last executing test programs:

4m39.294010322s ago: executing program 3 (id=146):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0)
ioctl$int_in(r4, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0x10001)
write(r2, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r5}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
io_setup(0x3, &(0x7f00000002c0)=<r7=>0x0)
r8 = eventfd(0x3ff)
io_submit(r7, 0x2, &(0x7f0000000500)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x7fff, r6, &(0x7f0000000300)="e3f706520e3ac7ea6a0efa95dde19faf3d43807e5b86de87ad54c6614100ac9e6c667ed86440d0737e9a8530be415c27e7dafb676e20ff6a09024513832601a65b75dfec37c84a14fa5345dce0eb0a23e0d65333b1a16339b63faa801a36c3d65607c45656c5175fccbfd10c1a0948cf9dfea309025e14f72e7ba9bbe3ba20f73f9b77889c6eb52ca0f734ef0dac07544d6ca1a98d24790e09f0ca5c7ba6316aefae99f512706a74c423fec8b5366b29a2538cc91e8e8d76", 0xb8, 0x80000000, 0x0, 0x1, r8}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x10, r6, &(0x7f0000000400)="8f1f3bfeda30c666edbf911c05c083ab3e5cf32e0c29ffb2ac342bfc8c80107b637a3d6dc9cc149aa984ebb7be75f8c9", 0x30, 0x81, 0x0, 0x3}])
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x81000)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000a00)={0xa4c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1a8, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x6c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x7, 0x4, 0x7, 0x5, 0x4b39, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x30, 0x18, 0x5, 0x36, 0x65, 0x48, 0x12, 0x16, 0x2, 0xb, 0x60, 0x1, 0x3, 0x4, 0x4, 0xc, 0x16, 0xb, 0x30, 0x1, 0x4, 0x30, 0x2]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0xc70, 0x6, 0x1, 0x5, 0x8001, 0x200]}}, @NL80211_TXRATE_LEGACY={0x4}]}, @NL80211_BAND_6GHZ={0x60, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x3, 0x36, 0x5, 0x9, 0x5, 0x18, 0x18, 0x48, 0x1b, 0x5, 0x9, 0x4, 0x12, 0x12, 0x5, 0x1, 0x6c, 0x6c, 0x48, 0x24, 0x2, 0x6c, 0x5, 0x2, 0x24, 0x48, 0x16, 0x3, 0x36, 0x3, 0x1, 0x9]}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x24, 0x18, 0xc, 0x1b, 0x16, 0x62, 0x30, 0x36, 0x1b, 0x1b, 0x48, 0x9, 0x1, 0x2, 0x0, 0x6c, 0x60, 0x36, 0x60]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0xd8, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x3, 0xa}, {0x2}, {0x0, 0x9}, {0x7, 0x6}, {0x7, 0x1}, {0x3}, {0x5, 0x1}, {0x0, 0x1}, {0x7, 0x2}, {0x3, 0x2}, {0x4, 0x6}, {0x4, 0x3}, {0x0, 0x8}, {0x6, 0x4}, {0x3, 0x7}, {0x2, 0xa}, {0x1}, {0x0, 0x3}, {0x0, 0xa}, {0x3, 0x3}, {0x1, 0x2}, {0x4, 0x2}, {0x4, 0x7}, {0x7}, {0x1, 0xa}, {0x3, 0x6}, {0x3, 0x6}, {0x2, 0x2}, {0x5, 0x6}, {0x4, 0x4}, {0x5, 0x3}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x2}, {0x2, 0x3}, {0x2, 0x4}, {0x1, 0x7}, {0x3, 0x8}, {0x1, 0x7}, {0x4, 0x4}, {0x1, 0x1}, {0x6, 0x8}, {0x5, 0x4}, {0x6, 0x4}, {0x1, 0x6}, {0x7, 0x8}, {0x7, 0x9}, {0x1, 0x4}, {0x7, 0x1}, {0x6}, {0x5, 0x8}, {0x4, 0xa}, {0x4, 0x9}, {0x1, 0x7}, {0x5, 0x1}, {0x7, 0x9}, {0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0xe0, 0x5, 0x3, 0x7, 0x4, 0x1000, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x7, 0x100, 0x7, 0x1, 0x25ce, 0x3]}}, @NL80211_TXRATE_HT={0x51, 0x2, [{0x1, 0x9}, {0x4, 0x8}, {}, {0x0, 0x3}, {0x2, 0x7}, {0x0, 0x5}, {0x4, 0x2}, {0x1, 0x5}, {0x3, 0x4}, {0x7, 0x7}, {0x1, 0x3}, {0x6}, {0x1, 0x1}, {0x0, 0x5}, {0x2, 0x6}, {0x4, 0xa}, {0x3, 0x6}, {0x1, 0x2}, {0x7, 0x9}, {0x1, 0x7}, {0x5, 0x8}, {0x5, 0x1}, {0x6, 0x8}, {0x2, 0x4}, {0x6, 0xa}, {0x6, 0x7}, {0x0, 0x3}, {0x0, 0x3}, {0x1, 0xa}, {0x1, 0x2}, {0x3, 0x1}, {0x5, 0xa}, {0x2, 0xa}, {0x2, 0x2}, {0x0, 0x3}, {0x7, 0x5}, {0x0, 0x4}, {0x1, 0x6}, {0x0, 0x2}, {0x3, 0x9}, {0x4, 0x4}, {0x4, 0x7}, {0x2, 0x1}, {0x7, 0x5}, {0x0, 0x4}, {0x0, 0x1a}, {0x1, 0x1}, {0x7, 0x12}, {0x6, 0x6}, {0x7, 0x8}, {0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x1}, {0x0, 0x6}, {0x2, 0xa}, {0x4, 0x9}, {0x5, 0x3}, {0x2, 0x5}, {0x1, 0x4}, {0x3, 0x5}, {0x6, 0x8}, {0x1, 0x9}, {0x7, 0x3}, {0x3, 0x1}, {0x6, 0x5}, {0x1}, {0x4, 0x5}, {0x3, 0x3}, {0x1}, {0x3}, {0x7, 0x3}, {0x0, 0x1}, {0x3, 0x5}, {0x3, 0x3}, {0x2, 0x1}, {0x4, 0x6}]}]}]}, @NL80211_ATTR_TX_RATES={0xc4, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x30, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0xe, 0x1, 0xfe18, 0x101, 0x7, 0x7ff, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x15, 0x1, [0x6, 0x16, 0x16, 0x24, 0xc, 0x1b, 0x18, 0x16, 0x5, 0x18, 0xb, 0x0, 0x4, 0x4, 0x6, 0x4, 0x9]}, @NL80211_TXRATE_HT={0xf, 0x2, [{0x2, 0x7}, {0x7, 0x8}, {0x0, 0x8}, {0x0, 0x9}, {0x1, 0x6}, {0x7, 0x2}, {0x2, 0x5}, {0x3, 0x4}, {0x5}, {0x6, 0x4}, {0x2, 0x8}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x7f, 0x4, 0x81, 0x2000, 0x7, 0x9, 0x1]}}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x24, 0x16, 0x36, 0x1, 0x36, 0x24, 0x9, 0xc]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x0, 0x5, 0x5, 0x8, 0x9, 0x0, 0x4]}}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x5, 0x60, 0x12, 0x6c, 0xc, 0x5, 0x60, 0x4, 0x60, 0x36, 0x12]}, @NL80211_TXRATE_HE_LTF={0x5}]}]}, @NL80211_ATTR_TX_RATES={0xdc, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xc, 0x8, 0x401, 0x3, 0x3, 0x1000, 0x8, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0xa4, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x4, 0xb922, 0x7, 0x9, 0x8, 0xe24, 0x8]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x0, 0x3}, {0x6, 0x3}, {0x0, 0x1}, {0x3, 0x3}, {0x1, 0x8}, {}, {0x3, 0x5}, {0x1, 0xa}, {0x3, 0x9}, {0x4, 0x2}, {0x5, 0x4}, {0x3, 0xa}, {0x3}, {0x7, 0x4}, {0x0, 0x4}, {0x3, 0x7}, {0x0, 0x6}, {0x4, 0x4}, {0x4, 0x2}, {0x5, 0x7}, {0x7, 0x3}, {0x1, 0x1}, {0x7, 0x6}, {0x3, 0x3}, {0x1, 0x2}, {0x6, 0x1}, {0x0, 0xb}, {0x1, 0x2}, {0x3, 0x8}, {0x1, 0x7}, {0x3, 0xa}, {0x3, 0xa}, {0x2, 0xa}, {0x5, 0x7}, {0x1, 0x1}, {0x3}, {0x6, 0x2}, {0x1, 0x4}, {0x5, 0x6}, {0x4, 0x2}, {0x1, 0x7}, {0x3, 0x1}, {0x3, 0x4}, {0x1, 0x8}, {0x1, 0x2}, {0x6, 0x1}, {0x7, 0x6}, {0x7, 0x9}, {0x2, 0x1}, {0x5, 0x8}, {0x3}, {0x1, 0x4}, {0x3, 0x4}, {0x3, 0x1}, {0x3, 0x4}, {0x7, 0x3}, {0x5, 0xa}, {0x1, 0x4}, {0x6, 0x9}, {0x5, 0x9}, {0x3, 0x9}, {0x7}, {0x0, 0xa}, {0x2, 0x9}, {0x0, 0xa}, {0x4, 0x7}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x30, 0x2, 0x12, 0x1, 0x18, 0x48, 0x12, 0x3, 0x6c, 0x12, 0x30, 0x5, 0x24, 0xc, 0x16, 0x16, 0x2, 0x60, 0xb, 0x24, 0x1b, 0xc, 0xc, 0x4, 0x1, 0xb, 0x6, 0x60, 0x1]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0xe, 0x2, [{0x1}, {0x5, 0x3}, {0x5}, {0x7, 0x9}, {0x1, 0x3}, {0x5, 0x1}, {0x5, 0x6}, {0x6, 0x8}, {0x3, 0x5}, {0x6, 0x5}]}]}]}, @NL80211_ATTR_TX_RATES={0x360, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x64, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4e, 0x2, [{}, {0x5, 0x5}, {0x1, 0x5}, {0x1, 0x8}, {0x6, 0x6}, {0x7, 0x8}, {0x5}, {0x7, 0x2}, {0x7}, {0x2, 0x4}, {0x3, 0x1}, {0x0, 0xa}, {0x0, 0x7}, {0x3, 0x5}, {0x5, 0x7}, {0x0, 0x8}, {0x6}, {0x2, 0x4}, {0x5, 0x6}, {0x1, 0x4}, {0x0, 0x4}, {0x5, 0x9}, {0x2, 0xa}, {0x1, 0x5}, {0x7, 0x3}, {0x1, 0x8}, {0x4, 0x9}, {0x3, 0x5}, {0x2, 0x8}, {0x1, 0x6}, {0x1, 0x1}, {0x7, 0x3}, {0x7, 0x7}, {0x6, 0x1}, {0x2, 0x4}, {0x7, 0x9}, {0x1, 0x6}, {0x1}, {0x3, 0x2}, {0x1, 0x4}, {0x6, 0x8}, {0x0, 0x3}, {0x1, 0x8}, {0x4, 0x9}, {0x2, 0x3}, {}, {0x5, 0x5}, {0x6, 0x3}, {0x0, 0x2}, {0x1, 0xa}, {0x4, 0x5}, {0x2, 0x2}, {0x0, 0x1}, {0x3, 0x5}, {0x3}, {0x6, 0x6}, {0x5, 0x3}, {0x5, 0x9}, {0x2, 0x1}, {0x6, 0x3}, {0x2, 0x9}, {0x2, 0x8}, {0x6, 0x7}, {0x3}, {0x2, 0x6}, {0x7, 0x8}, {0x6, 0x5}, {0x0, 0x5}, {0x1, 0x9}, {0x7}, {0x5, 0x6}, {0x0, 0x1}, {0x3, 0x5}, {0x2, 0x3}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0xdc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x36, 0x2, [{0x1}, {0x1, 0x1}, {0x4, 0xa}, {0x1, 0x6}, {0x1, 0xa}, {0x1, 0xa}, {0x0, 0x5}, {0x5, 0x2}, {0x5, 0x6}, {0x5, 0xa}, {0x1}, {0x1, 0x6}, {0x1, 0x1}, {0x6, 0x2}, {0x5, 0xa}, {0x5, 0x3}, {0x6, 0x4}, {0x7, 0x4}, {0x3, 0x5}, {0x0, 0x2}, {0x7, 0x7}, {0x1, 0x6}, {0x0, 0x7}, {0x4, 0x5}, {0x0, 0x8}, {0x0, 0x7}, {0x3, 0x9}, {0x3, 0x3}, {0x2}, {0x4, 0x1}, {0x7, 0x9}, {0x3, 0x6}, {0x4, 0x7}, {0x3, 0xa}, {0x0, 0x8}, {0x5, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x0, 0x8}, {0x5}, {0x3, 0x9}, {0x7, 0x3}, {0x5, 0x6}, {0x1, 0x5}, {0x1, 0x6}, {0x2, 0x2}, {0x4, 0xa}, {0x1, 0x9}, {0x6, 0x7}, {0x4, 0x3}]}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x5, 0x2}, {0x3, 0x3}, {0x2, 0x1}, {0x0, 0x2}, {0x3, 0x8}, {0x0, 0x6}, {0x7, 0x1}, {0x5, 0x1}, {0x1, 0x5}, {0x4, 0x5}, {0x5, 0x8}, {0x1, 0x8}, {0x1, 0x4}, {0x2, 0x7}, {0x2, 0x7}, {0x6, 0x2}, {0x5, 0x5}, {0x2, 0x6}, {0x3, 0x3}, {0x5, 0x7}, {0x1, 0x9}, {0x4, 0x1}, {0x0, 0x5}, {0x4, 0x9}, {0x6, 0x3}, {0x1, 0xa}, {0x7, 0x5}, {0x4, 0x9}, {0x1, 0x1}, {0x6, 0xa}, {0x1, 0x2}, {0x2, 0x2}, {0x3, 0x8}, {0x1, 0x5}, {0x7, 0xa}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0x2}, {0x2, 0xa}, {0x6, 0x6}, {0x4, 0x6}, {0x1, 0x9}, {0x1, 0x9}, {0x7, 0x2}, {0x0, 0x6}, {}, {0x4, 0x1}, {0x0, 0x2}, {0x3, 0x5}, {0x4, 0x6}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x81, 0xcd12, 0x8001, 0x1, 0x2, 0x4, 0xc449, 0x3]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x6}, {0x4, 0x6}, {0x1}, {0x0, 0x3}, {0x5, 0x9}, {0x7, 0x9}, {0x1, 0xa}, {0x2}, {0x7, 0x8}, {0x0, 0x3}, {0x1, 0x7}, {0x4, 0x8}, {0x7, 0x5}, {0x1, 0x6}, {0x7, 0x1}, {}, {0x1, 0x2}, {}, {0x5, 0x3}, {0x5, 0x2}, {0x2, 0x5}, {0x7, 0x8}, {0x0, 0x6}, {0x2, 0x3}, {0x3, 0x2}, {}, {0x4, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x401, 0xc000, 0x7e7, 0x6, 0x3ff8, 0x7fff, 0x40, 0x7]}}]}, @NL80211_BAND_2GHZ={0x94, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x25, 0x2, [{0x0, 0x2}, {0x5}, {0x6, 0xa}, {0x4, 0xa}, {0x0, 0x6}, {0x7, 0x3}, {0x1, 0x2}, {0x0, 0x9}, {0x1, 0x1}, {0x6, 0x7}, {0x6, 0x8}, {}, {0x6, 0x7}, {0x2, 0x3}, {0x3, 0x4}, {0x7}, {0x2, 0x2}, {0x4, 0x1}, {0x1, 0x7}, {0x1, 0x7}, {0x6, 0xa}, {0x1, 0x1}, {}, {0x4, 0x3}, {0x6}, {0x2, 0x8}, {0x5, 0x4}, {0x1, 0x6}, {0x5, 0x3}, {0x7, 0x3}, {0x6, 0x4}, {0x0, 0x5}, {0x4, 0xa}]}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x4, 0x8}, {0x0, 0x4}, {0x7, 0x1}, {0x3, 0x3}, {0x2, 0x5}, {0x0, 0x8}, {0x6, 0x3}, {0x3, 0x9}, {0x6, 0x1}, {0x5, 0x2}, {0x2, 0x5}, {0x2, 0x5}, {0x7, 0x4}, {0x1, 0x9}, {0x5, 0x9}, {0x0, 0x5}, {0x0, 0x5}, {0x5, 0x6}, {0x4, 0x4}, {0x0, 0x5}, {0x0, 0x5}, {0x7, 0x7}, {0x5, 0x8}, {0x1, 0x6}, {0x6, 0x1}, {0x4}, {0x1, 0x2}, {0x0, 0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x401, 0x9, 0x5, 0x3, 0x4, 0x0, 0x3fc0, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x7, 0x7cc5, 0x3, 0x67, 0x1, 0x8f0, 0x7]}}, @NL80211_TXRATE_HT={0x1a, 0x2, [{0x1, 0x8}, {0x6, 0x8}, {0x4, 0x3}, {0x5, 0x1}, {0x4}, {0x5, 0xa}, {0x3, 0xa}, {0x5, 0x1}, {0x2, 0x4}, {0x5, 0x5}, {0x0, 0x1}, {0x4, 0xa}, {0x6, 0x4}, {0x0, 0x7}, {0x2, 0x2}, {0x1, 0x3}, {0x4, 0x9}, {0x2, 0x4}, {0x4, 0x2}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x5}]}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x2, 0x6, 0x16, 0x6, 0x16, 0x30]}]}, @NL80211_BAND_60GHZ={0x90, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x10, 0x404, 0x8, 0x81, 0x3, 0xca7, 0x5, 0x3]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x7, 0xe, 0x46, 0x8, 0xe, 0x3, 0x9]}}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x6, 0x2, 0xb, 0x6c, 0xb]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x24, 0x2, [{0x6, 0x4}, {0x4}, {0x6, 0x5}, {0x3, 0x2}, {0x4, 0x9}, {0x0, 0x2}, {0x3, 0xa}, {0x4, 0x9}, {0x6}, {0x6, 0x8}, {0x0, 0x7}, {0x1, 0xa}, {0x6}, {0x1, 0x2}, {0x1, 0x6}, {0x7, 0x1}, {0x6, 0x1}, {0x2, 0x7}, {0x2}, {0x5, 0xa}, {0x0, 0x3}, {0x1, 0x3}, {0x7, 0x2}, {0x1, 0x9}, {0x2, 0x9}, {0x0, 0x6}, {0x6}, {0x5, 0x9}, {0x6, 0x4}, {0x0, 0x9}, {0x4, 0x1}, {0x7, 0xa}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x5, 0x3e0, 0x8, 0x6, 0x0, 0x2918, 0x4000]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x1, 0x6f0, 0xa, 0x954d, 0x6, 0x7fff]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0xb4, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x3, 0x60, 0x12, 0x48, 0x5, 0x13, 0x2, 0x36, 0x24, 0x24, 0x5, 0x1b, 0x5, 0x5, 0x24, 0x2, 0x0, 0x5, 0x12, 0x36, 0x60, 0x12, 0x16, 0x18, 0x36, 0x1, 0x6]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x9, 0x3, 0x3, 0x7ff, 0x2, 0x2, 0xfff0]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x9, 0x73, 0x98e6, 0x2, 0x2, 0xf, 0x401]}}, @NL80211_TXRATE_HT={0x4b, 0x2, [{0x1, 0x2}, {0x6, 0x6}, {0x7}, {0x7, 0x5}, {0x2, 0x4}, {0x5, 0x7}, {0x2, 0x8}, {0x0, 0x8}, {0x1, 0x6}, {0x0, 0x1}, {0x3, 0x7}, {0x4, 0x1}, {0x4, 0x1}, {0x7, 0x2}, {0x7, 0x7}, {0x0, 0x5}, {0x2}, {0x5, 0x3}, {0x7, 0x2}, {0x1, 0xa}, {0x3, 0x4}, {0x6, 0x8}, {0x0, 0x4}, {0x6, 0x5}, {0x6, 0x1f}, {0x1, 0x6}, {0x7, 0x8}, {0x3, 0x3}, {0x2, 0x5}, {0x2, 0x6}, {0x0, 0x2}, {0x1}, {0x5, 0x2}, {0x5, 0x3}, {0x2, 0x7}, {0x6, 0x6}, {0x6, 0xa}, {0x5, 0x3}, {0x5, 0x2}, {0x1, 0x8}, {0x5, 0x6}, {0x6}, {0x5, 0x1}, {}, {0x1, 0x8}, {0x3, 0x1}, {0x1, 0x1}, {0x7, 0x1}, {0x1, 0x1}, {0x1, 0xa}, {0x6, 0x2}, {0x4, 0x7}, {0x3, 0x3}, {0x0, 0x2}, {0x7, 0x3}, {0x3, 0x5}, {0x6, 0x8}, {0x3, 0x2}, {0x7, 0x4}, {0x6, 0x8}, {0x6, 0x7}, {0x0, 0x7}, {0x1, 0x8}, {0x6, 0x2}, {0x1}, {0x5, 0x8}, {0x7, 0x1}, {0x0, 0x2}, {0x3, 0x8}, {0x3, 0x5}, {0x2, 0x1}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0x16, 0x18, 0x12, 0xc, 0x30, 0x1b, 0x1]}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_ATTR_TX_RATES={0x104, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x48, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x18, 0x30, 0xc, 0x48, 0x12, 0x60, 0xb, 0x36, 0x1, 0x5a, 0x6, 0x18, 0x1, 0x2, 0x24, 0x4, 0x48, 0x36, 0x12, 0x2, 0x2, 0x16, 0x3, 0x36, 0xc, 0x30]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x2, 0x7, 0x6, 0x3ff, 0x1, 0x0, 0x4a3]}}]}, @NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x0, 0x4, 0xfffc, 0x7, 0x841, 0x4, 0x6]}}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2a, 0x2, [{0x1, 0x8}, {0x1, 0x5}, {0x4}, {0x6, 0x3}, {0x3, 0x5}, {0x6, 0x6}, {0x7, 0x1}, {0x5, 0xa}, {0x0, 0x4}, {0x1, 0x8}, {0x2, 0x2}, {0x0, 0x6}, {0x7, 0x8}, {0x6, 0x5}, {0x0, 0x3}, {0x3, 0x9}, {0x7, 0x6}, {0x2, 0x3}, {0x0, 0x5}, {0x1, 0x3}, {0x6, 0x7}, {0x1, 0x8}, {0x0, 0x9}, {0x4, 0x7}, {0x2}, {0x4, 0x9}, {0x1}, {0x0, 0xa}, {0x0, 0x1}, {0x5}, {0x5, 0xa}, {0x5, 0x2}, {0x0, 0x9}, {0x3, 0x8}, {0x1, 0x5}, {0x4, 0x9}, {0x7, 0x3}, {0x7, 0x6}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x100, 0xf, 0x0, 0x6, 0xfff, 0x1000, 0x8, 0x1]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x863b3885aa607b50}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_2GHZ={0x30, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1c, 0x2, [{0x5, 0x5}, {0x1, 0x8}, {0x4, 0x4}, {0x2, 0x2}, {0x3, 0x9}, {0x6, 0x9}, {0x4}, {0x6, 0x7}, {0x2, 0x5}, {0x1, 0x5}, {0x5, 0x2}, {0x2, 0x3}, {0x3, 0x9}, {0x4, 0x7}, {0x7, 0x4}, {0x4, 0x5}, {0x7, 0x4}, {0x0, 0xa}, {0x2, 0x3}, {0x1, 0x6}, {0x0, 0x3}, {0x7}, {0x4, 0x2}, {0x0, 0x9}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}]}, @NL80211_ATTR_TX_RATES={0x170, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x10, 0xfff, 0x4800, 0x4, 0x1a0, 0x1, 0x2, 0x401]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x1698, 0x8001, 0x9, 0x1, 0xd57, 0x0, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x6, 0x200, 0x7, 0x6, 0x7, 0xb]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1e6, 0x629a, 0x6, 0xfffd, 0x2, 0xd3, 0xca6, 0x3]}}]}, @NL80211_BAND_60GHZ={0x4}, @NL80211_BAND_6GHZ={0x3c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x9, 0x7, 0xf704, 0x6, 0x4, 0x2, 0x7]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0xc128, 0x6, 0x6, 0xfe, 0x7fff]}}]}, @NL80211_BAND_6GHZ={0xa4, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1b, 0x2, [{0x6, 0x3}, {0x4, 0x8}, {0x0, 0x9}, {0x2, 0x3}, {0x4, 0x3}, {0x3, 0x3}, {0x1, 0x3}, {0x1, 0x5}, {0x5, 0x3}, {0x1, 0x4}, {0x4, 0x6}, {0x2, 0x5}, {0x2, 0x1}, {0x5, 0x5}, {0x1, 0x1f}, {0x6, 0x9}, {0x0, 0x4}, {0x3, 0x6}, {0x4, 0x1}, {0x1, 0x7}, {0x0, 0x9}, {0x5, 0x2}, {0x7, 0x9}]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x12, 0x9, 0x5, 0x35, 0x3, 0x1, 0x1b, 0x24, 0xc, 0x36, 0x36, 0x30, 0xb, 0x6c, 0x0, 0x39, 0x60, 0x30, 0x9, 0x60, 0x3, 0x1b, 0xb, 0x9, 0xc, 0x1, 0xc, 0x6c, 0x20]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8817, 0x8, 0x0, 0x392, 0x800, 0x1, 0x1, 0xdb]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0x2, 0x6dac, 0x0, 0x2, 0x0, 0xe5c]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x0, 0x4}, {0x7, 0x1}, {0x0, 0x3}, {0x5, 0x6}, {0x7, 0x7}, {0x0, 0x7}, {0x7, 0x5}, {0x2, 0x4}, {0x3, 0x7}, {0x2, 0x9}, {0x3, 0x3}, {0x0, 0x6}, {0x3, 0x5}, {0x1, 0x8}, {0x3, 0x5}, {0x1, 0x5}, {0x7, 0x7}, {0x7}, {0x5}, {0x4, 0x4}, {0x7, 0x8}, {0x7, 0x3}, {0x6, 0x1}, {}, {0x7, 0x1}, {0x2, 0xa}, {0x1, 0x1}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x80, 0x9, 0x100, 0x10, 0x9, 0x0, 0x3de1]}}]}]}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x9, 0xd3ac, 0x10, 0x1, 0xf21, 0x0, 0x8000]}}]}]}, @NL80211_ATTR_TX_RATES={0x100, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x1293, 0x12a0, 0xa, 0x0, 0x5, 0x3, 0x9]}}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x24, 0x4, 0x36, 0xb]}]}, @NL80211_BAND_6GHZ={0x88, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x2, 0x80, 0x5, 0x5, 0xd, 0x0, 0x2]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x3, 0xd420, 0xfa1, 0xe52e, 0x3, 0x0, 0x400]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x7}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x24, 0x6c, 0x6c, 0x6, 0x4, 0x48, 0x1b, 0x3, 0x1b, 0x30, 0x6c, 0x36, 0x60, 0x5, 0x12, 0x1, 0x12]}, @NL80211_TXRATE_HT={0x14, 0x2, [{0x2, 0x1}, {0x0, 0x9}, {0x4, 0xa}, {0x0, 0x3}, {0x6, 0x5}, {0x5, 0x6}, {0x1, 0xa}, {0x1, 0x2}, {0x7, 0x8}, {0x1, 0x1}, {0x1, 0x8}, {0x5, 0x9}, {0x1, 0x1}, {0x6, 0x1}, {0x7, 0x7}, {0x4, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x7b]}]}, @NL80211_BAND_60GHZ={0x1c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x38, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x200, 0x9, 0x8, 0x6, 0x6, 0x8, 0xbf9b, 0x4]}}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0xc]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}]}, 0xa4c}, 0x1, 0x0, 0x0, 0x20000091}, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r10, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000d00000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0x108)

