last executing test programs:

3m44.892828558s ago: executing program 4 (id=38):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mount$incfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='d'])

3m44.833283229s ago: executing program 4 (id=42):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

3m44.7968368s ago: executing program 4 (id=45):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r0}, 0x10)
setitimer(0x0, 0x0, 0x0)

3m44.686333692s ago: executing program 4 (id=49):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
syz_open_procfs(r0, &(0x7f0000000040)='fdinfo\x00')

3m44.686203952s ago: executing program 32 (id=49):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
syz_open_procfs(r0, &(0x7f0000000040)='fdinfo\x00')

3m29.295272157s ago: executing program 33 (id=632):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)

3m18.321889909s ago: executing program 34 (id=903):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x7}})
write$uinput_user_dev(r0, &(0x7f0000000380)={'syz0\x00', {0xff, 0x4, 0x8003, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x9, 0x80, 0x54, 0x7fffdfff, 0xffffffff, 0xc, 0x8, 0x9, 0x9, 0x3, 0x7, 0x40000, 0x1a, 0x26, 0x2, 0x0, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x200, 0xfffffffd, 0x1, 0x1, 0x1, 0x7, 0x9, 0xd, 0x7, 0x9, 0x10, 0x9, 0xb4d, 0x0, 0x800, 0x3, 0x2, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x10008, 0xffffffff, 0x1, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x1], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x80000001, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0xb, 0x7ff, 0x7ff, 0x5, 0x9, 0xc00, 0x89, 0x7ff, 0x4, 0x1, 0x10000, 0x9, 0x9, 0x4d26, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x81, 0x4b, 0x7d, 0x6, 0xb, 0x4, 0x9, 0x1, 0x8d1, 0x100008fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x2004, 0x401, 0x80000001, 0x7f, 0x9], [0x8396, 0x7, 0x10000, 0x9, 0x8000, 0x1, 0x9, 0xe, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x6e, 0x8001, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc7, 0x5, 0x3, 0x0, 0x2, 0x8001, 0xc, 0x5, 0xb10, 0x1e, 0x3, 0x800, 0x80008, 0x9, 0x3, 0x200, 0xfffffff7, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x200, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x4, 0xfdff, 0xd5d, 0xa0c787d, 0xffffff4e, 0x9, 0x6, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x16], [0x10000010, 0x7, 0x7, 0x2, 0xa5e, 0xfe, 0x103, 0x8, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x3, 0x103, 0x3, 0xcc, 0x6, 0x4000400, 0xc, 0xfffffffa, 0x40, 0x80000000, 0x4, 0x4, 0xfff, 0x40, 0x9, 0x4, 0x9, 0x1, 0x0, 0x7, 0x6, 0x3, 0x1, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffefffff, 0x37d, 0xfffffff8, 0xd, 0x7, 0xd, 0x8, 0x0, 0x0, 0x8, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

2m51.639393536s ago: executing program 6 (id=1740):
r0 = inotify_init()
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000180)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
poll(&(0x7f0000000140)=[{r1, 0x12}], 0x1, 0x79)
close_range(r0, 0xffffffffffffffff, 0x0)

2m51.545764187s ago: executing program 6 (id=1742):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), &(0x7f0000000300)=""/180}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10)
setitimer(0x2, 0x0, 0x0)

2m51.526617478s ago: executing program 6 (id=1743):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0)

2m51.500617258s ago: executing program 6 (id=1745):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x28, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x8001}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)

2m51.301984502s ago: executing program 6 (id=1748):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x0, 0x940c, 0x3002, 0x288, 0x2c0, 0x398, 0x3d8, 0x3d8, 0x398, 0x3d8, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, @private2, [0xff000000, 0xff000000, 0xffffffff, 0xff000000], [0xff, 0xffffffff, 0xffffffff], 'veth1_to_team\x00', 'macsec0\x00', {}, {}, 0x62, 0x61, 0x0, 0x8}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x5, 0x2, 0x6, 'snmp_trap\x00', 'syz0\x00', {0x9}}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x1, 0x0, 0x0, 'snmp\x00', 'syz1\x00', {0xe}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c3a2b0304000e0580a7b6070d63e286a5cefe", 0x5ac)

2m51.301790282s ago: executing program 35 (id=1748):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x0, 0x940c, 0x3002, 0x288, 0x2c0, 0x398, 0x3d8, 0x3d8, 0x398, 0x3d8, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, @private2, [0xff000000, 0xff000000, 0xffffffff, 0xff000000], [0xff, 0xffffffff, 0xffffffff], 'veth1_to_team\x00', 'macsec0\x00', {}, {}, 0x62, 0x61, 0x0, 0x8}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x5, 0x2, 0x6, 'snmp_trap\x00', 'syz0\x00', {0x9}}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x1, 0x0, 0x0, 'snmp\x00', 'syz1\x00', {0xe}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c3a2b0304000e0580a7b6070d63e286a5cefe", 0x5ac)

2m48.300901911s ago: executing program 5 (id=1858):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000002480)="26260fc75f3bf20f1ad9f3aef2f30f090f01c90f784cec0f01c2baf80c66b8e20d068ebafc0c0fb24a24ef66b9800000c00f326635000800000b308c728c72580200000f32", 0x45}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m48.176007753s ago: executing program 5 (id=1861):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x5, 0x0, 0x4}, 0x3, r3}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x44041}, 0x0)

2m48.159921283s ago: executing program 5 (id=1862):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
r0 = open(0x0, 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1d4)
getdents64(r1, 0xfffffffffffffffe, 0xffffffffffffff15)

2m48.002025766s ago: executing program 5 (id=1868):
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000080)={{0x2, 0x6e23, @loopback}, {0x20000010304, @local}, 0x14, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}})
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f00000001c0)=0x7f, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

2m47.173981712s ago: executing program 5 (id=1878):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f0000000240), 0x3, 0x4e6, &(0x7f0000001240)="$eJzs3d9rXFkdAPDvnSRt2qZNqj7UgrVoJS3amaSxbfChRhB9Kljre4zJJIRMMiEzaZtQJMU/QBB/oU8+6YPgswjSP0GEgr6LLLuU3bbLsg+7O8tM7mzT2ZlkQpNMmvl84PTec+7N/Z4z0zkz557LvQF0rYsRMRERPRFxJSIG0/JMmmJjM1X3e/7s4XQ1JVGp3H03iSQtqx8rSZen0j/rj4gf/zDiZ8nn45bW1hemCoX8SprPlReXc6W19avzi1Nz+bn80sTY6I3xm+PXx0f2rK23vv/Wb3/55x/c+ue37v9v8p3LP69WayDdtrUd7dhoc7/NpvfVXou63ohY2U2wQ6wnbU9fpysCAEBbqr/xvxARX4uIF39o3OpXHQAAABwFle8OxEdJRKVSqZyplwEAAABHSqZ2DWySyabXAgxEJpPNbl7D+6U4mSkUS+VvzhZXl2Y2r5Udir7M7HwhP5JeKzwUfUk1P1pbf5m/1pAfi4izEfHrwRO1fHa6WJjp8LkPAAAA6BanGsb/7w9ujv8BAACAI2ao0xUAAAAA9p3xPwAAABx9Lcf/Se/BVgQAAADYDz+6fbuaKvXnX8/cW1tdKN67OpMvLWQXV6ez08WV5excsThXu2ff4k7HKxSLy9+OpdUHuXK+VM6V1tYnF4urS+XJ2nO9J/OeKAgAAAAH7+xXH/83iYiN75yopapj6bY2xuoT+1s7YD9ldrd7sl/1AA5eT6crAHSMC3yhe5mPB3YY2P+mIb/L0wYAAMBhMPzl15r/Nx8IbzADeehe5v+he5n/h+5l/h+63PGdd+lvteFfbRzfWUIAADgUBmopyWTTucCByGSy2YjTtccC9CWz84X8SESciYj/DPYdr+ZHO11pAAAAAAAAAAAAAAAAAAAAAAAAAHjDVCpJVAAAAIAjLSLzdpI+omt48NJA4/mBY8mHg7VlRNz/493fPZgql1dGq+XvfVZe/n1afq0TZzAAAACARvVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB76fmzh9P1dJBxn34vIoaaxe+N/tqy/++DEXHyRRK9W/4uiYiePYi/8SgizjWLn1SrFUMfbNaiMX4mIk4cRPxoHf/UHsSHbva42v9MNPv8ZeJibdn889ebptf19GKr/i9T7/9q/Vyz/u90mzHOP/lbrmX8RxHne5v3P/X4yWv2vz/9yfp6q22VP0UMN/3+SV6JlSsvLudKa+tX5xen5vJz+aWxsdEb4zfHr4+P5GbnC/n036YxfvWVf3yyXftPtog/tEP7L7XZ/o+fPHj2xW3iX/568/f/3Dbxq6/9N9Lvger24fr6xub6Vhf++u8LDUXHtsafadH+nd7/y222/8qdX/y/zV0BgANQWltfmCoU8itWjuxK7wHEqv9/OiRN7uqVv2wtuZO+Mbs+Tuf6JAAAYH+8/NHf6ZoAAAAAAAAAAAAAAAAAAABA93rlpl89EbHXdyM7/uqdBfo711QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG19GgAA//9UPsbW")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
read$FUSE(r0, &(0x7f0000001800)={0x2020}, 0xeffd)

2m47.129850903s ago: executing program 36 (id=1878):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f0000000240), 0x3, 0x4e6, &(0x7f0000001240)="$eJzs3d9rXFkdAPDvnSRt2qZNqj7UgrVoJS3amaSxbfChRhB9Kljre4zJJIRMMiEzaZtQJMU/QBB/oU8+6YPgswjSP0GEgr6LLLuU3bbLsg+7O8tM7mzT2ZlkQpNMmvl84PTec+7N/Z4z0zkz557LvQF0rYsRMRERPRFxJSIG0/JMmmJjM1X3e/7s4XQ1JVGp3H03iSQtqx8rSZen0j/rj4gf/zDiZ8nn45bW1hemCoX8SprPlReXc6W19avzi1Nz+bn80sTY6I3xm+PXx0f2rK23vv/Wb3/55x/c+ue37v9v8p3LP69WayDdtrUd7dhoc7/NpvfVXou63ohY2U2wQ6wnbU9fpysCAEBbqr/xvxARX4uIF39o3OpXHQAAABwFle8OxEdJRKVSqZyplwEAAABHSqZ2DWySyabXAgxEJpPNbl7D+6U4mSkUS+VvzhZXl2Y2r5Udir7M7HwhP5JeKzwUfUk1P1pbf5m/1pAfi4izEfHrwRO1fHa6WJjp8LkPAAAA6BanGsb/7w9ujv8BAACAI2ao0xUAAAAA9p3xPwAAABx9Lcf/Se/BVgQAAADYDz+6fbuaKvXnX8/cW1tdKN67OpMvLWQXV6ez08WV5excsThXu2ff4k7HKxSLy9+OpdUHuXK+VM6V1tYnF4urS+XJ2nO9J/OeKAgAAAAH7+xXH/83iYiN75yopapj6bY2xuoT+1s7YD9ldrd7sl/1AA5eT6crAHSMC3yhe5mPB3YY2P+mIb/L0wYAAMBhMPzl15r/Nx8IbzADeehe5v+he5n/h+5l/h+63PGdd+lvteFfbRzfWUIAADgUBmopyWTTucCByGSy2YjTtccC9CWz84X8SESciYj/DPYdr+ZHO11pAAAAAAAAAAAAAAAAAAAAAAAAAHjDVCpJVAAAAIAjLSLzdpI+omt48NJA4/mBY8mHg7VlRNz/493fPZgql1dGq+XvfVZe/n1afq0TZzAAAACARvVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB76fmzh9P1dJBxn34vIoaaxe+N/tqy/++DEXHyRRK9W/4uiYiePYi/8SgizjWLn1SrFUMfbNaiMX4mIk4cRPxoHf/UHsSHbva42v9MNPv8ZeJibdn889ebptf19GKr/i9T7/9q/Vyz/u90mzHOP/lbrmX8RxHne5v3P/X4yWv2vz/9yfp6q22VP0UMN/3+SV6JlSsvLudKa+tX5xen5vJz+aWxsdEb4zfHr4+P5GbnC/n036YxfvWVf3yyXftPtog/tEP7L7XZ/o+fPHj2xW3iX/568/f/3Dbxq6/9N9Lvger24fr6xub6Vhf++u8LDUXHtsafadH+nd7/y222/8qdX/y/zV0BgANQWltfmCoU8itWjuxK7wHEqv9/OiRN7uqVv2wtuZO+Mbs+Tuf6JAAAYH+8/NHf6ZoAAAAAAAAAAAAAAAAAAABA93rlpl89EbHXdyM7/uqdBfo711QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG19GgAA//9UPsbW")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
read$FUSE(r0, &(0x7f0000001800)={0x2020}, 0xeffd)

