last executing test programs:

1m16.591781145s ago: executing program 4 (id=8492):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3, 0x0, 0x10}, 0x18)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000200)="7f", 0x1}], 0x1, 0x6)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f00000000c0)={0x0, 0x18, 0x0, 0x16, 0x0, 0xffa})
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x10000, &(0x7f0000000640)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdnR?', @ANYRES16=r1, @ANYRES64=r4])
ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8010743f, &(0x7f0000000600))
syz_read_part_table(0x5c2, &(0x7f0000000000)="$eJzs2z1oU2sYB/AnavCil+vi5GQdnFwURzOoJFFRCNEu4qCgiBi4EEGIECjoYDO0NEPp2KUUsvRjapqhw6Wlhc6ldOil0KHTpV0KXZpL6Xv39vYDhN8PDg/v+/7Pec4znPEEv7QL8U+3281ERPfy8e/ubeULT2+WHpZfRWTiTUT0/PXH1MFJJiX+e+qttF5P67HRK53+nSfZ1trL3dtv5xsX0nlfuq6Ot3tPPBxnbiK3cO37j2pxoJb7tFqsb/5cWX4xuZ0vt583mlPPso/fp9xiqpdS/RK1+Baf411UohIfonpK/UdaG3f3bxRbMx8f7BU6g3P3Uq50wjmP2v9rz9DrZv3Rnenrw/drs0vlrYuHucr/+LoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADh/E7mFa99/VIsDtdyn1WJ98+fK8ovJ7Xy5/bzRnHqWffw+5RZTvZTql6jFt/gc76ISlfgQ1VPqP9LauLt/o9ia+fhgr9AZnLuXcqUTznnU/l97hl4364/uTF8fvl+bXSpvXTzMVS6f0QsAAAAAAAAAAAAAAAAAAABAROQLT2+WHpZfRWTiTUT8+fvczMF+N/3vnkm5W6mup/2x0Sud/p0n2dbay93bb+cbf6f9vt8i+iLi6ni799yH4dj+DQAA///B9JXf")
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x24, 0x10, 0x1, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf, 0xd}, {0xe, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x240280c0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES64=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchownat(r6, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0)

1m15.691713691s ago: executing program 4 (id=8503):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="070000000400000000010000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x29, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
r1 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000100)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@dioread_lock}, {@barrier}, {@bsdgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r4}, 0x18)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000f40)=ANY=[], 0x0)
fadvise64(r2, 0x807f, 0x1000000, 0x4)

1m12.656229572s ago: executing program 4 (id=8524):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0xc, &(0x7f00000002c0), 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0x7, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00'}, 0x10)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)
bind$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @private=0xa010101}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000fedbdf25170000004800068008000600000000003c0004"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4040800)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})

1m12.357256623s ago: executing program 4 (id=8529):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="b9fdef306844268cb89614f086dd", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0x2, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r3 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file1\x00', 0x40042, 0xbc)
pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0xfffe) (async)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0x40305828, &(0x7f0000000300)={0x17c04, 0xffffffffffffffff, 0x9, 0x3, 0x1, 0xd8}) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r4}, 0x10)
sendmsg$SOCK_DESTROY(r3, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000840)={0xe0, 0x15, 0x400, 0x70bd2a, 0x25dfdbfc, {0x1, 0xf2}, [@INET_DIAG_REQ_BYTECODE={0x54, 0x1, "f6cd9a28bbbfb186971376821fb6d180238ed143cf709b17b7769b396e97fa8c6801116e803c780160531791d6fd16d6dfce1cc3801958a26f333f24c983c0df8a1442243b3d91eb67416d57a846fefe"}, @INET_DIAG_REQ_BYTECODE={0x75, 0x1, "ca29fc6e653fcbf69726bc6cb04b770959272554036232abd2df80cc7b0e5d16042bb1067f57f1a781af206ca55dfe38176b5ac2241cbbe0d17168867295f1bb1537a01149aaa5c24958fc97cc76e8b8f8ba9dcc5950f78a4ece5ec95ccdf1e89d53249b30c769df58b8f947cac18e098c"}]}, 0xe0}, 0x1, 0x0, 0x0, 0x8885}, 0x200000c1)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r6, &(0x7f0000000580)="3934e238", 0x0}, 0x20) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x10007ffffffff}, 0x18) (async)
r7 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4) (async)
r8 = inotify_init1(0x0)
r9 = inotify_add_watch(r8, &(0x7f0000000440)='.\x00', 0x20000000)
write$binfmt_elf32(r7, &(0x7f0000005640)=ANY=[@ANYRES16=r9], 0x69) (async)
close(r7)
execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) (async)
r10 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
write$tun(r10, &(0x7f0000000300)={@void, @void, @arp=@ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x3, @multicast, @remote, @local, @empty}}, 0x34)

1m12.210119124s ago: executing program 4 (id=8530):
r0 = syz_io_uring_setup(0x4553, &(0x7f0000000040)={0x0, 0x59fc, 0x80, 0x3, 0x24a}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x5535, 0x3acd, 0x22, 0x0, 0x0)

1m11.866928657s ago: executing program 4 (id=8531):
init_module(&(0x7f0000000480)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4a, 0x8, 0x7, 0x2, 0x3, 0x6, 0x4, 0x34d, 0x40, 0x10b, 0x7, 0x93c2, 0x38, 0x2, 0x1, 0xafe2, 0xfff}, [{0x6474e551, 0xc, 0x4, 0xa4, 0xfffffffffffffffa, 0x10001, 0x3}, {0x4, 0x1ff, 0x0, 0x39, 0x1, 0x5, 0x21}], "a5f656b2a1a3b7dd57358923fee660ae01dfc9ddc450d7ab66e20d59aeb87633e05e8f1ceacdc92b3ab565ae819239537ee682431c2d99a127a2dbb242f292ba9f0dc028f6ea3998bc2719c9bc91d3f18e6e9e9d12c2a2dc2510e7f230daea3107e6d30f83bca6e306e1991bf3b16692cfb2270ecc40fade52a9fc3f3422ef9940af9f", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x833, &(0x7f00000001c0)=')$}$^@\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_clone(0x45200100, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x3}, 0x18)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r3, 0x5608)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x248, &(0x7f00000002c0), 0xfd, 0x4a0, &(0x7f0000000e00)="$eJzs3MtrXNUfAPDvnZkkfSe//uqjtdpoFYuPpEmrFhR8gOBCQdBFXUlM0lKbNtJEsCXYKKVuBC24F8GN4F/gypWoK8Gt7qVQpJtWVyM3c+90kszk0Ztkms7nAzdzzsy5c873Ps89d24C6Fj96Z8kYkdE/BERvRFRaiywtTal5W5enxn95/rMaBLV6lt/J+lsceP6zGheNMlet9cylfSLSpeSeKlJvVPnL5wemZgYP5flB6fPfDA4df7C06fOjJwcPzl+dvjYsaNHhp57dviZNYkzbdONfR9P7t/72jtX3hg9fuW9X75PGhrdGEdBz/fWkzP1ZbLQY2tU2Z1iZ0M6qbSxIaxKT0Skq6trbv/vjfKlXfXPeuPVT9vaOGBdVavV6nDrj2erwF0siXa3AGiP/ESfXv/m0wZ1Pe4I116uXQClcd/Mptonldo4SE/t2mjnOtXfHxHHZ//9Op1i1eMQXevUKgDgbvZj2v95qkn/rxJxb0O5Xdm9ob6I+F9E7I6I/0fEnoi4J2pl74uI+5tX0/9ui/r7F+QX939KVwuEt6y0//dCdm9rfv+vfhesr5zlds7F35WcODUxfjhbJoeiqyfNDzX99iRiNn39/YtW9Tf2/9IprT/vC2btuFrpmT/P2Mj0SOHAM9c+idhXaRZ/EpVbUcTeiNh3m3WceuK7/fPfKddTy8e/hDW4z1T9JuLx2vqfjQXx55Kl708ObomJ8cOD+Vax2K+/XX6zVf21+EuxdPxbiwfaQrr+tzXb/l+sx9+XNN6vnVr0Fd3L1XH5z89aXtPcWv8RW+beWdn23528Pa/yj0amp88NRXQnry9+v2GAO8/n5dP4Dx1svv/vzuZJ438gItKN+MGIeCgiDmRtfzgiHomIg0vE//Mrj77fMv4DBbb/NZDGP9b0+Ndq/a8+UT790w+t6l/Z8e9onplr1EqOfyttYJFlBwAAAJtFKSJ2RFIaqKdLpYGB2u/l98S20sTk1PSTJyY/PDtWe0agL7pK+UhXb8N46FA2Npznh7P8xSx/JBs3/qq8dS4/MDo5Mdbu4KHDbW+x/6f+KjeZYf2GooF28LwWdK7V7//L3vMFNonbP//rOcBmt8xeXNqodgAbz1kcOlez/f9iYyaJ2q/kgbuO8z90rvr+/+UKCjcM/S98eBPYfJY6/1d7N7AhwIbT/4eOVOS5/jwRUWj2Yon4NmLpMkl7GlYw8XmR2Ssb0MIotXH5dLdlpQyX27qpV1b6Xy3ifPVi4UrbfWQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYG/8FAAD//64O3bE=")
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)

1m11.866526527s ago: executing program 32 (id=8531):
init_module(&(0x7f0000000480)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4a, 0x8, 0x7, 0x2, 0x3, 0x6, 0x4, 0x34d, 0x40, 0x10b, 0x7, 0x93c2, 0x38, 0x2, 0x1, 0xafe2, 0xfff}, [{0x6474e551, 0xc, 0x4, 0xa4, 0xfffffffffffffffa, 0x10001, 0x3}, {0x4, 0x1ff, 0x0, 0x39, 0x1, 0x5, 0x21}], "a5f656b2a1a3b7dd57358923fee660ae01dfc9ddc450d7ab66e20d59aeb87633e05e8f1ceacdc92b3ab565ae819239537ee682431c2d99a127a2dbb242f292ba9f0dc028f6ea3998bc2719c9bc91d3f18e6e9e9d12c2a2dc2510e7f230daea3107e6d30f83bca6e306e1991bf3b16692cfb2270ecc40fade52a9fc3f3422ef9940af9f", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x833, &(0x7f00000001c0)=')$}$^@\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_clone(0x45200100, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x3}, 0x18)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r3, 0x5608)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x248, &(0x7f00000002c0), 0xfd, 0x4a0, &(0x7f0000000e00)="$eJzs3MtrXNUfAPDvnZkkfSe//uqjtdpoFYuPpEmrFhR8gOBCQdBFXUlM0lKbNtJEsCXYKKVuBC24F8GN4F/gypWoK8Gt7qVQpJtWVyM3c+90kszk0Ztkms7nAzdzzsy5c873Ps89d24C6Fj96Z8kYkdE/BERvRFRaiywtTal5W5enxn95/rMaBLV6lt/J+lsceP6zGheNMlet9cylfSLSpeSeKlJvVPnL5wemZgYP5flB6fPfDA4df7C06fOjJwcPzl+dvjYsaNHhp57dviZNYkzbdONfR9P7t/72jtX3hg9fuW9X75PGhrdGEdBz/fWkzP1ZbLQY2tU2Z1iZ0M6qbSxIaxKT0Skq6trbv/vjfKlXfXPeuPVT9vaOGBdVavV6nDrj2erwF0siXa3AGiP/ESfXv/m0wZ1Pe4I116uXQClcd/Mptonldo4SE/t2mjnOtXfHxHHZ//9Op1i1eMQXevUKgDgbvZj2v95qkn/rxJxb0O5Xdm9ob6I+F9E7I6I/0fEnoi4J2pl74uI+5tX0/9ui/r7F+QX939KVwuEt6y0//dCdm9rfv+vfhesr5zlds7F35WcODUxfjhbJoeiqyfNDzX99iRiNn39/YtW9Tf2/9IprT/vC2btuFrpmT/P2Mj0SOHAM9c+idhXaRZ/EpVbUcTeiNh3m3WceuK7/fPfKddTy8e/hDW4z1T9JuLx2vqfjQXx55Kl708ObomJ8cOD+Vax2K+/XX6zVf21+EuxdPxbiwfaQrr+tzXb/l+sx9+XNN6vnVr0Fd3L1XH5z89aXtPcWv8RW+beWdn23528Pa/yj0amp88NRXQnry9+v2GAO8/n5dP4Dx1svv/vzuZJ438gItKN+MGIeCgiDmRtfzgiHomIg0vE//Mrj77fMv4DBbb/NZDGP9b0+Ndq/a8+UT790w+t6l/Z8e9onplr1EqOfyttYJFlBwAAAJtFKSJ2RFIaqKdLpYGB2u/l98S20sTk1PSTJyY/PDtWe0agL7pK+UhXb8N46FA2Npznh7P8xSx/JBs3/qq8dS4/MDo5Mdbu4KHDbW+x/6f+KjeZYf2GooF28LwWdK7V7//L3vMFNonbP//rOcBmt8xeXNqodgAbz1kcOlez/f9iYyaJ2q/kgbuO8z90rvr+/+UKCjcM/S98eBPYfJY6/1d7N7AhwIbT/4eOVOS5/jwRUWj2Yon4NmLpMkl7GlYw8XmR2Ssb0MIotXH5dLdlpQyX27qpV1b6Xy3ifPVi4UrbfWQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYG/8FAAD//64O3bE=")
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)

3.120659439s ago: executing program 5 (id=9458):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x18)
close(r2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r3 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)

2.98937934s ago: executing program 5 (id=9459):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000001600156f"], 0x18}}, 0x8080)

2.95910868s ago: executing program 5 (id=9460):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801f50cfb020000000000003b810000850000006d6d50f129cbcb30d1b4ebef3b"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000ffff000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="46000119236a69bfd36b0000000000b61d16944d4e7fa9392eddd03e1a000967e131f6a7d7fa0f2351a6a57407b1", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040))
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000480))
syz_clone(0xc0001480, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
clock_getres(0x7, &(0x7f00000004c0))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r6}, 0x18)
ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000000)={0x1, 0x7f, 0x9})

2.229109405s ago: executing program 5 (id=9478):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xffffffff00000003}, 0x0)

2.174695665s ago: executing program 5 (id=9479):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x2}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x281, 0x7f, 0xfffffffd, 0x4, 0x2, 0xffffffc0, 0x5, 0x2234, 0x7f, 0x81b, 0x800, 0x8, 0x0, 0x7, 0x7ed53619, 0x1, 0x2, 0x9644, 0x4, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x791, 0x5, 0xab2, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x3, 0x1, 0x5b1f, 0x7b0, 0x7, 0x100, 0x6, 0x80000d, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x1ff, 0x80, 0x4, 0x7, 0x3, 0x6, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x1, 0x10001, 0xf7, 0x3, 0xfffffff9, 0x9, 0x4, 0x8, 0x1000, 0x3, 0x1, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d20, 0x2, 0x9, 0x0, 0x7f, 0x7, 0x863c, 0xff, 0xff, 0x5, 0x7, 0x6, 0x10007a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x9, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0xf, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xff0, 0xf, 0x6ae, 0x2, 0x1, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0xfffffffb, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0x0, 0xac, 0x7, 0x6, 0x10, 0x0, 0x8, 0x80000001, 0x0, 0x0, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0x9, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x8000005, 0x8, 0x3, 0x2, 0x5, 0xfca, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x1, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x107e, 0x4, 0x235, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xffffff01, 0x5, 0x37f, 0x80000008, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x3, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x1000, 0x4, 0x0, 0x3, 0x0, 0xd, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94d, 0x9, 0x8, 0x6, 0x1100, 0xec0, 0x10001, 0x4, 0x2, 0x3ff, 0x3e, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0x19bb, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x800092, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0xffffff37, 0x3, 0x9, 0xc, 0x3, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xa5d9, 0x1, 0x0, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x5, 0x4, 0x1, 0x8, 0xd, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x4, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x3, 0x0, 0x81, 0xfff80000, 0x7a7, 0x1, 0x6, 0x3, 0x8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x3, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0xfff, 0x40, 0x2, 0xfff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1fd, 0x400003, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x7, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff9a, 0x2, 0xfff, 0x1, 0x40, 0x8, 0x3, 0x70d, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x6, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0x5}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0)