4m38.852776981s ago: executing program 3 (id=150):
r0 = socket$netlink(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000028b0e9b82610be8eed0000000000000000000000000000000000008018b802a0a445b9f7c5b5049beb4c48bce665f4f00d509d9ecf9194467c08d125eec7978c6e3b668d84fc11ab9c7a7c2e2d4e104cb2ca6ad72362e8334fdb8216ee93da5c04092f5299850fc190ec1cc287d1599c9203ba7f2fcff1ebe08fcf5358aba272cc01c47356185d67cb9bf674f719df10e9e034929a54a4af367da502db847e"], 0x67)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1b, 0x10, &(0x7f0000000900)=ANY=[@ANYRES64=r0, @ANYRES32=r1, @ANYRES64=r1], 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x18)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000002c0)='kfree\x00', r2, 0x0, 0x40}, 0x18)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
preadv(r6, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/225, 0xe1}], 0x1, 0x3, 0x1)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'rose0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r8], 0x20}}, 0x0)

4m38.4016373s ago: executing program 3 (id=151):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x300, 0x300, 0x0, 0x300, 0x1a0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x300}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x1, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x70bd2a, 0xffffffff, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x3, 0x0, {@ip4=@multicast2, 0x86dd}}}]}, 0x38}}, 0x40084c0)
r1 = socket$inet(0x2, 0x5, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f0000000100), 0x16, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x10, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_procfs(0x0, &(0x7f00000006c0)='clear_refs\x00')
pread64(r4, 0x0, 0x0, 0x100008)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x2c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15946395916e2b388abc3d6ce2316334e8278ad"}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}, {0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xbc}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x2}, 0x18)
ppoll(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100100000040da093a00000000000001090224000100001000090400002103000000092104800001220700090581034010fd0008"], 0x0)

4m37.264054417s ago: executing program 3 (id=159):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x7, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = gettid()
sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)='>', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=r1, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=r1, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)
prlimit64(r2, 0x2, &(0x7f0000000100)={0x2400000000, 0x7ff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffa6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r3}, 0x18)
lsetxattr$security_selinux(&(0x7f0000000900)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:netutils_exec_t:s0\x00', 0x25, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000500)='w\xde\xa3\x05\xa3\x91\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xaek\xbd\x87W\x1d\x1b(\x8e\xf8\\2\x98\xf7P\x1b8\xcf\xf5\xdc<M\xb6\x06\x157\x80\x03\xb4\x9f\xd1\xf9\xdd\xf6&\x1d*lK\xe3\xbd\xe8\xda\xc7\x8c\xe4\xab\x8bM\xf5\x1a\x86\xc8\x9c rC\f\xee^0\xf7\xd9\xafc\x05\x91p=\xfe\x7f\xff\x9eN\xc9Zt@\x15{\x8c\x927\xfe\xc7ZEy8\x9e\x80ia[\x88\x153(\xff\xa4\xd3\xed\x12.\x9b\xb9\xc4\'\x14\xac\x14;\x02S!\x1f]bm\xe6\x0e\xb8= \xdbg/pq\x0fu\xa1\x03`\x00\xe0\x8c\xf3A\x88\xb1F\xcb\xf7O7\xfcu\xfb\xbd^\x94\xf6{\xd9k\xa13Q\x97\x03h\x12\xc8[&UX\x81\x1eK\x9c&e[R\xb4\x96\xee4~\x02\xe5\x12\x11\x98:\xfc~D(\xe3p\x03\xa7J\vP25\\t\xf0\xe7\xe2]\x88X\x91\xd5\xd8)q\x8dV\x1e\x059w\x9e`NI\x94\xbe^#\xdfE\'\x96\xd2\xc1\xce\x89\xdf\x02K\xeak\x97d\bRH\xac\x9ev\xb7\xd0\x02A\xaa\xfe\xa7\xd6\x03\x89\xb3\x96\xcb\x8b\xd7(\xf6\xb2\\6A\xe3\xae\xb3')
ptrace$poke(0x2, r6, &(0x7f0000000140), 0x200000000001)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x804000, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