1m17.44056631s ago: executing program 9 (id=4802):
r0 = socket(0x1, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f0000000180), &(0x7f0000000340)=r0}, 0x20)

1m17.4206871s ago: executing program 9 (id=4804):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
readahead(0xffffffffffffffff, 0x5, 0x9)

1m17.366789072s ago: executing program 9 (id=4806):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800714, &(0x7f0000000a40)={[{@journal_path={'journal_path', 0x3d, './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}]}, 0x0, 0x4b6, &(0x7f0000001400)="$eJzs3M1rHOUfAPDvbF763uTXX622thqtYvAladKqPXhQUfCgIOihHmOS1tptI00EW4KNIvUoBe/iUfAv8OZF1IMIXhU8SqFoEJp6kMjMzjTJZrPZvHWb7OcDm32emWfzPN+ZeXafnWdnAmhZPemfJGJ3RPwaEV2V7MICPZWnmenJ4VvTk8NJzM6+8WeSlbs5PTlcFC1etyvP9JYiSp8k8XyyuN7xS5fPDZXLoxfzfP/E+ff6xy9dfurs+aEzo2dGLwyePHni+MCzzww+3UgYbcsVSOO6eejDscMHX3nr2mvDp669/cPXabMOHKmsnx/Hsm4VAU3VLdaTbrW/ZjPV6x5tuLLNYc+8dNLexIawImnHSXdXR9b/u6It5nZeV7z8cVMbB2yo9LNp29Krp2aBLSyJZrcAaI7igz79/ls87tDQ465w44WIzqicr5iZnhyeuR1/e5TyMh0bWH9PRJya+ueL9BErPQ8BALAK2djmyVrjv1IcyJ4rcx178zmU7oj4X0Tsi4j/R8T+iLgnIit7b0TcV3nxbFeD9fdU5RePf0rXa7Z5naTjv+dibuw3My/+/Km7Lc/tyeLvSE6fLY8ey7dJb3RsS/MDder49qVfPltq3fzxX/pI6y/GgnkDrrdXnaAbGZoYWq+NcOOjiEPtteJPbs8EpEfAwYg4FIvnserYWyTOPv7V4aUKLR9/HeswzzT7ZcRjlf0/FVXxF5L685P926M8eqy/OCoW+/Hnq68vWDBvtnJN8a+DdP/vXHj8V5Xo+jupzNd2RLk8enF85XVc/e3TJb/TrOT4Lw759PjvTN7M5qx/eqeyoz4Ympi4OBDRmbyalenMy2bLB+f+W5Evyqfx9x6t3f/35a9JK7g/ItKD+EhEPBARD+ZtfygiHo6Io3Xi//7FR96tE38SSTR1/4/UfP+7ffx3J/Pn61eRaDv33Tc1fgKQaWz/n8hm2nvzJdn73zIabeAaNx8AAABsCqWI2B1Jqa+S7tkdpVJfX+U3/PtjZ6k8Nj7xxOmx9y+MVK4R6I6OUnGmq2ve+dCBpPgtfCU/mJ8rLtYfz88bf962I8v3DY+VR5ocO7S6XQv7fxT9P/XHslfVAJue67WgdVX3/1KT2gHceY18/vsuAFtTjf6/oxntAO483/+hddXq/1eq8sb/sDW1L0r8XuOWdcBWZPwPrUv/h9al/0NLWst1/atPFBcLrP7/bG/4Cv+GEsU7YFO2RoOJK/XLFHe82Mhm7Ii5JVG6OzZLzcS/+e0t75b2rDmR9pgFSyKS2NBK5+6hAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJn9FwAA//9TYejO")
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)

1m17.357879262s ago: executing program 9 (id=4808):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r0, &(0x7f0000000080)='\x00\x00', 0xfdef, 0x8080, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0x39000, 0x0)
write$binfmt_elf64(r2, &(0x7f0000001b40)=ANY=[], 0xfffffe3e)

1m16.801750762s ago: executing program 37 (id=4847):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000400), &(0x7f00000004c0)='%pI4   \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20)

1m16.781075713s ago: executing program 2 (id=4851):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)=r0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

1m16.768287413s ago: executing program 2 (id=4852):
r0 = gettid()
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000), 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000805}, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1m16.745419193s ago: executing program 4 (id=4848):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r2, 0x0, 0x1000, 0x0)
splice(r0, 0x0, r4, 0x0, 0x80, 0x0)
write$binfmt_aout(r1, &(0x7f00000004c0)=ANY=[], 0x120)

1m16.720990734s ago: executing program 38 (id=4848):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r2, 0x0, 0x1000, 0x0)
splice(r0, 0x0, r4, 0x0, 0x80, 0x0)
write$binfmt_aout(r1, &(0x7f00000004c0)=ANY=[], 0x120)

1m16.655067665s ago: executing program 39 (id=4853):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x1}, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8002}, 0x4)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x2000}, 0x4)

1m16.578017707s ago: executing program 40 (id=4854):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000022c0)='\x00\x00\x03\x01\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x02\x00g\x00\x00\x00\x80\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-\xac\x99\xb8\xd2<Z l\xdfDh\xa1\x99Bj<\r\x87\xa3\xd1?$\x8b\x02\x00\x00\x00h\x1b\x01\x00\x00\x00\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc4\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0HdO\xb9\xa2\x1d\x13\x8fCha\xb3\x95wl},\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80Z\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9\x13f=\xbd\x03\xe8\xbex:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13\xba\x00|g]7\xdc\xe9=\"\xe4\x90[<Y4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6\x8f\x85fGGV&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146\'Z\x83H\xabF\x18<\x86h\x01=\x03\\\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&@\x00\x00\x00rT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\xd7c\t(\xf2\x93\x8d\\\x91\xef\xab(Jck\xdf\xa3 \x16\x9bH=\x01\x7f\x02\x1dF3\x7f\xd15\xa8\xd2\x94\xa7\xe9\xbd\xdc\x16\xe1Z\x9c\xe3\xeb9\x8f\xfdC\x0e\xd3]\xb5\xfdB\\\xd2\xfe\xf6H\x8ai}kDM\xbd\xfcJ{T{@i/\xb7x\xc5z\xfds\x85\xef\x1f\xf0t\xf5\xaf\xb21F\x01\xe0\x86\xde\x88\xb8\x8f \xfc\xcd\xba\xea\x16\xc1J\xb7\xe3\x04m\x0e\xaf\xd6\x88\xd6XX\xba\x8a\xdb\xeda\x83.H\xe3\x86\x03\t\xcb\xdc\x80\xee\x0ec\x12\x8a\x92\x11\xb6\xcc#\x10\xec\xfd\xbb\xd3\\\xc8\x88\x04,\'\x14\xbf\x84\x16\xb3\x8f,6\xc6D\xae\xa1\xf9\xe7@\xac\xaa\x104\x8b\x8eQ8\x11\xa7|\x87\xe2\xccrj%\xc4r&\r\a\xa7\xda\xf5\'V\x89\xe6\xa4\x05\xde\xf5\xaa@\xec\xe2\xf6\xb5x\xa1w\n\xda\xf2\xd67\xc6%\x0f[sF\xb6\xaeS>\xe9^\xd4\xf03\xe9.\xc4\xd5\xe0\r\xa1Q\xa8\xf2\xa2`zs\'k\xd4pV\xab&%\xf8\x8a\x80\x9d\"\xf3\xcc\xd2i\xc8\xd8\xc6\xbeD\xda\x86?\xf9\x13\xe5L`R\xe8Vq\xa3\nD\x9f\xe4M\xe6\xab\xdd!=%\x06z$\x99\';O\xfc\xf0u\x83\v<H\x8cmD\x8e\x9e\x18\xf7\xac\xa5\x17\x89\xc6\x88\x86\xe9\x15\x87WV\xfbF\xb1\x1fo\x85t\xf1\r\x8a\x9c\xe8\xac^\x19cp\xcceJ\xa6\x0e_\aE\bZ\x9f\xfa\xdf$\xad\xf0\xa5E\xeb\xd6\x80\xb7 \rd\xcc\x92\b\x01\x1bG\xb4su\x90\xcfs\x18LQ\x81^\x17\x80\xca\xdc\xe2\xb3\x01\x85\xa4r\x87G\xb8\x92\xdaJt\xa2g\xb7Azy+\x8f\xee\xb9\xa9\xa6\x04\xd1a\xca1~\x03\xbc\x87\xd1\xbaY\xf3\x8ai\xff[\xde\xde\xc6\xb1\xb9T{\xe2>\x83\a8\xfe<\x9e\xa8\xfe\xca`D\x91\x81!QT$\x05T\x85\xd6\xe9!\xb9wfL\x12\xa8\xb0\xb0\x86\xc2\xa1\xf7\x05i\xf5\xf0\r\xe7h\xdaD\xcb\xd4\x87\x84\xe5\xc7r;.\xf0\xed\x17\x83Nn\xb7\x0f!u}J)\xa1\xa1\x16\xc5`Z,\xa3\xcf\xfdy\aH\x06\x14l\x92x\xdbB=\xcc\xcdfpi\xe5\x04=HQ\xeaE-v\x02\x0eY\x8e\xbf\xec\x16\xc4G\xea\x8bS\x8e\xd5f\xdcj\xe1\x86\xf9s\x90\xe5\xf9\x89\xc0\xf3\xcd;r4j]\x9b\xdf\xf5\xe9\x82\xe1\xdb\x11\xb3\b\xa2Y\xdb\\\xc1H\xc3\xcf\xb1W\xe9(\xee\x18\xca\xda\xf5p,\x16\xbc\x17\xfe\xd8\n\xe1\xa1&=+)\xf9Vd\x11\xf6hX\xbe\x85O=\xe2\x9f~I\xa1\"\xa9\xd9\x19\xa2\\\xb8>f\xe2Jh+u\x90\x13\x94\x12\xc8X\xd7\xb4\xf1JS0FN\xa0\xda\xb6ez`\x9a\xea\xcf^\xa5\x17{\v\xe8n\xe9 \xc0/D\t\x7f\xd8\xad\xf2e\xff\x8b\x16p\x0f\xe4\x1a/\xe1\x96\xd2\xae\x94\x0e5\xb0b+\xac\x14\xaa\xb0\xb7\xa5.\x15\x8a\xca\xb5~=D-\x90\xc1\xbf\x05\xb9\xd5\x86\xeb\xd2#\xda\xc132\'\xfc!%\x94\x1f\xbfL)\xc2c\xa8\xef\x152\x8d\xef\xde\xbe\xab\xf5g\x80\x02G>\xf5\x04a-\xff\x06X+\xc1\xd3\xb1\xcdn\x15p\xdf\xd8.\x89\x95{\xb6+:`\x9c\xcf2\x01\x1d1\xf7\xe6\x7f\x1f\xf5\xb0\xb9\t2\x14\x81\x99\xb8@7y\xb4\xce\xf1]\a\x03y\xc5F\xfa\xae\xd1O\x7f7\xa7\xc1\xb2.~B\xe8@G\xd1\xd9R~\x1b\xf7\xa8\x86\xa7\xc1\b\x9ej\x01\xf4\xb7\xd2\x0e\xc2\x15S\x19\xd7\xd4\xe6\xaf!\xf8_\x8aEOp@>4\xd7\xcf\x11\xe0;\x99}QmE\xdd\xa69)Q\x9e\xb9\'\x97\x9b\xe7\xa4?Ed\x9c\x7fE\xba5\x90\xc07\x96S\x9d\xe1\x84\xfa\x1a\xd6\x9a\x15\xd1o \xc0\xd28\x01\xa7\x99\x85q\xbd\x80\x00\x00\x00\x00\x00\x00\x00H\x0f\xbbT\xd5\xb3\xf4\xcd<\x8a\x01\x19\xd0|B\f0\xf8i\xd3\x1bJke\t\x8b7Q\x1dQ&\x96H\x05\xec\x80\xf0\xab\x8f\x94{\x9d+\xefs\x1c\xfck\xf7q\x10\xf6\x16\xbc\xe7\x93\x0f\x7f\xcd\xa7b\xbe\x88\xcc\xb6^\x93\xa9P\xf3\xa3\xe4Az=\xe0+Q\x9e\xb5\x11\xb3\xc1\xa8P0+\xc9\xa1\xdbU~J$\xa4\x03\x11\x1aa~\x9du\x8f\x8d\xbcI\x85k\xa0\xae\xf6\xa0\x94r\xfb\xe3\xaa\xd4\xf0\x99\x06\xe1i\x1f\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\\\xb2/R\xedI2e5\x88(\xc0+^\xe7G\x17\x03^\xd7g\xb9n\x8c2\xb3\x12\x91\x86b\t\xd0R\x01\xda$Y\x85\x02&\x95FC\xc8\xd9')
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000040)='\x00\x000\x10\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcbgQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00'/700)