2.094810266s ago: executing program 5 (id=9481):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0xa, 0x2, 0x73)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[], 0x48)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mq_unlink(0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r0=>0x0})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000014000009180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)

1.257983852s ago: executing program 1 (id=9500):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r1=>0x0})
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000040)=0x522, 0x4)
bind$can_raw(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r1}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x40)

1.191213312s ago: executing program 1 (id=9504):
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r0, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r0], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000001600156f"], 0x18}}, 0x8080)

1.119259043s ago: executing program 1 (id=9505):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c0001400000000200000101480000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001c0003800c00008008000340000000020c0000800800034000000002"], 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1.095057623s ago: executing program 1 (id=9506):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)

1.060506503s ago: executing program 1 (id=9508):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={0x0, r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x6}, {0x1000}, {0x1}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x7}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0x1000000}, {}, {}, {}, {0xfffffffc}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {0x0, 0x0, 0x10000000}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x800000}, {}, {}, {}, {0x0, 0x0, 0x2}, {0x4, 0xc000000}, {}, {0x0, 0x80000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x23}, {0x0, 0x8, 0x0, 0x404}, {0x0, 0x0, 0x0, 0x2, 0xfffffffd}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x9f, 0x0, 0x0, 0x1}, {0x20000, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0xfffffffd}, {}, {}, {}, {}, {0xfffffffd, 0x0, 0x40000}, {}, {}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {0x0, 0x0, 0x0, 0x0, 0x401}, {}, {0x0, 0x78}, {0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x2}], [{0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)

1.025858463s ago: executing program 1 (id=9510):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r4 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r4, r3})
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f00000001c0)=@add_del={0x2, &(0x7f0000000180)='veth0_to_hsr\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000100)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@dioread_lock}, {@barrier}, {@bsdgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r6, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r8}, 0x18)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000f40)=ANY=[], 0x0)
fadvise64(r6, 0x807f, 0x1000000, 0x4)

859.469494ms ago: executing program 2 (id=9517):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)

838.015854ms ago: executing program 2 (id=9519):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
rt_sigqueueinfo(0x0, 0x28, 0x0)

775.003955ms ago: executing program 2 (id=9521):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x4004850)

769.210365ms ago: executing program 2 (id=9522):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801f50cfb020000000000003b810000850000006d6d50f129cbcb30d1b4ebef3b"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000ffff000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="46000119236a69bfd36b0000000000b61d16944d4e7fa9392eddd03e1a000967e131f6a7d7fa0f2351a6a57407b1", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040))
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000480))
syz_clone(0xc0001480, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
clock_getres(0x7, &(0x7f00000004c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000000)={0x1, 0x7f, 0x9})

566.468806ms ago: executing program 0 (id=9527):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e22, 0x3, 0x1000c, 0x8}}, 0x44)
sendmsg$sock(r1, 0x0, 0x0)

532.791047ms ago: executing program 0 (id=9528):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000001600156f"], 0x18}}, 0x8080)

442.865497ms ago: executing program 0 (id=9530):
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r0, 0x4004550c, 0x0)

352.965048ms ago: executing program 0 (id=9532):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x4004850)

296.372468ms ago: executing program 0 (id=9533):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000002c0)={0x0, 0x4}, 0x8)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
write$tun(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000031011ff00000000000100070000000000000000ff0200000000000000000000000000014f194e20"], 0xfdef)

295.766308ms ago: executing program 3 (id=9534):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x3, 0x3, 0x8, 0x8, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4)

216.981908ms ago: executing program 0 (id=9535):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)
bind$l2tp(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @broadcast, 0x2}, 0x10)

188.444369ms ago: executing program 3 (id=9536):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

157.761949ms ago: executing program 3 (id=9537):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0x2000000000000217, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r0, 0x0, 0x1034}, 0x18)
unshare(0x2040600)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")

88.516949ms ago: executing program 3 (id=9538):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES32], 0x1, 0x2b2, &(0x7f00000006c0)="$eJzs3NFLU28cx/Hvz6mbE91+EEFB9aVu6uag6w+oEQrRoDAn1UVwzLMaO21yzlgsIncT3fZ3SJfdBdU/4E100313EgTdeBGd8Jwd3XTa1M2t+X6BnO/xeT4+jzrlewSf9XtvnhZyrpEzyzIUUxkSqcmGSHKzqvuvfh3y61FpVJMr4z+/nrt7/8GtdCYzM6c6m56/mlLVyQsfnr14e/FTeXzh3eT7qKwlH67/SH1bO712Zv33/JO8q3lXi6WymrpYKpXNRdvSpbxbMFTv2JbpWpovupbTNJ6zS8vLVTWLSxPxZcdyXTWLVS1YVS2XtOxU1Xxs5otqGIZOxOVkG25jTnZ1bs5M7znsRTq6I3RetPl2rNUcx0nXWg9mV7u1LwAA0L/27/+DXn/v/j+zEFw73P+L0P93Sa3p7i/9PwaC46TNeP3ntxn9PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t4npcIr+FbVERiIhLe93qf6I5Dfv+v9Wi76LCGf9yLidivK9lKNrgG4+mc5MUWS6YkIb/810NdUM/ezMxMqW+k/iE38yuVbMQ/m8DPh5Kt8uf/nw7yKh83c5V6fkTijeunJCGnWq+f2s6HxyGsVLKjcvlSQ96QhHx+JCWxZcl/XW/nX06r3rid2bH+mD8PAAAAAIBBYOiWZPPzb3D2o+FPiMnu8SB/gL8P7Hi+Hpaz7RxRCQAAAAAAjsytPi+Ytm05hyiiInKE+KAWEemLbeworotIH2zjuIqYiATv0cPEv2/F20p5bcwZFpGef1kOUPT6NxMAAACATttu+g8Q+vKqizsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODkafc8sHD+rqFwYJ94w3KRY/8EAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD7yJwAA//+j7Rqj")
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000002200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1a4a438, &(0x7f0000000480)=ANY=[@ANYRES16, @ANYRESOCT=r2, @ANYRES32, @ANYRES64], 0xb, 0x0, &(0x7f0000000000))
renameat2(r2, &(0x7f0000000b40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r2, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

80.780829ms ago: executing program 2 (id=9539):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})

32.21332ms ago: executing program 3 (id=9540):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000001600156f"], 0x18}}, 0x8080)

2.1629ms ago: executing program 2 (id=9541):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r1, 0x0, 0x4ab}, 0x18)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000000008010800000000000000000300000206000240dada0000090001007371b2f1e1a12edd351c738f7a30000000000400"], 0x34}, 0x1, 0x0, 0x0, 0x24018100}, 0x4000000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000080))

0s ago: executing program 3 (id=9542):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/mdstat\x00', 0x0, 0x0)
r1 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x48, 0x0, @fd=r0, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x30)

kernel console output (not intermixed with test programs):