4m37.059154736s ago: executing program 3 (id=162):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000380)='mm_page_free\x00', r1, 0x0, 0xe17}, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0xd06d000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mknodat$null(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x80, 0x103)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f00000002c0)=@urb_type_bulk={0x3, {0x0, 0x1}, 0xb7aa, 0x80, &(0x7f0000000a00)="c3aaf0afde69f8e6df913671633fd2c59215a43d25b04f8d2a501069ae58ea3ffae1eb031a61f42fb243d0414ae74edf395f7ba457bfd1ded662d675fee932e914d58cbd5488a6003f78462996bf942789980df5d2d602150eb0beb82147e83e0bf9f5e1a70357598c26e369e23031f32d7410706044c9c2da6603210c77b2b125f998325b4762b4d4adab779129d2ff321f5b25120b1e6520c177c7eba0408e54f8d2567eefd991cf86b5edfd6ae9519cf0e6d8b64896202ec5c434024b2f9bae5e29", 0xc3, 0x10001, 0x8, 0x3, 0x80000000, 0x5, &(0x7f0000000900)="ae552f9bd2e5464dcf2d164f2e8aa24f5732a61cdd64c3076b6e8e4a6c9c6484a4060fd371088bd44b0589b312701f9bbc2321b048105660d50aca4c5bb9cbc1bd2c887a337153ed5255afabc8b95e667f07cac8082026f001efecea06fed407c8a619af2c2cc5c1653dfaca7b1cc4292d6f18d52665e2f8ccfd4d2ceaaf09a9c075c70c29896461c654"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x100000001}, 0x18)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
socket$netlink(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000600)={[{@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@debug}, {@user_xattr}, {@errors_remount}, {@dioread_nolock}]}, 0x9, 0x441, &(0x7f00000011c0)="$eJzs28tvG8UfAPDv2kn66zP5VeXRBxAoiIpH0qSl9MAFBBIHkJDgUI4hSatQt0FNkGgVQUCoHFEl7ogjEv8AnOCCgBMSV7ijShXKpYWT0dq7ie3aaZI62RR/PtK2M7tjzXw9O/bMThxAzxpO/0ki9kTE7xExWM82Fxiu/3draWHy76WFySSq1Tf/Smrlbi4tTOZF89ftzjN9EaVPkzjcpt65y1fOT1Qq05ey/Oj8hfdG5y5feXbmwsS56XPTF8dPnz55Yuz5U+PPdSXONK6bhz6cPXLw1bevvT555to7P3+T5PG3xNElw6tdfKJa7XJ1xdrbkE76CmwI61KuD9Por43/wSjHSucNxiufFNo4YFNVq9Xq/Z0vL1aB/7Akim4BUIz8iz5d/+bHFk09toUbL9YXQGnct7KjfqUvSlmZ/pb1bTcNR8SZxX++TI/YnOcQAABNvk/nP8+0m/+VovG50L5sD2UoIv4fEfsj4lREHIiI+yJqZR+IiAfXWX/rJsnt85/S9Q0Ftkbp/O+FbG+ref6Xz/5iqJzl9tbi70/OzlSmj2fvybHo35Hmx1ap44eXf/u807XG+V96pPXnc8GsHdf7djS/ZmpifuJuYm504+OIQ33t4k+WdwKSiDgYEYc2WMfMU18f6XTtzvGvogv7TNWvIp6s9/9itMSfS1bfnxz9X1Smj4/md8Xtfvn16hud6r+r+Lsg7f9dbe//5fiHksb92rn113H1j8/ar2n2bfz+H0jeajr3wcT8/KWxiIHktXqjG8+Pt5QbXymfxn/saPvxvz9W3onDEZHexA9FxMMR8UjWd49GxGMRcXSV+H966fF3O13bDv0/ta7+X0kMROuZ9ony+R+/a6p0aD3xp/1/spY6lp1Zy+ffWtq1sbsZAAAA7j2liNgTSWlkOV0qjYzU/4b/QOwqVWbn5p8+O/v+xan6bwSGor+UP+kabHgeOpYt6/P8eEv+RPbc+Ivyzlp+ZHK2MlV08NDjdncY/6k/y0W3Dth0fq8Fvcv4h95l/EPvMv6hd7UZ/zuLaAew9dp9/39UQDuArdcy/m37QQ+x/ofe1Tj+kwLbAWw93//Qk+Z2xp1/JN8DiYHt0Yx7KBGltRf+Nrvbim6zxNoTBX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMm/AQAA//8iOuPQ")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r4, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)

4m36.763944688s ago: executing program 3 (id=166):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
setitimer(0x225c17d03, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x178}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)

4m36.763744828s ago: executing program 32 (id=166):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
setitimer(0x225c17d03, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x178}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)

1.787555736s ago: executing program 0 (id=3799):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x26, 0x6, 0x0, &(0x7f0000000040))
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a0000000020010000ffff00000000000000000000fe8000000000"], 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f288476d2610054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1000000}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00c72400520900"/23, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x13)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x150)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002cbd701004000000050000000600010005000000080009000200000008000b000000000008000c00"], 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r5, 0x0, 0x9}, 0x18)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000740)={0x0, 0xa02000, 0x1000, 0x400}, 0x20)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e24}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PW_TYPE={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8804}, 0x6facd2d442912499)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
sendfile(r8, r7, 0x0, 0x7ffff000)

1.403369861s ago: executing program 0 (id=3803):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)={0xf4, 0x0, 0x2, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_EXPECT_MASTER={0x7c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x18}}}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_MASTER={0x4c, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

1.347556434s ago: executing program 0 (id=3805):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]})
ptrace(0x10, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r2 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e23, 0xfac, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefce)
syz_emit_ethernet(0x56, &(0x7f0000000880)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "01044a", 0x20, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, '\x00\x00\x00\x00\x00\x00'}]}}}}}}, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x20004840)
shutdown(r3, 0x1)
splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0x0)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000280)={0x9, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]})

1.326988725s ago: executing program 0 (id=3806):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c02000002000000080001", @ANYRES32=r3], 0x1c}}, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000280)="15bd15a8efbeff6725019725", 0xc}], 0x1)

1.294651856s ago: executing program 0 (id=3807):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x2400, @multicast1}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000680)='@\x00\x00\x00\x00\x00', 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000810b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x4008800)

1.293755806s ago: executing program 0 (id=3808):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_triestat\x00')
r1 = epoll_create1(0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000002})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x200000000006, 0x2, 0x4, 0x7ffc0002}]})
clock_adjtime(0x0, &(0x7f0000000000)={0x20000066b9, 0x200000000, 0x3, 0x6, 0x0, 0xffffffffffffffff, 0x78, 0x1000000000004, 0x0, 0x4, 0x0, 0x248a, 0x1, 0x0, 0x0, 0x2, 0x6, 0x0, 0x4, 0x400000002, 0x2, 0x1000000000000000, 0x8000, 0x8})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000008fdff00000000000300000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x94)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000140)={r3, 0x0, 0x42, 0x0, &(0x7f0000000000)="3df7dab2742a1a61f6c362232d1ca21713228ebba21c414bd429d05f93b3b6cd1fcb7f9bbfbb1bc905d11583e1b93b5cd88a4c7d371f222aa269619b660c7d4f6187", 0x0, 0xd, 0x0, 0xa1, 0x0, &(0x7f0000000080)="6cda76a0cb69aa9286472dff66c8ffbd0b0cb7a6d5e68e91e0d6ed6a60fabc09fcb4dd1383593edef59da099eacb822a2749d7f0dc2c487e30da87d739e82a08e123f9b53e1e4b3a4eb01a1f659b8de567c570b02c918227d7e87a25870af1719286c055ad197c32b7104373fe5ea1c91bb58e20bbf4359770e5905ed5a8b4a48138db5835e1ea1b40218c71f5d3a2dccbf596e61e54e0ab32f9bec2c115c4f342", 0x0, 0x2, 0x0, 0x4}, 0x37)
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000a80)='./file1\x00', 0x2800810, &(0x7f00000025c0)=ANY=[@ANYBLOB="646f74732c747a3d5554432c646f74732c646f74732c6e6f646f74732c666c7573682c646f74732c6e6f646f74732c71756965742c00b3d27234e95eb4b44190021bbbe89ab824d38c571641668d362b4dff6e47bdf1638c7462a3bd66a53b404ae08c32af6843a2469c7210381b9d48047c77540b6447a8e50c44cb44f91e4264a37e0209c3a234f4803ba56b7a24536ee396f4838f4143b92ad909efb23eb22dce6477c2bb5b8f793b9e07c2120d566cf1f6ba51e4d01e8ef223a2ba72cfb3127844c045765149fb1219f433feb977426596e07082254e9930296256df143ff96377d8c28c533724fbd9fdad260e7d875d0f17374141abc60c8e3c07e4a7bc381791172c217f00964aaf6e213a252b9689ae38342862d27437921e13229d407e1a6037e3f16a2cdab8f9c76a66a72ccc67015c9435e200f9fbb9d78ce426b37310b9f127e7b1207c74eff7b853de7043a001de85931463c7fc7c78be9eb9b5f88c0067aabb3a5d1f94bcc90537c1c1ce509450160c"], 0x3, 0x176, &(0x7f0000000240)="$eJzs27GL01AcB/BfbNRTl5vFIeDiVNTJUZET1ICidNBJ4XS5yoG3RKfgX+LqHyfITTcIT2q0tSVFrU0j189n6Q++7eP3hteXF5IXV94c7B8evT58fBw7WRb57SjiJIvdOBODaNQBAJwmJynFl5RSOl/HhY+RUuq7IwCga/Z/ANg+v93/b/XUGADQGed/ANg+T589f3inLPeeFMVOxOe6GlWj5rPJ790v964X3+3OfnVcVaPBNL/R5MV8fjYu/shvtubn4trVJp9kdx+VC/ml2J9v1WOIAAAAsKJhMdV6vh8Ol+VN9cv9gYXzex6X841NAwD4C0fv3h+8HI9fvV1Dkcd6xlG0FVH/wZcnF239t7qZIvtZfE0prTDOh0/NEhg/+C+ms94ii4h/G6fvfyaga7NF33cnAAAAAAAAAAAAAADAMt2+jTToe3oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ6lsAAAD//1UCS4E=")
openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0db7)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd6002000800fe2c00fe8000000000000000000000000000bbff02000000000000000000000000000132"], 0x0)
lsm_list_modules(&(0x7f0000000440)=[0x0, 0x0], &(0x7f0000000480)=0x10, 0x0)

1.260075317s ago: executing program 1 (id=3810):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000000000000100000008000600e0000001050004000100000008000b0027"], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0)

1.246530758s ago: executing program 4 (id=3811):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x20004840)
shutdown(r2, 0x1)
recvmmsg(r2, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x100, 0x0)

1.243948338s ago: executing program 1 (id=3812):
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0)

1.228217609s ago: executing program 1 (id=3813):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000025000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8080}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000040)={<r5=>0x0, 0x42, "92d8181e19210cb085387143e5587b2fd10387f94eea1faeef242e86fd4c4153d847ab10f67477a73ed0a49782f950254d1a9e241669f0f3367dac291c2ed9433563"}, &(0x7f00000001c0)=0x4a)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000200)={r5, 0xfffffff9}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
r6 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000000380))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r7, 0x2)
open(&(0x7f0000000180)='.\x00', 0x10000, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170)
fgetxattr(r8, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

1.20942052s ago: executing program 4 (id=3814):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000073000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x1, @dev={0xfe, 0x80, '\x00', 0x33}, 0x4000000}, 0x1c)

1.19186842s ago: executing program 4 (id=3816):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

1.149778152s ago: executing program 4 (id=3817):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r2=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r2], 0x1c}}, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000280)="15bd15a8efbeff6725019725", 0xc}], 0x1)

1.136611193s ago: executing program 4 (id=3819):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="bbfb2bbd7000fddbdf25670000000800c40002"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)

1.136133083s ago: executing program 1 (id=3820):
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x6, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000c000000000000000000000202000000000000000400000d"], 0x0, 0x5c, 0x0, 0x1}, 0x28)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000140)='netlink_extack\x00', 0xffffffffffffffff, 0x0, 0x75}, 0x18)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2, 0x0, 0x1}, 0x18)
socket$inet6(0xa, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, r0}, 0x94)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000)
readlink(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_PIM(r4, 0x29, 0xcf, &(0x7f00000001c0)=0x4, 0x4)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xd88e112b6aeb3d5f)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'tunl0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x10201, 0x0)
close(r8)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r6, @ANYBLOB="4148fa"], 0x40}}, 0x0)

1.077923275s ago: executing program 4 (id=3823):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_triestat\x00')
r1 = epoll_create1(0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x0, 0x5, 0x2060005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000002})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x200000000006, 0x2, 0x4, 0x7ffc0002}]})
clock_adjtime(0x0, &(0x7f0000000000)={0x20000066b9, 0x200000000, 0x3, 0x6, 0x0, 0xffffffffffffffff, 0x78, 0x1000000000004, 0x0, 0x4, 0x0, 0x248a, 0x1, 0x0, 0x0, 0x2, 0x6, 0x0, 0x4, 0x400000002, 0x2, 0x1000000000000000, 0x8000, 0x8})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000008fdff00000000000300000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x94)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000140)={r5, 0x0, 0x42, 0x0, &(0x7f0000000000)="3df7dab2742a1a61f6c362232d1ca21713228ebba21c414bd429d05f93b3b6cd1fcb7f9bbfbb1bc905d11583e1b93b5cd88a4c7d371f222aa269619b660c7d4f6187", 0x0, 0xd, 0x0, 0x8d, 0x0, &(0x7f0000000080)="6cda76a0cb69aa9286472dff66c8ffbd0b0cb7a6d5e68e91e0d6ed6a60fabc09fcb4dd1383593edef59da099eacb822a2749d7f0dc2c487e30da87d739e82a08e123f9b53e1e4b3a4eb01a1f659b8de567c570b02c918227d7e87a25870af1719286c055ad197c32b7104373fe5ea1c91bb58e20bbf4359770e5905ed5a8b4a48138db5835e1ea1b40218c71f5", 0x0, 0x2, 0x0, 0x4}, 0x50)
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000a80)='./file1\x00', 0x2800810, &(0x7f00000025c0)=ANY=[@ANYBLOB="646f74732c747a3d5554432c646f74732c646f74732c6e6f646f74732c666c7573682c646f74732c6e6f646f74732c71756965742c00b3d27234e95eb4b44190021bbbe89ab824d38c571641668d362b4dff6e47bdf1638c7462a3bd66a53b404ae08c32af6843a2469c7210381b9d48047c77540b6447a8e50c44cb44f91e4264a37e0209c3a234f4803ba56b7a24536ee396f4838f4143b92ad909efb23eb22dce6477c2bb5b8f793b9e07c2120d566cf1f6ba51e4d01e8ef223a2ba72cfb3127844c045765149fb1219f433feb977426596e07082254e9930296256df143ff96377d8c28c533724fbd9fdad260e7d875d0f17374141abc60c8e3c07e4a7bc381791172c217f00964aaf6e213a252b9689ae38342862d27437921e13229d407e1a6037e3f16a2cdab8f9c76a66a72ccc67015c9435e200f9fbb9d78ce426b37310b9f127e7b1207c74eff7b853de7043a001de85931463c7fc7c78be9eb9b5f88c0067aabb3a5d1f94bcc90537c1c1ce509450160c"], 0x3, 0x176, &(0x7f0000000240)="$eJzs27GL01AcB/BfbNRTl5vFIeDiVNTJUZET1ICidNBJ4XS5yoG3RKfgX+LqHyfITTcIT2q0tSVFrU0j189n6Q++7eP3hteXF5IXV94c7B8evT58fBw7WRb57SjiJIvdOBODaNQBAJwmJynFl5RSOl/HhY+RUuq7IwCga/Z/ANg+v93/b/XUGADQGed/ANg+T589f3inLPeeFMVOxOe6GlWj5rPJ790v964X3+3OfnVcVaPBNL/R5MV8fjYu/shvtubn4trVJp9kdx+VC/ml2J9v1WOIAAAAsKJhMdV6vh8Ol+VN9cv9gYXzex6X841NAwD4C0fv3h+8HI9fvV1Dkcd6xlG0FVH/wZcnF239t7qZIvtZfE0prTDOh0/NEhg/+C+ms94ii4h/G6fvfyaga7NF33cnAAAAAAAAAAAAAADAMt2+jTToe3oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ6lsAAAD//1UCS4E=")
openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0db7)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