1m16.576313657s ago: executing program 2 (id=4856):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r2, 0x80487436, 0xfffffffffffffffd)

1m16.522038038s ago: executing program 2 (id=4857):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xb, 0x9}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0x3}}]}}]}, 0x3c}}, 0x20040054)

1m16.513645808s ago: executing program 9 (id=4858):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = epoll_create1(0x80000)
r2 = fcntl$dupfd(r0, 0x406, r1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x60000006})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x601d})

1m16.513415438s ago: executing program 6 (id=4855):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r3, r2}, 0xc)

1m16.447402769s ago: executing program 41 (id=4855):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r3, r2}, 0xc)

1m16.443792619s ago: executing program 2 (id=4860):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

1m16.378056741s ago: executing program 9 (id=4861):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000540)=""/229, 0xe5}], 0x1}, 0x40010002)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f00000007c0)}, 0x20)
write$cgroup_pid(r0, 0x0, 0x0)

1m16.377741701s ago: executing program 2 (id=4862):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10)
io_setup(0x3, &(0x7f0000000340))

1m16.339192501s ago: executing program 42 (id=4861):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000540)=""/229, 0xe5}], 0x1}, 0x40010002)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f00000007c0)}, 0x20)
write$cgroup_pid(r0, 0x0, 0x0)

1m16.334791461s ago: executing program 5 (id=4859):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xf000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x3000, 0xa, 0xfe, 0x0, 0x7, 0x4, 0x0, 0x0, 0x1, 0x0, 0x77}, {0x0, 0x0, 0x0, 0x8, 0x0, 0xb8, 0x83, 0x0, 0x5, 0xe, 0x0, 0x3}, {0x8080000, 0xeeee2000, 0xa, 0xfd, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0xdf}, {0x1000, 0x0, 0xa, 0x0, 0x0, 0x80, 0x0, 0x20, 0x0, 0x0, 0x1a, 0xa8}, {0x10000, 0xd000, 0xb, 0x20, 0x0, 0xb4, 0x9, 0x1a, 0x0, 0xfc, 0x2, 0xfe}, {0x6000, 0xd000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xff}, {0x0, 0x80a0000, 0x4, 0x82, 0x0, 0x10, 0x4, 0xe, 0x0, 0x0, 0x0, 0x10}, {0x6000, 0x9}, {0x1, 0xfffe}, 0x0, 0x0, 0x0, 0x40020, 0x0, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x3]})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="64000000000101040000000014"], 0x64}}, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4140aecd, &(0x7f0000000100)=ANY=[])

1m16.295044482s ago: executing program 43 (id=4859):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xf000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x3000, 0xa, 0xfe, 0x0, 0x7, 0x4, 0x0, 0x0, 0x1, 0x0, 0x77}, {0x0, 0x0, 0x0, 0x8, 0x0, 0xb8, 0x83, 0x0, 0x5, 0xe, 0x0, 0x3}, {0x8080000, 0xeeee2000, 0xa, 0xfd, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0xdf}, {0x1000, 0x0, 0xa, 0x0, 0x0, 0x80, 0x0, 0x20, 0x0, 0x0, 0x1a, 0xa8}, {0x10000, 0xd000, 0xb, 0x20, 0x0, 0xb4, 0x9, 0x1a, 0x0, 0xfc, 0x2, 0xfe}, {0x6000, 0xd000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xff}, {0x0, 0x80a0000, 0x4, 0x82, 0x0, 0x10, 0x4, 0xe, 0x0, 0x0, 0x0, 0x10}, {0x6000, 0x9}, {0x1, 0xfffe}, 0x0, 0x0, 0x0, 0x40020, 0x0, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x3]})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="64000000000101040000000014"], 0x64}}, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4140aecd, &(0x7f0000000100)=ANY=[])

1m16.273854993s ago: executing program 44 (id=4862):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10)
io_setup(0x3, &(0x7f0000000340))

1m16.174159055s ago: executing program 4 (id=4864):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_alloc\x00', r2}, 0x18)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)

1m16.108502356s ago: executing program 45 (id=4864):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_alloc\x00', r2}, 0x18)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)

3.202178328s ago: executing program 8 (id=6998):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x2}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)

2.971974802s ago: executing program 8 (id=7000):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000140)="66ba2100ec430f00994798b213b9240a00000f32b885a08d80ef66bafc0cb000ee0f30f3400f09660f38803f8f23c00f21f835020002000f23f8c40279134e9ac4c17b110d010000000f01c5", 0x4c}], 0x1, 0x5, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000006c0)={0x0, 0x0, @pic={0x2, 0x9f, 0xb3, 0x5, 0x28, 0x4e, 0xd, 0xe, 0xe, 0x3, 0xc0, 0x6, 0xa, 0x1, 0x8}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.825171155s ago: executing program 8 (id=7004):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r3, 0x54583}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80)

2.782610616s ago: executing program 8 (id=7006):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20004880}, 0xc000)
syz_clone(0x80881000, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
vmsplice(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)='y\'9', 0x3}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6704c4551d31f68}, 0x40080)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)

2.776668876s ago: executing program 8 (id=7009):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x11, &(0x7f0000000a00)={@broadcast, @local, @void, {@llc={0x4, {@llc={0xff, 0xff, '\a'}}}}}, 0x0)

2.737330696s ago: executing program 8 (id=7011):
syz_usb_connect$uac1(0x0, 0xa5, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x93, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3ff, 0x4}, [@feature_unit={0x13, 0x24, 0x6, 0x4, 0x0, 0x6, [0x9, 0x1, 0x0, 0x5, 0x1, 0x7]}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x1ff, 0x0, 0x0, 0xfc}, @selector_unit={0x9, 0x24, 0x5, 0x3, 0x0, "f8431cfd"}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x307, 0x6, 0x4}, @selector_unit={0x6, 0x24, 0x5, 0x4, 0x0, '\x00'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x4, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x100}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000001100"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4000, 0x10, @mcast1, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0x5aa}], 0x1)

1.462820111s ago: executing program 3 (id=7051):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x3000002, 0x14, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881cae811852806175d63892a15234fbcd7a88a0a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2053db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000811800028004000100100003800c"], 0x44}}, 0x0)

1.433023772s ago: executing program 3 (id=7054):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x2c, r3, 0x1, 0x70bd2a, 0x0, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x2c}}, 0x0)

1.390063483s ago: executing program 3 (id=7056):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x101, 0x7ffc, 0xcc}, 0x50)

1.263245655s ago: executing program 3 (id=7065):
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
ptrace(0x10, r0)
ptrace$peeksig(0x4209, r0, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0))

1.194773877s ago: executing program 0 (id=7067):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x20800, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x18)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.105390508s ago: executing program 0 (id=7072):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10)
fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1, 0x1, 0x0, 0xffffffff})

1.091333608s ago: executing program 0 (id=7074):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x5, 0xf, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffff7}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r0}, &(0x7f0000000b40), &(0x7f0000000b80)=r3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000002}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000b00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.065192329s ago: executing program 0 (id=7077):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
sendto$inet6(r0, &(0x7f0000000140)="8a", 0x1, 0x8001, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x406, r0)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4801}, 0x4000)
getsockopt$inet6_tcp_buf(r0, 0x6, 0xb, 0x0, &(0x7f00000001c0))

714.984956ms ago: executing program 1 (id=7088):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
recvmmsg(r1, &(0x7f0000005200)=[{{0x0, 0x0, 0x0}, 0x88b1}], 0x1, 0x40000120, 0x0)
write$bt_hci(r1, &(0x7f0000000340)=ANY=[], 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)

686.950856ms ago: executing program 1 (id=7090):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

660.305937ms ago: executing program 1 (id=7093):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000540)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@mblk_io_submit}, {@bh}, {@auto_da_alloc}, {@barrier}, {@test_dummy_encryption}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

348.330803ms ago: executing program 3 (id=7099):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='fib6_table_lookup\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000580)='fib6_table_lookup\x00', r2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28)

243.123235ms ago: executing program 7 (id=7101):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x1}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@delqdisc={0x24, 0x25, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xd, 0x2}, {0x9, 0xfff1}, {0xa, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)

240.110325ms ago: executing program 1 (id=7102):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
syz_clone(0x500, 0x0, 0x0, 0x0, 0x0, 0x0)

182.099196ms ago: executing program 7 (id=7103):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x30, r4, 0x1, 0x70bd29, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)

180.068196ms ago: executing program 7 (id=7104):
pwritev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000380)="bfb110d12f", 0x5}], 0x1, 0x9333, 0x5)
mkdir(&(0x7f0000000040)='./file0\x00', 0x6c)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)})
mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0xc058671e, &(0x7f00000000c0))

177.597856ms ago: executing program 3 (id=7105):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000680)='sched_switch\x00', r0}, 0x10)
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
io_submit(r1, 0x0, 0x0)
io_destroy(r1)

152.200037ms ago: executing program 0 (id=7106):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000027000100000000000000000a01"], 0x50}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

83.103658ms ago: executing program 7 (id=7107):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001a80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e)

62.733169ms ago: executing program 1 (id=7108):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000400)='signal_generate\x00', r2}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

62.213909ms ago: executing program 7 (id=7109):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x2040400)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}, 0x2, 0x1}}, 0x2e)
getsockopt(r2, 0x111, 0x4, 0x0, &(0x7f0000000080))

27.544959ms ago: executing program 1 (id=7110):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='leases_conflict\x00', r2}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)

944.749µs ago: executing program 0 (id=7111):
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x4002, &(0x7f0000000140)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@delalloc}, {@errors_remount}]}, 0x1, 0x7a2, &(0x7f0000000f80)="$eJzs3ctrG9caAPBvZDuOk9xrX7hwb7oyFFpDiFynbtJCFyldlEIDgXbdxMiKSS1bwZJDbAxNKIVuCn0tCu0m6z7SXbd9bNv/oouS0IcTmtJFcRlp5Ki25CipJRn8+8HY58xD53w6M2fOaAYpgH1rPP2TizgaEe8kEaPZ/CQihmqpwYjT9fXurq8V0imJjY2Xf0lq69xZXytE0zapw1nm/xHxzZsRx3Lby62srM7PlErFpSw/WV24NFlZWT1+cWFmrjhXXDw5NT194tRTp07uXqy/fb965Na7Lzz++ek/3vjfjbe/TeJ0HMmWNcexW8ZjPHtPhtK38G+e3+3C+izpdwV4KOmhOVA/yuNojMZALdXGSC9rBgB0ywYAsA8lxgAAsM80Pge4s75WaEz9/USit356LiIO1uNv3N+sLxnM7tkdrN0HPXQnqd0ZadwdSSJibBfKH4+Ij7989dN0iqwd3EsDeuHqtYg4Pza+vf9Ptj2zkNl4fTM5vONrP7HTwo36tuNbZu+38w/001fp+OfpVuO/3Ob4J5rGPw3DLY7dh3H/4z93cxeKaSsd/z3b9Gzb3ab4M2MDWe5ftTHfUHLhYqmY9m3/joiJGBpO81O1VTdHbsnVpjImbv95u135zeO/X9977ZO0/PT/vTVyNwe3dLOzM9WZXQk+jf9axCODreJPNts/afHoTzrvbIdlvPjMWx+1W5bGn8bbmLbH310b1yMea9n+90bhyY7PJ07WdofJxk7Rwhc/fHioXfnN7Z9OafmNa4FeSNs/rVzSPv6xpPl5zcqDl/Hd9dGv2y27f/yt9/8DySu19IFs3pWZanVpKuJA8tL2+SfubdvIN9ZP4594tPXxXy+2vv9v7f/Sa8LzHcY/eOvnzx4+/u5K45/def/f0v4Pnrhxd36gXfmdtf90LTWRzemk/+u0gv/kvQMAAAAAAAAAAAAAAAAAAAAAAACATuUi4kgkufxmOpfL5+u/4f3fOJQrlSvVYxfKy4uzUfut7LEYyjW+6nK06ftQp7Lvw2/kT2zJPxkR/4mID4ZHavl8oVya7XfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJA53Ob3/1M/Dve7dgBA1xzsdwUAgJ5z/geA/efBzv8jXasHANA7rv8BYP/p+Px/vrv1AAB6x/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXb2zJl02vh9fa2Q5mcvryzPly8fny1W5vMLy4V8obx0KT9XLs+VivlCeWFzw/e3vNDV+r9SuXxpOhaXr0xWi5XqZGVl9dxCeXmxeu7iwsxc8VxxqKfRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBnKiur8zOlUnFJYsfEyN6oxp5JDMaeqIZE1xLNvcRI/zooAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD3urwAAAP//mFguzQ==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)