p5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  730.812941][T29972] batadv0: entered promiscuous mode
[  730.818226][T29972] batadv0: entered allmulticast mode
[  730.844134][T29972] bond0: (slave batadv0): Releasing backup interface
[  730.845177][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  730.863125][T29972] bridge0: port 3(batadv0) entered blocking state
[  730.869679][T29972] bridge0: port 3(batadv0) entered disabled state
[  731.006539][T29984] loop3: detected capacity change from 0 to 512
[  731.026056][T29984] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  731.039242][T29984] ext4 filesystem being mounted at /498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  731.079657][T29984] random: crng reseeded on system resumption
[  731.110164][T21832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  731.130252][T29988] Invalid ELF header type: 3 != 1
[  731.135902][T29982] loop5: detected capacity change from 0 to 512
[  731.142570][T29982] msdos: Bad value for 'errors'
[  731.343032][T29982] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  731.402854][ T6059] Bluetooth: hci0: command 0x1003 tx timeout
[  731.403874][ T4412] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  731.477527][T30002] loop2: detected capacity change from 0 to 512
[  731.485125][T30002] EXT4-fs: dax option not supported
[  731.637910][T30011] loop2: detected capacity change from 0 to 2048
[  731.685663][T29253] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  731.695888][T30011] GPT:first_usable_lbas don't match.
[  731.701262][T30011] GPT:34 != 290
[  731.704767][T30011] GPT: Use GNU Parted to correct GPT errors.
[  731.710928][T30011]  loop2: p1 p2 p3
[  731.929642][T30027] loop1: detected capacity change from 0 to 2048
[  731.959862][  T340] Bluetooth: hci0: Frame reassembly failed (-84)
[  731.973930][T30027] Alternate GPT is invalid, using primary GPT.
[  731.980466][T30027]  loop1: p1 p2 p3
[  731.984289][T30027] loop1: partition table partially beyond EOD, truncated
[  732.009082][T30023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8814'.
[  732.114721][T30047] loop5: detected capacity change from 0 to 2048
[  732.164119][T30047] Alternate GPT is invalid, using primary GPT.
[  732.170482][T30047]  loop5: p1 p2 p3
[  732.174257][T30047] loop5: partition table partially beyond EOD, truncated
[  732.197903][T30047] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8820'.
[  732.237050][T30043] loop3: detected capacity change from 0 to 512
[  732.269355][T30043] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  732.291547][T30043] EXT4-fs (loop3): mount failed
[  732.308118][T30054] Invalid ELF header type: 3 != 1
[  732.352177][T30056] loop3: detected capacity change from 0 to 2048
[  732.373856][T30056] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  732.392858][T30056] ext4 filesystem being mounted at /503/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  732.414977][T30061] netlink: 'syz.5.8825': attribute type 10 has an invalid length.
[  732.430005][T30056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  732.433171][T30061] batadv0: left allmulticast mode
[  732.440525][T30056] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  732.443708][T30061] batadv0: left promiscuous mode
[  732.456870][T30061] bridge0: port 3(batadv0) entered disabled state
[  732.464939][T30061] 8021q: adding VLAN 0 to HW filter on device batadv0
[  732.472870][T30062] netlink: 'syz.5.8825': attribute type 10 has an invalid length.
[  732.473723][T30061] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  732.480692][T30062] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8825'.
[  732.498349][T30062] batadv0: entered promiscuous mode
[  732.503642][T30062] batadv0: entered allmulticast mode
[  732.520308][T30062] bond0: (slave batadv0): Releasing backup interface
[  732.530723][T30062] bridge0: port 3(batadv0) entered blocking state
[  732.537285][T30062] bridge0: port 3(batadv0) entered disabled state
[  732.979301][T21832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  733.002875][ T6059] Bluetooth: hci1: command 0x1003 tx timeout
[  733.009026][T24487] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  733.463072][T30092] loop3: detected capacity change from 0 to 512
[  733.474127][T30092] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  733.489209][T30092] EXT4-fs (loop3): mount failed
[  733.526814][T30098] netlink: 'syz.3.8838': attribute type 10 has an invalid length.
[  733.535274][T30098] batadv0: left allmulticast mode
[  733.540455][T30098] batadv0: left promiscuous mode
[  733.545697][T30098] bridge0: port 3(batadv0) entered disabled state
[  733.557516][T30098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  733.566944][T30098] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  733.579759][T30098] netlink: 'syz.3.8838': attribute type 10 has an invalid length.
[  733.587664][T30098] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8838'.
[  733.597193][T30098] batadv0: entered promiscuous mode
[  733.602449][T30098] batadv0: entered allmulticast mode
[  733.610533][T30098] bond0: (slave batadv0): Releasing backup interface
[  733.621007][T30098] bridge0: port 3(batadv0) entered blocking state
[  733.627535][T30098] bridge0: port 3(batadv0) entered disabled state
[  733.707002][T29973] Bluetooth: hci1: Frame reassembly failed (-84)
[  733.786168][  T340] Bluetooth: hci2: Frame reassembly failed (-84)
[  733.973082][T22847] Bluetooth: hci0: command 0x1003 tx timeout
[  733.979203][ T4412] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  734.062651][T30132] FAULT_INJECTION: forcing a failure.
[  734.062651][T30132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  734.076054][T30132] CPU: 1 UID: 0 PID: 30132 Comm: syz.2.8850 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  734.076094][T30132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  734.076107][T30132] Call Trace:
[  734.076114][T30132]  <TASK>
[  734.076122][T30132]  __dump_stack+0x1d/0x30
[  734.076153][T30132]  dump_stack_lvl+0xe8/0x140
[  734.076179][T30132]  dump_stack+0x15/0x1b
[  734.076197][T30132]  should_fail_ex+0x265/0x280
[  734.076276][T30132]  should_fail+0xb/0x20
[  734.076292][T30132]  should_fail_usercopy+0x1a/0x20
[  734.076329][T30132]  _copy_from_user+0x1c/0xb0
[  734.076361][T30132]  ___sys_sendmsg+0xc1/0x1d0
[  734.076405][T30132]  __x64_sys_sendmsg+0xd4/0x160
[  734.076429][T30132]  x64_sys_call+0x191e/0x3000
[  734.076547][T30132]  do_syscall_64+0xd2/0x200
[  734.076567][T30132]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  734.076632][T30132]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  734.076673][T30132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  734.076773][T30132] RIP: 0033:0x7f52eb41f6c9
[  734.076790][T30132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  734.076809][T30132] RSP: 002b:00007f52e9e87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  734.076828][T30132] RAX: ffffffffffffffda RBX: 00007f52eb675fa0 RCX: 00007f52eb41f6c9
[  734.076846][T30132] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  734.076863][T30132] RBP: 00007f52e9e87090 R08: 0000000000000000 R09: 0000000000000000
[  734.076881][T30132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  734.076895][T30132] R13: 00007f52eb676038 R14: 00007f52eb675fa0 R15: 00007fff53663678
[  734.076915][T30132]  </TASK>
[  734.308993][T30134] loop1: detected capacity change from 0 to 8192
[  734.323961][T30136] loop2: detected capacity change from 0 to 8192
[  734.405486][T30140] netlink: 'syz.1.8854': attribute type 10 has an invalid length.
[  734.413557][T30138] loop2: detected capacity change from 0 to 2048
[  734.413710][T30140] netlink: 'syz.1.8854': attribute type 10 has an invalid length.
[  734.428042][T30140] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8854'.
[  734.454803][T30138] GPT:first_usable_lbas don't match.
[  734.460165][T30138] GPT:34 != 290
[  734.463672][T30138] GPT: Use GNU Parted to correct GPT errors.
[  734.469976][T30138]  loop2: p1 p2 p3
[  734.494247][T30142] loop1: detected capacity change from 0 to 2048
[  734.523991][T30142] GPT:first_usable_lbas don't match.
[  734.529393][T30142] GPT:34 != 290
[  734.532901][T30142] GPT: Use GNU Parted to correct GPT errors.
[  734.539047][T30142]  loop1: p1 p2 p3
[  734.565038][T30156] loop2: detected capacity change from 0 to 512
[  734.573555][T30156] ------------[ cut here ]------------
[  734.579079][T30156] EA inode 11 i_nlink=2
[  734.579443][T30156] WARNING: CPU: 0 PID: 30156 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x36a/0x380
[  734.593957][T30156] Modules linked in:
[  734.597888][T30156] CPU: 0 UID: 0 PID: 30156 Comm: syz.2.8857 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  734.607811][T30156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  734.617927][T30156] RIP: 0010:ext4_xattr_inode_update_ref+0x36a/0x380
[  734.624615][T30156] Code: 90 49 8d 7e 40 e8 76 fd b8 ff 4d 8b 6e 40 4c 89 e7 e8 8a f8 b8 ff 41 8b 56 48 48 c7 c7 fa cc 55 86 4c 89 ee e8 07 fa 67 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 88 e7 b5 03 0f 1f 84 00 00 00 00 00
[  734.644301][T30156] RSP: 0018:ffffc90005ed7778 EFLAGS: 00010246
[  734.650434][T30156] RAX: e497cb250ac0ab00 RBX: ffff88811a60d308 RCX: 0000000000080000
[  734.658515][T30156] RDX: ffffc9000e7ad000 RSI: 00000000000026bc RDI: 00000000000026bd
[  734.666617][T30156] RBP: 0000000000000002 R08: 0001c90005ed75f7 R09: 0000000000000000
[  734.674846][T30156] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff88811a60d2b8
[  734.682953][T30156] R13: 000000000000000b R14: ffff88811a60d270 R15: 0000000000000001
[  734.690992][T30156] FS:  00007f52e9e876c0(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000
[  734.699954][T30156] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  734.706647][T30156] CR2: 00007f52e1aa6000 CR3: 000000011450c000 CR4: 00000000003506f0
[  734.714735][T30156] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  734.722763][T30156] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  734.730778][T30156] Call Trace:
[  734.734091][T30156]  <TASK>
[  734.737024][T30156]  ext4_xattr_inode_dec_ref_all+0x579/0x830
[  734.743014][T30156]  ? errseq_check+0x2c/0x50
[  734.747547][T30156]  ext4_xattr_delete_inode+0x6b7/0x790
[  734.753053][T30156]  ext4_evict_inode+0xa6a/0xd90
[  734.757952][T30156]  ? __pfx_ext4_evict_inode+0x10/0x10
[  734.763399][T30156]  evict+0x2e3/0x550
[  734.767302][T30156]  ? __dquot_initialize+0x146/0x7c0
[  734.772546][T30156]  iput+0x4ed/0x650
[  734.776409][T30156]  ext4_process_orphan+0x1a9/0x1c0
[  734.781619][T30156]  ext4_orphan_cleanup+0x6a8/0xa00
[  734.786763][T30156]  ext4_fill_super+0x3483/0x3810
[  734.791744][T30156]  ? snprintf+0x86/0xb0
[  734.795931][T30156]  ? set_blocksize+0x1a8/0x310
[  734.800706][T30156]  ? sb_set_blocksize+0xe3/0x100
[  734.805798][T30156]  ? setup_bdev_super+0x30e/0x370
[  734.810910][T30156]  ? __pfx_ext4_fill_super+0x10/0x10
[  734.816243][T30156]  get_tree_bdev_flags+0x291/0x300
[  734.821367][T30156]  ? __pfx_ext4_fill_super+0x10/0x10
[  734.826714][T30156]  get_tree_bdev+0x1f/0x30
[  734.831176][T30156]  ext4_get_tree+0x1c/0x30
[  734.835625][T30156]  vfs_get_tree+0x57/0x1d0
[  734.840060][T30156]  do_new_mount+0x24d/0x660
[  734.844619][T30156]  path_mount+0x4a5/0xb70
[  734.848986][T30156]  ? user_path_at+0x109/0x130
[  734.853696][T30156]  __se_sys_mount+0x28c/0x2e0
[  734.858405][T30156]  ? do_mkdirat+0x3ac/0x3f0
[  734.862951][T30156]  __x64_sys_mount+0x67/0x80
[  734.867553][T30156]  x64_sys_call+0x2b51/0x3000
[  734.872250][T30156]  do_syscall_64+0xd2/0x200
[  734.876784][T30156]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  734.882539][T30156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  734.888535][T30156] RIP: 0033:0x7f52eb420e6a
[  734.893029][T30156] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  734.912700][T30156] RSP: 002b:00007f52e9e86e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  734.921206][T30156] RAX: ffffffffffffffda RBX: 00007f52e9e86ef0 RCX: 00007f52eb420e6a
[  734.929290][T30156] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f52e9e86eb0
[  734.937289][T30156] RBP: 0000200000000180 R08: 00007f52e9e86ef0 R09: 0000000000800700
[  734.945415][T30156] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  734.953456][T30156] R13: 00007f52e9e86eb0 R14: 000000000000046c R15: 0000200000000740
[  734.961440][T30156]  </TASK>
[  734.964515][T30156] ---[ end trace 0000000000000000 ]---
[  734.970351][T30156] EXT4-fs (loop2): 1 orphan inode deleted
[  734.977110][T30156] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  735.002686][   T29] kauditd_printk_skb: 1916 callbacks suppressed
[  735.002706][   T29] audit: type=1326 audit(1762274525.936:108576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.032936][   T29] audit: type=1326 audit(1762274525.936:108577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.056738][   T29] audit: type=1326 audit(1762274525.936:108578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.080685][   T29] audit: type=1326 audit(1762274525.936:108579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.104438][   T29] audit: type=1326 audit(1762274525.936:108580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.128126][   T29] audit: type=1326 audit(1762274525.936:108581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.151823][   T29] audit: type=1326 audit(1762274525.936:108582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.175605][   T29] audit: type=1326 audit(1762274525.936:108583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.199278][   T29] audit: type=1326 audit(1762274525.936:108584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.222960][   T29] audit: type=1326 audit(1762274525.936:108585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30155 comm="syz.2.8857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  735.247598][T30166] FAULT_INJECTION: forcing a failure.
[  735.247598][T30166] name failslab, interval 1, probability 0, space 0, times 0
[  735.260407][T30166] CPU: 0 UID: 0 PID: 30166 Comm: syz.0.8859 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  735.260443][T30166] Tainted: [W]=WARN
[  735.260450][T30166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  735.260496][T30166] Call Trace:
[  735.260504][T30166]  <TASK>
[  735.260514][T30166]  __dump_stack+0x1d/0x30
[  735.260544][T30166]  dump_stack_lvl+0xe8/0x140
[  735.260565][T30166]  dump_stack+0x15/0x1b
[  735.260604][T30166]  should_fail_ex+0x265/0x280
[  735.260705][T30166]  ? kobject_uevent_env+0x1c0/0x570
[  735.260742][T30166]  should_failslab+0x8c/0xb0
[  735.260776][T30166]  __kmalloc_cache_noprof+0x4c/0x4a0
[  735.260814][T30166]  kobject_uevent_env+0x1c0/0x570
[  735.260900][T30166]  ? device_pm_check_callbacks+0x683/0x6a0
[  735.260938][T30166]  kobject_uevent+0x1d/0x30
[  735.260974][T30166]  device_del+0x710/0x790
[  735.260999][T30166]  device_unregister+0x15/0x40
[  735.261097][T30166]  bdi_unregister+0x307/0x3a0
[  735.261137][T30166]  __del_gendisk+0x2c3/0x570
[  735.261165][T30166]  del_gendisk+0xac/0xf0
[  735.261186][T30166]  loop_remove+0x26/0x80
[  735.261213][T30166]  loop_control_ioctl+0x3b3/0x3f0
[  735.261296][T30166]  ? __pfx_loop_control_ioctl+0x10/0x10
[  735.261383][T30166]  __se_sys_ioctl+0xce/0x140
[  735.261413][T30166]  __x64_sys_ioctl+0x43/0x50
[  735.261434][T30166]  x64_sys_call+0x1816/0x3000
[  735.261580][T30166]  do_syscall_64+0xd2/0x200
[  735.261623][T30166]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  735.261659][T30166]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  735.261690][T30166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.261728][T30166] RIP: 0033:0x7fe42d2cf6c9
[  735.261748][T30166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  735.261772][T30166] RSP: 002b:00007fe42bd2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  735.261798][T30166] RAX: ffffffffffffffda RBX: 00007fe42d525fa0 RCX: 00007fe42d2cf6c9
[  735.261816][T30166] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000010
[  735.261833][T30166] RBP: 00007fe42bd2f090 R08: 0000000000000000 R09: 0000000000000000
[  735.261898][T30166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.261910][T30166] R13: 00007fe42d526038 R14: 00007fe42d525fa0 R15: 00007fff99b29438
[  735.261931][T30166]  </TASK>
[  735.494402][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  735.567116][T30168] loop2: detected capacity change from 0 to 512
[  735.575687][T30168] EXT4-fs: Ignoring removed nobh option
[  735.598132][T30168] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #3: comm syz.2.8860: corrupted inode contents
[  735.613560][T30168] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #3: comm syz.2.8860: mark_inode_dirty error
[  735.625934][T30168] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #3: comm syz.2.8860: corrupted inode contents
[  735.638371][T30168] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.8860: mark_inode_dirty error
[  735.650455][T30168] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.8860: Failed to acquire dquot type 0
[  735.664089][T30168] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.8860: corrupted inode contents
[  735.684158][T30168] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #16: comm syz.2.8860: mark_inode_dirty error
[  735.696568][T30168] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.8860: corrupted inode contents
[  735.708916][T30168] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.8860: mark_inode_dirty error
[  735.723083][ T4412] Bluetooth: hci1: command 0x1003 tx timeout
[  735.723656][T24487] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  735.735412][T30168] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.8860: corrupted inode contents
[  735.752805][T30168] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[  735.763062][T30168] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.8860: corrupted inode contents
[  735.781433][T30168] EXT4-fs error (device loop2): ext4_truncate:4637: inode #16: comm syz.2.8860: mark_inode_dirty error
[  735.803006][T24487] Bluetooth: hci2: command 0x1003 tx timeout
[  735.814136][ T6059] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  735.814246][T30168] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem
[  735.830275][T30168] EXT4-fs (loop2): 1 truncate cleaned up
[  735.836706][T30168] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  735.849315][T30168] ext4 filesystem being mounted at /528/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  736.077817][T30200] loop5: detected capacity change from 0 to 2048