931.263141ms ago: executing program 1 (id=3827):
socket(0xa, 0x3, 0x3a)
r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@dioread_lock}, {@barrier}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r1, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
fadvise64(r1, 0x807f, 0x1000000, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000edffffffb702000008000000b70300000700000085000000060000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x24}, 0x1, 0x0, 0x0, 0x1000}, 0x10000800)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
setsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x3, &(0x7f0000000240)=0x80, 0x4)
bind$qrtr(r4, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x4e21, 0x6, @private0, 0x5}, 0x1c)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
setgroups(0x0, 0x0)
r7 = fsmount(r5, 0x0, 0xc)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000980)=ANY=[@ANYBLOB="cfe3060a7036"], 0x1f)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000140)='./file0\x00', r2, 0x4000, r4}, 0x18)

743.787329ms ago: executing program 2 (id=3830):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r2=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r2], 0x1c}}, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000280)="15bd15a8efbeff6725019725", 0xc}], 0x1)

743.531859ms ago: executing program 2 (id=3831):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b000000050000"], 0x48)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000240), 0xfffffecc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec5, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703b5010000850000001b000000b7000001001c000095000000000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r3}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000000)=0x5)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r5, 0x0, 0x482, &(0x7f0000000000)=""/149, &(0x7f00000000c0)=0x210)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0xc17a)
io_setup(0x200, &(0x7f0000000140))

530.628728ms ago: executing program 2 (id=3832):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000025000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8080}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000040)={<r5=>0x0, 0x42, "92d8181e19210cb085387143e5587b2fd10387f94eea1faeef242e86fd4c4153d847ab10f67477a73ed0a49782f950254d1a9e241669f0f3367dac291c2ed9433563"}, &(0x7f00000001c0)=0x4a)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000200)={r5, 0xfffffff9}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
r6 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000000380))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r7, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170)
fgetxattr(r8, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

495.624169ms ago: executing program 2 (id=3833):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)={0x14c, 0x0, 0x2, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_EXPECT_MASTER={0xa8, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf}}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x18}}}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_MASTER={0x78, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400})

482.06556ms ago: executing program 2 (id=3834):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x26, 0x6, 0x0, &(0x7f0000000040))
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a0000000020010000ffff00000000000000000000fe8000000000"], 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f288476d2610054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1000000}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00c72400520900"/23, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x13)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x150)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002cbd701004000000050000000600010005000000080009000200000008000b000000000008000c00"], 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r5, 0x0, 0x9}, 0x18)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000740)={0x0, 0xa02000, 0x1000, 0x400}, 0x20)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e24}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PW_TYPE={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8804}, 0x6facd2d442912499)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
sendfile(r8, r7, 0x0, 0x7ffff000)

244.87617ms ago: executing program 5 (id=3836):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)={0x154, 0x0, 0x2, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_EXPECT_MASTER={0xa8, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf}}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x18}}}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_MASTER={0x80, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400})

230.5899ms ago: executing program 5 (id=3837):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)={0x118, 0x0, 0x2, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_EXPECT_MASTER={0xa0, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf}}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x18}}}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_MASTER={0x4c, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

227.32639ms ago: executing program 2 (id=3838):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
setitimer(0x225c17d03, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f00000003c0), 0x20075, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0, r3}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
r5 = gettid()
process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x178}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)

195.232372ms ago: executing program 5 (id=3839):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x18)
uname(&(0x7f00000005c0)=""/246)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x2aad, 0x14, 0x8009, 0x3, 0xf})
ptrace(0x10, 0x0)

178.285362ms ago: executing program 5 (id=3840):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r0}, 0x18)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000000)={0x2aad, 0x14, 0x8009, 0x3, 0xf})
ptrace(0x10, 0x0)

116.012066ms ago: executing program 5 (id=3841):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000400018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x18)
time(0x0)

115.530355ms ago: executing program 5 (id=3842):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b000000050000"], 0x48)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000240), 0xfffffecc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec5, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703b5010000850000001b000000b7000001001c000095000000000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r3}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000000)=0x5)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r5, 0x0, 0x482, &(0x7f0000000000)=""/149, &(0x7f00000000c0)=0x210)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0xc17a)
io_setup(0x200, &(0x7f0000000140))

0s ago: executing program 1 (id=3843):
r0 = syz_usb_connect$sierra_net(0x1, 0x3f, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0xb, 0x2, 0x400, 0xd7, 0x2}, {0x9, 0x5, 0x7, 0x2, 0x200, 0x2, 0x3, 0x5}, {0x9, 0x5, 0xc, 0x3, 0x640, 0x0, 0x40, 0x7}}}}}}]}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010000ec000000000000000000000000a20000000000a0300000000000000000401ac3cd72ae30000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000003780000000c0a01020000000000000000010000000900020073797a32000000004c000380480000800b000340000000003c000b80200007800e000100636f6e6e6c696d69740000000c00028008000140000000001800018004000200636f6e6e6c696d6974000000040002800900010073797a3000000000a96ab2101c140000001000010000000000000000000000000a12797ac1aa04253599e7ae3dbc900d66a16774ae0000cb350b8d82673565f78919c9b34a6ef9dcf7f6ad56fd95086ddd3f86ad88fb11224b9afae0ec4f51bea812194cc51e89d771d6124979a1dd70c0870019434a20858e01a26aac17aae74993629d29bae848e2d133e8829ddc9dc1c5f242d37c1d83cf493cfe88fca9204596232fc1f3fe6f67"], 0xfc}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, 0x0, &(0x7f0000000380)='GPL\x00', 0x40, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000700)={@ifindex, 0x13, 0x0, 0x2, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000600)=[0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)}, 0x40)
r5 = syz_open_dev$vcsa(&(0x7f0000000100), 0x1, 0x0)
lseek(r5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={r2, 0xe0, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000740), 0x0, 0x10020ef, &(0x7f0000000800)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f00000008c0), &(0x7f0000000900), 0x8, 0x32, 0x8, 0x8, &(0x7f0000000940)}}, 0xfffffffffffffe82)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000c80)=ANY=[@ANYRES32=r5, @ANYBLOB="dff8eee5fd377339d3f99fee1dfdd4f44da903d9c6391bbd56f986186f63068c0cfb95e86d97794a67a320b77cef172f14f95654f56c07b5764d0f096f1c29beec57e3883f5eabbb7b148c298f", @ANYBLOB='\\@', @ANYBLOB="fcf0e0b66b07739cd3a7ccfa5ebce63e4fc9bc01f55236f78f74ccd313a52e76479f061b42cb486eaaec4fd3a4dab9af6dd5bc5d61ce5b1bd4b28dd47101fe6b0b3ff3646ada1c9d47255d5b81bd8d849cdcc6b0a7bdc635e36d15dd3e4eba470e70e2192bef128fbd23ff6e3a4d5d1853aecf20018d338e866c43e2e76fc9ecd0047c88883822a405fb6f", @ANYBLOB, @ANYRES32=r6, @ANYRESHEX=r0, @ANYRESHEX=0x0, @ANYBLOB="86f453142b9b6d13ae599203895afa60340d6d551a9360d5f5"], 0x20)
syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000040000009900"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000006c0)='kvm_dirty_ring_reset\x00', 0xffffffffffffffff, 0x0, 0x20000000002}, 0x18)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x18, 0x0, &(0x7f0000001080))
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$LOOP_CTL_GET_FREE(r8, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r8, 0x4c81, r9)

kernel console output (not intermixed with test programs):