0s ago: executing program 7 (id=7112):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
writev(r1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

th1_to_batadv: link becomes ready
[  174.786491][T12257] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12257 comm=syz.0.4916
[  174.866601][T12271] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd
[  174.931440][T12286] 9pnet: p9_errstr2errno: server reported unknown error �@í¬
[  175.193843][   T19] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  175.233936][T12310] input: syz1 as /devices/virtual/input/input35
[  175.404767][   T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.414894][   T19] usb 2-1: config 0 has no interfaces?
[  175.421596][   T19] usb 2-1: New USB device found, idVendor=04e2, idProduct=141a, bcdDevice=ca.10
[  175.433247][   T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.433797][  T503] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  175.441467][   T19] usb 2-1: Product: syz
[  175.454555][   T19] usb 2-1: Manufacturer: syz
[  175.459164][   T19] usb 2-1: SerialNumber: syz
[  175.465258][   T19] usb 2-1: config 0 descriptor??
[  175.504433][T12330] xt_bpf: check failed: parse error
[  175.625740][  T503] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  175.635994][  T503] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  175.651182][  T503] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  175.660489][  T503] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.668699][  T503] usb 1-1: Product: syz
[  175.672959][  T503] usb 1-1: Manufacturer: syz
[  175.677748][  T503] usb 1-1: SerialNumber: syz
[  175.684043][  T503] rtl8150 1-1:1.0: couldn't find required endpoints
[  175.690747][  T503] rtl8150: probe of 1-1:1.0 failed with error -5
[  175.692998][ T5202] usb 2-1: USB disconnect, device number 7
[  175.773243][T12365] overlayfs: failed to clone upperpath
[  175.790474][T12361] loop3: detected capacity change from 0 to 40427
[  175.797642][T12361] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  175.805564][T12361] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  175.814945][T12361] F2FS-fs (loop3): invalid crc value
[  175.821450][T12361] F2FS-fs (loop3): Found nat_bits in checkpoint
[  175.859326][T12361] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  175.866593][T12361] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  175.888655][  T294] usb 1-1: USB disconnect, device number 20
[  175.898516][T12361] syz.3.4966: attempt to access beyond end of device
[  175.898516][T12361] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  176.344367][T12389] SELinux: failed to load policy
[  177.422107][T12430] loop0: detected capacity change from 0 to 512
[  177.439141][T12430] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  177.479252][T12432] kvm [12431]: vcpu2, guest rIP: 0x9140 Unhandled WRMSR(0x11e) = 0x340b
[  177.504718][T12432] kvm [12431]: vcpu2, guest rIP: 0x9140 Unhandled WRMSR(0x186) = 0x360b
[  177.510581][T12430] EXT4-fs (loop0): 1 truncate cleaned up
[  177.513261][T12432] kvm [12431]: vcpu2, guest rIP: 0x9140 Unhandled WRMSR(0x187) = 0x340b
[  177.534585][T12432] kvm [12431]: vcpu2, guest rIP: 0x9140 Unhandled WRMSR(0x1d9) = 0x360b
[  177.541166][T12430] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  177.616112][T12101] EXT4-fs (loop0): unmounting filesystem.
[  177.764966][T12462] loop8: detected capacity change from 0 to 1024
[  177.785117][T12462] EXT4-fs: Ignoring removed orlov option
[  177.788978][T12461] xt_bpf: check failed: parse error
[  177.851484][T12462] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  177.871118][T12472] loop3: detected capacity change from 0 to 512
[  177.878199][T12472] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  177.909660][T12462] EXT4-fs (loop8): unmounting filesystem.
[  177.925125][T12472] EXT4-fs (loop3): 1 truncate cleaned up
[  177.936887][T12472] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  177.956292][T12481] incfs: Options parsing error. -22
[  177.971114][T12481] incfs: mount failed -22
[  177.977099][T12102] EXT4-fs (loop3): unmounting filesystem.
[  178.049424][T12495] loop0: detected capacity change from 0 to 512
[  178.076313][T12495] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  178.103304][T12495] EXT4-fs (loop0): 1 truncate cleaned up
[  178.113021][T12495] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  178.160935][T12495] EXT4-fs error (device loop0): ext4_empty_dir:3177: inode #2: block 13: comm syz.0.5025: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  178.185293][T12495] EXT4-fs (loop0): Remounting filesystem read-only
[  178.222956][T12101] EXT4-fs (loop0): unmounting filesystem.
[  178.258910][T12517] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5036'.
[  178.284252][T12520] SELinux: security_context_str_to_sid () failed with errno=-22
[  178.359094][T12530] I/O error, dev loop15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  178.371717][T12530] FAT-fs (loop15): unable to read boot sector
[  178.473385][T12557] netlink: 'syz.3.5055': attribute type 4 has an invalid length.
[  178.502167][   T28] kauditd_printk_skb: 28 callbacks suppressed
[  178.502183][   T28] audit: type=1326 audit(1758606891.473:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.532562][T12557] netlink: 'syz.3.5055': attribute type 4 has an invalid length.
[  178.544491][   T28] audit: type=1326 audit(1758606891.513:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.586763][   T28] audit: type=1326 audit(1758606891.513:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.610643][   T28] audit: type=1326 audit(1758606891.513:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.640019][   T28] audit: type=1326 audit(1758606891.543:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.665391][   T28] audit: type=1326 audit(1758606891.543:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.690748][   T28] audit: type=1326 audit(1758606891.543:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.726437][   T28] audit: type=1326 audit(1758606891.543:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.774555][   T28] audit: type=1326 audit(1758606891.703:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f863272af79 code=0x7ffc0000
[  178.806192][   T28] audit: type=1326 audit(1758606891.703:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.0.5059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f863278eec9 code=0x7ffc0000
[  178.817823][T12592] loop8: detected capacity change from 0 to 128
[  178.838303][T12592] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  178.839388][T12590] loop1: detected capacity change from 0 to 512
[  178.847452][T12592] ext4 filesystem being mounted at /22/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  178.885905][T12590] ext3: Unknown parameter 'mask'
[  178.891924][T12592] EXT4-fs error (device loop8): htree_dirblock_to_tree:1112: inode #2: block 4: comm syz.8.5069: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[  178.918756][T12117] EXT4-fs (loop8): unmounting filesystem.
[  178.925626][T12597] loop0: detected capacity change from 0 to 512
[  178.932520][T12597] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  178.955604][T12597] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  178.971690][T12597] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  179.018739][T12101] EXT4-fs (loop0): unmounting filesystem.
[  179.358402][T12640] loop8: detected capacity change from 0 to 4096
[  179.388717][T12640] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  179.520964][T12117] EXT4-fs (loop8): unmounting filesystem.
[  179.600693][T12671] loop8: detected capacity change from 0 to 4096
[  179.607987][T12671] EXT4-fs (loop8): Test dummy encryption mode enabled
[  179.616841][T12671] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  179.689351][T12117] EXT4-fs (loop8): unmounting filesystem.
[  179.859334][T12683] loop8: detected capacity change from 0 to 40427
[  179.866249][T12683] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  179.874436][T12683] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  179.883530][T12683] F2FS-fs (loop8): invalid crc value
[  179.904012][T12683] F2FS-fs (loop8): Found nat_bits in checkpoint
[  179.939634][T12683] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  179.947616][T12683] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  179.992112][T12683] overlayfs: conflicting lowerdir path
[  180.023833][ T5624] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  180.220353][ T5624] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.232471][ T5624] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.251480][ T5624] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  180.264684][ T5624] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  180.273829][ T5624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.282526][ T5624] usb 4-1: config 0 descriptor??
[  180.393792][   T19] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  180.584869][   T19] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.595026][   T19] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  180.605495][   T19] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  180.614582][   T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.622589][   T19] usb 1-1: Product: syz
[  180.626761][   T19] usb 1-1: Manufacturer: syz
[  180.631342][   T19] usb 1-1: SerialNumber: syz
[  180.690174][ T5624] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving
[  180.698655][ T5624] plantronics 0003:047F:FFFF.0026: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  180.723777][ T5202] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  180.837989][   T19] usb 1-1: 0:2 : does not exist
[  180.844694][   T19] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  180.854719][   T19] usb 1-1: USB disconnect, device number 21
[  180.913765][ T5202] usb 2-1: Using ep0 maxpacket: 16
[  180.919884][ T5202] usb 2-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  180.929771][ T5202] usb 2-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  180.939613][ T5202] usb 2-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  180.952603][ T5202] usb 2-1: config 1 interface 0 has no altsetting 0
[  180.960442][ T5202] usb 2-1: New USB device found, idVendor=de25, idProduct=8517, bcdDevice= 0.4d
[  180.969652][ T5202] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.970173][ T5624] usb 4-1: USB disconnect, device number 4
[  180.977836][ T5202] usb 2-1: Product: syz
[  180.977853][ T5202] usb 2-1: Manufacturer: syz
[  180.977867][ T5202] usb 2-1: SerialNumber: syz
[  181.198943][ T5202] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 255 proto 1 vid 0xDE25 pid 0x8517
[  181.344986][T12768] SELinux:  Context  is not valid (left unmapped).
[  181.353484][T12770] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  181.361303][T12770] SELinux: failed to load policy
[  181.392440][T12776] loop0: detected capacity change from 0 to 2048
[  181.411730][T12780] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12780 comm=syz.8.5149
[  181.417921][ T5202] usb 2-1: USB disconnect, device number 8
[  181.431878][ T5202] usblp0: removed
[  181.437603][T12776] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  181.471203][ T5623] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0
[  181.479654][ T5623] hid-generic 0000:0000:0000.0027: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  181.533001][T12793] loop3: detected capacity change from 0 to 512
[  181.539998][T12793] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  181.550138][T12793] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.5154: iget: bad extended attribute block 851968
[  181.563315][T12793] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.5154: couldn't read orphan inode 15 (err -117)
[  181.578780][T12793] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  181.594402][T12793] EXT4-fs (loop3): shut down requested (2)
[  181.604814][T12796] netlink: 'syz.8.5155': attribute type 2 has an invalid length.
[  181.613353][T12102] EXT4-fs (loop3): unmounting filesystem.
[  181.679068][T12813] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5163'.
[  182.223331][T12883] loop8: detected capacity change from 0 to 128
[  182.373134][T12906] loop8: detected capacity change from 0 to 256
[  182.409256][T12912] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5208'.
[  182.797073][T12939] loop3: detected capacity change from 0 to 40427
[  182.804239][T12939] F2FS-fs (loop3): fault_injection options not supported
[  182.811755][T12939] F2FS-fs (loop3): invalid crc value
[  182.817967][T12939] F2FS-fs (loop3): Found nat_bits in checkpoint
[  182.835869][T12939] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  182.852253][T12102] syz-executor: attempt to access beyond end of device
[  182.852253][T12102] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  182.935387][T12946] loop1: detected capacity change from 0 to 4096
[  182.944469][T12946] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  182.991033][T12107] EXT4-fs (loop1): unmounting filesystem.
[  183.101371][T12964] loop1: detected capacity change from 0 to 2048
[  183.117628][T12964] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  183.134753][T12107] EXT4-fs (loop1): unmounting filesystem.
[  183.198454][T12981] loop1: detected capacity change from 0 to 1024
[  183.207031][T12981] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  183.227942][T12107] EXT4-fs (loop1): unmounting filesystem.
[  183.276771][T12992] loop1: detected capacity change from 0 to 512
[  183.284244][T12990] netlink: 96 bytes leftover after parsing attributes in process `syz.7.5240'.
[  183.310195][T12992] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  183.373478][T12107] EXT4-fs (loop1): unmounting filesystem.
[  183.395300][T13002] loop1: detected capacity change from 0 to 1024
[  183.402303][T13002] EXT4-fs: Ignoring removed orlov option
[  183.410560][T13002] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  183.502235][T13020] loop3: detected capacity change from 0 to 2048
[  183.509509][   T28] kauditd_printk_skb: 16 callbacks suppressed
[  183.509524][   T28] audit: type=1326 audit(183.494:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f858118db2a code=0x7ffc0000
[  183.540255][   T28] audit: type=1326 audit(183.494:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f858118eacb code=0x7ffc0000