[  736.126636][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  736.151752][T30200] Alternate GPT is invalid, using primary GPT.
[  736.158201][T30200]  loop5: p1 p2 p3
[  736.162000][T30200] loop5: partition table partially beyond EOD, truncated
[  736.203813][T30200] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8870'.
[  736.522628][T30209] loop2: detected capacity change from 0 to 1024
[  736.570848][T30209] EXT4-fs: Ignoring removed bh option
[  736.592946][T30209] /dev/loop2: Can't open blockdev
[  736.698766][T29903] Bluetooth: hci0: Frame reassembly failed (-84)
[  736.803660][T30226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.860868][T30226] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.883413][T30224] loop2: detected capacity change from 0 to 8192
[  737.027528][T30236] netlink: 'syz.2.8883': attribute type 12 has an invalid length.
[  737.049733][T30240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8885'.
[  737.161303][T30244] netlink: 'syz.5.8881': attribute type 13 has an invalid length.
[  737.297454][T30236] loop2: detected capacity change from 0 to 2048
[  737.317623][T30236] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  737.578171][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  737.651264][T30255] batman_adv: batadv0: Removing interface: batadv_slave_0
[  737.659123][T30255] batman_adv: batadv0: Removing interface: batadv_slave_1
[  737.667446][T30255] bridge0: port 3(batadv0) entered disabled state
[  737.874788][T30264] loop5: detected capacity change from 0 to 8192
[  737.975142][T30275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8894'.
[  738.047154][T30287] Invalid ELF header type: 3 != 1
[  738.089906][T30276] syzkaller0: entered promiscuous mode
[  738.095470][T30276] syzkaller0: entered allmulticast mode
[  738.291567][T30293] loop5: detected capacity change from 0 to 512
[  738.338481][T30293] ext4 filesystem being mounted at /88/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  738.383611][T30297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8901'.
[  738.414768][T30293] random: crng reseeded on system resumption
[  738.545847][T30303] loop5: detected capacity change from 0 to 256
[  738.559639][T30303] FAT-fs (loop5): Directory bread(block 64) failed
[  738.566428][T30303] FAT-fs (loop5): Directory bread(block 65) failed
[  738.574069][T30303] FAT-fs (loop5): Directory bread(block 66) failed
[  738.580730][T30303] FAT-fs (loop5): Directory bread(block 67) failed
[  738.591924][T30303] FAT-fs (loop5): Directory bread(block 68) failed
[  738.630176][T30303] FAT-fs (loop5): Directory bread(block 69) failed
[  738.647302][T30303] FAT-fs (loop5): Directory bread(block 70) failed
[  738.654147][T30303] FAT-fs (loop5): Directory bread(block 71) failed
[  738.660691][T30303] FAT-fs (loop5): Directory bread(block 72) failed
[  738.667451][T30303] FAT-fs (loop5): Directory bread(block 73) failed
[  738.680384][T30303] syz.5.8904: attempt to access beyond end of device
[  738.680384][T30303] loop5: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  738.694925][T30303] syz.5.8904: attempt to access beyond end of device
[  738.694925][T30303] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[  738.763119][T24487] Bluetooth: hci0: command 0x1003 tx timeout
[  738.769324][ T6059] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  738.858465][T30315] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  738.922900][T30320] FAULT_INJECTION: forcing a failure.
[  738.922900][T30320] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  738.936394][T30320] CPU: 1 UID: 0 PID: 30320 Comm: syz.3.8912 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  738.936445][T30320] Tainted: [W]=WARN
[  738.936452][T30320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  738.936464][T30320] Call Trace:
[  738.936496][T30320]  <TASK>
[  738.936506][T30320]  __dump_stack+0x1d/0x30
[  738.936536][T30320]  dump_stack_lvl+0xe8/0x140
[  738.936566][T30320]  dump_stack+0x15/0x1b
[  738.936590][T30320]  should_fail_ex+0x265/0x280
[  738.936668][T30320]  should_fail_alloc_page+0xf2/0x100
[  738.936699][T30320]  __alloc_frozen_pages_noprof+0xff/0x360
[  738.936762][T30320]  alloc_pages_mpol+0xb3/0x260
[  738.936785][T30320]  alloc_pages_noprof+0x90/0x130
[  738.936809][T30320]  __pud_alloc+0x47/0x470
[  738.936845][T30320]  handle_mm_fault+0x1882/0x2be0
[  738.936939][T30320]  ? __rcu_read_unlock+0x4f/0x70
[  738.936970][T30320]  ? mt_find+0x208/0x320
[  738.937007][T30320]  do_user_addr_fault+0x3fe/0x1080
[  738.937096][T30320]  exc_page_fault+0x62/0xa0
[  738.937127][T30320]  asm_exc_page_fault+0x26/0x30
[  738.937148][T30320] RIP: 0010:rep_movs_alternative+0xf/0x90
[  738.937175][T30320] Code: c4 10 c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 3d f9 01 00 66 2e
[  738.937258][T30320] RSP: 0018:ffffc900026a3c48 EFLAGS: 00050202
[  738.937274][T30320] RAX: ffff88811a3e0aa0 RBX: 0000000000000004 RCX: 0000000000000004
[  738.937299][T30320] RDX: 0000000000000001 RSI: 0000200000001440 RDI: ffffc900026a3cd4
[  738.937316][T30320] RBP: 0000000000000001 R08: 0000000000000806 R09: 0000000000000000
[  738.937332][T30320] R10: 0001c900026a3cd4 R11: 0001c900026a3cd7 R12: 0000200000001440
[  738.937346][T30320] R13: 0000000000000036 R14: ffffc900026a3cd4 R15: 0000200000001440
[  738.937377][T30320]  _copy_from_user+0x6f/0xb0
[  738.937411][T30320]  do_ipv6_setsockopt+0x124/0x2160
[  738.937456][T30320]  ? __rcu_read_unlock+0x4f/0x70
[  738.937483][T30320]  ? calipso_sock_getattr+0x224/0x340
[  738.937566][T30320]  ? __rcu_read_unlock+0x4f/0x70
[  738.937604][T30320]  ? ip6_datagram_release_cb+0xf8/0x160
[  738.937642][T30320]  ? _raw_spin_unlock_bh+0x36/0x40
[  738.937676][T30320]  ? release_sock+0x116/0x150
[  738.937707][T30320]  ? selinux_netlbl_socket_setsockopt+0x255/0x2d0
[  738.937742][T30320]  ipv6_setsockopt+0x59/0x130
[  738.937854][T30320]  udpv6_setsockopt+0x99/0xb0
[  738.937884][T30320]  sock_common_setsockopt+0x69/0x80
[  738.937913][T30320]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  738.937940][T30320]  __sys_setsockopt+0x184/0x200
[  738.938042][T30320]  __x64_sys_setsockopt+0x64/0x80
[  738.938075][T30320]  x64_sys_call+0x20ec/0x3000
[  738.938113][T30320]  do_syscall_64+0xd2/0x200
[  738.938134][T30320]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  738.938167][T30320]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  738.938202][T30320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.938303][T30320] RIP: 0033:0x7ffa02a6f6c9
[  738.938318][T30320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  738.938336][T30320] RSP: 002b:00007ffa014cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  738.938355][T30320] RAX: ffffffffffffffda RBX: 00007ffa02cc5fa0 RCX: 00007ffa02a6f6c9
[  738.938370][T30320] RDX: 0000000000000036 RSI: 0000000000000029 RDI: 0000000000000003
[  738.938384][T30320] RBP: 00007ffa014cf090 R08: 00000000000000c0 R09: 0000000000000000
[  738.938399][T30320] R10: 0000200000001440 R11: 0000000000000246 R12: 0000000000000001
[  738.938480][T30320] R13: 00007ffa02cc6038 R14: 00007ffa02cc5fa0 R15: 00007ffe633aa7e8
[  738.938499][T30320]  </TASK>
[  739.387171][T30329] loop2: detected capacity change from 0 to 2048
[  739.401110][T30325] SELinux: ebitmap: truncated map
[  739.421211][T30325] SELinux: failed to load policy
[  739.427229][T30329] Alternate GPT is invalid, using primary GPT.
[  739.433593][T30329]  loop2: p1 p2 p3
[  739.437348][T30329] loop2: partition table partially beyond EOD, truncated
[  739.447733][T30329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8914'.
[  739.508593][T30339] loop5: detected capacity change from 0 to 512
[  739.560555][T30339] ext4 filesystem being mounted at /95/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  739.572940][T30339] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8920: corrupted inode contents
[  739.585156][T30339] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.8920: mark_inode_dirty error
[  739.597745][T30339] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8920: corrupted inode contents
[  739.612401][T30339] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8920: corrupted inode contents
[  739.613309][T30342] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8918'.
[  739.624553][T30339] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.8920: mark_inode_dirty error
[  739.633785][T30351] netlink: 'syz.0.8922': attribute type 10 has an invalid length.
[  739.645778][T30339] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8920: corrupted inode contents
[  739.664956][T30339] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.8920: mark_inode_dirty error
[  739.665411][T30350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  739.676708][T30339] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8920: corrupted inode contents
[  739.696567][T30350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  739.696684][T30339] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.8920: mark_inode_dirty error
[  739.735653][T30353] netlink: 'syz.0.8922': attribute type 10 has an invalid length.
[  739.743681][T30353] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8922'.
[  739.753013][T30351] batadv0: left allmulticast mode
[  739.758101][T30351] batadv0: left promiscuous mode
[  739.763267][T30351] bridge0: port 3(batadv0) entered disabled state
[  739.774933][T30351] 8021q: adding VLAN 0 to HW filter on device batadv0
[  739.801515][T30351] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  739.840369][T30353] batadv0: entered promiscuous mode
[  739.845707][T30353] batadv0: entered allmulticast mode
[  739.853874][T30353] bond0: (slave batadv0): Releasing backup interface
[  739.862033][T30353] bridge0: port 3(batadv0) entered blocking state
[  739.868607][T30353] bridge0: port 3(batadv0) entered disabled state
[  739.962535][T30360] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  740.232372][T30368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8927'.
[  740.312893][  T340] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  740.322217][  T340] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  740.332557][   T29] kauditd_printk_skb: 267 callbacks suppressed
[  740.332587][   T29] audit: type=1326 audit(1762274531.266:108851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.375296][   T29] audit: type=1326 audit(1762274531.316:108852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.399248][   T29] audit: type=1326 audit(1762274531.316:108853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.422931][   T29] audit: type=1326 audit(1762274531.316:108854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.446886][   T29] audit: type=1326 audit(1762274531.316:108855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.470713][   T29] audit: type=1326 audit(1762274531.316:108856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.494434][   T29] audit: type=1326 audit(1762274531.316:108857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.518235][   T29] audit: type=1326 audit(1762274531.316:108858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.518467][T30358] loop5: detected capacity change from 0 to 512
[  740.542123][   T29] audit: type=1326 audit(1762274531.316:108859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30366 comm="syz.2.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f52eb41f6c9 code=0x7ffc0000
[  740.579770][T30372] loop2: detected capacity change from 0 to 512
[  740.614719][T30358] ext4 filesystem being mounted at /96/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  740.626475][T30372] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6).
[  740.636743][T30372] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  740.652335][T30372] EXT4-fs (loop2): mount failed
[  740.974601][T30393] loop5: detected capacity change from 0 to 512
[  740.982924][T30393] EXT4-fs error (device loop5): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.5.8935: corrupted xattr block 95: invalid header
[  740.997427][T30393] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.8935: bg 0: block 7: invalid block bitmap
[  741.010771][T30393] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  741.019853][T30393] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2967: inode #11: comm syz.5.8935: corrupted xattr block 95: invalid header
[  741.034193][T30393] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -117)
[  741.043339][T30393] EXT4-fs (loop5): 1 orphan inode deleted
[  741.093831][T30400] loop5: detected capacity change from 0 to 512
[  741.100732][T30400] EXT4-fs: Ignoring removed nomblk_io_submit option
[  741.108693][T30400] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8857e02c, mo2=0002]
[  741.117317][T30400] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.8937: invalid indirect mapped block 2683928664 (level 1)
[  741.131852][T30400] EXT4-fs (loop5): Remounting filesystem read-only
[  741.140800][T30400] EXT4-fs (loop5): 1 truncate cleaned up
[  741.169856][T30407] FAULT_INJECTION: forcing a failure.
[  741.169856][T30407] name failslab, interval 1, probability 0, space 0, times 0
[  741.182760][T30407] CPU: 1 UID: 0 PID: 30407 Comm: syz.2.8939 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  741.182797][T30407] Tainted: [W]=WARN
[  741.182804][T30407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  741.182822][T30407] Call Trace:
[  741.182829][T30407]  <TASK>
[  741.182837][T30407]  __dump_stack+0x1d/0x30
[  741.182862][T30407]  dump_stack_lvl+0xe8/0x140
[  741.182884][T30407]  dump_stack+0x15/0x1b
[  741.182969][T30407]  should_fail_ex+0x265/0x280
[  741.182991][T30407]  should_failslab+0x8c/0xb0
[  741.183023][T30407]  kmem_cache_alloc_noprof+0x50/0x480
[  741.183054][T30407]  ? getname_flags+0x80/0x3b0
[  741.183153][T30407]  getname_flags+0x80/0x3b0
[  741.183264][T30407]  io_mkdirat_prep+0x12d/0x190
[  741.183296][T30407]  io_submit_sqes+0x5ef/0x1060
[  741.183341][T30407]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  741.183438][T30407]  ? 0xffffffff81000000
[  741.183452][T30407]  ? __rcu_read_unlock+0x4f/0x70
[  741.183481][T30407]  ? get_pid_task+0x96/0xd0
[  741.183507][T30407]  ? proc_fail_nth_write+0x13b/0x160
[  741.183615][T30407]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  741.183680][T30407]  ? vfs_write+0x7e8/0x960
[  741.183707][T30407]  ? __rcu_read_unlock+0x4f/0x70
[  741.183734][T30407]  ? __fget_files+0x184/0x1c0
[  741.183765][T30407]  ? fput+0x8f/0xc0
[  741.183786][T30407]  __x64_sys_io_uring_enter+0x78/0x90
[  741.183897][T30407]  x64_sys_call+0x2df0/0x3000
[  741.183956][T30407]  do_syscall_64+0xd2/0x200
[  741.183977][T30407]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  741.184056][T30407]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  741.184090][T30407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.184114][T30407] RIP: 0033:0x7f52eb41f6c9
[  741.184129][T30407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  741.184195][T30407] RSP: 002b:00007f52e9e87038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  741.184216][T30407] RAX: ffffffffffffffda RBX: 00007f52eb675fa0 RCX: 00007f52eb41f6c9
[  741.184229][T30407] RDX: 0000000000003acd RSI: 0000000000005535 RDI: 0000000000000003
[  741.184243][T30407] RBP: 00007f52e9e87090 R08: 0000000000000000 R09: 0000000000000000
[  741.184256][T30407] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001
[  741.184269][T30407] R13: 00007f52eb676038 R14: 00007f52eb675fa0 R15: 00007fff53663678
[  741.184291][T30407]  </TASK>
[  741.453762][T30396] netlink: 'syz.0.8934': attribute type 13 has an invalid length.
[  741.584325][T30425] netlink: 'syz.5.8945': attribute type 10 has an invalid length.
[  741.592437][T30425] batadv0: left allmulticast mode
[  741.597562][T30425] batadv0: left promiscuous mode
[  741.602791][T30425] bridge0: port 3(batadv0) entered disabled state
[  741.610974][T30425] 8021q: adding VLAN 0 to HW filter on device batadv0
[  741.620364][T30425] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  741.634981][T30425] netlink: 'syz.5.8945': attribute type 10 has an invalid length.
[  741.642883][T30425] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8945'.
[  741.673544][T30425] batadv0: entered promiscuous mode
[  741.678816][T30425] batadv0: entered allmulticast mode
[  741.688192][T30425] bond0: (slave batadv0): Releasing backup interface
[  741.698748][T30428] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8944'.
[  741.709071][T30425] bridge0: port 3(batadv0) entered blocking state
[  741.715600][T30425] bridge0: port 3(batadv0) entered disabled state
[  741.799591][T30432] SELinux: ebitmap: truncated map
[  741.811082][T30432] SELinux: failed to load policy
[  741.908585][T30438] Invalid ELF header type: 3 != 1
[  742.040561][T30447] loop5: detected capacity change from 0 to 128
[  742.061330][T30447] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  742.085260][T30447] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  742.148160][T30427] loop2: detected capacity change from 0 to 512
[  742.188974][T30427] ext4 filesystem being mounted at /545/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  742.561557][T30457] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.8956' sets config #0
[  742.790495][T30461] random: crng reseeded on system resumption
[  742.819529][T30463] random: crng reseeded on system resumption
[  742.830066][ T2581] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  742.878170][T30467] SELinux: ebitmap: truncated map
[  742.890342][T30467] SELinux: failed to load policy
[  742.982359][T30480] loop5: detected capacity change from 0 to 8192
[  743.065208][T30488] random: crng reseeded on system resumption
[  743.102088][T30492] FAULT_INJECTION: forcing a failure.
[  743.102088][T30492] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  743.115365][T30492] CPU: 0 UID: 0 PID: 30492 Comm: syz.5.8971 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  743.115400][T30492] Tainted: [W]=WARN
[  743.115453][T30492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  743.115477][T30492] Call Trace:
[  743.115486][T30492]  <TASK>
[  743.115496][T30492]  __dump_stack+0x1d/0x30
[  743.115520][T30492]  dump_stack_lvl+0xe8/0x140
[  743.115540][T30492]  dump_stack+0x15/0x1b
[  743.115558][T30492]  should_fail_ex+0x265/0x280
[  743.115641][T30492]  should_fail+0xb/0x20
[  743.115657][T30492]  should_fail_usercopy+0x1a/0x20
[  743.115679][T30492]  _copy_from_user+0x1c/0xb0