ert it to SG_IO
[  229.659558][T11009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2463'.
[  229.711407][T11015] program syz.4.2464 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  229.882206][T11032] program syz.5.2470 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  229.962981][T11004] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2461'.
[  230.028271][T11039] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2472'.
[  230.780126][T11083] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2488'.
[  231.554098][T11102] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2495'.
[  231.926583][T11141] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2507'.
[  231.964234][T11106] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2497'.
[  232.094707][T11149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.108302][T11149] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.118488][T11149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2510'.
[  232.130418][T11151] IPv6: Can't replace route, no match found
[  232.263028][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  232.269175][ T3922] Bluetooth: hci0: command 0x1003 tx timeout
[  232.727549][T11186] hub 9-0:1.0: USB hub found
[  232.732615][T11186] hub 9-0:1.0: 8 ports detected
[  232.798436][T11190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.807187][T11190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.840778][T11194] hub 9-0:1.0: USB hub found
[  232.845779][T11194] hub 9-0:1.0: 8 ports detected
[  232.921924][T11196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.935483][T11196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.795778][   T29] kauditd_printk_skb: 324 callbacks suppressed
[  233.795803][   T29] audit: type=1326 audit(1764534517.370:19467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  233.877049][   T29] audit: type=1326 audit(1764534517.407:19468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  233.901079][   T29] audit: type=1326 audit(1764534517.407:19469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  233.924833][   T29] audit: type=1326 audit(1764534517.407:19470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  233.949251][   T29] audit: type=1326 audit(1764534517.407:19471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  233.972872][   T29] audit: type=1326 audit(1764534517.407:19472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  233.996553][   T29] audit: type=1326 audit(1764534517.407:19473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  234.021106][   T29] audit: type=1326 audit(1764534517.407:19474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  234.045455][   T29] audit: type=1326 audit(1764534517.407:19475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  234.069154][   T29] audit: type=1326 audit(1764534517.407:19476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.1.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9de7f749 code=0x7ffc0000
[  234.380511][T11207] __nla_validate_parse: 2 callbacks suppressed
[  234.380529][T11207] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2532'.
[  234.588017][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  234.778710][T11227] IPv6: Can't replace route, no match found
[  234.870700][T11231] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2543'.
[  234.894393][T11231] netlink: 'syz.1.2543': attribute type 3 has an invalid length.
[  235.023555][T11231] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11231 comm=syz.1.2543
[  235.037164][T11231] netlink: 'syz.1.2543': attribute type 1 has an invalid length.
[  236.253980][T11259] program syz.4.2554 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  236.784512][ T3922] Bluetooth: hci0: command 0x1003 tx timeout
[  236.874204][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  238.649876][T11315] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2574'.
[  238.684905][T11326] program syz.5.2578 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  238.895330][T11343] IPv6: Can't replace route, no match found
[  238.998565][T11355] netlink: 88 bytes leftover after parsing attributes in process `syz.5.2590'.
[  239.097337][T11359] netlink: 4 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  239.110966][T11359] hsr_slave_1 (unregistering): left promiscuous mode
[  239.155319][   T29] kauditd_printk_skb: 309 callbacks suppressed
[  239.155388][   T29] audit: type=1326 audit(1764534522.384:19786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.5.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  239.266523][   T29] audit: type=1326 audit(1764534522.412:19787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.5.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  239.290408][   T29] audit: type=1400 audit(1764534522.431:19788): avc:  denied  { read } for  pid=11358 comm=77DEA305FF07 name="event3" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  239.724245][T11374] FAULT_INJECTION: forcing a failure.
[  239.724245][T11374] name failslab, interval 1, probability 0, space 0, times 0
[  239.736970][T11374] CPU: 0 UID: 0 PID: 11374 Comm: syz.4.2594 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  239.737002][T11374] Tainted: [W]=WARN
[  239.737008][T11374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  239.737022][T11374] Call Trace:
[  239.737029][T11374]  <TASK>
[  239.737037][T11374]  __dump_stack+0x1d/0x30
[  239.737089][T11374]  dump_stack_lvl+0xe8/0x140
[  239.737107][T11374]  dump_stack+0x15/0x1b
[  239.737126][T11374]  should_fail_ex+0x265/0x280
[  239.737148][T11374]  ? alloc_pipe_info+0xae/0x350
[  239.737234][T11374]  should_failslab+0x8c/0xb0
[  239.737262][T11374]  __kmalloc_cache_noprof+0x4c/0x4a0
[  239.737299][T11374]  alloc_pipe_info+0xae/0x350
[  239.737329][T11374]  splice_direct_to_actor+0x592/0x680
[  239.737428][T11374]  ? __pfx_direct_splice_actor+0x10/0x10
[  239.737452][T11374]  ? avc_policy_seqno+0x15/0x30
[  239.737469][T11374]  ? selinux_file_permission+0x1e4/0x320
[  239.737583][T11374]  do_splice_direct+0xda/0x150
[  239.737626][T11374]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  239.737705][T11374]  do_sendfile+0x380/0x650
[  239.737740][T11374]  __x64_sys_sendfile64+0x105/0x150
[  239.737776][T11374]  x64_sys_call+0x2bb4/0x3000
[  239.737834][T11374]  do_syscall_64+0xd2/0x200
[  239.737855][T11374]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  239.737881][T11374]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  239.737943][T11374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.737967][T11374] RIP: 0033:0x7fc630e8f749
[  239.737986][T11374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.738006][T11374] RSP: 002b:00007fc62f8ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  239.738026][T11374] RAX: ffffffffffffffda RBX: 00007fc6310e6090 RCX: 00007fc630e8f749
[  239.738085][T11374] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007
[  239.738173][T11374] RBP: 00007fc62f8ce090 R08: 0000000000000000 R09: 0000000000000000
[  239.738187][T11374] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[  239.738200][T11374] R13: 00007fc6310e6128 R14: 00007fc6310e6090 R15: 00007fff7d366208
[  239.738218][T11374]  </TASK>
[  239.984206][   T29] audit: type=1326 audit(1764534523.152:19789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.008143][   T29] audit: type=1326 audit(1764534523.152:19790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.032111][   T29] audit: type=1326 audit(1764534523.152:19791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.056262][   T29] audit: type=1326 audit(1764534523.152:19792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.080399][   T29] audit: type=1326 audit(1764534523.152:19793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.104750][   T29] audit: type=1326 audit(1764534523.152:19794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.129122][   T29] audit: type=1326 audit(1764534523.152:19795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11377 comm="syz.0.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  240.206925][T11386] IPv6: Can't replace route, no match found
[  240.289588][T11392] netlink: 88 bytes leftover after parsing attributes in process `syz.5.2602'.
[  240.323060][T11394] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2603'.
[  240.454218][T11399] hub 9-0:1.0: USB hub found
[  240.459282][T11399] hub 9-0:1.0: 8 ports detected
[  240.522359][T11401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.545686][T11401] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.825354][T11406] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  240.889317][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  242.424501][T11430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.465524][T11432] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2615'.
[  242.482007][T11430] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.496966][T11430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2614'.
[  242.753205][T11447] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2619'.
[  242.840594][ T4540] Bluetooth: hci0: Frame reassembly failed (-84)
[  244.563985][T11471] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2627'.
[  244.619449][ T6681] Bluetooth: hci1: Frame reassembly failed (-84)
[  244.666673][T11476] IPv6: Can't replace route, no match found
[  244.682087][   T29] kauditd_printk_skb: 249 callbacks suppressed
[  244.682105][   T29] audit: type=1326 audit(1764534527.558:20045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.784935][   T29] audit: type=1326 audit(1764534527.586:20046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.808857][   T29] audit: type=1326 audit(1764534527.595:20047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.833030][   T29] audit: type=1326 audit(1764534527.595:20048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.856799][   T29] audit: type=1326 audit(1764534527.595:20049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.880548][   T29] audit: type=1326 audit(1764534527.595:20050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.904404][   T29] audit: type=1326 audit(1764534527.595:20051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.928394][   T29] audit: type=1326 audit(1764534527.595:20052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.952248][   T29] audit: type=1326 audit(1764534527.595:20053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  244.976067][   T29] audit: type=1326 audit(1764534527.595:20054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11472 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc630e8f749 code=0x7ffc0000
[  245.037951][ T3713] Bluetooth: hci0: command 0x1003 tx timeout
[  245.052789][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  245.162446][T11493] IPv6: Can't replace route, no match found
[  245.193616][T11495] hub 9-0:1.0: USB hub found
[  245.198698][T11495] hub 9-0:1.0: 8 ports detected
[  245.264587][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  245.273314][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.581956][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  245.661894][T11501] chnl_net:caif_netlink_parms(): no params data found
[  245.730554][T11501] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.737978][T11501] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.763757][T11501] bridge_slave_0: entered allmulticast mode
[  245.770673][T11501] bridge_slave_0: entered promiscuous mode
[  245.778134][T11501] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.785776][T11501] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.793280][T11501] bridge_slave_1: entered allmulticast mode
[  245.800079][T11501] bridge_slave_1: entered promiscuous mode
[  245.818423][T11501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.829690][T11501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.851444][T11501] team0: Port device team_slave_0 added
[  245.858308][T11501] team0: Port device team_slave_1 added
[  245.875893][T11501] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.883008][T11501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.909565][T11501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.920986][T11501] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.928277][T11501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.954368][T11501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.956725][T11531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  245.974144][T11531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.990964][T11501] hsr_slave_0: entered promiscuous mode
[  245.997106][T11501] hsr_slave_1: entered promiscuous mode
[  245.998908][T11531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2647'.
[  246.003247][T11501] debugfs: 'hsr0' already exists in 'hsr'
[  246.017689][T11501] Cannot create hsr debugfs directory
[  246.074903][T11501] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.130279][T11501] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.184255][T11501] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.225903][T11501] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.281606][T11501] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  246.290934][T11501] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  246.300713][T11501] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  246.309923][T11501] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  246.326615][T11501] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.333830][T11501] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.341184][T11501] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.348338][T11501] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.377280][T11501] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.389586][ T4540] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.397754][ T4540] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.410113][T11501] 8021q: adding VLAN 0 to HW filter on device team0
[  246.420733][   T38] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.427874][   T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.438806][ T4540] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.445966][ T4540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.511388][T11501] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.578346][T11501] veth0_vlan: entered promiscuous mode
[  246.585909][T11501] veth1_vlan: entered promiscuous mode
[  246.602392][T11501] veth0_macvtap: entered promiscuous mode
[  246.610427][T11501] veth1_macvtap: entered promiscuous mode
[  246.621687][T11501] batman_adv: batadv0: Interface activated: batadv_slave_0
[  246.633133][T11501] batman_adv: batadv0: Interface activated: batadv_slave_1
[  246.644397][ T1767] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  246.653635][ T1767] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  246.662922][ T1767] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  246.673318][ T1767] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  246.800350][ T3713] Bluetooth: hci1: command 0x1003 tx timeout
[  246.806456][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  246.864984][T11555] 
€Â: renamed from batadv_slave_0 (while UP)
[  247.024052][ T1767] Bluetooth: hci1: Frame reassembly failed (-84)
[  247.730326][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  247.761789][T11575] hub 9-0:1.0: USB hub found
[  247.766952][T11575] hub 9-0:1.0: 8 ports detected
[  247.831340][T11576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.840257][T11576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.665105][T11621] hub 9-0:1.0: USB hub found
[  248.673711][T11621] hub 9-0:1.0: 8 ports detected
[  248.743382][T11622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.773964][T11622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.931261][   T31] Bluetooth: hci0: Frame reassembly failed (-84)
[  249.184005][ T3713] Bluetooth: hci1: command 0x1003 tx timeout
[  249.185161][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  249.520348][T11640] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2676'.
[  249.772973][T11648] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2678'.
[  250.875458][T11662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.884515][T11662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.894126][T11662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2682'.
[  251.150878][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  251.150962][ T3922] Bluetooth: hci0: command 0x1003 tx timeout
[  251.275642][   T29] kauditd_printk_skb: 450 callbacks suppressed
[  251.275677][   T29] audit: type=1400 audit(1764534533.723:20505): avc:  denied  { ioctl } for  pid=11670 comm="syz.5.2686" path="socket:[33224]" dev="sockfs" ino=33224 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  251.317394][T11673] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  251.327018][   T29] audit: type=1400 audit(1764534533.770:20506): avc:  denied  { setopt } for  pid=11672 comm="syz.5.2687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  251.355850][T11673] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2687'.
[  251.365054][T11673] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2687'.
[  251.375533][   T29] audit: type=1400 audit(1764534533.826:20507): avc:  denied  { lock } for  pid=11672 comm="syz.5.2687" path="socket:[33236]" dev="sockfs" ino=33236 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  251.469243][T11681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  251.478070][T11681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  251.487683][T11681] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2691'.
[  251.535113][   T29] audit: type=1400 audit(1764534533.966:20508): avc:  denied  { read write } for  pid=3318 comm="syz-executor" name="loop0" dev="devtmpfs" ino=1018 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  251.560040][   T29] audit: type=1400 audit(1764534533.966:20509): avc:  denied  { open } for  pid=3318 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=1018 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  251.800377][   T29] audit: type=1400 audit(1764534534.209:20510): avc:  denied  { create } for  pid=11689 comm="syz.2.2695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  251.820568][   T29] audit: type=1400 audit(1764534534.209:20511): avc:  denied  { setopt } for  pid=11689 comm="syz.2.2695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  251.820993][T11690] netlink: 'syz.2.2695': attribute type 13 has an invalid length.
[  251.840533][   T29] audit: type=1400 audit(1764534534.209:20512): avc:  denied  { getopt } for  pid=11689 comm="syz.2.2695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  251.886961][T11690] net_ratelimit: 54 callbacks suppressed
[  251.887023][T11690] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  251.983646][T11699] IPv6: Can't replace route, no match found
[  252.010405][T11703] program syz.1.2699 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  252.052006][   T29] audit: type=1400 audit(1764534534.453:20513): avc:  denied  { mount } for  pid=11707 comm="syz.1.2700" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  252.075632][T11708] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2700'.
[  252.082803][   T29] audit: type=1400 audit(1764534534.471:20514): avc:  denied  { map } for  pid=11707 comm="syz.1.2700" path="socket:[32632]" dev="sockfs" ino=32632 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  252.704703][T11740] IPv6: Can't replace route, no match found
[  252.724101][T11742] program syz.1.2711 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  253.068374][T11762] IPv6: Can't replace route, no match found
[  253.256084][T11775] IPv6: Can't replace route, no match found
[  253.300614][T11782] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2726'.
[  254.548976][T11799] syzkaller0: entered allmulticast mode
[  254.579608][T11799] syzkaller0: entered promiscuous mode
[  254.611313][T11799] syzkaller0 (unregistering): left allmulticast mode
[  254.618113][T11799] syzkaller0 (unregistering): left promiscuous mode
[  255.220087][T11834] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2741'.
[  255.390525][T11836] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2742'.
[  255.417351][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2742'.
[  255.619373][T11847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  255.627905][T11847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.711137][   T38] Bluetooth: hci2: Frame reassembly failed (-84)
[  256.725639][   T29] kauditd_printk_skb: 375 callbacks suppressed
[  256.725696][   T29] audit: type=1326 audit(1764534538.822:20890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11865 comm="syz.5.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  256.809726][   T29] audit: type=1326 audit(1764534538.850:20891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11865 comm="syz.5.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  256.833639][   T29] audit: type=1326 audit(1764534538.850:20892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11865 comm="syz.5.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  256.991337][ T3588] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  257.564328][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  257.564439][   T44] Bluetooth: hci1: command 0x1003 tx timeout
[  257.770338][   T29] audit: type=1326 audit(1764534539.794:20893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  257.794360][   T29] audit: type=1326 audit(1764534539.794:20894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  257.896237][   T29] audit: type=1326 audit(1764534539.841:20895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  257.920419][   T29] audit: type=1326 audit(1764534539.888:20896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  257.937092][ T3713] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  257.944906][   T29] audit: type=1326 audit(1764534539.888:20897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  257.944935][   T29] audit: type=1326 audit(1764534539.888:20898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  257.944959][   T29] audit: type=1326 audit(1764534539.888:20899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11881 comm="syz.1.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  258.230893][T11900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.241150][T11900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.323410][T11907] IPv6: Can't replace route, no match found
[  258.411354][T11916] syzkaller0: entered allmulticast mode
[  258.418870][T11917] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0)
[  258.428107][T11917] SELinux: failed to load policy
[  258.433708][T11916] syzkaller0: entered promiscuous mode
[  258.439751][T11915] syzkaller0: left promiscuous mode
[  258.445318][T11915] syzkaller0: left allmulticast mode
[  259.563462][T11945] IPv6: Can't replace route, no match found
[  259.580254][ T3713] Bluetooth: hci0: sending frame failed (-49)
[  259.588339][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  259.787090][T11952] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2780'.
[  259.811713][T11952] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2780'.
[  259.821562][T11952] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2780'.
[  260.146411][T11966] program syz.0.2784 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  260.450444][T11981] syzkaller0: entered allmulticast mode
[  260.460463][T11981] syzkaller0 (unregistering): left allmulticast mode
[  260.584048][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  260.599318][T11974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.599382][T11974] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.533892][T12011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.534104][T12011] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.834874][T12016] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2803'.
[  262.448181][   T29] kauditd_printk_skb: 373 callbacks suppressed
