023][   T28] audit: type=1326 audit(1764623805.608:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.697446][   T28] audit: type=1326 audit(1764623805.608:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.730387][   T28] audit: type=1326 audit(1764623805.608:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.5.4739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c118f749 code=0x7ffc0000
[  202.788592][T11808] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4744'.
[  202.898184][T11820] netlink: 'syz.6.4751': attribute type 12 has an invalid length.
[  203.001019][   T58] asix 2-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random
[  203.324150][T11830] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11830 comm=syz.6.4756
[  203.493311][T11839] tipc: Failed to remove unknown binding: 66,1,1/0:3983364276/3983364278
[  203.603066][   T58] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  203.625375][   T58] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9
[  203.663463][T11851] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  203.676898][   T58] asix: probe of 2-1:0.188 failed with error -71
[  203.692078][T11851] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  203.703077][   T58] usb 2-1: USB disconnect, device number 18
[  203.758091][T11858] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  204.154425][T11876] loop5: detected capacity change from 0 to 40427
[  204.179570][T11876] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  204.196335][T11876] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  204.221230][T11876] F2FS-fs (loop5): Found nat_bits in checkpoint
[  204.268626][T11876] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  204.276942][T11876] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  204.418155][T11876] syz.5.4786: attempt to access beyond end of device
[  204.418155][T11876] loop5: rw=2049, sector=77824, nr_sectors = 4096 limit=40427
[  204.442306][T11876] syz.5.4786: attempt to access beyond end of device
[  204.442306][T11876] loop5: rw=2049, sector=49152, nr_sectors = 4096 limit=40427
[  204.479765][T11876] syz.5.4786: attempt to access beyond end of device
[  204.479765][T11876] loop5: rw=2049, sector=57344, nr_sectors = 9328 limit=40427
[  204.522711][T11876] syz.5.4786: attempt to access beyond end of device
[  204.522711][T11876] loop5: rw=2049, sector=66672, nr_sectors = 4584 limit=40427
[  204.585083][T11876] syz.5.4786: attempt to access beyond end of device
[  204.585083][T11876] loop5: rw=2049, sector=71256, nr_sectors = 3208 limit=40427
[  204.608563][T11876] syz.5.4786: attempt to access beyond end of device
[  204.608563][T11876] loop5: rw=2049, sector=74464, nr_sectors = 2048 limit=40427
[  204.627907][T11876] syz.5.4786: attempt to access beyond end of device
[  204.627907][T11876] loop5: rw=2049, sector=76512, nr_sectors = 1312 limit=40427
[  204.654160][T11876] syz.5.4786: attempt to access beyond end of device
[  204.654160][T11876] loop5: rw=2049, sector=81920, nr_sectors = 3952 limit=40427
[  204.749084][T11920] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4793'.
[  204.841700][ T9431] syz-executor: attempt to access beyond end of device
[  204.841700][ T9431] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  205.058612][T11936] netlink: 84 bytes leftover after parsing attributes in process `syz.5.4801'.
[  205.436669][T11970] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  205.481569][T11975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4819'.
[  205.711538][T11993] tipc: Failed to remove unknown binding: 66,1,1/0:2163370614/2163370616
[  206.036291][T12007] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  206.092038][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4836'.
[  206.102561][T12014] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4836'.
[  206.524357][T12036] syz.5.4844[12036] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.524478][T12036] syz.5.4844[12036] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.568348][T12036] syz.5.4844[12036] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.605823][T12036] syz.5.4844[12036] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.618301][T12044] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4844'.
[  206.648937][T12045] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  207.006491][T12055] syz.5.4853[12055] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  207.006574][T12055] syz.5.4853[12055] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  207.026787][   T58] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  207.251987][T12066] overlayfs: failed to clone upperpath
[  207.258611][   T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  207.269907][   T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.281241][   T58] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  207.291175][   T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.302963][   T58] usb 2-1: config 0 descriptor??
[  207.318635][   T58] hub 2-1:0.0: USB hub found
[  207.404527][T12068] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4860'.
[  207.413767][T12068] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4860'.
[  207.449039][T12073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4862'.
[  207.512155][   T58] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  207.521817][   T58] usbhid 2-1:0.0: can't add hid device: -71
[  207.527846][   T58] usbhid: probe of 2-1:0.0 failed with error -71
[  207.567311][   T58] usb 2-1: USB disconnect, device number 19
[  208.409749][T12095] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  208.649256][T12114] __nla_validate_parse: 2 callbacks suppressed
[  208.649277][T12114] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4879'.
[  208.831887][T12137] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4890'.
[  208.871475][T12137] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4890'.
[  209.030604][T12168] netlink: 216 bytes leftover after parsing attributes in process `syz.2.4904'.