[  743.115708][T30492]  __sys_bind+0x106/0x2a0
[  743.115772][T30492]  __x64_sys_bind+0x3f/0x50
[  743.115863][T30492]  x64_sys_call+0x2b72/0x3000
[  743.115893][T30492]  do_syscall_64+0xd2/0x200
[  743.115933][T30492]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  743.115962][T30492]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  743.116038][T30492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.116066][T30492] RIP: 0033:0x7f6e0f08f6c9
[  743.116132][T30492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  743.116150][T30492] RSP: 002b:00007f6e0daef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  743.116172][T30492] RAX: ffffffffffffffda RBX: 00007f6e0f2e5fa0 RCX: 00007f6e0f08f6c9
[  743.116269][T30492] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000004
[  743.116362][T30492] RBP: 00007f6e0daef090 R08: 0000000000000000 R09: 0000000000000000
[  743.116375][T30492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  743.116387][T30492] R13: 00007f6e0f2e6038 R14: 00007f6e0f2e5fa0 R15: 00007ffcb241b528
[  743.116408][T30492]  </TASK>
[  743.332682][T30500] netlink: 'wÞ£ÿ': attribute type 12 has an invalid length.
[  743.352639][T30500] loop5: detected capacity change from 0 to 512
[  743.405716][T30500] EXT4-fs mount: 12 callbacks suppressed
[  743.405735][T30500] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  743.405824][T30504] SELinux: ebitmap: truncated map
[  743.411587][T30500] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  743.427953][T30504] SELinux: failed to load policy
[  743.473665][T30508] netlink: 332 bytes leftover after parsing attributes in process `syz.3.8976'.
[  743.483206][T30508] netlink: 'syz.3.8976': attribute type 9 has an invalid length.
[  743.491134][T30508] netlink: 108 bytes leftover after parsing attributes in process `syz.3.8976'.
[  743.500380][T30508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8976'.
[  743.840669][T30489] loop2: detected capacity change from 0 to 512
[  743.908333][T30489] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  743.962408][T30489] ext4 filesystem being mounted at /550/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  744.063996][T30527] FAULT_INJECTION: forcing a failure.
[  744.063996][T30527] name failslab, interval 1, probability 0, space 0, times 0
[  744.076796][T30527] CPU: 0 UID: 0 PID: 30527 Comm: syz.1.8981 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  744.076840][T30527] Tainted: [W]=WARN
[  744.076849][T30527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  744.076867][T30527] Call Trace:
[  744.076875][T30527]  <TASK>
[  744.076884][T30527]  __dump_stack+0x1d/0x30
[  744.076915][T30527]  dump_stack_lvl+0xe8/0x140
[  744.077022][T30527]  dump_stack+0x15/0x1b
[  744.077046][T30527]  should_fail_ex+0x265/0x280
[  744.077072][T30527]  should_failslab+0x8c/0xb0
[  744.077171][T30527]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  744.077227][T30527]  ? __alloc_skb+0x101/0x320
[  744.077279][T30527]  __alloc_skb+0x101/0x320
[  744.077451][T30527]  netlink_alloc_large_skb+0xbf/0xf0
[  744.077494][T30527]  netlink_sendmsg+0x3cf/0x6b0
[  744.077523][T30527]  ? __pfx_netlink_sendmsg+0x10/0x10
[  744.077550][T30527]  __sock_sendmsg+0x145/0x180
[  744.077731][T30527]  ____sys_sendmsg+0x31e/0x4e0
[  744.077780][T30527]  ___sys_sendmsg+0x17b/0x1d0
[  744.077825][T30527]  __x64_sys_sendmsg+0xd4/0x160
[  744.077857][T30527]  x64_sys_call+0x191e/0x3000
[  744.077897][T30527]  do_syscall_64+0xd2/0x200
[  744.077966][T30527]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  744.078005][T30527]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  744.078042][T30527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.078065][T30527] RIP: 0033:0x7f965cc3f6c9
[  744.078159][T30527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  744.078183][T30527] RSP: 002b:00007f965b69f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  744.078213][T30527] RAX: ffffffffffffffda RBX: 00007f965ce95fa0 RCX: 00007f965cc3f6c9
[  744.078230][T30527] RDX: 000000002404c044 RSI: 0000200000000f00 RDI: 0000000000000003
[  744.078247][T30527] RBP: 00007f965b69f090 R08: 0000000000000000 R09: 0000000000000000
[  744.078260][T30527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.078273][T30527] R13: 00007f965ce96038 R14: 00007f965ce95fa0 R15: 00007ffd9ca6af08
[  744.078369][T30527]  </TASK>
[  744.395338][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  744.488245][T30549] loop5: detected capacity change from 0 to 512
[  744.526891][T30549] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  744.542888][T30549] ext4 filesystem being mounted at /113/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  744.580247][T30549] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8990: corrupted inode contents
[  744.622109][T30549] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.8990: mark_inode_dirty error
[  744.672911][T30549] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8990: corrupted inode contents
[  744.690286][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  744.713295][T30549] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8990: corrupted inode contents
[  744.733412][T30549] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.8990: mark_inode_dirty error
[  744.759477][T30556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  744.773377][T30549] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8990: corrupted inode contents
[  744.780870][T30556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  744.821918][T30562] loop2: detected capacity change from 0 to 1024
[  744.824011][T30549] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.8990: mark_inode_dirty error
[  744.844124][T30549] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.8990: corrupted inode contents
[  744.875308][T30549] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.8990: mark_inode_dirty error
[  744.972186][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  745.006201][T30571] loop5: detected capacity change from 0 to 2048
[  745.054042][T30571] GPT:first_usable_lbas don't match.
[  745.059448][T30571] GPT:34 != 290
[  745.063002][T30571] GPT: Use GNU Parted to correct GPT errors.
[  745.069100][T30571]  loop5: p1 p2 p3
[  745.100789][T30571] syzkaller0: entered promiscuous mode
[  745.106365][T30571] syzkaller0: entered allmulticast mode
[  745.148273][T30577] loop2: detected capacity change from 0 to 2048
[  745.184647][T30577] GPT:first_usable_lbas don't match.
[  745.190018][T30577] GPT:34 != 290
[  745.193538][T30577] GPT: Use GNU Parted to correct GPT errors.
[  745.199594][T30577]  loop2: p1 p2 p3
[  745.235539][T30577] syzkaller0: entered promiscuous mode
[  745.241115][T30577] syzkaller0: entered allmulticast mode
[  745.255599][T30584] netlink: 'syz.5.9001': attribute type 10 has an invalid length.
[  745.276746][T30584] batadv0: left allmulticast mode
[  745.281854][T30584] batadv0: left promiscuous mode
[  745.287062][T30584] bridge0: port 3(batadv0) entered disabled state
[  745.294907][T30584] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.303524][T30584] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  745.308173][T30585] netlink: 'syz.5.9001': attribute type 10 has an invalid length.
[  745.320169][T30585] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9001'.
[  745.329218][T30585] batadv0: entered promiscuous mode
[  745.334510][T30585] batadv0: entered allmulticast mode
[  745.340671][T30585] bond0: (slave batadv0): Releasing backup interface
[  745.348163][T30585] bridge0: port 3(batadv0) entered blocking state
[  745.354655][T30585] bridge0: port 3(batadv0) entered disabled state
[  745.420640][   T29] kauditd_printk_skb: 343 callbacks suppressed
[  745.420718][   T29] audit: type=1326 audit(1762274536.356:109203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30550 comm="syz.3.8991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ffa02aa1f85 code=0x7ffc0000
[  745.492625][T30589] SELinux: ebitmap: truncated map
[  745.499874][T30589] SELinux: failed to load policy
[  745.520966][   T29] audit: type=1326 audit(1762274536.456:109204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30550 comm="syz.3.8991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.550493][T30592] netlink: 'syz.5.9004': attribute type 10 has an invalid length.
[  745.569189][T30592] batadv0: left allmulticast mode
[  745.574510][T30592] batadv0: left promiscuous mode
[  745.579832][T30592] bridge0: port 3(batadv0) entered disabled state
[  745.591974][T30592] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.605275][T30594] netlink: 'syz.5.9004': attribute type 10 has an invalid length.
[  745.607905][T30592] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  745.613190][T30594] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9004'.
[  745.650786][T30594] batadv0: entered promiscuous mode
[  745.656076][T30594] batadv0: entered allmulticast mode
[  745.692965][T30594] bond0: (slave batadv0): Releasing backup interface
[  745.710633][T30594] bridge0: port 3(batadv0) entered blocking state
[  745.717248][T30594] bridge0: port 3(batadv0) entered disabled state
[  745.747403][T30604] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9008'.
[  745.757669][   T29] audit: type=1400 audit(1762274536.706:109205): avc:  denied  { create } for  pid=30603 comm="syz.3.9008" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  745.806346][   T29] audit: type=1326 audit(1762274536.706:109206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.830171][   T29] audit: type=1326 audit(1762274536.706:109207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.854161][   T29] audit: type=1326 audit(1762274536.706:109208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.877973][   T29] audit: type=1326 audit(1762274536.706:109209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.901812][   T29] audit: type=1326 audit(1762274536.706:109210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.925625][   T29] audit: type=1326 audit(1762274536.706:109211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.949490][   T29] audit: type=1326 audit(1762274536.706:109212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30603 comm="syz.3.9008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa02a6f6c9 code=0x7ffc0000
[  745.987420][T30610] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  746.011530][T30590] loop2: detected capacity change from 0 to 512
[  746.019080][T30608] loop5: detected capacity change from 0 to 2048
[  746.027925][T30590] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  746.040509][T30590] ext4 filesystem being mounted at /555/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  746.053865][T30608] GPT:first_usable_lbas don't match.
[  746.059329][T30608] GPT:34 != 290
[  746.062935][T30608] GPT: Use GNU Parted to correct GPT errors.
[  746.069019][T30608]  loop5: p1 p2 p3
[  746.090989][T30608] syzkaller0: entered promiscuous mode
[  746.096575][T30608] syzkaller0: entered allmulticast mode
[  746.127054][T30619] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  746.196419][T30623] SELinux: ebitmap: truncated map
[  746.204465][T30623] SELinux: failed to load policy
[  746.334831][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  746.386046][T30639] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9022'.
[  746.522812][ T6059] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  746.574567][T30648] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  746.596566][T30649] loop2: detected capacity change from 0 to 512
[  746.635924][T30649] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  746.662038][T30649] EXT4-fs (loop2): mount failed
[  746.670578][T30658] loop5: detected capacity change from 0 to 512
[  746.684798][T30658] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  746.697605][T30658] ext4 filesystem being mounted at /124/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  746.739791][T30658] random: crng reseeded on system resumption
[  746.743184][T30657] SELinux: ebitmap: truncated map
[  746.754476][T30657] SELinux: failed to load policy
[  746.771001][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  746.786486][T30662] loop2: detected capacity change from 0 to 2048
[  746.835078][T30672] netlink: 'syz.3.9033': attribute type 10 has an invalid length.
[  746.843594][T30672] batadv0: left allmulticast mode
[  746.847087][T30674] netlink: 92 bytes leftover after parsing attributes in process `syz.5.9034'.
[  746.848660][T30672] batadv0: left promiscuous mode
[  746.859117][T30662] GPT:first_usable_lbas don't match.
[  746.862797][T30672] bridge0: port 3(batadv0) entered disabled state
[  746.867988][T30662] GPT:34 != 290
[  746.877980][T30662] GPT: Use GNU Parted to correct GPT errors.
[  746.884238][T30662]  loop2: p1 p2 p3
[  746.888225][T30675] netlink: 'syz.3.9033': attribute type 10 has an invalid length.
[  746.896123][T30675] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9033'.
[  746.905886][T30672] 8021q: adding VLAN 0 to HW filter on device batadv0
[  746.914132][T30672] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  746.925921][T30675] batadv0: entered promiscuous mode
[  746.931163][T30675] batadv0: entered allmulticast mode
[  746.938324][T30675] bond0: (slave batadv0): Releasing backup interface
[  746.945896][T30675] bridge0: port 3(batadv0) entered blocking state
[  746.952475][T30675] bridge0: port 3(batadv0) entered disabled state
[  746.975920][T30662] syzkaller0: entered promiscuous mode
[  746.981452][T30662] syzkaller0: entered allmulticast mode
[  746.988645][T30682] loop5: detected capacity change from 0 to 128
[  746.997142][T30682] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 54)
[  747.005335][T30682] FAT-fs (loop5): Filesystem has been set read-only
[  747.016868][T24487] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  747.022812][ T4412] Bluetooth: hci1: command 0x1003 tx timeout
[  747.044843][T29009] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 54)
[  747.108528][T30688] SELinux: ebitmap: truncated map
[  747.116986][T30688] SELinux: failed to load policy
[  747.175357][T30703] netlink: 'syz.2.9044': attribute type 10 has an invalid length.
[  747.184734][T30704] loop5: detected capacity change from 0 to 128
[  747.192492][T30704] FAULT_INJECTION: forcing a failure.
[  747.192492][T30704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.205678][T30704] CPU: 0 UID: 0 PID: 30704 Comm: syz.5.9049 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  747.205721][T30704] Tainted: [W]=WARN
[  747.205728][T30704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  747.205742][T30704] Call Trace:
[  747.205750][T30704]  <TASK>
[  747.205758][T30704]  __dump_stack+0x1d/0x30
[  747.205780][T30704]  dump_stack_lvl+0xe8/0x140
[  747.205804][T30704]  dump_stack+0x15/0x1b
[  747.205831][T30704]  should_fail_ex+0x265/0x280
[  747.205914][T30704]  should_fail+0xb/0x20
[  747.205937][T30704]  should_fail_usercopy+0x1a/0x20
[  747.206011][T30704]  strncpy_from_user+0x25/0x230
[  747.206103][T30704]  ? kmem_cache_alloc_noprof+0x242/0x480
[  747.206144][T30704]  ? getname_flags+0x80/0x3b0
[  747.206197][T30704]  getname_flags+0xae/0x3b0
[  747.206297][T30704]  user_path_at+0x28/0x130
[  747.206390][T30704]  do_sys_truncate+0x5c/0x130
[  747.206431][T30704]  __x64_sys_truncate+0x31/0x40
[  747.206470][T30704]  x64_sys_call+0x1a2f/0x3000
[  747.206572][T30704]  do_syscall_64+0xd2/0x200
[  747.206599][T30704]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  747.206632][T30704]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  747.206752][T30704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.206783][T30704] RIP: 0033:0x7f6e0f08f6c9
[  747.206805][T30704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.206830][T30704] RSP: 002b:00007f6e0daef038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  747.206859][T30704] RAX: ffffffffffffffda RBX: 00007f6e0f2e5fa0 RCX: 00007f6e0f08f6c9
[  747.206876][T30704] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000200000002540
[  747.206894][T30704] RBP: 00007f6e0daef090 R08: 0000000000000000 R09: 0000000000000000
[  747.206961][T30704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.206978][T30704] R13: 00007f6e0f2e6038 R14: 00007f6e0f2e5fa0 R15: 00007ffcb241b528
[  747.207088][T30704]  </TASK>
[  747.207484][T30703] netlink: 'syz.2.9044': attribute type 10 has an invalid length.
[  747.218636][T30701] FAULT_INJECTION: forcing a failure.
[  747.218636][T30701] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.219030][T30703] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9044'.
[  747.222877][T30701] CPU: 1 UID: 0 PID: 30701 Comm: syz.0.9045 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  747.222987][T30701] Tainted: [W]=WARN
[  747.222998][T30701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  747.223016][T30701] Call Trace:
[  747.223025][T30701]  <TASK>
[  747.223037][T30701]  __dump_stack+0x1d/0x30
[  747.223070][T30701]  dump_stack_lvl+0xe8/0x140
[  747.223126][T30701]  dump_stack+0x15/0x1b
[  747.223153][T30701]  should_fail_ex+0x265/0x280
[  747.223182][T30701]  should_fail+0xb/0x20
[  747.223206][T30701]  should_fail_usercopy+0x1a/0x20
[  747.223237][T30701]  _copy_from_user+0x1c/0xb0
[  747.223282][T30701]  proc_submiturb+0x43/0xa0
[  747.223326][T30701]  usbdev_ioctl+0xcb6/0x1700
[  747.223373][T30701]  ? __pfx_usbdev_ioctl+0x10/0x10
[  747.223411][T30701]  __se_sys_ioctl+0xce/0x140
[  747.223498][T30701]  __x64_sys_ioctl+0x43/0x50
[  747.223527][T30701]  x64_sys_call+0x1816/0x3000
[  747.223565][T30701]  do_syscall_64+0xd2/0x200
[  747.223593][T30701]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  747.223641][T30701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.223672][T30701] RIP: 0033:0x7fe42d2cf6c9
[  747.223753][T30701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.223780][T30701] RSP: 002b:00007fe42bd2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  747.223807][T30701] RAX: ffffffffffffffda RBX: 00007fe42d525fa0 RCX: 00007fe42d2cf6c9
[  747.223826][T30701] RDX: 0000200000000140 RSI: 000000008038550a RDI: 0000000000000005
[  747.223844][T30701] RBP: 00007fe42bd2f090 R08: 0000000000000000 R09: 0000000000000000
[  747.223941][T30701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.223974][T30701] R13: 00007fe42d526038 R14: 00007fe42d525fa0 R15: 00007fff99b29438
[  747.224045][T30701]  </TASK>
[  747.233639][T30706] vhci_hcd: invalid port number 96
[  747.408641][T30713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9047'.