[  262.448199][   T29] audit: type=1326 audit(1764534544.173:21273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.479148][   T29] audit: type=1326 audit(1764534544.173:21274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.503353][   T29] audit: type=1326 audit(1764534544.173:21275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.527453][   T29] audit: type=1326 audit(1764534544.173:21276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.551347][   T29] audit: type=1326 audit(1764534544.173:21277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.575372][   T29] audit: type=1326 audit(1764534544.173:21278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.599399][   T29] audit: type=1326 audit(1764534544.276:21279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.623853][   T29] audit: type=1326 audit(1764534544.276:21280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.647889][   T29] audit: type=1326 audit(1764534544.276:21281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.671898][   T29] audit: type=1326 audit(1764534544.276:21282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12045 comm="syz.5.2813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  262.780727][ T3713] Bluetooth: hci0: command 0x1003 tx timeout
[  262.780955][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  263.059105][T12065] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2819'.
[  263.126670][T12069] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2821'.
[  263.140613][T12069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2821'.
[  264.278365][T12110] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2833'.
[  264.562575][T12141] program syz.2.2843 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.652848][T12114] chnl_net:caif_netlink_parms(): no params data found
[  264.785886][T12114] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.793134][T12114] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.800529][T12114] bridge_slave_0: entered allmulticast mode
[  264.807275][T12114] bridge_slave_0: entered promiscuous mode
[  264.814562][T12114] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.821840][T12114] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.829375][T12114] bridge_slave_1: entered allmulticast mode
[  264.836149][T12114] bridge_slave_1: entered promiscuous mode
[  264.881271][T12114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.882693][T12114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.982725][T12114] team0: Port device team_slave_0 added
[  264.989186][T12114] team0: Port device team_slave_1 added
[  265.009708][T12114] batman_adv: batadv0: Adding interface: batadv_slave_0
[  265.009723][T12114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  265.009812][T12114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  265.010605][T12114] batman_adv: batadv0: Adding interface: batadv_slave_1
[  265.010615][T12114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  265.010673][T12114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  265.131658][T12114] hsr_slave_0: entered promiscuous mode
[  265.132307][T12114] hsr_slave_1: entered promiscuous mode
[  265.160218][T12114] debugfs: 'hsr0' already exists in 'hsr'
[  265.160234][T12114] Cannot create hsr debugfs directory
[  265.568784][T12114] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.660736][T12114] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.734130][T12114] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.840634][T12114] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.931004][T12114] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  265.949540][T12114] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  265.968394][T12114] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  265.979976][T12114] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  266.024068][T12114] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.040344][T12114] 8021q: adding VLAN 0 to HW filter on device team0
[  266.052432][ T4540] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.059575][ T4540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.082186][ T1767] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.089759][ T1767] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.108794][T12188] syzkaller0: entered allmulticast mode
[  266.116464][T12188] syzkaller0 (unregistering): left allmulticast mode
[  266.249583][T12114] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.389471][T12114] veth0_vlan: entered promiscuous mode
[  266.398471][T12114] veth1_vlan: entered promiscuous mode
[  266.415755][T12114] veth0_macvtap: entered promiscuous mode
[  266.423742][T12114] veth1_macvtap: entered promiscuous mode
[  266.436267][T12114] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.449160][T12114] batman_adv: batadv0: Interface activated: batadv_slave_1
[  266.462134][   T38] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.474844][   T38] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.496553][   T38] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.506552][   T38] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  266.691341][T12220] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2858'.
[  266.786779][T12227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.818100][T12227] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.498101][T12265] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2873'.
[  267.558477][ T6681] Bluetooth: hci0: Frame reassembly failed (-84)
[  267.917517][   T29] kauditd_printk_skb: 254 callbacks suppressed
[  267.917537][   T29] audit: type=1326 audit(1764534549.290:21537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  267.950547][   T29] audit: type=1326 audit(1764534549.290:21538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  267.974515][   T29] audit: type=1326 audit(1764534549.290:21539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  267.998256][   T29] audit: type=1326 audit(1764534549.299:21540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.022330][   T29] audit: type=1326 audit(1764534549.299:21541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.046203][   T29] audit: type=1326 audit(1764534549.299:21542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.070448][   T29] audit: type=1326 audit(1764534549.299:21543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.094098][   T29] audit: type=1326 audit(1764534549.299:21544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.117787][   T29] audit: type=1326 audit(1764534549.299:21545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.142261][   T29] audit: type=1326 audit(1764534549.299:21546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12280 comm="syz.4.2880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcef001f749 code=0x7ffc0000
[  268.316560][T12294] syzkaller0: entered allmulticast mode
[  268.322615][T12294] syzkaller0: entered promiscuous mode
[  268.330486][T12294] syzkaller0 (unregistering): left allmulticast mode
[  268.337352][T12294] syzkaller0 (unregistering): left promiscuous mode
[  268.730714][T12306] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2888'.
[  268.842446][T12312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.864309][T12312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.707350][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  269.943927][T12342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.952433][T12342] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  270.226647][T12356] netlink: 'syz.4.2906': attribute type 8 has an invalid length.
[  270.234687][T12356] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2906'.
[  270.647514][T12382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  270.658472][T12382] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.537107][T12438] syzkaller0: entered allmulticast mode
[  271.545593][T12438] syzkaller0: entered promiscuous mode
[  271.554320][T12438] syzkaller0 (unregistering): left allmulticast mode
[  271.561209][T12438] syzkaller0 (unregistering): left promiscuous mode
[  272.222073][T12461] syzkaller0: entered allmulticast mode
[  272.233665][T12461] syzkaller0: entered promiscuous mode
[  272.245063][T12461] syzkaller0 (unregistering): left allmulticast mode
[  272.251863][T12461] syzkaller0 (unregistering): left promiscuous mode
[  272.280884][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  273.250304][T12500] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2955'.
[  273.327218][   T29] kauditd_printk_skb: 501 callbacks suppressed
[  273.327236][   T29] audit: type=1326 audit(1764534554.351:22048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.366205][   T29] audit: type=1326 audit(1764534554.379:22049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.390065][   T29] audit: type=1326 audit(1764534554.379:22050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.413871][   T29] audit: type=1326 audit(1764534554.379:22051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.437651][   T29] audit: type=1326 audit(1764534554.379:22052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.461525][   T29] audit: type=1326 audit(1764534554.379:22053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.485829][   T29] audit: type=1326 audit(1764534554.379:22054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.510293][   T29] audit: type=1326 audit(1764534554.379:22055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.534083][   T29] audit: type=1326 audit(1764534554.379:22056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.557871][   T29] audit: type=1326 audit(1764534554.379:22057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12511 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85bfd3f749 code=0x7ffc0000
[  273.725730][T12533] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2968'.
[  274.654872][ T3922] Bluetooth: hci0: command 0x1003 tx timeout
[  274.705920][ T3713] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  275.023244][T12551] 
€Â: renamed from batadv_slave_0 (while UP)
[  275.212263][ T3922] Bluetooth: hci0: sending frame failed (-49)
[  275.218593][ T3713] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  276.892714][ T6681] Bluetooth: hci0: Frame reassembly failed (-84)
[  276.968489][ T1767] Bluetooth: hci1: Frame reassembly failed (-84)
[  279.114271][ T3713] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  279.120773][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  279.127321][ T3713] Bluetooth: hci1: command 0x1003 tx timeout
[  279.254306][T12630] IPv6: Can't replace route, no match found
[  280.272205][   T29] kauditd_printk_skb: 137 callbacks suppressed
[  280.272221][   T29] audit: type=1326 audit(1764534560.853:22195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.312047][   T29] audit: type=1326 audit(1764534560.853:22196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.336330][   T29] audit: type=1326 audit(1764534560.853:22197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.360629][   T29] audit: type=1326 audit(1764534560.853:22198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.384409][   T29] audit: type=1326 audit(1764534560.853:22199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.408720][   T29] audit: type=1326 audit(1764534560.853:22200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.432487][   T29] audit: type=1326 audit(1764534560.853:22201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.456348][   T29] audit: type=1326 audit(1764534560.853:22202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.479939][   T29] audit: type=1326 audit(1764534560.853:22203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.504597][   T29] audit: type=1326 audit(1764534560.853:22204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12656 comm="syz.0.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef58df749 code=0x7ffc0000
[  280.531079][T12676] netlink: 'XáMJtp': attribute type 3 has an invalid length.
[  280.543985][T12676] netlink: 14 bytes leftover after parsing attributes in process `XáMJtp'.
[  280.554783][T12676] hsr_slave_0: left promiscuous mode
[  280.566010][T12677] syzkaller0: entered allmulticast mode
[  280.572115][T12677] syzkaller0: entered promiscuous mode
[  280.580324][T12677] syzkaller0 (unregistering): left allmulticast mode
[  280.587050][T12677] syzkaller0 (unregistering): left promiscuous mode
[  280.653041][T12682] batman_adv: batadv0: Adding interface: dummy0
[  280.659716][T12682] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  280.685889][T12682] batman_adv: batadv0: Interface activated: dummy0
[  280.687662][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  280.751067][T12693] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3021'.
[  280.824725][T12693] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  280.836296][T12693] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  280.935638][T12702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.944348][T12702] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.953651][T12702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3023'.
[  281.122132][T12712] IPv6: Can't replace route, no match found
[  281.167915][T12718] program syz.1.3029 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  281.727368][T12740] chnl_net:caif_netlink_parms(): no params data found
[  281.829014][T12740] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.836146][T12740] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.844706][T12740] bridge_slave_0: entered allmulticast mode
[  281.852100][T12740] bridge_slave_0: entered promiscuous mode
[  281.859420][T12740] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.866615][T12740] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.874050][T12740] bridge_slave_1: entered allmulticast mode
[  281.880562][T12740] bridge_slave_1: entered promiscuous mode
[  281.902999][T12740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  281.914066][T12740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  281.935549][T12740] team0: Port device team_slave_0 added
[  281.942678][T12740] team0: Port device team_slave_1 added
[  281.969503][T12740] batman_adv: batadv0: Adding interface: batadv_slave_0
[  281.976596][T12740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  282.003171][T12740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.014647][T12740] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.021854][T12740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  282.049485][T12740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.078690][T12740] hsr_slave_0: entered promiscuous mode
[  282.085058][T12740] hsr_slave_1: entered promiscuous mode
[  282.162218][T12740] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.237433][T12740] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.280686][T12740] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.334917][T12740] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.818684][T12780] program syz.4.3042 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  282.841578][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  282.876393][ T3713] Bluetooth: hci0: command 0x1003 tx timeout
[  282.876404][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  283.058965][T12788] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3045'.
[  283.080549][T12788] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  283.091715][T12788] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  283.135289][T12790] macvlan2: entered promiscuous mode
[  283.140752][T12790] macvlan2: entered allmulticast mode
[  283.146881][T12790] bond1: (slave macvlan2): Error -98 calling set_mac_address
[  283.174042][T12740] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  283.183676][T12740] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  283.198964][T12740] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  283.207107][T12792] netlink: 'syz.2.3046': attribute type 5 has an invalid length.
[  283.214961][T12792] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.3046'.
[  283.228311][T12740] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  283.286338][T12740] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.305063][T12740] 8021q: adding VLAN 0 to HW filter on device team0
[  283.323205][ T4540] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.330435][ T4540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.420188][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.427581][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.460725][T12815] program syz.5.3051 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  283.462029][T12740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  283.560940][T12740] 8021q: adding VLAN 0 to HW filter on device batadv0
[  283.649693][T12740] veth0_vlan: entered promiscuous mode
[  283.658384][T12740] veth1_vlan: entered promiscuous mode
[  283.675696][T12740] veth0_macvtap: entered promiscuous mode
[  283.683469][T12740] veth1_macvtap: entered promiscuous mode
[  283.694882][T12740] batman_adv: batadv0: Interface activated: batadv_slave_0
[  283.706339][T12740] batman_adv: batadv0: Interface activated: batadv_slave_1
[  283.718013][ T1767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.734703][ T1767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.750006][ T1767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.761435][ T1767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  283.976676][T12842] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3035'.
[  284.124799][T12854] xt_hashlimit: size too large, truncated to 1048576
[  284.920937][T12870] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3061'.
[  285.014455][ T3922] Bluetooth: hci1: command 0x1003 tx timeout
[  285.020856][   T44] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  285.358402][T12882] xt_hashlimit: size too large, truncated to 1048576
[  285.532064][T12887] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3067'.
[  285.567814][T12887] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  285.595434][T12887] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  285.851172][T12902] IPv6: Can't replace route, no match found
[  286.013254][   T29] kauditd_printk_skb: 174 callbacks suppressed
[  286.013273][   T29] audit: type=1326 audit(1764534566.204:22379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.044635][   T29] audit: type=1326 audit(1764534566.204:22380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.068718][   T29] audit: type=1326 audit(1764534566.214:22381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12914 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fed0a6b2005 code=0x7ffc0000
[  286.093525][   T29] audit: type=1326 audit(1764534566.279:22382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.094486][T12919] program syz.4.3077 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  286.117298][   T29] audit: type=1326 audit(1764534566.279:22383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.126179][   T29] audit: type=1326 audit(1764534566.335:22384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.174897][   T29] audit: type=1326 audit(1764534566.335:22385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.199255][   T29] audit: type=1326 audit(1764534566.335:22386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12896 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.227568][   T29] audit: type=1326 audit(1764534566.382:22387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12914 comm="syz.5.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fed0a67f749 code=0x7ffc0000
[  286.262993][T12926] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3079'.
[  286.525347][   T29] audit: type=1326 audit(1764534566.700:22388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12949 comm="syz.2.3085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  286.573635][T12952] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3086'.
[  286.628127][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  287.573383][T13024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3110'.
[  287.574772][T13028] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3111'.
[  287.584858][T13024] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3110'.
[  287.695868][T13042] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3116'.
[  287.994349][T13069] FAULT_INJECTION: forcing a failure.
[  287.994349][T13069] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  288.007982][T13069] CPU: 0 UID: 0 PID: 13069 Comm: syz.1.3125 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  288.008017][T13069] Tainted: [W]=WARN
[  288.008025][T13069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  288.008073][T13069] Call Trace:
[  288.008079][T13069]  <TASK>
[  288.008088][T13069]  __dump_stack+0x1d/0x30
[  288.008112][T13069]  dump_stack_lvl+0xe8/0x140
[  288.008143][T13069]  dump_stack+0x15/0x1b
[  288.008178][T13069]  should_fail_ex+0x265/0x280
[  288.008247][T13069]  should_fail_alloc_page+0xf2/0x100
[  288.008352][T13069]  __alloc_frozen_pages_noprof+0xff/0x360
[  288.008388][T13069]  alloc_pages_mpol+0xb3/0x260
[  288.008444][T13069]  folio_alloc_mpol_noprof+0x39/0x80
[  288.008463][T13069]  shmem_get_folio_gfp+0x3cf/0xd60
[  288.008550][T13069]  shmem_write_begin+0xa8/0x190
[  288.008609][T13069]  generic_perform_write+0x184/0x490
[  288.008630][T13069]  shmem_file_write_iter+0xc5/0xf0
[  288.008646][T13069]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  288.008661][T13069]  vfs_write+0x52a/0x960
[  288.008738][T13069]  ksys_write+0xda/0x1a0
[  288.008755][T13069]  __x64_sys_write+0x40/0x50
[  288.008771][T13069]  x64_sys_call+0x2802/0x3000
[  288.008785][T13069]  do_syscall_64+0xd2/0x200
[  288.008814][T13069]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  288.008832][T13069]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  288.008853][T13069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.008868][T13069] RIP: 0033:0x7f85bfd3f749
[  288.008885][T13069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.008926][T13069] RSP: 002b:00007f85be79f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  288.008944][T13069] RAX: ffffffffffffffda RBX: 00007f85bff95fa0 RCX: 00007f85bfd3f749
[  288.008953][T13069] RDX: 00000000fffffdab RSI: 0000200000000000 RDI: 0000000000000003
[  288.008961][T13069] RBP: 00007f85be79f090 R08: 0000000000000000 R09: 0000000000000000
[  288.008969][T13069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.008977][T13069] R13: 00007f85bff96038 R14: 00007f85bff95fa0 R15: 00007ffd3ee62b88
[  288.008990][T13069]  </TASK>
[  288.017455][T13073] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3127'.
[  288.085913][T13080] program syz.1.3129 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  288.402874][T13091] IPv6: Can't replace route, no match found
[  288.578924][T13115] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3141'.
[  288.594537][T13118] veth0_to_batadv: entered promiscuous mode
[  288.602945][T13122] veth0_to_batadv: left promiscuous mode
[  288.629178][T13128] IPv6: Can't replace route, no match found
[  288.676695][T13135] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3148'.
[  288.777108][ T3922] Bluetooth: hci0: command 0x1003 tx timeout
[  288.783338][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  288.804582][T13158] syzkaller1: entered promiscuous mode
[  288.810273][T13158] syzkaller1: entered allmulticast mode
[  288.819775][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3156'.
[  288.874655][T13158] vhci_hcd: invalid port number 9
[  289.028254][T13167] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13167 comm=syz.0.3156
[  289.265251][T13178] IPv6: Can't replace route, no match found
[  289.369222][T13186] program syz.0.3164 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  289.420158][T13196] program syz.2.3167 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  289.569150][T13214] netlink: 'syz.4.3175': attribute type 4 has an invalid length.
[  289.577653][T13214] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=13214 comm=syz.4.3175
[  289.991791][ T4540] Bluetooth: hci0: Frame reassembly failed (-84)
[  290.060450][T13264] program syz.5.3190 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  290.083762][T13269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.092727][T13269] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  291.002038][T13287] program syz.1.3198 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  291.314587][T13310] program syz.2.3204 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  291.405320][   T29] kauditd_printk_skb: 508 callbacks suppressed
[  291.405390][   T29] audit: type=1400 audit(1764534571.265:22897): avc:  denied  { mac_admin } for  pid=13317 comm="syz.2.3208" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  291.422562][T13320] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13320 comm=syz.2.3209