[  209.044713][ T8006] Bluetooth: hci0: Frame reassembly failed (-84)
[  209.045620][T12168] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4904'.
[  209.454949][T12210] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4924'.
[  209.467770][T12210] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4924'.
[  209.522557][T12220] netlink: 168 bytes leftover after parsing attributes in process `syz.6.4929'.
[  209.693046][T12233] device wireguard0 entered promiscuous mode
[  209.733948][T12216] overlayfs: failed to clone upperpath
[  209.852883][T12257] netlink: 140 bytes leftover after parsing attributes in process `syz.6.4945'.
[  209.862848][T12257] netlink: 140 bytes leftover after parsing attributes in process `syz.6.4945'.
[  209.920855][T12263] overlayfs: failed to clone upperpath
[  209.932676][T12263] overlayfs: failed to clone upperpath
[  210.156841][   T58] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  210.356835][   T58] usb 1-1: Using ep0 maxpacket: 32
[  210.378319][   T58] usb 1-1: config 2 has an invalid interface number: 13 but max is 0
[  210.397294][   T58] usb 1-1: config 2 has no interface number 0
[  210.415285][   T58] usb 1-1: config 2 interface 13 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  210.450608][   T58] usb 1-1: config 2 interface 13 has no altsetting 0
[  210.471511][   T58] usb 1-1: New USB device found, idVendor=0499, idProduct=105a, bcdDevice=52.92
[  210.497908][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.507026][   T58] usb 1-1: Product: syz
[  210.511248][   T58] usb 1-1: Manufacturer: syz
[  210.515868][   T58] usb 1-1: SerialNumber: syz
[  210.560127][T12298] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12298 comm=syz.2.4963
[  210.598846][T12302] overlayfs: failed to clone upperpath
[  210.674738][   T28] kauditd_printk_skb: 223 callbacks suppressed
[  210.674756][   T28] audit: type=1400 audit(1764624042.755:1184): avc:  denied  { append } for  pid=12303 comm="syz.5.4966" name="rt_cache" dev="proc" ino=4026532549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  210.705543][   T28] audit: type=1400 audit(1764624042.765:1185): avc:  denied  { mounton } for  pid=12303 comm="syz.5.4966" path="/434/net/rt_cache" dev="proc" ino=4026532549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  210.747400][   T58] usb 1-1: USB disconnect, device number 9
[  210.886820][   T28] audit: type=1400 audit(1764624042.975:1186): avc:  denied  { write } for  pid=12328 comm="syz.6.4978" dev="sockfs" ino=57071 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  211.116805][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  211.116866][ T5792] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  211.129724][T12171] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  211.156802][  T290] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  211.336826][  T290] usb 6-1: Using ep0 maxpacket: 16
[  211.344249][  T290] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  211.353702][  T290] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.364506][  T290] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  211.375213][  T290] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  211.387142][  T290] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.396031][  T290] usb 6-1: Product: syz
[  211.400306][  T290] usb 6-1: Manufacturer: syz
[  211.404992][  T290] usb 6-1: SerialNumber: syz
[  211.411799][T12359] bridge: RTM_NEWNEIGH with invalid ether address
[  211.812428][  T290] usb 6-1: 0:2 : does not exist
[  212.533850][   T28] audit: type=1326 audit(1764624044.615:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.587276][   T28] audit: type=1326 audit(1764624044.645:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.616882][   T28] audit: type=1326 audit(1764624044.645:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.642706][   T28] audit: type=1326 audit(1764624044.645:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.684809][   T28] audit: type=1326 audit(1764624044.645:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.716065][   T28] audit: type=1326 audit(1764624044.645:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.741105][   T28] audit: type=1326 audit(1764624044.645:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.1.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f098d58f749 code=0x7fc00000
[  212.865778][T12419] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  212.907400][T12421] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[  213.023912][  T290] usb 6-1: 1:0: failed to get current value for ch 0 (-22)
[  213.044693][  T290] usb 6-1: USB disconnect, device number 6
[  213.058657][  T375] udevd[375]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  213.154123][T12429] overlayfs: failed to clone upperpath
[  213.196624][T12437] netlink: 'syz.6.5023': attribute type 4 has an invalid length.