[  747.412429][T30706] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  747.670040][ T7350] Bluetooth: hci0: Frame reassembly failed (-84)
[  747.710168][T30724] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9053'.
[  747.792129][T30732] SELinux: ebitmap: truncated map
[  747.799281][T30732] SELinux: failed to load policy
[  747.868439][T30729] loop2: detected capacity change from 0 to 512
[  747.887241][T30729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  747.910051][T30729] ext4 filesystem being mounted at /562/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  748.005352][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  748.064886][T30751] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9062'.
[  748.237284][T30759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9064'.
[  748.488674][T30766] syzkaller0: entered promiscuous mode
[  748.494376][T30766] syzkaller0: entered allmulticast mode
[  748.954845][T30781] serio: Serial port ptm1
[  749.033373][T30786] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  749.135589][T30789] loop2: detected capacity change from 0 to 8192
[  749.163315][T30792] SELinux: ebitmap: truncated map
[  749.170187][T30792] SELinux: failed to load policy
[  749.270192][T30802] validate_nla: 2 callbacks suppressed
[  749.270212][T30802] netlink: 'syz.1.9079': attribute type 10 has an invalid length.
[  749.285108][T30802] netlink: 'syz.1.9079': attribute type 10 has an invalid length.
[  749.292982][T30802] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9079'.
[  749.433455][T30814] loop5: detected capacity change from 0 to 1024
[  749.440669][T30814] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  749.462617][T30814] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.9084: Invalid block bitmap block 0 in block_group 0
[  749.486308][T30814] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.9084: Failed to acquire dquot type 0
[  749.499588][T30814] EXT4-fs error (device loop5): ext4_free_blocks:6706: comm syz.5.9084: Freeing blocks not in datazone - block = 0, count = 4096
[  749.518527][T30814] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.9084: Invalid inode bitmap blk 0 in block_group 0
[  749.533784][T30819] netlink: 'syz.2.9085': attribute type 10 has an invalid length.
[  749.542041][T30819] netlink: 'syz.2.9085': attribute type 10 has an invalid length.
[  749.549938][T30819] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9085'.
[  749.559393][T30814] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  749.559405][ T7350] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:11: Failed to release dquot type 0
[  749.569620][T30814] EXT4-fs (loop5): 1 orphan inode deleted
[  749.586639][T30814] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  749.612642][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  749.695115][T30832] loop5: detected capacity change from 0 to 512
[  749.703868][T30832] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #15: comm syz.5.9091: corrupted inode contents
[  749.716747][T30832] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem
[  749.725472][ T4412] Bluetooth: hci0: command 0x1003 tx timeout
[  749.731580][T24487] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  749.731705][T30832] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #15: comm syz.5.9091: corrupted inode contents
[  749.750730][T30832] EXT4-fs error (device loop5): ext4_evict_inode:302: inode #15: comm syz.5.9091: mark_inode_dirty error
[  749.762373][T30832] EXT4-fs (loop5): 1 orphan inode deleted
[  749.768921][T30832] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  749.795375][T30838] loop2: detected capacity change from 0 to 512
[  749.808014][T30838] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.2.9093: corrupted xattr block 95: invalid header
[  749.826448][T30838] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.9093: bg 0: block 7: invalid block bitmap
[  749.854854][T30838] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  749.864078][T30838] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2967: inode #11: comm syz.2.9093: corrupted xattr block 95: invalid header
[  749.878394][T30838] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[  749.888245][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  749.897925][T30838] EXT4-fs (loop2): 1 orphan inode deleted
[  749.910185][T30838] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  749.958432][T21673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  749.991465][T30846] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9094'.
[  750.058079][T30851] netlink: 'syz.2.9097': attribute type 10 has an invalid length.
[  750.066400][T30851] netlink: 'syz.2.9097': attribute type 10 has an invalid length.
[  750.178297][T30852] netlink: 'syz.5.9095': attribute type 13 has an invalid length.
[  750.538592][T30872] SELinux: ebitmap: truncated map
[  750.547413][T30872] SELinux: failed to load policy
[  750.652335][   T29] kauditd_printk_skb: 218 callbacks suppressed
[  750.652354][   T29] audit: type=1400 audit(1762274541.586:109427): avc:  denied  { read } for  pid=30877 comm="syz.1.9107" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  750.681720][   T29] audit: type=1400 audit(1762274541.586:109428): avc:  denied  { open } for  pid=30877 comm="syz.1.9107" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  750.786663][T30880] netlink: 'syz.1.9108': attribute type 10 has an invalid length.
[  750.795044][T30880] netlink: 'syz.1.9108': attribute type 10 has an invalid length.
[  750.806827][ T1035] IPVS: starting estimator thread 0...
[  750.836846][T29903] Bluetooth: hci0: Frame reassembly failed (-84)
[  750.858169][   T29] audit: type=1326 audit(1762274541.796:109429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30889 comm="syz.5.9112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  750.882262][   T29] audit: type=1326 audit(1762274541.796:109430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30889 comm="syz.5.9112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  750.906088][   T29] audit: type=1326 audit(1762274541.796:109431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30889 comm="syz.5.9112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  750.929855][   T29] audit: type=1326 audit(1762274541.796:109432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30889 comm="syz.5.9112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  750.930070][T30883] IPVS: using max 2352 ests per chain, 117600 per kthread
[  751.011534][   T29] audit: type=1400 audit(1762274541.946:109433): avc:  denied  { allowed } for  pid=30896 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  751.030862][   T29] audit: type=1400 audit(1762274541.946:109434): avc:  denied  { create } for  pid=30896 comm="+}[@" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  751.032295][T30897] loop5: detected capacity change from 0 to 512
[  751.051961][   T29] audit: type=1400 audit(1762274541.946:109435): avc:  denied  { map } for  pid=30896 comm="+}[@" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=116084 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  751.052002][   T29] audit: type=1400 audit(1762274541.946:109436): avc:  denied  { read write } for  pid=30896 comm="+}[@" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=116084 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  751.140075][T30897] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  751.158042][T30897] ext4 filesystem being mounted at /146/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  751.208964][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  751.232309][T30906] loop2: detected capacity change from 0 to 8192
[  751.600822][T30927] netlink: 'syz.2.9121': attribute type 13 has an invalid length.
[  751.750171][T30931] loop5: detected capacity change from 0 to 2048
[  751.814077][T30931] Alternate GPT is invalid, using primary GPT.
[  751.820518][T30931]  loop5: p1 p2 p3
[  751.824335][T30931] loop5: partition table partially beyond EOD, truncated
[  751.998108][T30938] ip6gre1: entered promiscuous mode
[  752.128131][T30940] __nla_validate_parse: 5 callbacks suppressed
[  752.128149][T30940] netlink: 76 bytes leftover after parsing attributes in process `syz.3.9128'.
[  752.268377][T30950] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  752.311485][T30950] xt_l2tp: missing protocol rule (udp|l2tpip)
[  752.331995][T30946] loop2: detected capacity change from 0 to 8192
[  752.363814][T30961] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  752.394423][T30963] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.9139'.
[  752.403925][T30963] netlink: zone id is out of range
[  752.409066][T30963] netlink: zone id is out of range
[  752.419287][T30963] netlink: zone id is out of range
[  752.424957][T30963] netlink: zone id is out of range
[  752.430961][T30964] loop5: detected capacity change from 0 to 2048
[  752.432957][T30963] netlink: zone id is out of range
[  752.455125][T30963] netlink: set zone limit has 8 unknown bytes
[  752.578977][T30974] SELinux: ebitmap: truncated map
[  752.641616][T30974] SELinux: failed to load policy
[  752.717480][T30979] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9136'.
[  752.772326][T30964] Alternate GPT is invalid, using primary GPT.
[  752.778698][T30964]  loop5: p1 p2 p3
[  752.782436][T30964] loop5: partition table partially beyond EOD, truncated
[  752.843314][T24487] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  752.849613][ T4412] Bluetooth: hci0: command 0x1003 tx timeout
[  752.929977][T30989] FAULT_INJECTION: forcing a failure.
[  752.929977][T30989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  752.943352][T30989] CPU: 1 UID: 0 PID: 30989 Comm: syz.1.9147 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  752.943389][T30989] Tainted: [W]=WARN
[  752.943397][T30989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  752.943413][T30989] Call Trace:
[  752.943420][T30989]  <TASK>
[  752.943429][T30989]  __dump_stack+0x1d/0x30
[  752.943459][T30989]  dump_stack_lvl+0xe8/0x140
[  752.943555][T30989]  dump_stack+0x15/0x1b
[  752.943574][T30989]  should_fail_ex+0x265/0x280
[  752.943594][T30989]  should_fail+0xb/0x20
[  752.943614][T30989]  should_fail_usercopy+0x1a/0x20
[  752.943642][T30989]  _copy_from_user+0x1c/0xb0
[  752.943686][T30989]  ___sys_sendmsg+0xc1/0x1d0
[  752.943720][T30989]  __x64_sys_sendmsg+0xd4/0x160
[  752.943747][T30989]  x64_sys_call+0x191e/0x3000
[  752.943776][T30989]  do_syscall_64+0xd2/0x200
[  752.943799][T30989]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  752.943855][T30989]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  752.943967][T30989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.943989][T30989] RIP: 0033:0x7f965cc3f6c9
[  752.944005][T30989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  752.944057][T30989] RSP: 002b:00007f965b69f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  752.944114][T30989] RAX: ffffffffffffffda RBX: 00007f965ce95fa0 RCX: 00007f965cc3f6c9
[  752.944130][T30989] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  752.944147][T30989] RBP: 00007f965b69f090 R08: 0000000000000000 R09: 0000000000000000
[  752.944218][T30989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  752.944230][T30989] R13: 00007f965ce96038 R14: 00007f965ce95fa0 R15: 00007ffd9ca6af08
[  752.944315][T30989]  </TASK>
[  753.134385][T30985] loop2: detected capacity change from 0 to 2048
[  753.153163][T30990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9144'.
[  753.183377][T30985] Alternate GPT is invalid, using primary GPT.
[  753.189734][T30985]  loop2: p1 p2 p3
[  753.193588][T30985] loop2: partition table partially beyond EOD, truncated
[  753.237579][T31000] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9151'.
[  753.290924][T31004] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9153'.
[  753.464831][T31009] syzkaller0: entered promiscuous mode
[  753.466801][T31010] SELinux: ebitmap: truncated map
[  753.470425][T31009] syzkaller0: entered allmulticast mode
[  753.494786][T31010] SELinux: failed to load policy
[  753.605446][T31017] batadv0: left allmulticast mode
[  753.610638][T31017] batadv0: left promiscuous mode
[  753.615906][T31017] bridge0: port 3(batadv0) entered disabled state
[  753.644961][T31017] 8021q: adding VLAN 0 to HW filter on device batadv0
[  753.654238][T31017] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  753.677891][T31022] loop5: detected capacity change from 0 to 2048
[  753.686107][T31014] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9157'.
[  753.695677][T31014] batadv0: entered promiscuous mode
[  753.700906][T31014] batadv0: entered allmulticast mode
[  753.715765][T31014] bond0: (slave batadv0): Releasing backup interface
[  753.723122][T31022] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  753.723899][T31014] bridge0: port 3(batadv0) entered blocking state
[  753.741758][T31014] bridge0: port 3(batadv0) entered disabled state
[  753.752973][T31022] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  753.784418][T31031] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9159'.
[  753.899929][T31037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.938762][T31037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.977101][T31043] SELinux: ebitmap: truncated map
[  754.033083][T31043] SELinux: failed to load policy
[  754.147182][T31037] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.9158: bg 0: block 345: padding at end of block bitmap is not set
[  754.188872][T31037] EXT4-fs (loop5): Remounting filesystem read-only
[  754.396927][T31057] vcan0: entered allmulticast mode
[  755.024121][T29903] Bluetooth: hci0: Frame reassembly failed (-84)
[  755.148951][T31078] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) !
[  755.277611][T31081] validate_nla: 5 callbacks suppressed
[  755.277630][T31081] netlink: 'syz.3.9181': attribute type 13 has an invalid length.
[  755.327751][T31082] wg2: entered promiscuous mode
[  755.332750][T31082] wg2: entered allmulticast mode
[  755.654427][   T29] kauditd_printk_skb: 1567 callbacks suppressed
[  755.654441][   T29] audit: type=1326 audit(1762274546.596:111004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.707552][   T29] audit: type=1326 audit(1762274546.636:111005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.731432][   T29] audit: type=1326 audit(1762274546.636:111006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.755281][   T29] audit: type=1326 audit(1762274546.636:111007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.779223][   T29] audit: type=1326 audit(1762274546.636:111008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.802964][   T29] audit: type=1326 audit(1762274546.636:111009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.826834][   T29] audit: type=1326 audit(1762274546.636:111010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.850629][   T29] audit: type=1326 audit(1762274546.636:111011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  755.874476][   T29] audit: type=1326 audit(1762274546.646:111012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  756.137291][   T29] audit: type=1326 audit(1762274546.846:111013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31015 comm="syz.5.9158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6e0f0c1f85 code=0x7ffc0000
[  756.218376][T31095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9183'.
[  756.516886][T31085] syz.1.9182 (31085) used greatest stack depth: 7616 bytes left
[  756.629643][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  756.964124][T31120] netlink: 'syz.0.9194': attribute type 10 has an invalid length.
[  756.972008][T31120] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9194'.
[  757.082805][T24487] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  757.083118][ T4412] Bluetooth: hci0: command 0x1003 tx timeout
[  757.179210][T31139] loop5: detected capacity change from 0 to 512
[  757.200458][T31139] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #15: comm syz.5.9201: corrupted inode contents
[  757.227714][T31139] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem
[  757.250953][T31139] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #15: comm syz.5.9201: corrupted inode contents
[  757.273484][T31139] EXT4-fs error (device loop5): ext4_evict_inode:302: inode #15: comm syz.5.9201: mark_inode_dirty error
[  757.285701][T31139] EXT4-fs (loop5): 1 orphan inode deleted
[  757.291966][T31139] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  757.333388][T31155] netlink: 'syz.2.9207': attribute type 10 has an invalid length.
[  757.341380][T31155] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9207'.
[  757.354350][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  757.401229][T31161] netlink: 'syz.2.9209': attribute type 10 has an invalid length.
[  757.429680][T31161] netlink: 'syz.2.9209': attribute type 10 has an invalid length.
[  757.437782][T31161] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9209'.
[  757.646125][T31177] loop2: detected capacity change from 0 to 128
[  757.661178][T31177] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  757.684399][T31177] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  757.787228][T31188] syzkaller0: entered promiscuous mode
[  757.794452][T31188] syzkaller0: entered allmulticast mode
[  757.820965][T31186] syzkaller0: entered promiscuous mode
[  757.826654][T31186] syzkaller0: entered allmulticast mode
[  757.989208][T31195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9219'.
[  757.998954][T31197] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  758.347305][T31210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9225'.
[  758.424210][ T7346] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  758.477220][T31212] SELinux: ebitmap: truncated map
[  758.483898][T31212] SELinux: failed to load policy
[  758.511126][T31214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9227'.
[  758.520360][T31214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9227'.
[  758.950690][T31221] chnl_net:caif_netlink_parms(): no params data found
[  759.070049][T31239] block device autoloading is deprecated and will be removed.
[  759.140467][T31221] bridge0: port 1(bridge_slave_0) entered blocking state
[  759.147623][T31221] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.157432][T31221] bridge_slave_0: entered allmulticast mode
[  759.164164][T31221] bridge_slave_0: entered promiscuous mode