[  183.563775][   T28] audit: type=1326 audit(183.494:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f858118eacb code=0x7ffc0000
[  183.583996][T13020] Alternate GPT is invalid, using primary GPT.
[  183.592808][T13020]  loop3: p1 p2 p3
[  183.599179][   T28] audit: type=1326 audit(183.574:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f858118d5ba code=0x7ffc0000
[  183.622889][   T28] audit: type=1326 audit(183.574:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f858118e447 code=0x7ffc0000
[  183.646176][   T28] audit: type=1326 audit(183.574:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f858118d5ba code=0x7ffc0000
[  183.669319][   T28] audit: type=1326 audit(183.574:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f858118e447 code=0x7ffc0000
[  183.692513][   T28] audit: type=1326 audit(183.574:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f858118d5ba code=0x7ffc0000
[  183.715966][   T28] audit: type=1326 audit(183.574:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f858118e447 code=0x7ffc0000
[  183.739091][   T28] audit: type=1326 audit(183.574:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f858118d5ba code=0x7ffc0000
[  184.152863][T13042] loop3: detected capacity change from 0 to 40427
[  184.161249][T13042] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  184.169368][T13042] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  184.179180][T13042] F2FS-fs (loop3): invalid crc value
[  184.186102][T13042] F2FS-fs (loop3): Found nat_bits in checkpoint
[  184.221833][T13042] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  184.229073][T13042] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  184.274925][T13042] overlayfs: conflicting lowerdir path
[  184.390509][T12101] EXT4-fs (loop0): unmounting filesystem.
[  184.404037][T12107] EXT4-fs (loop1): unmounting filesystem.
[  184.418298][ T5624] kernel write not supported for file bpf-map (pid: 5624 comm: kworker/1:13)
[  184.442549][T13052] netlink: 220 bytes leftover after parsing attributes in process `syz.1.5267'.
[  184.453583][T13052] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5267'.
[  184.463382][T13052] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5267'.
[  184.472760][T13052] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5267'.
[  184.482054][T13052] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5267'.
[  184.607241][T13079] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5279'.
[  184.616364][T13079] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5279'.
[  184.638901][T13082] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  184.648251][T13082] FAT-fs (loop7): unable to read boot sector
[  184.896759][T13113] device wireguard0 entered promiscuous mode
[  185.461022][T13174] loop3: detected capacity change from 0 to 40427
[  185.482742][T13174] F2FS-fs (loop3): LFS is not compatible with checkpoint=disable
[  185.653247][T13176] loop1: detected capacity change from 0 to 40427
[  185.668774][T13176] F2FS-fs (loop1): invalid crc value
[  185.671704][T13184] loop8: detected capacity change from 0 to 1024
[  185.698588][T13176] F2FS-fs (loop1): Found nat_bits in checkpoint
[  185.703552][T13172] overlayfs: failed to clone upperpath
[  185.726262][T13184] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  185.751656][T13194] syz.3.5329[13194] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  185.751737][T13194] syz.3.5329[13194] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  185.756296][T13196] xt_hashlimit: size too large, truncated to 1048576
[  185.782224][T12117] EXT4-fs (loop8): unmounting filesystem.
[  185.789282][T13176] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  185.871933][T12107] syz-executor: attempt to access beyond end of device
[  185.871933][T12107] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  186.270228][T13210] loop0: detected capacity change from 0 to 40427
[  186.287944][T13210] F2FS-fs (loop0): heap/no_heap options were deprecated
[  186.303772][T13210] F2FS-fs (loop0): invalid crc value
[  186.316130][T13210] F2FS-fs (loop0): Found nat_bits in checkpoint
[  186.396973][T13210] F2FS-fs (loop0): Start checkpoint disabled!
[  186.413264][T13210] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  186.491734][T13225] loop1: detected capacity change from 0 to 40427
[  186.508887][T13225] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  186.527501][T13225] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  186.549005][T13225] F2FS-fs (loop1): invalid crc value
[  186.594924][T13225] F2FS-fs (loop1): Found nat_bits in checkpoint
[  186.704218][T13225] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  186.714578][T13225] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  186.882204][ T3835] kworker/u4:119: attempt to access beyond end of device
[  186.882204][ T3835] loop0: rw=1, sector=77824, nr_sectors = 4096 limit=40427
[  186.925862][ T3835] kworker/u4:119: attempt to access beyond end of device
[  186.925862][ T3835] loop0: rw=1, sector=49152, nr_sectors = 1200 limit=40427
[  186.941544][ T3957] kworker/u4:241: attempt to access beyond end of device
[  186.941544][ T3957] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  187.414613][T13265] SELinux:  Context system_u:object_r:fixed_disk_device_t:s0 is not valid (left unmapped).
[  187.505059][T13276] netlink: 'syz.1.5363': attribute type 12 has an invalid length.
[  187.761288][T13298] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5373'.
[  187.785056][T13296] loop1: detected capacity change from 0 to 4096
[  187.819258][T13296] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  187.894995][T13304] loop3: detected capacity change from 0 to 128
[  187.909068][T13304] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  187.975842][T13304] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 4: comm syz.3.5375: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1
[  188.065266][T12102] EXT4-fs (loop3): unmounting filesystem.
[  188.096522][T13309] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5378'.
[  188.148168][T12107] EXT4-fs (loop1): unmounting filesystem.
[  188.227378][T13221] loop8: detected capacity change from 0 to 262144
[  188.235070][T13221] F2FS-fs (loop8): invalid crc value
[  188.241821][T13221] F2FS-fs (loop8): Found nat_bits in checkpoint
[  188.292005][T13221] F2FS-fs (loop8): Start checkpoint disabled!
[  188.299070][T13221] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  188.325410][T13335] xt_hashlimit: size too large, truncated to 1048576
[  188.385807][T13338] loop1: detected capacity change from 0 to 128
[  188.443782][  T294] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  188.633798][  T294] usb 4-1: Using ep0 maxpacket: 16
[  188.645038][  T294] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  188.672177][  T294] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  188.692403][  T294] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  188.706334][  T294] usb 4-1: config 1 interface 0 has no altsetting 0
[  188.720356][T13347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5392'.
[  188.724947][  T294] usb 4-1: New USB device found, idVendor=de25, idProduct=8517, bcdDevice= 0.4d
[  188.730898][T13347] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  188.753813][  T294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.758107][T13347] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  188.769662][  T294] usb 4-1: Product: syz
[  188.783853][  T294] usb 4-1: Manufacturer: syz
[  188.788516][  T294] usb 4-1: SerialNumber: syz
[  188.894443][T13367] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13367 comm=syz.0.5401
[  188.920133][T13369] loop0: detected capacity change from 0 to 256
[  188.927204][T13369] FAT-fs (loop0): bogus number of FAT sectors
[  188.933345][T13369] FAT-fs (loop0): Can't find a valid FAT filesystem
[  189.001051][  T294] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 255 proto 1 vid 0xDE25 pid 0x8517
[  189.105714][T13380] loop0: detected capacity change from 0 to 256
[  189.133835][   T19] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  189.165602][T13393] netlink: 'syz.8.5413': attribute type 4 has an invalid length.
[  189.217749][  T294] usb 4-1: USB disconnect, device number 5
[  189.225453][  T294] usblp0: removed
[  189.230287][T13398] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5415'.
[  189.323779][   T19] usb 2-1: Using ep0 maxpacket: 16
[  189.330062][   T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.341593][   T19] usb 2-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  189.350654][   T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.358782][   T19] usb 2-1: Product: syz
[  189.362948][   T19] usb 2-1: Manufacturer: syz
[  189.367703][   T19] usb 2-1: SerialNumber: syz
[  189.373317][   T19] usb 2-1: config 0 descriptor??
[  189.557872][T13415] A link change request failed with some changes committed already. Interface ip6tnl3 may have been left with an inconsistent configuration, please check.
[  189.585973][ T5625] usb 2-1: USB disconnect, device number 9
[  189.666903][T13430] device wireguard0 entered promiscuous mode
[  189.682837][   T28] kauditd_printk_skb: 7 callbacks suppressed
[  189.682851][   T28] audit: type=1326 audit(189.654:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.711913][   T28] audit: type=1326 audit(189.654:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.743855][   T28] audit: type=1326 audit(189.654:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.766991][   T28] audit: type=1326 audit(189.654:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.792379][   T28] audit: type=1326 audit(189.654:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.815446][   T28] audit: type=1326 audit(189.654:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.838279][   T28] audit: type=1326 audit(189.684:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.861370][   T28] audit: type=1326 audit(189.684:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.884658][   T28] audit: type=1326 audit(189.684:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  189.907645][   T28] audit: type=1326 audit(189.684:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13434 comm="syz.7.5431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  190.413774][  T294] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  190.413782][ T5625] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  190.593776][ T5625] usb 1-1: Using ep0 maxpacket: 8
[  190.599822][ T5625] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  190.608327][ T5625] usb 1-1: config 179 has no interface number 0
[  190.615154][ T5625] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  190.619446][  T294] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  190.626424][ T5625] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  190.637754][  T294] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  190.647781][ T5625] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  190.659611][  T294] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  190.667788][ T5625] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  190.677379][  T294] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.688477][ T5625] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  190.697063][  T294] usb 2-1: Product: syz
[  190.709447][ T5625] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  190.709489][ T5625] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.710376][T13450] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  190.718837][  T294] usb 2-1: Manufacturer: syz
[  190.743015][  T294] usb 2-1: SerialNumber: syz
[  190.797768][T13465] loop3: detected capacity change from 0 to 4096
[  190.807295][T13465] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  190.915112][T12102] EXT4-fs (loop3): unmounting filesystem.
[  190.951238][  T294] usb 2-1: 0:2 : does not exist
[  190.966265][  T294] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  190.988528][  T294] usb 2-1: USB disconnect, device number 10
[  191.036045][ T5625] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input36
[  191.107442][T13490] loop3: detected capacity change from 0 to 128
[  191.115489][T13490] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  191.139898][T12102] EXT4-fs (loop3): unmounting filesystem.
[  191.237448][T13450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.245982][T13450] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.461978][ T3620] usb 1-1: USB disconnect, device number 22
[  191.462057][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  191.476352][ T3620] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  191.476454][    C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending?
[  191.514419][ T5625] kernel write not supported for file bpf-prog (pid: 5625 comm: kworker/1:14)
[  191.554318][T13510] A link change request failed with some changes committed already. Interface ip6tnl1 may have been left with an inconsistent configuration, please check.
[  192.592758][T13557] loop8: detected capacity change from 0 to 256
[  192.612504][T13557] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  192.628191][T13557] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  192.639686][T13557] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x43c9847d, utbl_chksum : 0xe619d30d)
[  193.268427][T13618] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5511'.
[  193.469153][T13626] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5514'.
[  193.937989][T13647] device bridge0 entered promiscuous mode
[  193.964662][T13647] bridge0: port 3(macsec1) entered blocking state
[  193.971124][T13647] bridge0: port 3(macsec1) entered disabled state
[  194.013494][T13647] device bridge0 left promiscuous mode
[  194.178880][T13667] loop3: detected capacity change from 0 to 1024
[  194.207821][T13667] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  194.223558][T13667] SELinux:  Context @ is not valid (left unmapped).
[  194.251422][T12102] EXT4-fs (loop3): unmounting filesystem.
[  194.263491][T13683] loop3: detected capacity change from 0 to 512
[  194.277264][T13683] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  194.308642][T13681] device macsec2 entered promiscuous mode
[  194.334559][T12102] EXT4-fs (loop3): unmounting filesystem.
[  194.365227][T13696] loop3: detected capacity change from 0 to 1024
[  194.375559][T13696] EXT4-fs: Ignoring removed orlov option