[  213.204443][    C0] ==================================================================
[  213.204468][    C0] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9b0
[  213.204502][    C0] Write of size 8 at addr ffff88814b3aca00 by task syz.6.5023/12437
[  213.204512][    C0] 
[  213.204516][    C0] CPU: 0 PID: 12437 Comm: syz.6.5023 Tainted: G        W          syzkaller #0
[  213.204528][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  213.204536][    C0] Call Trace:
[  213.204540][    C0]  <IRQ>
[  213.204546][    C0]  __dump_stack+0x21/0x24
[  213.204560][    C0]  dump_stack_lvl+0xee/0x150
[  213.204570][    C0]  ? __cfi_dump_stack_lvl+0x8/0x8
[  213.204581][    C0]  ? set_task_cpu+0x1ce/0x500
[  213.204594][    C0]  ? __run_timers+0x32b/0x9b0
[  213.204605][    C0]  print_address_description+0x71/0x200
[  213.204617][    C0]  print_report+0x4a/0x60
[  213.204626][    C0]  kasan_report+0x122/0x150
[  213.204639][    C0]  ? __run_timers+0x32b/0x9b0
[  213.204652][    C0]  __asan_report_store8_noabort+0x17/0x20
[  213.204662][    C0]  __run_timers+0x32b/0x9b0
[  213.204675][    C0]  ? sched_clock+0x9/0x10
[  213.204694][    C0]  ? sched_clock_cpu+0x6e/0x250
[  213.204706][    C0]  ? calc_index+0x200/0x200
[  213.204718][    C0]  ? kvm_sched_clock_read+0x18/0x40
[  213.204735][    C0]  run_timer_softirq+0x6a/0xf0
[  213.204746][    C0]  handle_softirqs+0x1d7/0x600
[  213.204758][    C0]  ? irqtime_account_irq+0xc4/0x240
[  213.204772][    C0]  __irq_exit_rcu+0x52/0xf0
[  213.204781][    C0]  irq_exit_rcu+0x9/0x10
[  213.204791][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  213.204805][    C0]  </IRQ>
[  213.204808][    C0]  <TASK>
[  213.204812][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  213.204827][    C0] RIP: 0010:console_emit_next_record+0x9e3/0xbc0
[  213.204842][    C0] Code: de 48 81 e6 00 02 00 00 31 ff e8 98 4a 19 00 48 81 e3 00 02 00 00 75 07 e8 ca 45 19 00 eb 06 e8 c3 45 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7
[  213.204853][    C0] RSP: 0018:ffffc90009f86880 EFLAGS: 00000287
[  213.204864][    C0] RAX: ffffffff8156e4bd RBX: 0000000000000001 RCX: 0000000000080000
[  213.204871][    C0] RDX: ffffc90000d99000 RSI: 000000000000280b RDI: 000000000000280c
[  213.204878][    C0] RBP: ffffc90009f86a90 R08: 0000000000000004 R09: 0000000000000003
[  213.204885][    C0] R10: fffff520013f0d00 R11: 1ffff920013f0d00 R12: ffffc90009f86adf
[  213.204892][    C0] R13: dffffc0000000000 R14: 1ffff920013f0d20 R15: 0000000000000056
[  213.204900][    C0]  ? console_emit_next_record+0x9dd/0xbc0
[  213.204915][    C0]  ? __kasan_check_write+0x14/0x20
[  213.204924][    C0]  ? info_print_prefix+0x300/0x300
[  213.204940][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  213.204951][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  213.204962][    C0]  ? __cfi_vprintk_store+0x10/0x10
[  213.204973][    C0]  console_unlock+0x23d/0x550
[  213.204983][    C0]  ? down_trylock+0x52/0xb0
[  213.204998][    C0]  ? __cfi_console_unlock+0x10/0x10
[  213.205009][    C0]  vprintk_emit+0x14d/0x410
[  213.205020][    C0]  ? __cfi_vprintk_emit+0x10/0x10
[  213.205030][    C0]  ? __kasan_check_write+0x14/0x20
[  213.205039][    C0]  ? _raw_spin_trylock+0xb1/0x140
[  213.205049][    C0]  vprintk_default+0x26/0x30
[  213.205059][    C0]  vprintk+0x7a/0x80
[  213.205071][    C0]  _printk+0xcc/0x118
[  213.205085][    C0]  ? __cfi__printk+0x8/0x8
[  213.205099][    C0]  __nla_validate_parse+0xd8b/0x29a0
[  213.205117][    C0]  ? __nla_validate+0x60/0x60
[  213.205132][    C0]  __nla_parse+0x42/0x60
[  213.205145][    C0]  rtnl_setlink+0x17b/0x400
[  213.205158][    C0]  ? __cfi_rtnl_setlink+0x10/0x10
[  213.205169][    C0]  ? memcpy+0x56/0x70
[  213.205178][    C0]  ? avc_has_perm_noaudit+0x2f4/0x460
[  213.205193][    C0]  ? __cfi_avc_has_perm_noaudit+0x10/0x10
[  213.205211][    C0]  ? mutex_lock+0x8d/0x1a0
[  213.205223][    C0]  ? __cfi_mutex_lock+0x10/0x10