[  759.200425][T31221] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.207612][T31221] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.214990][T31221] bridge_slave_1: entered allmulticast mode
[  759.221620][T31221] bridge_slave_1: entered promiscuous mode
[  759.307261][T31249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9233'.
[  759.407549][T31221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  759.466372][T31221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  759.528219][T29973] bridge_slave_1: left allmulticast mode
[  759.533986][T29973] bridge_slave_1: left promiscuous mode
[  759.539832][T29973] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.547905][T29973] bridge_slave_0: left allmulticast mode
[  759.553663][T29973] bridge_slave_0: left promiscuous mode
[  759.559426][T29973] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.625959][T31264] loop5: detected capacity change from 0 to 2048
[  759.655408][T31264] Alternate GPT is invalid, using primary GPT.
[  759.661816][T31264]  loop5: p1 p2 p3
[  759.665627][T31264] loop5: partition table partially beyond EOD, truncated
[  759.709983][T31264] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9239'.
[  759.855779][T29973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  759.866225][T29973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  759.875432][T29973] bond0 (unregistering): Released all slaves
[  759.974248][T31221] team0: Port device team_slave_0 added
[  759.984346][T31221] team0: Port device team_slave_1 added
[  760.006370][T31221] batman_adv: batadv0: Adding interface: batadv_slave_0
[  760.013432][T31221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  760.039448][T31221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  760.092288][T29973] tipc: Left network mode
[  760.175047][T31221] batman_adv: batadv0: Adding interface: batadv_slave_1
[  760.182062][T31221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  760.208118][T31221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  760.232292][T29973] hsr_slave_0: left promiscuous mode
[  760.238335][T29973] hsr_slave_1: left promiscuous mode
[  760.247857][T31269] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9241'.
[  760.287771][T29973] team0 (unregistering): Port device team_slave_1 removed
[  760.297803][T29973] team0 (unregistering): Port device team_slave_0 removed
[  760.379304][T31221] hsr_slave_0: entered promiscuous mode
[  760.385513][T31221] hsr_slave_1: entered promiscuous mode
[  760.391498][T31221] debugfs: 'hsr0' already exists in 'hsr'
[  760.397263][T31221] Cannot create hsr debugfs directory
[  760.435185][T31275] netlink: 'syz.0.9243': attribute type 10 has an invalid length.
[  760.443123][T31275] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9243'.
[  760.580027][T31287] SELinux: ebitmap: truncated map
[  760.604111][T31287] SELinux: failed to load policy
[  760.663778][   T29] kauditd_printk_skb: 971 callbacks suppressed
[  760.663798][   T29] audit: type=1400 audit(1762274551.606:111985): avc:  denied  { bind } for  pid=31299 comm="syz.3.9253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  760.699255][T29973] IPVS: stop unused estimator thread 0...
[  760.724774][   T29] audit: type=1400 audit(1762274551.606:111986): avc:  denied  { create } for  pid=31301 comm="syz.5.9254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  760.744546][   T29] audit: type=1400 audit(1762274551.606:111987): avc:  denied  { ioctl } for  pid=31301 comm="syz.5.9254" path="socket:[119220]" dev="sockfs" ino=119220 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  760.753487][T31308] netlink: 'syz.5.9257': attribute type 2 has an invalid length.
[  760.769645][   T29] audit: type=1400 audit(1762274551.606:111988): avc:  denied  { bind } for  pid=31301 comm="syz.5.9254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  760.777400][T31308] netlink: 'syz.5.9257': attribute type 1 has an invalid length.
[  760.804687][   T29] audit: type=1400 audit(1762274551.606:111989): avc:  denied  { connect } for  pid=31301 comm="syz.5.9254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  760.824610][   T29] audit: type=1400 audit(1762274551.636:111990): avc:  denied  { create } for  pid=31304 comm="syz.1.9256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  760.844849][   T29] audit: type=1400 audit(1762274551.636:111991): avc:  denied  { setopt } for  pid=31299 comm="syz.3.9253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  760.905009][   T29] audit: type=1400 audit(1762274551.846:111992): avc:  denied  { create } for  pid=31315 comm="syz.5.9261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  760.996316][   T29] audit: type=1400 audit(1762274551.846:111993): avc:  denied  { write } for  pid=31315 comm="syz.5.9261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  761.016954][   T29] audit: type=1400 audit(1762274551.876:111994): avc:  denied  { create } for  pid=31304 comm="syz.1.9256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  761.063448][T31221] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  761.076856][T31221] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  761.094239][T31329] lo: entered promiscuous mode
[  761.099089][T31329] lo: entered allmulticast mode
[  761.105429][T31329] tunl0: entered promiscuous mode
[  761.110547][T31329] tunl0: entered allmulticast mode
[  761.117283][T31329] gre0: entered promiscuous mode
[  761.122314][T31329] gre0: entered allmulticast mode
[  761.153861][T31329] gretap0: entered promiscuous mode
[  761.159168][T31329] gretap0: entered allmulticast mode
[  761.166121][T31329] erspan0: entered promiscuous mode
[  761.171534][T31329] erspan0: entered allmulticast mode
[  761.178137][T31329] ip_vti0: entered promiscuous mode
[  761.181105][T31312] raw_sendmsg: syz.3.9258 forgot to set AF_INET. Fix it!
[  761.183468][T31329] ip_vti0: entered allmulticast mode
[  761.184658][T31329] ip6_vti0: entered promiscuous mode
[  761.201265][T31329] ip6_vti0: entered allmulticast mode
[  761.208243][T31329] sit0: entered promiscuous mode
[  761.213282][T31329] sit0: entered allmulticast mode
[  761.221253][T31329] ip6tnl0: entered promiscuous mode
[  761.226565][T31329] ip6tnl0: entered allmulticast mode
[  761.233557][T31329] ip6gre0: entered promiscuous mode
[  761.238877][T31329] ip6gre0: entered allmulticast mode
[  761.246005][T31329] syz_tun: entered promiscuous mode
[  761.251367][T31329] syz_tun: entered allmulticast mode
[  761.258656][T31329] ip6gretap0: entered promiscuous mode
[  761.264230][T31329] ip6gretap0: entered allmulticast mode
[  761.271315][T31329] bridge0: entered promiscuous mode
[  761.276588][T31329] bridge0: entered allmulticast mode
[  761.282702][T31329] vcan0: entered promiscuous mode
[  761.289173][T31329] bond0: entered promiscuous mode
[  761.294257][T31329] bond_slave_0: entered promiscuous mode
[  761.300035][T31329] bond_slave_1: entered promiscuous mode
[  761.306055][T31329] bond0: entered allmulticast mode
[  761.311261][T31329] bond_slave_0: entered allmulticast mode
[  761.317050][T31329] bond_slave_1: entered allmulticast mode
[  761.323655][T31329] 8021q: adding VLAN 0 to HW filter on device bond0
[  761.332384][T31329] team0: entered promiscuous mode
[  761.337492][T31329] team_slave_0: entered promiscuous mode
[  761.343273][T31329] team_slave_1: entered promiscuous mode
[  761.348994][T31329] team0: entered allmulticast mode
[  761.354128][T31329] team_slave_0: entered allmulticast mode
[  761.359900][T31329] team_slave_1: entered allmulticast mode
[  761.366053][T31329] 8021q: adding VLAN 0 to HW filter on device team0
[  761.374345][T31329] dummy0: entered promiscuous mode
[  761.379534][T31329] dummy0: entered allmulticast mode
[  761.385852][T31329] nlmon0: entered promiscuous mode
[  761.391105][T31329] nlmon0: entered allmulticast mode
[  761.397480][T31329] caif0: entered promiscuous mode
[  761.402532][T31329] caif0: entered allmulticast mode
[  761.407726][T31329] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  761.427078][T31221] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  761.437754][T31221] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  761.501717][T31221] 8021q: adding VLAN 0 to HW filter on device bond0
[  761.521916][T31221] 8021q: adding VLAN 0 to HW filter on device team0
[  761.532294][T29973] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.539431][T29973] bridge0: port 1(bridge_slave_0) entered forwarding state
[  761.540801][T31359] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20002
[  761.554577][ T7346] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.561684][ T7346] bridge0: port 2(bridge_slave_1) entered forwarding state
[  761.640093][T31221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  761.717531][T31221] veth0_vlan: entered promiscuous mode
[  761.728288][T31221] veth1_vlan: entered promiscuous mode
[  761.745209][T31221] veth0_macvtap: entered promiscuous mode
[  761.753123][T31221] veth1_macvtap: entered promiscuous mode
[  761.764180][T31221] batman_adv: batadv0: Interface activated: batadv_slave_0
[  761.775663][T31221] batman_adv: batadv0: Interface activated: batadv_slave_1
[  761.787106][   T52] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  761.798842][   T52] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  761.815825][   T52] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  761.829554][   T52] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  762.127496][T31404] chnl_net:caif_netlink_parms(): no params data found
[  762.183267][T31404] bridge0: port 1(bridge_slave_0) entered blocking state
[  762.190393][T31404] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.198015][T31404] bridge_slave_0: entered allmulticast mode
[  762.204580][T31404] bridge_slave_0: entered promiscuous mode
[  762.211681][T31404] bridge0: port 2(bridge_slave_1) entered blocking state
[  762.218895][T31404] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.226318][T31404] bridge_slave_1: entered allmulticast mode
[  762.233353][T31404] bridge_slave_1: entered promiscuous mode
[  762.288296][T31441] syzkaller0: entered promiscuous mode
[  762.293917][T31441] syzkaller0: entered allmulticast mode
[  762.301468][T31404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  762.320454][T31404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.369218][T31404] team0: Port device team_slave_0 added
[  762.383914][T31404] team0: Port device team_slave_1 added
[  762.494789][T31404] batman_adv: batadv0: Adding interface: batadv_slave_0
[  762.501843][T31404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  762.528125][T31404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  762.537376][T31574] netlink: 'syz.1.9294': attribute type 8 has an invalid length.
[  762.542667][T31404] batman_adv: batadv0: Adding interface: batadv_slave_1
[  762.553592][T31404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  762.579629][T31404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  762.643687][T31404] hsr_slave_0: entered promiscuous mode
[  762.656629][T31404] hsr_slave_1: entered promiscuous mode
[  762.664676][T31404] debugfs: 'hsr0' already exists in 'hsr'
[  762.670450][T31404] Cannot create hsr debugfs directory
[  762.676474][T29973] bridge0: port 3(batadv0) entered disabled state
[  762.684223][T29973] bridge_slave_1: left allmulticast mode
[  762.690110][T29973] bridge_slave_1: left promiscuous mode
[  762.695942][T29973] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.703749][T29973] bridge_slave_0: left allmulticast mode
[  762.709407][T29973] bridge_slave_0: left promiscuous mode
[  762.715246][T29973] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.004628][T29973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  763.013548][T29973] bond_slave_0: left promiscuous mode
[  763.019109][T29973] bond_slave_0: left allmulticast mode
[  763.025389][T29973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  763.034603][T29973] bond_slave_1: left promiscuous mode
[  763.040122][T29973] bond_slave_1: left allmulticast mode
[  763.046070][T29973] bond0 (unregistering): Released all slaves
[  763.116171][T29973] tipc: Left network mode
[  763.146263][T29973] hsr_slave_0: left promiscuous mode
[  763.161152][T29973] hsr_slave_1: left promiscuous mode
[  763.171092][T29973] batman_adv: batadv0: Removing interface: batadv_slave_0
[  763.179131][T29973] batman_adv: batadv0: Removing interface: batadv_slave_1
[  763.223679][T29973] team_slave_1 (unregistering): left promiscuous mode
[  763.230482][T29973] team_slave_1 (unregistering): left allmulticast mode
[  763.239214][T29973] team0 (unregistering): Port device team_slave_1 removed
[  763.249545][T29973] team_slave_0 (unregistering): left promiscuous mode
[  763.256425][T29973] team_slave_0 (unregistering): left allmulticast mode
[  763.264427][T29973] team0 (unregistering): Port device team_slave_0 removed
[  763.316485][T31619] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  763.398247][T31622] syzkaller0: entered promiscuous mode
[  763.403825][T31622] syzkaller0: entered allmulticast mode
[  763.487524][T31632] loop3: detected capacity change from 0 to 2048
[  763.531377][T31632] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  763.568953][T31632] ext4 filesystem being mounted at /611/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  763.585174][   T52] Bluetooth: hci0: Frame reassembly failed (-84)
[  763.674739][T31647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  763.683601][T31647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  763.707384][T31647] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.9316: bg 0: block 345: padding at end of block bitmap is not set
[  763.722322][T31647] EXT4-fs (loop3): Remounting filesystem read-only
[  763.788870][T31404] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  763.799501][T31404] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  763.813404][T31404] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  763.827188][T31404] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  763.867072][T31404] 8021q: adding VLAN 0 to HW filter on device bond0
[  763.880401][T31404] 8021q: adding VLAN 0 to HW filter on device team0
[  763.890878][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.898106][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  763.910543][T29903] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.917683][T29903] bridge0: port 2(bridge_slave_1) entered forwarding state
[  763.987960][T31404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  764.065318][T31404] veth0_vlan: entered promiscuous mode
[  764.079480][T31404] veth1_vlan: entered promiscuous mode
[  764.098484][T31404] veth0_macvtap: entered promiscuous mode
[  764.106744][T31404] veth1_macvtap: entered promiscuous mode
[  764.119328][T31404] batman_adv: batadv0: Interface activated: batadv_slave_0
[  764.139620][T31404] batman_adv: batadv0: Interface activated: batadv_slave_1
[  764.150646][ T7346] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  764.160186][ T7346] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  764.170509][ T7346] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  764.179794][ T7346] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  764.351362][T21832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  764.393595][T31709] __nla_validate_parse: 5 callbacks suppressed
[  764.393610][T31709] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9339'.
[  764.440215][T31711] loop5: detected capacity change from 0 to 1024
[  764.572410][T31712] chnl_net:caif_netlink_parms(): no params data found
[  764.610921][T31712] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.618175][T31712] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.625447][T31712] bridge_slave_0: entered allmulticast mode
[  764.632179][T31712] bridge_slave_0: entered promiscuous mode
[  764.639351][T31712] bridge0: port 2(bridge_slave_1) entered blocking state
[  764.646556][T31712] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.654072][T31712] bridge_slave_1: entered allmulticast mode
[  764.660840][T31712] bridge_slave_1: entered promiscuous mode
[  764.682520][T31712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  764.694757][T31712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  764.715062][T31712] team0: Port device team_slave_0 added
[  764.721894][T31712] team0: Port device team_slave_1 added
[  764.741099][T31712] batman_adv: batadv0: Adding interface: batadv_slave_0
[  764.748240][T31712] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  764.774230][T31712] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  764.785900][T31712] batman_adv: batadv0: Adding interface: batadv_slave_1
[  764.792973][T31712] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  764.818938][T31712] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  764.852889][T31712] hsr_slave_0: entered promiscuous mode
[  764.859079][T31712] hsr_slave_1: entered promiscuous mode
[  764.862132][T31734] loop5: detected capacity change from 0 to 2048
[  764.865199][T31712] debugfs: 'hsr0' already exists in 'hsr'
[  764.876818][T31712] Cannot create hsr debugfs directory
[  764.943714][T31734] Alternate GPT is invalid, using primary GPT.
[  764.950110][T31734]  loop5: p1 p2 p3
[  764.953969][T31734] loop5: partition table partially beyond EOD, truncated
[  764.983586][T31734] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9344'.
[  765.199111][T29973] IPVS: stop unused estimator thread 0...
[  765.210904][T31712] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  765.219823][T31712] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  765.234695][T31712] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  765.245131][T31712] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  765.283445][T31712] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.290534][T31712] bridge0: port 2(bridge_slave_1) entered forwarding state
[  765.297951][T31712] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.305031][T31712] bridge0: port 1(bridge_slave_0) entered forwarding state
[  765.340580][T31712] 8021q: adding VLAN 0 to HW filter on device bond0
[  765.351836][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.360642][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.382301][T31712] 8021q: adding VLAN 0 to HW filter on device team0
[  765.393590][ T4012] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.400677][ T4012] bridge0: port 1(bridge_slave_0) entered forwarding state