[  194.383183][T13696] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  194.653905][ T5625] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  194.715711][   T28] kauditd_printk_skb: 87 callbacks suppressed
[  194.715728][   T28] audit: type=1400 audit(194.694:1391): avc:  denied  { mounton } for  pid=13720 comm="syz.1.5556" path="/114/file0" dev="tmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  194.758701][T13725] netlink: 'syz.7.5557': attribute type 12 has an invalid length.
[  194.772185][   T28] audit: type=1400 audit(194.744:1392): avc:  denied  { connect } for  pid=13724 comm="syz.7.5557" lport=256 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  194.854891][ T5625] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  194.873761][ T5625] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  194.883494][ T5625] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  194.899656][ T5625] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  194.911529][ T5625] usb 1-1: SerialNumber: syz
[  195.122110][ T5625] usb 1-1: 0:2 : does not exist
[  195.127025][ T5625] usb 1-1: unit 5 not found!
[  195.133558][ T5625] usb 1-1: USB disconnect, device number 23
[  195.343998][T12102] EXT4-fs (loop3): unmounting filesystem.
[  195.355694][   T28] audit: type=1400 audit(195.334:1393): avc:  denied  { map } for  pid=13731 comm="syz.3.5560" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=72914 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  195.379422][   T28] audit: type=1400 audit(195.334:1394): avc:  denied  { read write } for  pid=13731 comm="syz.3.5560" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=72914 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  195.440591][   T28] audit: type=1400 audit(195.414:1395): avc:  denied  { mount } for  pid=13737 comm="syz.3.5563" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  195.468138][   T28] audit: type=1400 audit(195.444:1396): avc:  denied  { read } for  pid=13739 comm="syz.3.5564" dev="nsfs" ino=4026532369 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  195.488875][   T28] audit: type=1400 audit(195.444:1397): avc:  denied  { open } for  pid=13739 comm="syz.3.5564" path="net:[4026532369]" dev="nsfs" ino=4026532369 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  195.520469][   T28] audit: type=1400 audit(195.494:1398): avc:  denied  { watch watch_reads } for  pid=13745 comm="syz.3.5567" path="/197" dev="tmpfs" ino=1038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  195.574601][   T28] audit: type=1400 audit(195.554:1399): avc:  denied  { ioctl } for  pid=13753 comm="syz.3.5571" path="socket:[72964]" dev="sockfs" ino=72964 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  195.613955][   T28] audit: type=1400 audit(195.584:1400): avc:  denied  { execute } for  pid=13755 comm="syz.3.5573" dev="tmpfs" ino=299 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  195.646380][T13762] loop0: detected capacity change from 0 to 512
[  195.673132][T13771] loop3: detected capacity change from 0 to 1024
[  195.681160][T13762] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  195.707763][T13771] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  195.730823][T13771] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3836: comm syz.3.5578: Allocating blocks 497-513 which overlap fs metadata
[  195.730951][T12101] EXT4-fs (loop0): unmounting filesystem.
[  195.751691][T13771] EXT4-fs (loop3): pa ffff888137259738: logic 256, phys. 385, len 8
[  195.759855][T13771] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[  195.777625][T13783] loop8: detected capacity change from 0 to 256
[  195.787462][T13785] bridge0: port 3(vlan2) entered blocking state
[  195.794431][T13785] bridge0: port 3(vlan2) entered disabled state
[  195.816456][T13771] EXT4-fs (loop3): shut down requested (2)
[  195.832829][T12102] EXT4-fs (loop3): unmounting filesystem.
[  195.846521][T13783] devtmpfs: Unknown parameter 'dirsyncìI{Êž¶?Ú3ö'{Öž³çíÏö‚ýÅ^´¿ÚK6\¾¸¿üòN†e ”B)”™2SÊBY)+%(AÙ(e§ì”ƒrP.ÊEy(å£|tS~ÊOIJRA*H…¨¡"äÉSq*N%¨•¤’TŠJQi*Me¨•£rt'ÝIwÑ]T‰*ÑÝt7U¥ªT�ªSªA5©&Õ¢ZT›jSªCu©.Õ£zTŸêSj@©!5¢FÔ„šP3jFÍ©9µ ÔŠZQkjMm¨µ¥¶ÔŽÚQ{jO¨u¤ŽÔ‰:QgêL]©+u£nÔ�ºS*¥R/êE½©7õ¥¾ÔŸúÓ'
[  195.907075][T13796] netlink: 'syz.8.5587': attribute type 12 has an invalid length.
[  195.973853][ T5625] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  196.039226][T13812] loop8: detected capacity change from 0 to 512
[  196.055970][T13812] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  196.117295][T12117] EXT4-fs (loop8): unmounting filesystem.
[  196.151959][T13827] loop8: detected capacity change from 0 to 1024
[  196.158668][T13827] EXT4-fs: Ignoring removed bh option
[  196.164271][T13827] EXT4-fs: Ignoring removed nomblk_io_submit option
[  196.172868][T13827] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  196.188407][ T5625] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  196.197571][ T5625] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.205625][ T5625] usb 2-1: Product: syz
[  196.209852][ T5625] usb 2-1: Manufacturer: syz
[  196.214491][ T5625] usb 2-1: SerialNumber: syz
[  196.233971][ T5625] usb 2-1: config 0 descriptor??
[  196.244136][ T5625] usb-storage 2-1:0.0: USB Mass Storage device detected
[  196.294904][T13838] netlink: 'syz.0.5604': attribute type 12 has an invalid length.
[  196.362767][T13842] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5605'.
[  196.441404][ T5623] usb 2-1: USB disconnect, device number 11
[  196.965024][T13861] loop0: detected capacity change from 0 to 40427
[  196.987649][T13861] F2FS-fs (loop0): invalid crc value
[  197.006919][T13861] F2FS-fs (loop0): Found nat_bits in checkpoint
[  197.014710][T13880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5622'.
[  197.085357][T13861] F2FS-fs (loop0): Start checkpoint disabled!
[  197.102074][T13861] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  197.196104][T13861] F2FS-fs (loop0): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  197.232119][T13895] input: syz1 as /devices/virtual/input/input37
[  197.259774][T13861] F2FS-fs (loop0): ino:10, start:0, end:2048, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  197.288416][ T3957] kworker/u4:241: attempt to access beyond end of device
[  197.288416][ T3957] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  197.306249][T12117] EXT4-fs (loop8): unmounting filesystem.
[  197.343880][T13901] netlink: 96 bytes leftover after parsing attributes in process `syz.8.5632'.
[  197.467473][T13906] loop8: detected capacity change from 0 to 40427
[  197.474894][T13906] F2FS-fs (loop8): invalid crc value
[  197.481065][T13906] F2FS-fs (loop8): Found nat_bits in checkpoint
[  197.498795][T13906] F2FS-fs (loop8): Start checkpoint disabled!
[  197.505538][T13906] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  197.517816][T13906] syz.8.5635: attempt to access beyond end of device
[  197.517816][T13906] loop8: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  197.532325][T13906] syz.8.5635: attempt to access beyond end of device
[  197.532325][T13906] loop8: rw=0, sector=77952, nr_sectors = 8 limit=40427
[  197.557031][ T4041] kworker/u4:325: attempt to access beyond end of device
[  197.557031][ T4041] loop8: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  197.783455][T13917] netlink: 'syz.3.5637': attribute type 12 has an invalid length.
[  198.263443][T13932] bridge0: port 3(vlan2) entered blocking state
[  198.279584][T13932] bridge0: port 3(vlan2) entered disabled state
[  198.399816][T13928] loop1: detected capacity change from 0 to 40427
[  198.415300][T13928] F2FS-fs (loop1): invalid crc value
[  198.431288][T13928] F2FS-fs (loop1): Found nat_bits in checkpoint
[  198.481989][T13928] F2FS-fs (loop1): Start checkpoint disabled!
[  198.498287][T13928] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  198.575930][T13954] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13954 comm=syz.0.5653
[  198.599213][T13928] F2FS-fs (loop1): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  198.655673][T13928] F2FS-fs (loop1): ino:10, start:0, end:2048, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  198.676597][ T3957] kworker/u4:241: attempt to access beyond end of device
[  198.676597][ T3957] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  198.860442][T13975] loop0: detected capacity change from 0 to 16
[  198.867195][T13975] erofs: (device loop0): mounted with root inode @ nid 36.
[  198.875262][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  198.886287][T13975] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -3 in[47, 4049] out[1851]
[  198.897630][T13975] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  198.907117][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  198.916474][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  198.925824][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 42 @ nid 36
[  198.934893][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  198.944224][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 41 @ nid 36
[  198.953257][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  198.962583][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 40 @ nid 36
[  198.971652][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 39 @ nid 36
[  198.980716][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 38 @ nid 36
[  198.990280][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 36 @ nid 36
[  198.999378][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.008708][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 31 @ nid 36
[  199.017817][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 25 @ nid 36
[  199.018953][T13982] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  199.026969][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 24 @ nid 36
[  199.051614][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 19 @ nid 36
[  199.060806][T13975] syz.0.5664: attempt to access beyond end of device
[  199.060806][T13975] loop0: rw=524288, sector=784, nr_sectors = 64 limit=16
[  199.074426][T13975] syz.0.5664: attempt to access beyond end of device
[  199.074426][T13975] loop0: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  199.084600][T13985] loop2: detected capacity change from 0 to 7
[  199.088724][T13975] syz.0.5664: attempt to access beyond end of device
[  199.088724][T13975] loop0: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  199.109147][T13975] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -3 in[47, 4049] out[2639]
[  199.120383][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 87 @ nid 36
[  199.129451][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 86 @ nid 36
[  199.138547][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.147861][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 83 @ nid 36
[  199.156908][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.166234][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 82 @ nid 36
[  199.175343][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 79 @ nid 36
[  199.184409][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 78 @ nid 36
[  199.193454][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.202778][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 76 @ nid 36
[  199.211844][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.221184][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 75 @ nid 36
[  199.230271][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 74 @ nid 36
[  199.239346][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 72 @ nid 36
[  199.248391][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 71 @ nid 36
[  199.257468][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 70 @ nid 36
[  199.266576][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 63 @ nid 36
[  199.275652][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 61 @ nid 36
[  199.284716][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.294024][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 59 @ nid 36
[  199.303059][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.312379][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 58 @ nid 36
[  199.321485][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 56 @ nid 36
[  199.330600][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.339905][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 47 @ nid 36
[  199.348948][T13975] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  199.358247][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 46 @ nid 36
[  199.367302][T13975] erofs: (device loop0): z_erofs_readahead: readahead error at page 45 @ nid 36
[  199.376406][T13975] syz.0.5664: attempt to access beyond end of device
[  199.376406][T13975] loop0: rw=524288, sector=32, nr_sectors = 64 limit=16
[  199.389989][T13975] syz.0.5664: attempt to access beyond end of device
[  199.389989][T13975] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16
[  199.404548][T13975] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -3 in[47, 4049] out[5297]
[  199.425464][T13990] netlink: 88 bytes leftover after parsing attributes in process `syz.7.5671'.
[  199.463885][T13990] netlink: 48 bytes leftover after parsing attributes in process `syz.7.5671'.
[  199.659116][T13992] loop8: detected capacity change from 0 to 40427
[  199.692841][T13992] F2FS-fs (loop8): invalid crc value
[  199.712974][T13992] F2FS-fs (loop8): Found nat_bits in checkpoint
[  199.724169][T14023] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14023 comm=syz.0.5684
[  199.749458][T13992] F2FS-fs (loop8): Start checkpoint disabled!
[  199.761022][T13992] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  199.773426][   T28] kauditd_printk_skb: 36 callbacks suppressed
[  199.773442][   T28] audit: type=1400 audit(199.744:1437): avc:  denied  { getopt } for  pid=14027 comm="syz.7.5686" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  199.882462][T13992] F2FS-fs (loop8): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  199.926135][T13992] F2FS-fs (loop8): ino:10, start:0, end:2048, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  200.196035][   T28] audit: type=1400 audit(200.174:1438): avc:  denied  { connect } for  pid=14051 comm="syz.7.5697" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  200.230999][T14056] bridge0: port 3(syz_tun) entered blocking state
[  200.237689][T14056] bridge0: port 3(syz_tun) entered disabled state
[  200.244743][T14056] device syz_tun entered promiscuous mode
[  200.250729][T14056] bridge0: port 3(syz_tun) entered blocking state
[  200.257195][T14056] bridge0: port 3(syz_tun) entered forwarding state