[  213.205235][    C0]  ? ns_capable+0x8c/0xf0
[  213.205245][    C0]  ? netlink_net_capable+0x125/0x160
[  213.205259][    C0]  ? __cfi_rtnl_setlink+0x10/0x10
[  213.205270][    C0]  rtnetlink_rcv_msg+0x9f4/0xcf0
[  213.205284][    C0]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  213.205306][    C0]  ? kernel_text_address+0xa0/0xd0
[  213.205329][    C0]  ? __kernel_text_address+0xd/0x30
[  213.205349][    C0]  ? unwind_get_return_address+0x4d/0x90
[  213.205361][    C0]  ? memcpy+0x56/0x70
[  213.205370][    C0]  ? avc_has_perm_noaudit+0x2f4/0x460
[  213.205383][    C0]  ? __cfi_avc_has_perm_noaudit+0x10/0x10
[  213.205397][    C0]  ? slab_post_alloc_hook+0x4f/0x2d0
[  213.205411][    C0]  ? kmem_cache_alloc_node+0x181/0x340
[  213.205422][    C0]  ? __alloc_skb+0xea/0x4b0
[  213.205433][    C0]  ? avc_has_perm+0x158/0x240
[  213.205445][    C0]  ? __alloc_skb+0x236/0x4b0
[  213.205453][    C0]  ? netlink_sendmsg+0x626/0xbc0
[  213.205464][    C0]  ? __cfi_avc_has_perm+0x10/0x10
[  213.205477][    C0]  ? selinux_nlmsg_lookup+0x420/0x4c0
[  213.205494][    C0]  netlink_rcv_skb+0x1f2/0x440
[  213.205508][    C0]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  213.205532][    C0]  ? __cfi_netlink_rcv_skb+0x10/0x10
[  213.205550][    C0]  ? __netlink_lookup+0x387/0x3b0
[  213.205562][    C0]  rtnetlink_rcv+0x1c/0x20
[  213.205577][    C0]  netlink_unicast+0x8ab/0xa30
[  213.205602][    C0]  netlink_sendmsg+0x8aa/0xbc0
[  213.205619][    C0]  ? __cfi_netlink_sendmsg+0x10/0x10
[  213.205634][    C0]  ? finish_task_switch+0x209/0x7b0
[  213.205660][    C0]  ? security_socket_sendmsg+0x93/0xb0
[  213.205673][    C0]  sock_write_iter+0x2ca/0x3b0
[  213.205694][    C0]  ? __cfi_sock_write_iter+0x10/0x10
[  213.205708][    C0]  ? fsnotify_perm+0x67/0x5b0
[  213.205719][    C0]  ? security_file_permission+0x8a/0xb0
[  213.205732][    C0]  do_iter_write+0x650/0xb10
[  213.205742][    C0]  ? _copy_from_user+0x8f/0xc0
[  213.205757][    C0]  ? vfs_iter_write+0xa0/0xa0
[  213.205767][    C0]  ? import_iovec+0x7c/0xb0
[  213.205780][    C0]  vfs_writev+0x30b/0x590
[  213.205792][    C0]  ? do_writev+0x2b0/0x2b0
[  213.205805][    C0]  ? __fdget_pos+0x1f2/0x380
[  213.205815][    C0]  ? do_writev+0x76/0x2b0
[  213.205825][    C0]  do_writev+0x14a/0x2b0
[  213.205835][    C0]  ? do_readv+0x3e0/0x3e0
[  213.205845][    C0]  ? fpregs_restore_userregs+0x128/0x260
[  213.205858][    C0]  __x64_sys_writev+0x7d/0x90
[  213.205867][    C0]  x64_sys_call+0xad/0x9a0
[  213.205879][    C0]  do_syscall_64+0x4c/0xa0
[  213.205889][    C0]  ? clear_bhb_loop+0x30/0x80
[  213.205902][    C0]  ? clear_bhb_loop+0x30/0x80
[  213.205915][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  213.205928][    C0] RIP: 0033:0x7f88cb18f749
[  213.205943][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.205951][    C0] RSP: 002b:00007f88cc0aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  213.205962][    C0] RAX: ffffffffffffffda RBX: 00007f88cb3e5fa0 RCX: 00007f88cb18f749
[  213.205968][    C0] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  213.205974][    C0] RBP: 00007f88cb213f91 R08: 0000000000000000 R09: 0000000000000000
[  213.205981][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  213.205987][    C0] R13: 00007f88cb3e6038 R14: 00007f88cb3e5fa0 R15: 00007ffd83975888
[  213.205997][    C0]  </TASK>
[  213.206000][    C0] 
[  213.206005][    C0] Allocated by task 12171:
[  213.206011][    C0]  kasan_set_track+0x4b/0x70
[  213.206022][    C0]  kasan_save_alloc_info+0x25/0x30
[  213.206034][    C0]  __kasan_kmalloc+0x95/0xb0
[  213.206044][    C0]  __kmalloc+0xb1/0x1e0
[  213.206057][    C0]  hci_alloc_dev_priv+0x27/0x1bd0
[  213.206071][    C0]  hci_uart_tty_ioctl+0x3d6/0xa20
[  213.206084][    C0]  tty_ioctl+0x8ef/0xc60
[  213.206095][    C0]  __se_sys_ioctl+0x12f/0x1b0
[  213.206105][    C0]  __x64_sys_ioctl+0x7b/0x90