[  291.613583][T13335] program syz.2.3215 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  291.693459][T13339] program syz.2.3217 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  291.807841][T13348] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13348 comm=syz.2.3220
[  291.840955][   T29] audit: type=1326 audit(1764534571.677:22898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  291.876701][   T29] audit: type=1326 audit(1764534571.677:22899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  291.900648][   T29] audit: type=1326 audit(1764534571.677:22900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  291.924619][   T29] audit: type=1326 audit(1764534571.677:22901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  291.949044][   T29] audit: type=1326 audit(1764534571.677:22902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  291.972951][   T29] audit: type=1326 audit(1764534571.677:22903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  291.997346][   T29] audit: type=1326 audit(1764534571.677:22904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  292.021592][   T29] audit: type=1326 audit(1764534571.677:22905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  292.045568][   T29] audit: type=1326 audit(1764534571.677:22906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13349 comm="syz.2.3221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  292.087284][T13354] __nla_validate_parse: 11 callbacks suppressed
[  292.087305][T13354] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3223'.
[  292.202266][ T3922] Bluetooth: hci0: command 0x1003 tx timeout
[  292.208470][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  292.241599][T13366] program syz.1.3230 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  292.363377][T13378] program syz.5.3224 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  292.398925][T13381] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3234'.
[  292.424751][T13385] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3236'.
[  292.446083][T13384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3235'.
[  292.672262][T13395] chnl_net:caif_netlink_parms(): no params data found
[  292.708334][T13395] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.715549][T13395] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.723534][T13395] bridge_slave_0: entered allmulticast mode
[  292.729909][T13395] bridge_slave_0: entered promiscuous mode
[  292.737287][T13395] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.744490][T13395] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.751740][T13395] bridge_slave_1: entered allmulticast mode
[  292.758305][T13395] bridge_slave_1: entered promiscuous mode
[  292.760302][T13412] program syz.2.3241 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  292.793733][T13395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.805925][T13395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.806666][T13416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.823581][T13416] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.840160][T13395] team0: Port device team_slave_0 added
[  292.847686][T13395] team0: Port device team_slave_1 added
[  292.865087][T13416] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3243'.
[  292.881201][T13395] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.888424][T13395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.915058][T13395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.926819][T13395] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.933775][T13395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.960407][T13395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.002634][T13395] hsr_slave_0: entered promiscuous mode
[  293.009129][T13395] hsr_slave_1: entered promiscuous mode
[  293.015639][T13395] debugfs: 'hsr0' already exists in 'hsr'
[  293.021582][T13395] Cannot create hsr debugfs directory
[  293.086141][T13395] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.162761][T13395] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.201658][T13427] netlink: 160 bytes leftover after parsing attributes in process `syz.0.3247'.
[  293.227104][T13395] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.278637][T13395] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.298081][ T6681] Bluetooth: hci0: Frame reassembly failed (-84)
[  293.340205][T13395] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  293.349612][T13395] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  293.360186][T13395] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  293.372713][T13395] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  293.391739][T13395] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.398876][T13395] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.406406][T13395] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.413651][T13395] bridge0: port 1(bridge_slave_0) entered forwarding state
[  293.445631][T13395] 8021q: adding VLAN 0 to HW filter on device bond0
[  293.459151][ T6681] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.474725][ T6681] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.487412][T13395] 8021q: adding VLAN 0 to HW filter on device team0
[  293.498854][ T6681] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.506343][ T6681] bridge0: port 1(bridge_slave_0) entered forwarding state
[  293.517228][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.524940][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.643691][T13395] 8021q: adding VLAN 0 to HW filter on device batadv0
[  293.781392][T13395] veth0_vlan: entered promiscuous mode
[  293.789632][T13395] veth1_vlan: entered promiscuous mode
[  293.809470][T13395] veth0_macvtap: entered promiscuous mode
[  293.817602][T13395] veth1_macvtap: entered promiscuous mode
[  293.829381][T13395] batman_adv: batadv0: Interface activated: batadv_slave_0
[  293.852780][T13395] batman_adv: batadv0: Interface activated: batadv_slave_1
[  293.866658][ T6681] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  293.887979][ T6681] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  293.906195][T13495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  293.906520][ T6681] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  293.929674][T13495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  293.930045][ T6681] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.945599][T13471] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3259'.
[  293.972217][T13497] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3262'.
[  295.057709][T13532] program syz.4.3272 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  295.113346][T13534] program syz.4.3273 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  295.167884][T13536] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3274'.
[  295.187688][T13536] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3274'.
[  295.433694][   T31] Bluetooth: hci1: Frame reassembly failed (-84)
[  295.446890][ T3713] Bluetooth: hci0: command 0x1003 tx timeout
[  295.452937][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  297.071655][   T29] kauditd_printk_skb: 340 callbacks suppressed
[  297.071716][   T29] audit: type=1326 audit(1764534576.532:23247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13596 comm="syz.0.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.101690][   T29] audit: type=1326 audit(1764534576.532:23248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13596 comm="syz.0.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.125725][   T29] audit: type=1326 audit(1764534576.532:23249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13596 comm="syz.0.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.149500][   T29] audit: type=1326 audit(1764534576.542:23250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13596 comm="syz.0.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.266514][T13605] 
€Â: renamed from batadv_slave_0 (while UP)
[  297.350794][T13616] netlink: 'syz.2.3305': attribute type 4 has an invalid length.
[  297.373300][T13618] netlink: 'syz.1.3306': attribute type 4 has an invalid length.
[  297.382453][   T29] audit: type=1326 audit(1764534576.776:23251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13600 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.406439][   T29] audit: type=1326 audit(1764534576.776:23252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13600 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.430163][   T29] audit: type=1326 audit(1764534576.776:23253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13600 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.454051][   T29] audit: type=1326 audit(1764534576.776:23254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13608 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5183072005 code=0x7ffc0000
[  297.477841][   T29] audit: type=1326 audit(1764534576.785:23255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13600 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.501933][   T29] audit: type=1326 audit(1764534576.785:23256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13600 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  297.595308][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  297.626500][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  297.702137][T13631] __nla_validate_parse: 2 callbacks suppressed
[  297.702154][T13631] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3310'.
[  297.735321][T13633] program syz.5.3311 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  297.781771][T13637] program syz.5.3313 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  297.817873][T13641] netlink: 'syz.5.3315': attribute type 4 has an invalid length.
[  297.826320][T13641] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=13641 comm=syz.5.3315
[  297.899865][T13652] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3319'.
[  298.036166][T13661] program syz.1.3323 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  298.071707][T13665] program syz.1.3325 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  298.121140][T13667] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  298.259374][T13654] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3320'.
[  298.313528][T13696] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3335'.
[  298.355825][T13703] program syz.0.3338 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  298.465563][T13712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3342'.
[  299.154084][   T31] Bluetooth: hci1: Frame reassembly failed (-84)
[  299.405887][T13745] program syz.0.3351 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  299.808108][ T3713] Bluetooth: hci0: command 0x1003 tx timeout
[  299.808481][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  300.426610][T13799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.436043][T13799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.448371][T13801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.457052][T13801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.461257][T13799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3370'.
[  300.466941][T13801] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3371'.
[  300.490075][T13803] program syz.1.3372 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  300.971013][ T1767] Bluetooth: hci0: Frame reassembly failed (-84)
[  301.347334][ T3713] Bluetooth: hci1: command 0x1003 tx timeout
[  301.347405][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  301.868450][ T6681] Bluetooth: hci1: Frame reassembly failed (-84)
[  301.935904][T13875] netlink: 'syz.5.3398': attribute type 4 has an invalid length.
[  301.944358][T13875] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=13875 comm=syz.5.3398
[  301.961073][T13877] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3399'.
[  302.712684][   T29] kauditd_printk_skb: 571 callbacks suppressed
[  302.712751][   T29] audit: type=1326 audit(1764534581.846:23826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.744126][   T29] audit: type=1326 audit(1764534581.846:23827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.768143][   T29] audit: type=1326 audit(1764534581.865:23828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.792306][   T29] audit: type=1326 audit(1764534581.865:23829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.816048][   T29] audit: type=1326 audit(1764534581.865:23830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.839851][   T29] audit: type=1326 audit(1764534581.865:23831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.863493][   T29] audit: type=1326 audit(1764534581.865:23832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.887365][   T29] audit: type=1326 audit(1764534581.865:23833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.911085][   T29] audit: type=1326 audit(1764534581.865:23834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.934790][   T29] audit: type=1326 audit(1764534581.865:23835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.2.3404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b7ce8f749 code=0x7ffc0000
[  302.999216][T13898] netlink: 'syz.5.3406': attribute type 4 has an invalid length.
[  303.007349][T13898] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=13898 comm=syz.5.3406
[  303.124160][T13907] program syz.5.3409 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  303.143142][ T3588] Bluetooth: hci0: command 0x1003 tx timeout
[  303.143142][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  303.761490][T13941] program syz.1.3421 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  303.810509][T13953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3425'.
[  304.071623][T13955] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3426'.
[  304.083779][   T44] Bluetooth: hci1: command 0x1003 tx timeout
[  304.083809][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  304.169314][ T3713] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  304.169347][ T3922] Bluetooth: hci2: command 0x1003 tx timeout
[  304.485256][T13992] program syz.2.3438 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  304.513965][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.523141][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.532478][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.536633][T14000] netlink: 'syz.2.3441': attribute type 4 has an invalid length.
[  304.555046][T14000] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14000 comm=syz.2.3441
[  304.558374][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.577549][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.586889][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.625662][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.634963][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3439'.
[  304.718539][T14027] program syz.0.3449 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  305.231007][T14073] program syz.2.3469 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  305.255347][T14071] Falling back ldisc for ptm2.
[  305.305571][T14078] Falling back ldisc for ptm1.
[  305.445232][T14104] program syz.0.3482 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  305.803136][T14131] program syz.0.3488 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  305.851405][T14119] chnl_net:caif_netlink_parms(): no params data found
[  305.861895][T14134] netlink: 'syz.0.3489': attribute type 4 has an invalid length.
[  305.877865][T14134] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14134 comm=syz.0.3489
[  305.967401][T14119] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.974571][T14119] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.981969][T14119] bridge_slave_0: entered allmulticast mode
[  305.990146][T14119] bridge_slave_0: entered promiscuous mode
[  305.997181][T14148] program syz.1.3494 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  306.002183][T14119] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.013855][T14119] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.022041][T14119] bridge_slave_1: entered allmulticast mode
[  306.029107][T14119] bridge_slave_1: entered promiscuous mode
[  306.052728][T14119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  306.063150][ T6681] Bluetooth: hci1: Frame reassembly failed (-84)
[  306.063609][T14119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  306.103793][T14119] team0: Port device team_slave_0 added
[  306.115099][T14119] team0: Port device team_slave_1 added
[  306.142374][T14119] batman_adv: batadv0: Adding interface: batadv_slave_0
[  306.149426][T14119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  306.176055][T14119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  306.199626][T14119] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.206669][T14119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  306.232811][T14119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.247887][T14163] netlink: 'syz.0.3500': attribute type 4 has an invalid length.
[  306.256063][T14163] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14163 comm=syz.0.3500
[  306.329227][T14119] hsr_slave_0: entered promiscuous mode
[  306.335722][T14119] hsr_slave_1: entered promiscuous mode
[  306.342089][T14119] debugfs: 'hsr0' already exists in 'hsr'
[  306.348038][T14119] Cannot create hsr debugfs directory
[  306.386716][T14167] syzkaller0: entered allmulticast mode
[  306.392725][T14167] syzkaller0: entered promiscuous mode
[  306.405800][T14167] syzkaller0 (unregistering): left allmulticast mode
[  306.412581][T14167] syzkaller0 (unregistering): left promiscuous mode
[  306.521893][T14119] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.531812][T14119] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.608176][T14119] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.618417][T14119] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.631643][T14179] netlink: 'syz.0.3506': attribute type 4 has an invalid length.
[  306.640237][T14179] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14179 comm=syz.0.3506
[  306.672927][T14119] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.682835][T14119] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.769395][T14119] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.779284][T14119] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.864771][T14119] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  306.874261][T14119] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  306.883507][T14119] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  306.893732][T14119] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  306.917157][T14189] FAULT_INJECTION: forcing a failure.
[  306.917157][T14189] name failslab, interval 1, probability 0, space 0, times 0
[  306.930440][T14189] CPU: 0 UID: 0 PID: 14189 Comm: syz.0.3507 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  306.930475][T14189] Tainted: [W]=WARN
[  306.930479][T14189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  306.930514][T14189] Call Trace:
[  306.930518][T14189]  <TASK>
[  306.930524][T14189]  __dump_stack+0x1d/0x30
[  306.930540][T14189]  dump_stack_lvl+0xe8/0x140
[  306.930618][T14189]  dump_stack+0x15/0x1b
[  306.930637][T14189]  should_fail_ex+0x265/0x280
[  306.930678][T14189]  ? alloc_pipe_info+0xae/0x350
[  306.930695][T14189]  should_failslab+0x8c/0xb0
[  306.930781][T14189]  __kmalloc_cache_noprof+0x4c/0x4a0
[  306.930927][T14189]  alloc_pipe_info+0xae/0x350
[  306.930943][T14189]  splice_direct_to_actor+0x592/0x680
[  306.930959][T14189]  ? __pfx_direct_splice_actor+0x10/0x10
[  306.930974][T14189]  ? selinux_file_permission+0x2f0/0x320
[  306.931021][T14189]  do_splice_direct+0xda/0x150
[  306.931035][T14189]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  306.931086][T14189]  do_sendfile+0x380/0x650
[  306.931131][T14189]  __x64_sys_sendfile64+0x105/0x150
[  306.931156][T14189]  x64_sys_call+0x2bb4/0x3000
[  306.931180][T14189]  do_syscall_64+0xd2/0x200
[  306.931200][T14189]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  306.931295][T14189]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  306.931315][T14189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.931328][T14189] RIP: 0033:0x7f518303f749
[  306.931339][T14189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.931403][T14189] RSP: 002b:00007f5181a7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  306.931426][T14189] RAX: ffffffffffffffda RBX: 00007f5183296090 RCX: 00007f518303f749
[  306.931439][T14189] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  306.931448][T14189] RBP: 00007f5181a7e090 R08: 0000000000000000 R09: 0000000000000000
[  306.931455][T14189] R10: 000000008000002b R11: 0000000000000246 R12: 0000000000000001
[  306.931464][T14189] R13: 00007f5183296128 R14: 00007f5183296090 R15: 00007ffe057be998
[  306.931477][T14189]  </TASK>
[  307.055897][T14119] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.098173][ T3713] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  307.178407][T14119] 8021q: adding VLAN 0 to HW filter on device team0
[  307.189724][   T38] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.196846][   T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.217511][T14119] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  307.228189][T14119] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  307.244591][   T38] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.251805][   T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.327389][T14119] 8021q: adding VLAN 0 to HW filter on device batadv0
[  307.349722][T14203] program syz.0.3512 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  307.426223][T14119] veth0_vlan: entered promiscuous mode
[  307.446850][T14119] veth1_vlan: entered promiscuous mode
[  307.479180][T14119] veth0_macvtap: entered promiscuous mode
[  307.494809][T14119] veth1_macvtap: entered promiscuous mode
[  307.515936][T14119] batman_adv: batadv0: Interface activated: batadv_slave_0
[  307.528246][T14119] batman_adv: batadv0: Interface activated: batadv_slave_1
[  307.550223][ T1767] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  307.561727][ T1767] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  307.575853][ T1767] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  307.616590][ T1767] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  307.962497][T14236] netlink: 'syz.2.3520': attribute type 4 has an invalid length.
[  307.971488][T14236] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14236 comm=syz.2.3520
[  307.987932][T14238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.996836][T14238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.095399][T14241] netlink: 'syz.0.3522': attribute type 4 has an invalid length.
[  308.105204][T14241] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14241 comm=syz.0.3522
[  308.159652][T14243] program syz.2.3523 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  308.275018][ T3713] Bluetooth: hci1: command 0x1003 tx timeout
[  308.281263][ T3922] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  308.305369][T14250] hsr_slave_0: left promiscuous mode
[  308.311790][T14250] hsr_slave_1: left promiscuous mode
[  308.405719][   T29] kauditd_printk_skb: 447 callbacks suppressed
[  308.405736][   T29] audit: type=1326 audit(1764534587.169:24283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.436019][   T29] audit: type=1326 audit(1764534587.169:24284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.462380][   T29] audit: type=1326 audit(1764534587.169:24285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.486321][   T29] audit: type=1326 audit(1764534587.169:24286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.510479][   T29] audit: type=1326 audit(1764534587.169:24287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.534657][   T29] audit: type=1326 audit(1764534587.169:24288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.553379][T14272] netlink: 'syz.0.3535': attribute type 4 has an invalid length.
[  308.559121][   T29] audit: type=1326 audit(1764534587.169:24289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.584019][T14272] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14272 comm=syz.0.3535
[  308.590598][   T29] audit: type=1326 audit(1764534587.169:24290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.627250][   T29] audit: type=1326 audit(1764534587.169:24291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.651354][   T29] audit: type=1326 audit(1764534587.169:24292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb5b73f749 code=0x7ffc0000