[  200.292102][T14063] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5702'.
[  200.528789][   T28] audit: type=1400 audit(200.504:1439): avc:  denied  { mounton } for  pid=14092 comm="syz.7.5716" path="/1069/file0" dev="tmpfs" ino=5602 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  200.760214][   T28] audit: type=1400 audit(200.734:1440): avc:  denied  { relabelfrom } for  pid=14104 comm="syz.0.5721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  200.780249][   T28] audit: type=1400 audit(200.734:1441): avc:  denied  { relabelto } for  pid=14104 comm="syz.0.5721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  200.990708][T14123] loop3: detected capacity change from 0 to 512
[  200.997390][T14123] EXT4-fs: Ignoring removed orlov option
[  201.005062][T14123] EXT4-fs (loop3): orphan cleanup on readonly fs
[  201.011638][T14123] EXT4-fs error (device loop3): ext4_find_extent:936: inode #4: comm syz.3.5730: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0)
[  201.029143][T14123] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=-117
[  201.039069][T14123] EXT4-fs warning (device loop3): ext4_enable_quotas:7055: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  201.054176][T14123] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  201.060784][T14123] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  201.075234][T12102] EXT4-fs (loop3): unmounting filesystem.
[  201.294517][   T28] audit: type=1400 audit(201.288:1442): avc:  denied  { setopt } for  pid=14135 comm="syz.3.5736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  201.610185][T14146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5740'.
[  201.626020][   T28] audit: type=1400 audit(201.618:1443): avc:  denied  { create } for  pid=14149 comm="syz.1.5742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  201.663446][T14156] loop1: detected capacity change from 0 to 512
[  201.671534][T14156] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  201.701014][T14156] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[  201.714153][T14156] System zones: 1-12
[  201.724681][T14156] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.5745: corrupted in-inode xattr
[  201.737130][T14156] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.5745: couldn't read orphan inode 15 (err -117)
[  201.754462][T14156] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  201.784859][   T28] audit: type=1400 audit(201.778:1444): avc:  denied  { read write } for  pid=14165 comm="syz.0.5749" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  201.815915][T14156] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5745: Unrecognised inode hash code 4
[  201.822840][   T28] audit: type=1400 audit(201.778:1445): avc:  denied  { create } for  pid=14155 comm="syz.1.5745" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  201.847501][T14156] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5745: Corrupt directory, running e2fsck is recommended
[  201.955046][T12107] EXT4-fs (loop1): unmounting filesystem.
[  201.970785][T14184] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14184 comm=syz.3.5758
[  202.143220][T14185] loop0: detected capacity change from 0 to 40427
[  202.150336][T14185] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  202.158363][T14185] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  202.167642][T14185] F2FS-fs (loop0): invalid crc value
[  202.174943][T14185] F2FS-fs (loop0): Found nat_bits in checkpoint
[  202.208608][T14185] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  202.215787][T14185] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  202.514408][T14194] bio_check_eod: 2 callbacks suppressed
[  202.514426][T14194] syz.0.5756: attempt to access beyond end of device
[  202.514426][T14194] loop0: rw=2049, sector=40424, nr_sectors = 8 limit=40427
[  202.718258][T14211] loop0: detected capacity change from 0 to 1024
[  202.728726][T14211] EXT4-fs: Ignoring removed orlov option
[  202.738526][T14215] bridge0: port 3(syz_tun) entered blocking state
[  202.747777][T14211] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  202.756794][T14215] bridge0: port 3(syz_tun) entered disabled state
[  202.757286][T14215] device syz_tun entered promiscuous mode
[  202.779768][T14215] bridge0: port 3(syz_tun) entered blocking state
[  202.786278][T14215] bridge0: port 3(syz_tun) entered forwarding state
[  202.795026][T14221] netlink: 'syz.7.5770': attribute type 2 has an invalid length.
[  202.808970][T14223] syz.1.5771[14223] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.809045][T14223] syz.1.5771[14223] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.856560][T14226] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  202.893554][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  202.905462][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  203.082809][T14230] loop3: detected capacity change from 0 to 40427
[  203.090236][T14230] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  203.098129][T14230] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  203.107627][T14230] F2FS-fs (loop3): invalid crc value
[  203.114636][T14230] F2FS-fs (loop3): Found nat_bits in checkpoint
[  203.148275][T14248] loop1: detected capacity change from 0 to 1024
[  203.157358][T14248] EXT4-fs: Ignoring removed nobh option
[  203.165100][T14248] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  203.177124][T14230] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  203.184471][T14230] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  203.205901][T14248] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  203.242181][T14248] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3836: comm syz.1.5780: Allocating blocks 497-513 which overlap fs metadata
[  203.257819][T14248] EXT4-fs (loop1): pa ffff8881372593f0: logic 256, phys. 385, len 8
[  203.265953][T14248] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[  203.382308][T12107] EXT4-fs (loop1): unmounting filesystem.
[  203.604927][T14255] syz.3.5772: attempt to access beyond end of device
[  203.604927][T14255] loop3: rw=2049, sector=40424, nr_sectors = 8 limit=40427
[  203.673772][ T5623] usb 2-1: new low-speed USB device number 12 using dummy_hcd
[  203.752386][T12101] EXT4-fs (loop0): unmounting filesystem.
[  203.874940][ T5623] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  203.891353][ T5623] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.902331][T14289] overlayfs: failed to clone upperpath
[  203.908574][ T5623] usb 2-1: config 0 descriptor??
[  203.935253][T14295] device dummy0 entered promiscuous mode
[  203.941644][T14295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5800'.
[  203.962633][T14295] device dummy0 left promiscuous mode
[  204.093384][T14311] loop0: detected capacity change from 0 to 128
[  204.321915][T14347] loop0: detected capacity change from 0 to 512
[  204.335453][T14347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  204.347782][T14347] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #2: comm syz.0.5825: corrupted inode contents
[  204.360056][T14347] EXT4-fs error (device loop0): ext4_dirty_inode:6121: inode #2: comm syz.0.5825: mark_inode_dirty error
[  204.371612][T14347] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #2: comm syz.0.5825: corrupted inode contents
[  204.383525][T14347] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.5825: mark_inode_dirty error
[  204.400266][T14347] EXT4-fs error (device loop0): ext4_lookup:1855: inode #19: comm syz.0.5825: 'wÅü5ÔTÕÔ)­`)Y�Fæ¾nA­½@T<Ÿ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó8' linked to parent dir
[  204.422632][T12101] EXT4-fs (loop0): unmounting filesystem.
[  204.787061][   T19] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  204.950287][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  204.950306][   T28] audit: type=1400 audit(204.903:1471): avc:  denied  { create } for  pid=14392 comm="syz.7.5845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  204.982035][   T19] usb 1-1: Using ep0 maxpacket: 32
[  204.988422][   T19] usb 1-1: config 2 has an invalid interface number: 194 but max is 0
[  204.996994][   T19] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  205.007313][   T19] usb 1-1: config 2 has no interface number 0
[  205.013402][   T19] usb 1-1: config 2 interface 194 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  205.023689][   T19] usb 1-1: config 2 interface 194 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  205.036805][   T19] usb 1-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[  205.045845][   T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.142451][   T28] audit: type=1326 audit(205.078:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  205.165435][   T28] audit: type=1326 audit(205.078:1473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  205.188717][   T28] audit: type=1326 audit(205.078:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fa6ff18eec9 code=0x7ffc0000
[  205.212320][   T28] audit: type=1326 audit(205.078:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa6ff18ef03 code=0x7ffc0000
[  205.235134][   T28] audit: type=1326 audit(205.078:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa6ff18d97f code=0x7ffc0000
[  205.258366][   T28] audit: type=1326 audit(205.078:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fa6ff18ef57 code=0x7ffc0000
[  205.273710][   T19] usb 1-1: string descriptor 0 read error: -71
[  205.281235][   T28] audit: type=1326 audit(205.106:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa6ff18d710 code=0x7ffc0000
[  205.310485][   T28] audit: type=1326 audit(205.106:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa6ff18eacb code=0x7ffc0000
[  205.333573][   T28] audit: type=1326 audit(205.106:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.7.5850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa6ff18db2a code=0x7ffc0000
[  205.333912][   T19] snd-usb-audio: probe of 1-1:2.194 failed with error -2
[  205.366584][   T19] usb 1-1: USB disconnect, device number 24
[  205.429537][ T5623] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  205.441814][ T5623] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  205.452164][ T5623] asix: probe of 2-1:0.0 failed with error -71
[  205.458796][ T5623] usb 2-1: USB disconnect, device number 12
[  205.475021][T14418] 9pnet: p9_errstr2errno: server reported unknown error �@00000000000000000000006
[  205.669477][T14430] fuse: Bad value for 'fd'
[  205.710754][T14434] device macsec2 entered promiscuous mode
[  205.900468][T14455] loop0: detected capacity change from 0 to 512
[  205.909974][T14453] loop3: detected capacity change from 0 to 1024
[  205.922968][T14455] EXT4-fs: Ignoring removed orlov option
[  205.929113][T14453] EXT4-fs: Ignoring removed bh option
[  205.934605][T14453] EXT4-fs: Ignoring removed nomblk_io_submit option
[  205.945091][T14455] EXT4-fs (loop0): orphan cleanup on readonly fs
[  205.951941][T14453] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  205.961095][T14455] EXT4-fs error (device loop0): ext4_find_extent:936: inode #4: comm syz.0.5873: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0)
[  205.979486][T14455] EXT4-fs warning (device loop0): ext4_enable_quotas:7055: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  205.999028][T14455] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  206.005717][T14455] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  206.024147][T14465] overlayfs: failed to clone upperpath
[  206.031090][T14465] overlayfs: failed to clone upperpath
[  206.053044][T14468] loop1: detected capacity change from 0 to 1024
[  206.060384][T12101] EXT4-fs (loop0): unmounting filesystem.
[  206.084493][T14468] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  206.103105][T14468] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3836: comm syz.1.5876: Allocating blocks 385-513 which overlap fs metadata
[  206.127466][T14468] EXT4-fs (loop1): pa ffff88811a9c77e0: logic 16, phys. 129, len 24
[  206.135613][T14468] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 8
[  206.165675][T12107] EXT4-fs (loop1): unmounting filesystem.
[  206.964068][T14539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14539 comm=syz.8.5908
[  206.975044][T14541] loop1: detected capacity change from 0 to 1024
[  206.996011][T14541] EXT4-fs: Ignoring removed i_version option
[  207.011755][T14541] EXT4-fs (loop1): Test dummy encryption mode enabled
[  207.034884][T14541] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  207.036122][T14548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5911'.
[  207.117566][T14548] device bridge_slave_1 left promiscuous mode
[  207.124779][T14548] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.139270][T12102] EXT4-fs (loop3): unmounting filesystem.
[  207.140917][T14548] device bridge_slave_0 left promiscuous mode
[  207.163424][T12107] EXT4-fs (loop1): unmounting filesystem.
[  207.174977][T14548] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.199117][T14554] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  207.341893][T14565] loop3: detected capacity change from 0 to 128
[  207.367774][T14565] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  207.443416][T12102] EXT4-fs (loop3): unmounting filesystem.
[  207.462315][T14571] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  207.485772][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  207.497681][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  207.514180][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  207.529513][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.541301][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.549515][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.558307][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.567274][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.577343][T14573] device dummy0 entered promiscuous mode
[  207.583089][T14573] device macsec1 entered promiscuous mode
[  207.589285][T14573] device dummy0 left promiscuous mode
[  207.652222][T14578] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  207.834845][T14600] loop3: detected capacity change from 0 to 512
[  207.856210][T14600] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.5930: bad orphan inode 11862016
[  207.868075][T14600] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  207.957467][T12102] EXT4-fs (loop3): unmounting filesystem.
[  208.414775][T14627] netlink: 'syz.3.5943': attribute type 4 has an invalid length.