[  213.206113][    C0]  x64_sys_call+0x58b/0x9a0
[  213.206122][    C0]  do_syscall_64+0x4c/0xa0
[  213.206131][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  213.206143][    C0] 
[  213.206145][    C0] Freed by task 12171:
[  213.206151][    C0]  kasan_set_track+0x4b/0x70
[  213.206160][    C0]  kasan_save_free_info+0x31/0x50
[  213.206172][    C0]  ____kasan_slab_free+0x132/0x180
[  213.206182][    C0]  __kasan_slab_free+0x11/0x20
[  213.206196][    C0]  slab_free_freelist_hook+0xc2/0x190
[  213.206209][    C0]  __kmem_cache_free+0xb7/0x1b0
[  213.206220][    C0]  kfree+0x6f/0xf0
[  213.206231][    C0]  hci_release_dev+0x12a3/0x13b0
[  213.206243][    C0]  bt_host_release+0x82/0x90
[  213.206256][    C0]  device_release+0xa4/0x1d0
[  213.206268][    C0]  kobject_put+0x19d/0x280
[  213.206279][    C0]  put_device+0x1f/0x30
[  213.206291][    C0]  hci_dev_cmd+0x265/0x720
[  213.206298][    C0]  hci_sock_ioctl+0x41e/0x7f0
[  213.206309][    C0]  sock_do_ioctl+0x101/0x310
[  213.206322][    C0]  sock_ioctl+0x4d8/0x6e0
[  213.206333][    C0]  __se_sys_ioctl+0x12f/0x1b0
[  213.206341][    C0]  __x64_sys_ioctl+0x7b/0x90
[  213.206349][    C0]  x64_sys_call+0x58b/0x9a0
[  213.206359][    C0]  do_syscall_64+0x4c/0xa0
[  213.206368][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  213.206388][    C0] 
[  213.206392][    C0] Last potentially related work creation:
[  213.206397][    C0]  kasan_save_stack+0x3a/0x60
[  213.206414][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[  213.206432][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[  213.206445][    C0]  insert_work+0x51/0x300
[  213.206453][    C0]  __queue_work+0x9b1/0xd30
[  213.206464][    C0]  queue_work_on+0xd2/0x140
[  213.206474][    C0]  __hci_cmd_sync_sk+0xa3e/0xcf0
[  213.206486][    C0]  hci_cmd_sync_status+0x53/0x120
[  213.206497][    C0]  hci_dev_cmd+0x33b/0x720
[  213.206505][    C0]  hci_sock_ioctl+0x41e/0x7f0
[  213.206516][    C0]  sock_do_ioctl+0x101/0x310
[  213.206528][    C0]  sock_ioctl+0x4d8/0x6e0
[  213.206539][    C0]  __se_sys_ioctl+0x12f/0x1b0
[  213.206548][    C0]  __x64_sys_ioctl+0x7b/0x90
[  213.206556][    C0]  x64_sys_call+0x58b/0x9a0
[  213.206565][    C0]  do_syscall_64+0x4c/0xa0
[  213.206574][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  213.206593][    C0] 
[  213.206596][    C0] Second to last potentially related work creation:
[  213.206603][    C0]  kasan_save_stack+0x3a/0x60
[  213.206621][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[  213.206637][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[  213.206650][    C0]  insert_work+0x51/0x300
[  213.206657][    C0]  __queue_work+0x9b1/0xd30
[  213.206667][    C0]  queue_work_on+0xd2/0x140
[  213.206677][    C0]  hci_cmd_timeout+0x191/0x200
[  213.206697][    C0]  process_one_work+0x71f/0xc40
[  213.206710][    C0]  worker_thread+0xa29/0x11f0
[  213.206723][    C0]  kthread+0x281/0x320
[  213.206737][    C0]  ret_from_fork+0x1f/0x30
[  213.206752][    C0] 
[  213.206755][    C0] The buggy address belongs to the object at ffff88814b3ac000
[  213.206755][    C0]  which belongs to the cache kmalloc-8k of size 8192
[  213.206769][    C0] The buggy address is located 2560 bytes inside of
[  213.206769][    C0]  8192-byte region [ffff88814b3ac000, ffff88814b3ae000)
[  213.206787][    C0] 
[  213.206791][    C0] The buggy address belongs to the physical page:
[  213.206798][    C0] page:ffffea00052cea00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14b3a8
[  213.206811][    C0] head:ffffea00052cea00 order:3 compound_mapcount:0 compound_pincount:0
[  213.206818][    C0] flags: 0x4000000000010200(slab|head|zone=1)
[  213.206842][    C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[  213.206851][    C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  213.206856][    C0] page dumped because: kasan: bad access detected
[  213.206862][    C0] page_owner tracks the page as allocated