[  765.414024][ T4012] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.421172][ T4012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  765.498174][T31712] 8021q: adding VLAN 0 to HW filter on device batadv0
[  765.591690][T31712] veth0_vlan: entered promiscuous mode
[  765.602920][T31712] veth1_vlan: entered promiscuous mode
[  765.619729][T31712] veth0_macvtap: entered promiscuous mode
[  765.629305][T31712] veth1_macvtap: entered promiscuous mode
[  765.642426][T31712] batman_adv: batadv0: Interface activated: batadv_slave_0
[  765.642899][ T4412] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  765.649799][T24487] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  765.655832][ T4412] Bluetooth: hci0: command 0x1003 tx timeout
[  765.671329][T31712] batman_adv: batadv0: Interface activated: batadv_slave_1
[  765.683627][T29973] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  765.692388][T29973] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  765.709800][T29973] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  765.726786][T29973] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  765.761751][   T29] kauditd_printk_skb: 269 callbacks suppressed
[  765.761769][   T29] audit: type=1326 audit(1762274556.696:112264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.776305][T31762] loop3: detected capacity change from 0 to 512
[  765.792638][   T29] audit: type=1326 audit(1762274556.696:112265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.821991][   T29] audit: type=1326 audit(1762274556.706:112266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.846830][   T29] audit: type=1326 audit(1762274556.746:112267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.854024][T31762] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6).
[  765.870554][   T29] audit: type=1326 audit(1762274556.746:112268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.882343][T31767] lo: entered promiscuous mode
[  765.904705][   T29] audit: type=1326 audit(1762274556.746:112269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.909216][T31767] lo: entered allmulticast mode
[  765.933090][   T29] audit: type=1326 audit(1762274556.746:112270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.942003][T31767] tunl0: entered promiscuous mode
[  765.961500][   T29] audit: type=1326 audit(1762274556.746:112271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  765.966677][T31767] tunl0: entered allmulticast mode
[  765.990292][   T29] audit: type=1326 audit(1762274556.746:112272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31761 comm="syz.5.9348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  766.020116][T31762] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  766.020765][T31767] gre0: entered promiscuous mode
[  766.040147][T31767] gre0: entered allmulticast mode
[  766.042991][T31762] EXT4-fs (loop3): mount failed
[  766.047977][T31767] gretap0: entered promiscuous mode
[  766.055492][T31767] gretap0: entered allmulticast mode
[  766.062131][T31767] erspan0: entered promiscuous mode
[  766.067566][T31767] erspan0: entered allmulticast mode
[  766.074281][T31767] ip_vti0: entered promiscuous mode
[  766.079516][T31767] ip_vti0: entered allmulticast mode
[  766.086483][T31767] ip6_vti0: entered promiscuous mode
[  766.091832][T31767] ip6_vti0: entered allmulticast mode
[  766.099146][T31767] sit0: entered promiscuous mode
[  766.104417][T31767] sit0: entered allmulticast mode
[  766.113945][T31771] loop5: detected capacity change from 0 to 2048
[  766.114611][T31767] ip6tnl0: entered promiscuous mode
[  766.125618][T31767] ip6tnl0: entered allmulticast mode
[  766.132603][T31767] ip6gre0: entered promiscuous mode
[  766.135140][T31771] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  766.138167][T31767] ip6gre0: entered allmulticast mode
[  766.151841][T31771] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  766.157664][T31767] syz_tun: entered promiscuous mode
[  766.170983][T31767] syz_tun: entered allmulticast mode
[  766.178488][T31767] ip6gretap0: entered promiscuous mode
[  766.184040][T31767] ip6gretap0: entered allmulticast mode
[  766.191349][T31767] bridge0: entered promiscuous mode
[  766.196743][T31767] bridge0: entered allmulticast mode
[  766.204077][T31767] vcan0: entered promiscuous mode
[  766.209230][T31767] vcan0: entered allmulticast mode
[  766.216798][T31767] bond0: entered promiscuous mode
[  766.221954][T31767] bond_slave_0: entered promiscuous mode
[  766.227868][T31767] bond_slave_1: entered promiscuous mode
[  766.233662][T31767] bond0: entered allmulticast mode
[  766.238803][T31767] bond_slave_0: entered allmulticast mode
[  766.244572][T31767] bond_slave_1: entered allmulticast mode
[  766.256089][T31776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  766.268245][T31776] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  766.290151][T31776] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.9348: bg 0: block 345: padding at end of block bitmap is not set
[  766.290826][T31767] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.305263][T31776] EXT4-fs (loop5): Remounting filesystem read-only
[  766.340461][T31767] team0: entered promiscuous mode
[  766.345692][T31767] team_slave_0: entered promiscuous mode
[  766.351515][T31767] team_slave_1: entered promiscuous mode
[  766.357263][T31767] team0: entered allmulticast mode
[  766.362392][T31767] team_slave_0: entered allmulticast mode
[  766.368223][T31767] team_slave_1: entered allmulticast mode
[  766.375474][T31767] 8021q: adding VLAN 0 to HW filter on device team0
[  766.387836][T31767] dummy0: entered promiscuous mode
[  766.393355][T31767] dummy0: entered allmulticast mode
[  766.401081][T31767] nlmon0: entered promiscuous mode
[  766.406252][T31767] nlmon0: entered allmulticast mode
[  766.414179][T31767] caif0: entered promiscuous mode
[  766.419261][T31767] caif0: entered allmulticast mode
[  766.424492][T31767] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  766.474852][T31773] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  766.504583][T31784] syzkaller0: entered promiscuous mode
[  766.510168][T31784] syzkaller0: entered allmulticast mode
[  766.582540][T30247] Bluetooth: hci0: Frame reassembly failed (-84)
[  766.866004][T31804] netlink: 'syz.2.9358': attribute type 13 has an invalid length.
[  766.990310][T31804] bridge0: port 2(bridge_slave_1) entered disabled state
[  766.997742][T31804] bridge0: port 1(bridge_slave_0) entered disabled state
[  767.102272][T31804] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  767.125417][T31804] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  767.264032][ T7346] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  767.305732][ T7346] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  767.335710][ T7346] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  767.366839][ T7346] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  767.441956][T31831] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  767.459369][T31830] netlink: 'syz.0.9367': attribute type 10 has an invalid length.
[  767.467629][T31830] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9367'.
[  767.478534][T31830] batadv0: entered promiscuous mode
[  767.484011][T31830] batadv0: entered allmulticast mode
[  767.503679][T31830] bridge0: port 3(batadv0) entered blocking state
[  767.510201][T31830] bridge0: port 3(batadv0) entered disabled state
[  767.526081][T31830] bridge0: port 3(batadv0) entered blocking state
[  767.532837][T31830] bridge0: port 3(batadv0) entered forwarding state
[  767.780550][ T4012] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  767.790123][ T4012] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  768.159191][T31888] netlink: 'syz.0.9392': attribute type 10 has an invalid length.
[  768.167390][T31888] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9392'.
[  768.362454][T31909] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.538975][T31925] netlink: 'syz.1.9408': attribute type 10 has an invalid length.
[  768.546886][T31925] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9408'.
[  768.625828][T31928] loop2: detected capacity change from 0 to 2048
[  768.642866][ T6059] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  768.648992][T24487] Bluetooth: hci0: command 0x1003 tx timeout
[  768.694599][T31928] Alternate GPT is invalid, using primary GPT.
[  768.701035][T31928]  loop2: p1 p2 p3
[  768.704826][T31928] loop2: partition table partially beyond EOD, truncated
[  768.759532][T31928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9407'.
[  768.793663][T29009] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  768.793794][T31936] syzkaller0: entered promiscuous mode
[  768.808251][T31936] syzkaller0: entered allmulticast mode
[  768.918192][ T7346] Bluetooth: hci0: Frame reassembly failed (-84)
[  768.972451][T31960] netlink: 'syz.0.9421': attribute type 10 has an invalid length.
[  768.980374][T31960] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9421'.
[  769.440330][T31975] syzkaller0: entered promiscuous mode
[  769.445986][T31975] syzkaller0: entered allmulticast mode
[  769.499663][T31981] tipc: Started in network mode
[  769.504740][T31981] tipc: Node identity 0ea1ad345ced, cluster identity 4711
[  769.510057][T31983] netlink: 'syz.0.9431': attribute type 10 has an invalid length.
[  769.511997][T31981] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  769.539632][T31983] bridge0: port 3(batadv0) entered disabled state
[  769.546804][T31983] batadv0: left allmulticast mode
[  769.551887][T31983] batadv0: left promiscuous mode
[  769.557052][T31983] bridge0: port 3(batadv0) entered disabled state
[  769.564799][T31984] netlink: 'syz.0.9431': attribute type 10 has an invalid length.
[  769.572655][T31984] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9431'.
[  769.583650][T31983] 8021q: adding VLAN 0 to HW filter on device batadv0
[  769.592174][T31983] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  769.601119][T31981] syzkaller0: entered promiscuous mode
[  769.606698][T31981] syzkaller0: entered allmulticast mode
[  769.639989][T31984] batadv0: entered promiscuous mode
[  769.645526][T31984] batadv0: entered allmulticast mode
[  769.653090][T31984] bond0: (slave batadv0): Releasing backup interface
[  769.662208][T31984] bridge0: port 3(batadv0) entered blocking state
[  769.668786][T31984] bridge0: port 3(batadv0) entered disabled state
[  769.683446][T31981] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  769.712402][T31981] tipc: Resetting bearer <eth:syzkaller0>
[  769.718267][T31981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  769.735606][T31980] tipc: Resetting bearer <eth:syzkaller0>
[  769.742405][T31980] tipc: Disabling bearer <eth:syzkaller0>
[  770.018684][T32011] syzkaller0: entered promiscuous mode
[  770.024445][T32011] syzkaller0: entered allmulticast mode
[  770.175379][T32025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9447'.
[  770.366061][T32041] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  770.385552][T32041] SELinux: failed to load policy
[  770.399553][T32045] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  770.471250][T32047] syzkaller0: entered promiscuous mode
[  770.476816][T32047] syzkaller0: entered allmulticast mode
[  770.568024][T32054] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9459'.
[  770.830772][T32074] netlink: 'syz.0.9468': attribute type 10 has an invalid length.
[  770.852511][T32074] batadv0: left allmulticast mode
[  770.857686][T32074] batadv0: left promiscuous mode
[  770.862940][T32074] bridge0: port 3(batadv0) entered disabled state
[  770.870786][T32074] 8021q: adding VLAN 0 to HW filter on device batadv0
[  770.879363][T32074] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  770.888868][T32076] netlink: 'syz.0.9468': attribute type 10 has an invalid length.
[  770.896830][T32076] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9468'.
[  770.922875][T32076] batadv0: entered promiscuous mode
[  770.928506][T32076] batadv0: entered allmulticast mode
[  770.934933][T32076] bond0: (slave batadv0): Releasing backup interface
[  770.943654][T32076] bridge0: port 3(batadv0) entered blocking state
[  770.950210][T32076] bridge0: port 3(batadv0) entered disabled state
[  770.978911][T32080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9470'.
[  771.004979][ T6059] Bluetooth: hci0: command 0x1003 tx timeout
[  771.011036][T24487] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  771.193741][T32090] tipc: Started in network mode
[  771.198680][T32090] tipc: Node identity 0e451846c966, cluster identity 4711
[  771.206108][T32090] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  771.239407][T32090] syzkaller0: entered promiscuous mode
[  771.245120][T32090] syzkaller0: entered allmulticast mode
[  771.263055][T32090] tipc: Resetting bearer <eth:syzkaller0>
[  771.285354][T32089] tipc: Resetting bearer <eth:syzkaller0>
[  771.301328][T32089] tipc: Disabling bearer <eth:syzkaller0>
[  771.423045][  T340] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  771.432348][  T340] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  771.462346][   T29] kauditd_printk_skb: 1510 callbacks suppressed
[  771.462361][   T29] audit: type=1326 audit(1762274562.396:113783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.492550][   T29] audit: type=1326 audit(1762274562.396:113784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.516426][   T29] audit: type=1326 audit(1762274562.396:113785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.545620][   T29] audit: type=1326 audit(1762274562.396:113786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.570050][   T29] audit: type=1326 audit(1762274562.396:113787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.593782][   T29] audit: type=1326 audit(1762274562.396:113788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.617504][   T29] audit: type=1326 audit(1762274562.396:113789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.621350][T32112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9482'.
[  771.641551][   T29] audit: type=1326 audit(1762274562.396:113790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.674358][   T29] audit: type=1326 audit(1762274562.396:113791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  771.698144][   T29] audit: type=1326 audit(1762274562.396:113792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32107 comm="syz.5.9481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6e0f08f6c9 code=0x7ffc0000
[  772.078985][T32138] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9493'.
[  772.242744][T32147] tipc: Started in network mode
[  772.247677][T32147] tipc: Node identity 1acec8412e8c, cluster identity 4711
[  772.254969][T32147] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  772.297589][T32155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9500'.
[  772.318119][T32147] syzkaller0: entered promiscuous mode
[  772.323701][T32147] syzkaller0: entered allmulticast mode
[  772.344264][T32158] tipc: Resetting bearer <eth:syzkaller0>
[  772.375366][T32164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9504'.
[  772.391750][T32145] tipc: Resetting bearer <eth:syzkaller0>
[  772.398739][T32145] tipc: Disabling bearer <eth:syzkaller0>
[  772.624788][T32192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9513'.
[  772.718098][T32200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  772.742863][T32200] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  773.408330][T32248] loop3: detected capacity change from 0 to 512
[  773.424230][T32248] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  773.440473][T32248] EXT4-fs (loop3): mount failed
[  773.471821][T32253] loop3: detected capacity change from 0 to 128
[  773.478955][T32253] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  773.494389][T32253] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  773.516831][  T340] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  773.562831][ T6059] Bluetooth: hci0: command 0x1003 tx timeout
[  773.562800][T24487] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  773.562963][ T6059] ==================================================================
[  773.583109][ T6059] BUG: KCSAN: data-race in _prb_read_valid / prb_reserve
[  773.590262][ T6059] 
[  773.592598][ T6059] write to 0xffffffff868ece00 of 88 bytes by task 24487 on cpu 1:
[  773.600427][ T6059]  prb_reserve+0x695/0xaf0
[  773.604874][ T6059]  vprintk_store+0x56d/0x860
[  773.609572][ T6059]  vprintk_emit+0x10d/0x580
[  773.614099][ T6059]  vprintk_default+0x26/0x30
[  773.618718][ T6059]  vprintk+0x1d/0x30
[  773.622640][ T6059]  _printk+0x79/0xa0
[  773.626571][ T6059]  bt_err+0x9d/0xd0
[  773.630415][ T6059]  hci_dev_open_sync+0xfa4/0x2290
[  773.635479][ T6059]  hci_power_on+0xef/0x390
[  773.639930][ T6059]  process_scheduled_works+0x4ce/0x9d0
[  773.643181][T32259] syzkaller0: entered promiscuous mode
[  773.645431][ T6059]  worker_thread+0x582/0x770
[  773.645459][ T6059]  kthread+0x489/0x510
[  773.645481][ T6059]  ret_from_fork+0x122/0x1b0
[  773.645503][ T6059]  ret_from_fork_asm+0x1a/0x30
[  773.650968][T32259] syzkaller0: entered allmulticast mode
[  773.655547][ T6059] 
[  773.655555][ T6059] read to 0xffffffff868ece00 of 8 bytes by task 6059 on cpu 0:
[  773.655577][ T6059]  _prb_read_valid+0x1c4/0x920
[  773.689135][ T6059]  prb_final_commit+0x136/0x1e0
[  773.694008][ T6059]  vprintk_store+0x741/0x860
[  773.698614][ T6059]  vprintk_emit+0x10d/0x580
[  773.703140][ T6059]  vprintk_default+0x26/0x30
[  773.707846][ T6059]  vprintk+0x1d/0x30
[  773.711775][ T6059]  _printk+0x79/0xa0
[  773.715709][ T6059]  bt_err+0x9d/0xd0
[  773.719557][ T6059]  hci_cmd_timeout+0x97/0x140
[  773.724279][ T6059]  process_scheduled_works+0x4ce/0x9d0
[  773.729765][ T6059]  worker_thread+0x582/0x770
[  773.734468][ T6059]  kthread+0x489/0x510
[  773.738568][ T6059]  ret_from_fork+0x122/0x1b0
[  773.743180][ T6059]  ret_from_fork_asm+0x1a/0x30
[  773.748064][ T6059] 
[  773.750403][ T6059] value changed: 0x0000000000002f66 -> 0x0000000000004f66
[  773.757521][ T6059] 
[  773.759851][ T6059] Reported by Kernel Concurrency Sanitizer on:
[  773.766100][ T6059] CPU: 0 UID: 0 PID: 6059 Comm: kworker/u9:3 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  773.777584][ T6059] Tainted: [W]=WARN
[  773.781388][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  773.791447][ T6059] Workqueue: hci0 hci_cmd_timeout
[  773.796497][ T6059] ==================================================================