[  308.732082][T14275] FAULT_INJECTION: forcing a failure.
[  308.732082][T14275] name failslab, interval 1, probability 0, space 0, times 0
[  308.745257][T14275] CPU: 1 UID: 0 PID: 14275 Comm: syz.2.3536 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  308.745328][T14275] Tainted: [W]=WARN
[  308.745335][T14275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  308.745346][T14275] Call Trace:
[  308.745354][T14275]  <TASK>
[  308.745359][T14275]  __dump_stack+0x1d/0x30
[  308.745376][T14275]  dump_stack_lvl+0xe8/0x140
[  308.745435][T14275]  dump_stack+0x15/0x1b
[  308.745447][T14275]  should_fail_ex+0x265/0x280
[  308.745524][T14275]  should_failslab+0x8c/0xb0
[  308.745543][T14275]  kmem_cache_alloc_noprof+0x50/0x480
[  308.745614][T14275]  ? getname_flags+0x80/0x3b0
[  308.745709][T14275]  getname_flags+0x80/0x3b0
[  308.745728][T14275]  getname_uflags+0x21/0x30
[  308.745779][T14275]  __x64_sys_execveat+0x5d/0x90
[  308.745795][T14275]  x64_sys_call+0x1fec/0x3000
[  308.745810][T14275]  do_syscall_64+0xd2/0x200
[  308.745824][T14275]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  308.745849][T14275]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  308.745869][T14275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.745883][T14275] RIP: 0033:0x7feb5b73f749
[  308.745895][T14275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.745982][T14275] RSP: 002b:00007feb5a1a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  308.745996][T14275] RAX: ffffffffffffffda RBX: 00007feb5b995fa0 RCX: 00007feb5b73f749
[  308.746004][T14275] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  308.746054][T14275] RBP: 00007feb5a1a7090 R08: 0000000000001000 R09: 0000000000000000
[  308.746062][T14275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.746069][T14275] R13: 00007feb5b996038 R14: 00007feb5b995fa0 R15: 00007fff3b9b21f8
[  308.746100][T14275]  </TASK>
[  308.967605][T14279] syzkaller0: entered allmulticast mode
[  308.973972][T14279] syzkaller0: entered promiscuous mode
[  308.981633][T14279] syzkaller0 (unregistering): left allmulticast mode
[  308.988468][T14279] syzkaller0 (unregistering): left promiscuous mode
[  309.120769][T14311] program syz.4.3549 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  309.142847][T14313] netlink: 'syz.5.3550': attribute type 4 has an invalid length.
[  309.152154][T14313] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14313 comm=syz.5.3550
[  309.181758][T14316] program syz.1.3551 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  309.313973][T14338] program syz.5.3559 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  309.393690][T14349] netlink: 'syz.4.3564': attribute type 4 has an invalid length.
[  309.410732][T14349] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14349 comm=syz.4.3564
[  309.482618][T14362] netlink: 'syz.5.3568': attribute type 4 has an invalid length.
[  309.491741][T14362] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14362 comm=syz.5.3568
[  309.750396][T14386] 
€Â: renamed from batadv_slave_0 (while UP)
[  309.760892][T14389] netlink: 'syz.1.3574': attribute type 13 has an invalid length.
[  309.772415][T14388] __nla_validate_parse: 7 callbacks suppressed
[  309.772443][T14388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3577'.
[  309.854001][T14389] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.861290][T14389] bridge0: port 1(bridge_slave_0) entered disabled state
[  309.930086][T14389] batman_adv: batadv0: Interface deactivated: 
€Â
[  309.939098][T14389] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  310.023122][   T31] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  310.039000][T14404] netlink: 'syz.2.3579': attribute type 4 has an invalid length.
[  310.047501][   T31] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  310.073258][   T31] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  310.091169][   T31] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  310.092129][T14404] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14404 comm=syz.2.3579
[  310.555299][T14450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3592'.
[  310.620664][T14454] syzkaller0: entered allmulticast mode
[  310.628998][T14454] syzkaller0: entered promiscuous mode
[  310.642220][T14454] syzkaller0 (unregistering): left allmulticast mode
[  310.649179][T14454] syzkaller0 (unregistering): left promiscuous mode
[  310.692094][T14459] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3596'.
[  310.852710][T14476] netlink: 'syz.0.3604': attribute type 4 has an invalid length.
[  310.861065][T14476] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14476 comm=syz.0.3604
[  311.532949][T14514] netlink: 'syz.0.3615': attribute type 4 has an invalid length.
[  311.541387][T14514] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14514 comm=syz.0.3615
[  311.683431][   T38] Bluetooth: hci0: Frame reassembly failed (-84)
[  311.849589][T14521] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.927658][T14528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  311.951228][T14528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  311.998547][T14536] netlink: 176 bytes leftover after parsing attributes in process `syz.5.3621'.
[  312.040838][T14521] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.131888][T14521] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.257786][T14521] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.459881][ T6681] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  312.544665][ T6681] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  312.587647][T14560] program syz.4.3628 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  312.616146][ T6681] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  312.736280][ T1767] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  312.764279][T14566] Unsupported ieee802154 address type: 0
[  312.779203][T14566] block device autoloading is deprecated and will be removed.
[  313.225843][T14593] netlink: 'syz.5.3644': attribute type 4 has an invalid length.
[  313.239045][T14593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14593 comm=syz.5.3644
[  313.252737][T14595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  313.263524][T14595] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  313.292911][T14595] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3645'.
[  313.412332][T14606] FAULT_INJECTION: forcing a failure.
[  313.412332][T14606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  313.425670][T14606] CPU: 0 UID: 0 PID: 14606 Comm: syz.0.3648 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  313.425706][T14606] Tainted: [W]=WARN
[  313.425713][T14606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  313.425724][T14606] Call Trace:
[  313.425808][T14606]  <TASK>
[  313.425816][T14606]  __dump_stack+0x1d/0x30
[  313.425838][T14606]  dump_stack_lvl+0xe8/0x140
[  313.425856][T14606]  dump_stack+0x15/0x1b
[  313.425902][T14606]  should_fail_ex+0x265/0x280
[  313.425942][T14606]  should_fail+0xb/0x20
[  313.425958][T14606]  should_fail_usercopy+0x1a/0x20
[  313.425977][T14606]  _copy_from_user+0x1c/0xb0
[  313.426007][T14606]  vt_ioctl+0xf54/0x18a0
[  313.426089][T14606]  ? tty_jobctrl_ioctl+0x29e/0x810
[  313.426122][T14606]  tty_ioctl+0x7d8/0xb80
[  313.426155][T14606]  ? __pfx_tty_ioctl+0x10/0x10
[  313.426253][T14606]  __se_sys_ioctl+0xce/0x140
[  313.426276][T14606]  __x64_sys_ioctl+0x43/0x50
[  313.426299][T14606]  x64_sys_call+0x1816/0x3000
[  313.426325][T14606]  do_syscall_64+0xd2/0x200
[  313.426386][T14606]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  313.426414][T14606]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  313.426499][T14606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.426520][T14606] RIP: 0033:0x7f518303f749
[  313.426537][T14606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.426553][T14606] RSP: 002b:00007f5181a9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  313.426608][T14606] RAX: ffffffffffffffda RBX: 00007f5183295fa0 RCX: 00007f518303f749
[  313.426620][T14606] RDX: 0000200000000040 RSI: 0000000000004b67 RDI: 0000000000000003
[  313.426632][T14606] RBP: 00007f5181a9f090 R08: 0000000000000000 R09: 0000000000000000
[  313.426646][T14606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.426722][T14606] R13: 00007f5183296038 R14: 00007f5183295fa0 R15: 00007ffe057be998
[  313.426735][T14606]  </TASK>
[  313.480493][T14609] netlink: 'syz.1.3649': attribute type 13 has an invalid length.
[  313.755279][T14619] netlink: 160 bytes leftover after parsing attributes in process `syz.0.3653'.
[  313.777445][T14621] program syz.0.3654 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  313.815483][T14625] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14625 comm=syz.0.3656
[  313.843603][ T3713] Bluetooth: hci0: command 0x1003 tx timeout
[  313.849887][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  313.926217][T14628] syzkaller0: entered allmulticast mode
[  313.932464][T14628] syzkaller0: entered promiscuous mode
[  313.939954][T14628] syzkaller0 (unregistering): left allmulticast mode
[  313.946793][T14628] syzkaller0 (unregistering): left promiscuous mode
[  314.053796][T14630] validate_nla: 1 callbacks suppressed
[  314.053815][T14630] netlink: 'syz.0.3658': attribute type 4 has an invalid length.
[  314.067770][T14630] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14630 comm=syz.0.3658
[  314.133826][T14632] program syz.4.3659 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  314.181321][T14636] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3661'.
[  314.208695][   T29] kauditd_printk_skb: 727 callbacks suppressed
[  314.208755][   T29] audit: type=1326 audit(1764534592.605:25020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.255335][   T29] audit: type=1326 audit(1764534592.633:25021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.279220][   T29] audit: type=1326 audit(1764534592.633:25022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.303184][   T29] audit: type=1326 audit(1764534592.633:25023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.326826][   T29] audit: type=1326 audit(1764534592.633:25024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.350569][   T29] audit: type=1326 audit(1764534592.633:25025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.374283][   T29] audit: type=1326 audit(1764534592.633:25026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  314.398255][   T29] audit: type=1326 audit(1764534592.633:25027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5183041667 code=0x7ffc0000
[  314.399062][T14648] program syz.0.3665 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  314.422099][   T29] audit: type=1326 audit(1764534592.633:25028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f51830415dc code=0x7ffc0000
[  314.455342][   T29] audit: type=1326 audit(1764534592.633:25029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14637 comm="syz.0.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f5183041514 code=0x7ffc0000
[  314.589968][T14665] netlink: 'syz.1.3672': attribute type 4 has an invalid length.
[  314.624340][T14665] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14665 comm=syz.1.3672
[  314.657078][T14675] syzkaller0: entered allmulticast mode
[  314.664848][T14675] syzkaller0: entered promiscuous mode
[  314.682446][T14675] syzkaller0 (unregistering): left allmulticast mode
[  314.689740][T14675] syzkaller0 (unregistering): left promiscuous mode
[  314.723117][T14681] program syz.0.3677 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  314.802106][T14691] netlink: 'syz.1.3682': attribute type 4 has an invalid length.
[  314.810485][T14691] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14691 comm=syz.1.3682
[  314.824356][T14692] netlink: 'syz.0.3679': attribute type 13 has an invalid length.
[  314.929185][T14692] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.936508][T14692] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.024745][T14692] batman_adv: batadv0: Interface deactivated: 
€Â
[  315.034730][T14692] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  315.084981][   T12] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.110629][   T12] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.122542][   T12] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.132202][   T12] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.146481][T14723] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3693'.
[  315.161208][T14725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  315.170297][T14725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  315.180542][T14725] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3694'.
[  315.889703][T14740] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3700'.
[  316.052341][T14748] netlink: 'syz.1.3702': attribute type 4 has an invalid length.
[  316.081692][T14748] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14748 comm=syz.1.3702
[  316.170217][T14751] IPv6: Can't replace route, no match found
[  316.253116][T14757] FAULT_INJECTION: forcing a failure.
[  316.253116][T14757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  316.266390][T14757] CPU: 0 UID: 0 PID: 14757 Comm: syz.4.3704 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  316.266426][T14757] Tainted: [W]=WARN
[  316.266433][T14757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  316.266448][T14757] Call Trace:
[  316.266456][T14757]  <TASK>
[  316.266523][T14757]  __dump_stack+0x1d/0x30
[  316.266547][T14757]  dump_stack_lvl+0xe8/0x140
[  316.266566][T14757]  dump_stack+0x15/0x1b
[  316.266648][T14757]  should_fail_ex+0x265/0x280
[  316.266667][T14757]  should_fail+0xb/0x20
[  316.266685][T14757]  should_fail_usercopy+0x1a/0x20
[  316.266705][T14757]  _copy_from_user+0x1c/0xb0
[  316.266750][T14757]  ___sys_sendmsg+0xc1/0x1d0
[  316.266862][T14757]  __x64_sys_sendmsg+0xd4/0x160
[  316.266891][T14757]  x64_sys_call+0x191e/0x3000
[  316.266916][T14757]  do_syscall_64+0xd2/0x200
[  316.266935][T14757]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  316.267014][T14757]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  316.267097][T14757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.267122][T14757] RIP: 0033:0x7fcef001f749
[  316.267140][T14757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.267161][T14757] RSP: 002b:00007fceeea7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  316.267229][T14757] RAX: ffffffffffffffda RBX: 00007fcef0275fa0 RCX: 00007fcef001f749
[  316.267241][T14757] RDX: 000000002000a804 RSI: 0000200000000180 RDI: 0000000000000009
[  316.267253][T14757] RBP: 00007fceeea7f090 R08: 0000000000000000 R09: 0000000000000000
[  316.267268][T14757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.267280][T14757] R13: 00007fcef0276038 R14: 00007fcef0275fa0 R15: 00007ffe6f2c52e8
[  316.267303][T14757]  </TASK>
[  316.788401][T14786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.797342][T14786] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.807334][T14786] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3717'.
[  316.892574][T14791] netlink: 'syz.0.3718': attribute type 4 has an invalid length.
[  316.910732][T14791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14791 comm=syz.0.3718
[  317.163725][T14800] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  317.250919][T14800] SELinux: failed to load policy
[  317.261768][T14804] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  317.274176][T14804] FAULT_INJECTION: forcing a failure.
[  317.274176][T14804] name failslab, interval 1, probability 0, space 0, times 0
[  317.286969][T14804] CPU: 0 UID: 0 PID: 14804 Comm: syz.0.3724 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  317.287063][T14804] Tainted: [W]=WARN
[  317.287071][T14804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  317.287122][T14804] Call Trace:
[  317.287130][T14804]  <TASK>
[  317.287167][T14804]  __dump_stack+0x1d/0x30
[  317.287194][T14804]  dump_stack_lvl+0xe8/0x140
[  317.287217][T14804]  dump_stack+0x15/0x1b
[  317.287233][T14804]  should_fail_ex+0x265/0x280
[  317.287252][T14804]  should_failslab+0x8c/0xb0
[  317.287342][T14804]  kmem_cache_alloc_noprof+0x50/0x480
[  317.287372][T14804]  ? getname_flags+0x80/0x3b0
[  317.287471][T14804]  getname_flags+0x80/0x3b0
[  317.287501][T14804]  do_sys_openat2+0x60/0x110
[  317.287524][T14804]  __x64_sys_openat+0xf2/0x120
[  317.287609][T14804]  x64_sys_call+0x2eab/0x3000
[  317.287633][T14804]  do_syscall_64+0xd2/0x200
[  317.287655][T14804]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  317.287685][T14804]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  317.287740][T14804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.287763][T14804] RIP: 0033:0x7f518303f749
[  317.287780][T14804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.287800][T14804] RSP: 002b:00007f5181a9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  317.287822][T14804] RAX: ffffffffffffffda RBX: 00007f5183295fa0 RCX: 00007f518303f749
[  317.287878][T14804] RDX: 0000000000000000 RSI: 0000200000001040 RDI: 00000000ffffff9c
[  317.287893][T14804] RBP: 00007f5181a9f090 R08: 0000000000000000 R09: 0000000000000000
[  317.287906][T14804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.287919][T14804] R13: 00007f5183296038 R14: 00007f5183295fa0 R15: 00007ffe057be998
[  317.287940][T14804]  </TASK>
[  317.289370][T14804] SELinux:  policydb version 586747130 does not match my version range 15-35
[  317.483581][T14804] SELinux: failed to load policy
[  317.795003][T14835] syzkaller0: entered allmulticast mode
[  317.801150][T14835] syzkaller0: entered promiscuous mode
[  317.804155][T14838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.817084][T14835] syzkaller0 (unregistering): left allmulticast mode
[  317.824161][T14835] syzkaller0 (unregistering): left promiscuous mode
[  317.831532][T14838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.933760][   T31] Bluetooth: hci0: Frame reassembly failed (-84)
[  318.063974][T14865] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3741'.
[  318.406683][T14881] netlink: 'syz.4.3746': attribute type 4 has an invalid length.
[  318.415042][T14881] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12577 sclass=netlink_route_socket pid=14881 comm=syz.4.3746
[  318.698915][T14885] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3748'.
[  318.902432][T14902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3752'.
[  319.341664][T14935] syzkaller0: entered allmulticast mode
[  319.347664][T14935] syzkaller0: entered promiscuous mode
[  319.355134][T14935] syzkaller0 (unregistering): left allmulticast mode
[  319.362061][T14935] syzkaller0 (unregistering): left promiscuous mode
[  319.640385][   T29] kauditd_printk_skb: 460 callbacks suppressed
[  319.640403][   T29] audit: type=1326 audit(1764534597.685:25490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.685495][   T29] audit: type=1326 audit(1764534597.713:25491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.709787][   T29] audit: type=1326 audit(1764534597.713:25492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.734186][   T29] audit: type=1326 audit(1764534597.713:25493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.758020][   T29] audit: type=1326 audit(1764534597.713:25494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.781819][   T29] audit: type=1326 audit(1764534597.713:25495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.805699][   T29] audit: type=1326 audit(1764534597.713:25496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.829654][   T29] audit: type=1326 audit(1764534597.713:25497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.853901][   T29] audit: type=1326 audit(1764534597.713:25498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.878182][   T29] audit: type=1326 audit(1764534597.713:25499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14955 comm="syz.0.3772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518303f749 code=0x7ffc0000
[  319.983691][T14965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.992913][T14965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.002709][T14965] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3774'.
[  320.042884][T14967] syzkaller0: entered allmulticast mode
[  320.048823][T14967] syzkaller0: entered promiscuous mode
[  320.065674][T14967] syzkaller0 (unregistering): left allmulticast mode
[  320.072578][T14967] syzkaller0 (unregistering): left promiscuous mode
[  320.085546][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  320.784298][T14991] wireguard0: entered promiscuous mode
[  320.789929][T14991] wireguard0: entered allmulticast mode
[  320.823917][T14993] netlink: 'syz.0.3782': attribute type 13 has an invalid length.
[  320.902502][T14998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  320.911276][T14998] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.930706][T14998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3786'.
[  320.956178][T15001] syzkaller0: entered allmulticast mode
[  320.962382][T15001] syzkaller0: entered promiscuous mode
[  320.970107][T15001] syzkaller0 (unregistering): left allmulticast mode
[  320.977047][T15001] syzkaller0 (unregistering): left promiscuous mode
[  321.774968][T15020] 
€Â: renamed from batadv_slave_0 (while UP)
[  322.225070][T15031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  322.255198][T15031] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  322.299747][T15031] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3797'.
[  322.662257][T15038] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3799'.
[  322.924503][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[  323.098422][T15090] wireguard0: entered promiscuous mode
[  323.104061][T15090] wireguard0: entered allmulticast mode
[  323.117468][T15092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3819'.
[  323.141427][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  323.252086][T15107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  323.260772][T15107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  323.270108][T15107] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3826'.
[  323.945137][T15129] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3834'.
[  324.264117][T15151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  324.276627][ T2966] ==================================================================
[  324.284765][ T2966] BUG: KCSAN: data-race in wg_socket_send_skb_to_peer / wg_socket_send_skb_to_peer
[  324.294077][ T2966] 
[  324.296414][ T2966] read-write to 0xffff88811a511d18 of 8 bytes by task 6681 on cpu 1:
[  324.304647][ T2966]  wg_socket_send_skb_to_peer+0xe8/0x130
[  324.310383][ T2966]  wg_socket_send_buffer_to_peer+0xf1/0x120
[  324.316290][ T2966]  wg_packet_handshake_send_worker+0x10d/0x160
[  324.322456][ T2966]  process_scheduled_works+0x4ce/0x9d0
[  324.327927][ T2966]  worker_thread+0x582/0x770
[  324.332737][ T2966]  kthread+0x489/0x510
[  324.336810][ T2966]  ret_from_fork+0x122/0x1b0
[  324.341409][ T2966]  ret_from_fork_asm+0x1a/0x30
[  324.346353][ T2966] 
[  324.348675][ T2966] read-write to 0xffff88811a511d18 of 8 bytes by task 2966 on cpu 0:
[  324.356821][ T2966]  wg_socket_send_skb_to_peer+0xe8/0x130
[  324.362468][ T2966]  wg_packet_tx_worker+0x12d/0x330
[  324.367597][ T2966]  process_scheduled_works+0x4ce/0x9d0
[  324.373081][ T2966]  worker_thread+0x582/0x770
[  324.377765][ T2966]  kthread+0x489/0x510
[  324.381853][ T2966]  ret_from_fork+0x122/0x1b0
[  324.386443][ T2966]  ret_from_fork_asm+0x1a/0x30
[  324.391215][ T2966] 
[  324.393542][ T2966] value changed: 0x00000000000003e8 -> 0x000000000000047c
[  324.400643][ T2966] 
[  324.402972][ T2966] Reported by Kernel Concurrency Sanitizer on:
[  324.409312][ T2966] CPU: 0 UID: 0 PID: 2966 Comm: kworker/0:2 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  324.420860][ T2966] Tainted: [W]=WARN
[  324.424662][ T2966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  324.434718][ T2966] Workqueue: wg-crypt-wg2 wg_packet_tx_worker
[  324.440827][ T2966] ==================================================================
[  324.464509][T15151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  324.504732][T15151] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3843'.
[  325.120143][ T3922] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  325.120207][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  325.291210][ T3922] Bluetooth: hci1: command 0x1003 tx timeout
[  325.291210][ T3713] Bluetooth: hci1: Opcode 0x1003 failed: -110