[  213.206865][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 12148, tgid 12143 (syz.0.4893), ts 208935822150, free_ts 208932301332
[  213.206885][    C0]  post_alloc_hook+0x1f5/0x210
[  213.206898][    C0]  prep_new_page+0x1c/0x110
[  213.206909][    C0]  get_page_from_freelist+0x2c7b/0x2cf0
[  213.206921][    C0]  __alloc_pages+0x1c3/0x450
[  213.206934][    C0]  alloc_slab_page+0x6e/0xf0
[  213.206947][    C0]  new_slab+0x98/0x3d0
[  213.206963][    C0]  ___slab_alloc+0x6bd/0xb20
[  213.206974][    C0]  __slab_alloc+0x5e/0xa0
[  213.206985][    C0]  __kmem_cache_alloc_node+0x203/0x2c0
[  213.206996][    C0]  __kmalloc_node+0xa1/0x1e0
[  213.207008][    C0]  get_callchain_buffers+0x175/0x350
[  213.207023][    C0]  check_helper_call+0x57eb/0x61c0
[  213.207036][    C0]  do_check+0x627d/0xf060
[  213.207047][    C0]  do_check_common+0x11ae/0x1950
[  213.207058][    C0]  bpf_check+0x3de0/0x10ca0
[  213.207068][    C0]  bpf_prog_load+0x1071/0x15a0
[  213.207077][    C0] page last free stack trace:
[  213.207086][    C0]  free_unref_page_prepare+0x742/0x750
[  213.207097][    C0]  free_unref_page+0x8f/0x530
[  213.207107][    C0]  __free_pages+0x67/0x100
[  213.207117][    C0]  __free_slab+0xca/0x1a0
[  213.207128][    C0]  __unfreeze_partials+0x160/0x190
[  213.207140][    C0]  put_cpu_partial+0xa9/0x100
[  213.207152][    C0]  __slab_free+0x1c4/0x280
[  213.207163][    C0]  ___cache_free+0xbf/0xd0
[  213.207173][    C0]  qlist_free_all+0xc6/0x140
[  213.207181][    C0]  kasan_quarantine_reduce+0x14a/0x170
[  213.207190][    C0]  __kasan_slab_alloc+0x24/0x80
[  213.207200][    C0]  slab_post_alloc_hook+0x4f/0x2d0
[  213.207211][    C0]  __kmem_cache_alloc_node+0x192/0x2c0
[  213.207221][    C0]  kmalloc_trace+0x29/0xb0
[  213.207228][    C0]  do_check_common+0xd0/0x1950
[  213.207239][    C0]  bpf_check+0x3de0/0x10ca0
[  213.207249][    C0] 
[  213.207251][    C0] Memory state around the buggy address:
[  213.207257][    C0]  ffff88814b3ac900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.207263][    C0]  ffff88814b3ac980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.207270][    C0] >ffff88814b3aca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.207275][    C0]                    ^
[  213.207280][    C0]  ffff88814b3aca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.207286][    C0]  ffff88814b3acb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.207291][    C0] ==================================================================
[  213.207296][    C0] Disabling lock debugging due to kernel taint
[  213.207342][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  213.207352][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  213.207360][    C0] CPU: 0 PID: 12437 Comm: syz.6.5023 Tainted: G    B   W          syzkaller #0
[  213.207370][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  213.207375][    C0] RIP: 0010:__queue_work+0x575/0xd30
[  213.207386][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 78 e3 28 00 4c 89 ff e8 00 26 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 5c 6d 00 49 8b 7d 00 e8 e3 21
[  213.207394][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[  213.207403][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88813a261440
[  213.207410][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  213.207416][    C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[  213.207423][    C0] R10: ffffed1029675939 R11: 1ffff11029675939 R12: dffffc0000000000
[  213.207430][    C0] R13: 0000000000000000 R14: ffff88814b3ac9c8 R15: 0000000000000008
[  213.207436][    C0] FS:  00007f88cc0aa6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  213.207445][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  213.207452][    C0] CR2: 00007f88cc0a9f98 CR3: 00000001197c2000 CR4: 00000000003506b0
[  213.207464][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  213.207475][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  213.207486][    C0] Call Trace:
[  213.207491][    C0]  <IRQ>
[  213.207501][    C0]  delayed_work_timer_fn+0x61/0x80
[  213.207521][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  213.207533][    C0]  call_timer_fn+0x46/0x2a0
[  213.207546][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  213.207558][    C0]  __run_timers+0x672/0x9b0
[  213.207571][    C0]  ? calc_index+0x200/0x200
[  213.207583][    C0]  ? kvm_sched_clock_read+0x18/0x40
[  213.207599][    C0]  run_timer_softirq+0x6a/0xf0
[  213.207610][    C0]  handle_softirqs+0x1d7/0x600
[  213.207621][    C0]  ? irqtime_account_irq+0xc4/0x240
[  213.207634][    C0]  __irq_exit_rcu+0x52/0xf0
[  213.207644][    C0]  irq_exit_rcu+0x9/0x10
[  213.207652][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  213.207672][    C0]  </IRQ>
[  213.207677][    C0]  <TASK>
[  213.207692][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  213.207715][    C0] RIP: 0010:console_emit_next_record+0x9e3/0xbc0
[  213.207731][    C0] Code: de 48 81 e6 00 02 00 00 31 ff e8 98 4a 19 00 48 81 e3 00 02 00 00 75 07 e8 ca 45 19 00 eb 06 e8 c3 45 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7
[  213.207739][    C0] RSP: 0018:ffffc90009f86880 EFLAGS: 00000287
[  213.207747][    C0] RAX: ffffffff8156e4bd RBX: 0000000000000001 RCX: 0000000000080000
[  213.207754][    C0] RDX: ffffc90000d99000 RSI: 000000000000280b RDI: 000000000000280c
[  213.207760][    C0] RBP: ffffc90009f86a90 R08: 0000000000000004 R09: 0000000000000003
[  213.207767][    C0] R10: fffff520013f0d00 R11: 1ffff920013f0d00 R12: ffffc90009f86adf
[  213.207774][    C0] R13: dffffc0000000000 R14: 1ffff920013f0d20 R15: 0000000000000056
[  213.207782][    C0]  ? console_emit_next_record+0x9dd/0xbc0
[  213.207796][    C0]  ? __kasan_check_write+0x14/0x20
[  213.207805][    C0]  ? info_print_prefix+0x300/0x300
[  213.207819][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  213.207830][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  213.207841][    C0]  ? __cfi_vprintk_store+0x10/0x10
[  213.207851][    C0]  console_unlock+0x23d/0x550
[  213.207861][    C0]  ? down_trylock+0x52/0xb0
[  213.207874][    C0]  ? __cfi_console_unlock+0x10/0x10
[  213.207886][    C0]  vprintk_emit+0x14d/0x410
[  213.207896][    C0]  ? __cfi_vprintk_emit+0x10/0x10
[  213.207907][    C0]  ? __kasan_check_write+0x14/0x20
[  213.207915][    C0]  ? _raw_spin_trylock+0xb1/0x140
[  213.207925][    C0]  vprintk_default+0x26/0x30
[  213.207938][    C0]  vprintk+0x7a/0x80
[  213.207949][    C0]  _printk+0xcc/0x118
[  213.207963][    C0]  ? __cfi__printk+0x8/0x8
[  213.207977][    C0]  __nla_validate_parse+0xd8b/0x29a0
[  213.207993][    C0]  ? __nla_validate+0x60/0x60
[  213.208008][    C0]  __nla_parse+0x42/0x60
[  213.208021][    C0]  rtnl_setlink+0x17b/0x400
[  213.208033][    C0]  ? __cfi_rtnl_setlink+0x10/0x10
[  213.208044][    C0]  ? memcpy+0x56/0x70
[  213.208052][    C0]  ? avc_has_perm_noaudit+0x2f4/0x460
[  213.208066][    C0]  ? __cfi_avc_has_perm_noaudit+0x10/0x10
[  213.208084][    C0]  ? mutex_lock+0x8d/0x1a0
[  213.208095][    C0]  ? __cfi_mutex_lock+0x10/0x10
[  213.208106][    C0]  ? ns_capable+0x8c/0xf0
[  213.208115][    C0]  ? netlink_net_capable+0x125/0x160
[  213.208128][    C0]  ? __cfi_rtnl_setlink+0x10/0x10
[  213.208139][    C0]  rtnetlink_rcv_msg+0x9f4/0xcf0
[  213.208152][    C0]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  213.208163][    C0]  ? kernel_text_address+0xa0/0xd0
[  213.208175][    C0]  ? __kernel_text_address+0xd/0x30
[  213.208186][    C0]  ? unwind_get_return_address+0x4d/0x90
[  213.208198][    C0]  ? memcpy+0x56/0x70
[  213.208206][    C0]  ? avc_has_perm_noaudit+0x2f4/0x460
[  213.208219][    C0]  ? __cfi_avc_has_perm_noaudit+0x10/0x10
[  213.208232][    C0]  ? slab_post_alloc_hook+0x4f/0x2d0
[  213.208244][    C0]  ? kmem_cache_alloc_node+0x181/0x340
[  213.208255][    C0]  ? __alloc_skb+0xea/0x4b0
[  213.208265][    C0]  ? avc_has_perm+0x158/0x240
[  213.208276][    C0]  ? __alloc_skb+0x236/0x4b0
[  213.208285][    C0]  ? netlink_sendmsg+0x626/0xbc0
[  213.208294][    C0]  ? __cfi_avc_has_perm+0x10/0x10
[  213.208307][    C0]  ? selinux_nlmsg_lookup+0x420/0x4c0
[  213.208321][    C0]  netlink_rcv_skb+0x1f2/0x440
[  213.208330][    C0]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  213.208343][    C0]  ? __cfi_netlink_rcv_skb+0x10/0x10
[  213.208353][    C0]  ? __netlink_lookup+0x387/0x3b0
[  213.208363][    C0]  rtnetlink_rcv+0x1c/0x20
[  213.208375][    C0]  netlink_unicast+0x8ab/0xa30
[  213.208389][    C0]  netlink_sendmsg+0x8aa/0xbc0
[  213.208399][    C0]  ? __cfi_netlink_sendmsg+0x10/0x10
[  213.208408][    C0]  ? finish_task_switch+0x209/0x7b0
[  213.208421][    C0]  ? security_socket_sendmsg+0x93/0xb0
[  213.208432][    C0]  sock_write_iter+0x2ca/0x3b0
[  213.208445][    C0]  ? __cfi_sock_write_iter+0x10/0x10
[  213.208459][    C0]  ? fsnotify_perm+0x67/0x5b0
[  213.208469][    C0]  ? security_file_permission+0x8a/0xb0
[  213.208481][    C0]  do_iter_write+0x650/0xb10
[  213.208490][    C0]  ? _copy_from_user+0x8f/0xc0
[  213.208502][    C0]  ? vfs_iter_write+0xa0/0xa0
[  213.208511][    C0]  ? import_iovec+0x7c/0xb0
[  213.208524][    C0]  vfs_writev+0x30b/0x590
[  213.208534][    C0]  ? do_writev+0x2b0/0x2b0
[  213.208548][    C0]  ? __fdget_pos+0x1f2/0x380
[  213.208564][    C0]  ? do_writev+0x76/0x2b0
[  213.208583][    C0]  do_writev+0x14a/0x2b0
[  213.208616][    C0]  ? do_readv+0x3e0/0x3e0
[  213.208626][    C0]  ? fpregs_restore_userregs+0x128/0x260
[  213.208637][    C0]  __x64_sys_writev+0x7d/0x90
[  213.208646][    C0]  x64_sys_call+0xad/0x9a0
[  213.208657][    C0]  do_syscall_64+0x4c/0xa0
[  213.208667][    C0]  ? clear_bhb_loop+0x30/0x80
[  213.208684][    C0]  ? clear_bhb_loop+0x30/0x80
[  213.208696][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  213.208709][    C0] RIP: 0033:0x7f88cb18f749
[  213.208716][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.208724][    C0] RSP: 002b:00007f88cc0aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  213.208733][    C0] RAX: ffffffffffffffda RBX: 00007f88cb3e5fa0 RCX: 00007f88cb18f749
[  213.208741][    C0] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  213.208752][    C0] RBP: 00007f88cb213f91 R08: 0000000000000000 R09: 0000000000000000
[  213.208763][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  213.208774][    C0] R13: 00007f88cb3e6038 R14: 00007f88cb3e5fa0 R15: 00007ffd83975888
[  213.208791][    C0]  </TASK>
[  213.208796][    C0] Modules linked in:
[  213.208802][    C0] ---[ end trace 0000000000000000 ]---
[  213.208807][    C0] RIP: 0010:__queue_work+0x575/0xd30
[  213.208820][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 78 e3 28 00 4c 89 ff e8 00 26 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 5c 6d 00 49 8b 7d 00 e8 e3 21
[  213.208828][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[  213.208836][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88813a261440
[  213.208843][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  213.208851][    C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[  213.208863][    C0] R10: ffffed1029675939 R11: 1ffff11029675939 R12: dffffc0000000000
[  213.208875][    C0] R13: 0000000000000000 R14: ffff88814b3ac9c8 R15: 0000000000000008
[  213.208884][    C0] FS:  00007f88cc0aa6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  213.208896][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  213.208906][    C0] CR2: 00007f88cc0a9f98 CR3: 00000001197c2000 CR4: 00000000003506b0
[  213.208920][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  213.208931][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  213.208945][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  213.209296][    C0] Kernel Offset: disabled
[  215.503299][    C0] Rebooting in 86400 seconds..