[  208.480949][T14614] loop0: detected capacity change from 0 to 40427
[  208.499874][T14614] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  208.519053][T14614] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  208.532759][T14632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5945'.
[  208.554786][T14632] device syz_tun left promiscuous mode
[  208.574662][T14632] bridge0: port 3(syz_tun) entered disabled state
[  208.582855][T14614] F2FS-fs (loop0): Found nat_bits in checkpoint
[  208.631309][T14632] device bridge_slave_1 left promiscuous mode
[  208.642032][T14632] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.660992][T14614] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  208.668114][T14614] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  208.676106][T14632] device bridge_slave_0 left promiscuous mode
[  208.684724][T14632] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.784170][T14639] 9pnet: p9_errstr2errno: server reported unknown error �@00000000000000000000006
[  208.989116][T14652] loop3: detected capacity change from 0 to 256
[  208.995846][T14652] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  209.019177][T14652] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  209.199663][T14666] 9pnet: p9_errstr2errno: server reported unknown error �@00000000000000000000006
[  209.433597][T14664] loop1: detected capacity change from 0 to 40427
[  209.469177][T14664] F2FS-fs (loop1): invalid crc value
[  209.481486][T14664] F2FS-fs (loop1): Found nat_bits in checkpoint
[  209.523599][T14667] loop0: detected capacity change from 0 to 32768
[  209.543340][T14664] F2FS-fs (loop1): Start checkpoint disabled!
[  209.545579][T14667]  loop0: p1 p3 < p5 p6 >
[  209.554575][T14678] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.562066][T14678] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.569616][T14664] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  209.570020][T14678] device bridge_slave_0 entered promiscuous mode
[  209.593463][T14678] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.600608][T14678] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.627807][T14678] device bridge_slave_1 entered promiscuous mode
[  209.750193][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  209.757795][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  209.775753][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  209.785211][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  209.798982][ T3957] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.806079][ T3957] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.814318][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  209.814980][T14714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5976'.
[  209.822672][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  209.839611][ T3957] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.846664][ T3957] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.854384][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  209.896423][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  209.908526][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  209.927729][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  209.938912][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  209.946927][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  209.954474][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  209.966214][T14678] device veth0_vlan entered promiscuous mode
[  209.986259][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  209.996495][T14678] device veth1_macvtap entered promiscuous mode
[  210.010671][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  210.021923][ T3835] device bridge_slave_1 left promiscuous mode
[  210.028232][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.036089][ T3835] device bridge_slave_0 left promiscuous mode
[  210.048804][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.058977][ T3835] device veth1_macvtap left promiscuous mode
[  210.065150][ T3835] device veth0_vlan left promiscuous mode
[  210.187912][ T3986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  210.289326][T14737] sch_fq: defrate 4294967295 ignored.
[  210.355904][T14746] loop3: detected capacity change from 0 to 2048
[  210.394490][T14746] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  210.445827][   T28] kauditd_printk_skb: 41 callbacks suppressed
[  210.445844][   T28] audit: type=1400 audit(209.979:1521): avc:  denied  { read write } for  pid=12101 comm="syz-executor" name="loop0" dev="devtmpfs" ino=868 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  210.559192][   T28] audit: type=1400 audit(210.007:1522): avc:  denied  { open } for  pid=12101 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=868 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  210.626476][ T3957] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  210.647829][   T28] audit: type=1400 audit(210.007:1523): avc:  denied  { ioctl } for  pid=12101 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=868 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  210.672760][ T3957] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 17 with error 28
[  210.686635][ T3957] EXT4-fs (loop3): This should not happen!! Data will be lost
[  210.686635][ T3957] 
[  210.701823][ T3957] EXT4-fs (loop3): Total free blocks count 0
[  210.708050][   T28] audit: type=1400 audit(210.007:1524): avc:  denied  { bpf } for  pid=14755 comm="syz.7.5994" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  210.728467][ T3957] EXT4-fs (loop3): Free/Dirty block details
[  210.734505][ T3957] EXT4-fs (loop3): free_blocks=2415919504
[  210.749032][ T3957] EXT4-fs (loop3): dirty_blocks=32
[  210.756573][   T28] audit: type=1400 audit(210.007:1525): avc:  denied  { prog_load } for  pid=14755 comm="syz.7.5994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  210.776515][ T3957] EXT4-fs (loop3): Block reservation details
[  210.786062][ T3957] EXT4-fs (loop3): i_reserved_data_blocks=2
[  210.795382][T12102] EXT4-fs (loop3): unmounting filesystem.
[  210.801744][   T28] audit: type=1400 audit(210.007:1526): avc:  denied  { perfmon } for  pid=14755 comm="syz.7.5994" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  210.832148][   T28] audit: type=1400 audit(210.016:1527): avc:  denied  { prog_run } for  pid=14755 comm="syz.7.5994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  210.851608][   T28] audit: type=1400 audit(210.016:1528): avc:  denied  { map_create } for  pid=14755 comm="syz.7.5994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  210.870717][   T28] audit: type=1400 audit(210.016:1529): avc:  denied  { map_read map_write } for  pid=14755 comm="syz.7.5994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  210.890296][   T28] audit: type=1400 audit(210.016:1530): avc:  denied  { map } for  pid=14745 comm="syz.3.5989" path="/304/file1/memory.stat" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  211.318343][T14786] device dummy0 entered promiscuous mode
[  211.325148][T14786] device macsec1 entered promiscuous mode
[  211.337505][T14786] device dummy0 left promiscuous mode
[  211.600639][T14807] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14807 comm=syz.7.6013
[  211.630507][T14811] fuse: Bad value for 'fd'
[  211.636646][T14811] 9pnet_fd: p9_fd_create_unix (14811): problem connecting socket: ./file0: -111
[  211.724951][T14815] bridge0: port 4(vlan2) entered blocking state
[  211.734306][T14815] bridge0: port 4(vlan2) entered disabled state
[  211.758524][T14817] device dummy0 entered promiscuous mode
[  211.768999][T14817] device macsec1 entered promiscuous mode
[  211.776503][T14817] device dummy0 left promiscuous mode
[  212.015164][T14831] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6026'.
[  212.059375][T14833] syz.7.6027[14833] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  212.059451][T14833] syz.7.6027[14833] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  212.127029][T14840] device batadv_slave_0 entered promiscuous mode
[  212.165996][T14839] device batadv_slave_0 left promiscuous mode
[  212.696037][ T5623] usb 4-1: new low-speed USB device number 6 using dummy_hcd
[  212.859298][T14903] loop0: detected capacity change from 0 to 1024
[  212.865998][T14903] ext4: Unknown parameter 'nouser_xattr'
[  212.907686][ T5623] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  212.929559][ T5623] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.952840][ T5623] usb 4-1: config 0 descriptor??
[  213.240798][T14928] loop8: detected capacity change from 0 to 40427
[  213.247756][T14928] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  213.255929][T14928] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  213.266864][T14928] F2FS-fs (loop8): Found nat_bits in checkpoint
[  213.301903][T14928] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  213.309054][T14928] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  213.492591][T14966] sch_fq: defrate 4294967295 ignored.
[  213.564374][T14974] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6089'.
[  213.998464][T14996] syz.0.6098[14996] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  213.998530][T14996] syz.0.6098[14996] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  214.052718][T15004] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  214.077936][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  214.086238][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  214.097104][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  214.107077][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  214.115918][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  214.124079][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  214.132606][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  214.141040][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  214.315720][T15041] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6120'.
[  214.392974][T15053] syz.0.6125[15053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  214.393052][T15053] syz.0.6125[15053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  214.480789][ T5623] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  214.508092][ T5623] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  214.518451][ T5623] asix: probe of 4-1:0.0 failed with error -71
[  214.525651][ T5623] usb 4-1: USB disconnect, device number 6
[  214.867527][T15099] loop8: detected capacity change from 0 to 2048
[  214.917502][T15099] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  215.118484][ T3835] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  215.133928][ T3835] EXT4-fs (loop8): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 17 with error 28
[  215.146340][ T3835] EXT4-fs (loop8): This should not happen!! Data will be lost
[  215.146340][ T3835] 
[  215.156513][ T3835] EXT4-fs (loop8): Total free blocks count 0
[  215.162620][ T3835] EXT4-fs (loop8): Free/Dirty block details
[  215.168833][ T3835] EXT4-fs (loop8): free_blocks=2415919504
[  215.174663][ T3835] EXT4-fs (loop8): dirty_blocks=32
[  215.180087][ T3835] EXT4-fs (loop8): Block reservation details
[  215.186236][ T3835] EXT4-fs (loop8): i_reserved_data_blocks=2
[  215.193432][T14678] EXT4-fs (loop8): unmounting filesystem.
[  215.211143][T15112] syz.8.6150[15112] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  215.211223][T15112] syz.8.6150[15112] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  215.275229][T15116] netlink: 52 bytes leftover after parsing attributes in process `syz.8.6152'.
[  215.370008][T15124] fuse: Bad value for 'fd'
[  215.687711][T15147] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  215.784258][T15156] overlayfs: failed to clone upperpath
[  215.797046][T15156] overlayfs: failed to clone lowerpath
[  215.807223][T15158] device bridge0 entered promiscuous mode
[  215.813662][T15158] bridge0: port 4(macsec2) entered blocking state
[  215.820689][T15158] bridge0: port 4(macsec2) entered disabled state
[  215.843520][T15158] device bridge0 left promiscuous mode
[  216.041998][T15170] loop3: detected capacity change from 0 to 1024
[  216.099466][T15170] EXT4-fs (loop3): invalid first ino: 10
[  216.202006][T15183] 9pnet: p9_errstr2errno: server reported unknown error õ1 g;-‡~	þÿÿ
[  216.276908][   T28] kauditd_printk_skb: 87 callbacks suppressed
[  216.276926][   T28] audit: type=1400 audit(215.351:1618): avc:  denied  { create } for  pid=15188 comm="syz.7.6184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  216.324971][   T28] audit: type=1400 audit(215.388:1619): avc:  denied  { write } for  pid=15192 comm="syz.8.6186" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  216.462503][T15209] overlayfs: failed to resolve './file0': -2
[  216.531016][   T28] audit: type=1400 audit(215.582:1620): avc:  denied  { write } for  pid=15217 comm="syz.8.6197" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  216.585836][T15228] loop8: detected capacity change from 0 to 512
[  216.611598][T15228] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  216.644687][T15228] EXT4-fs (loop8): 1 truncate cleaned up
[  216.661368][T15228] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  216.666094][   T28] audit: type=1400 audit(215.711:1621): avc:  denied  { mount } for  pid=15238 comm="syz.7.6207" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  216.691885][   T28] audit: type=1400 audit(215.711:1622): avc:  denied  { create } for  pid=15240 comm="syz.0.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  216.711101][   T28] audit: type=1400 audit(215.711:1623): avc:  denied  { bind } for  pid=15240 comm="syz.0.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  216.732088][   T28] audit: type=1400 audit(215.711:1624): avc:  denied  { name_bind } for  pid=15240 comm="syz.0.6208" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  216.753321][   T28] audit: type=1400 audit(215.711:1625): avc:  denied  { node_bind } for  pid=15240 comm="syz.0.6208" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  216.773834][   T28] audit: type=1400 audit(215.711:1626): avc:  denied  { remove_name } for  pid=15227 comm="syz.8.6201" name="file0" dev="loop8" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  216.796287][   T28] audit: type=1400 audit(215.711:1627): avc:  denied  { rename } for  pid=15227 comm="syz.8.6201" name="file0" dev="loop8" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  216.835122][T14678] EXT4-fs (loop8): unmounting filesystem.
[  216.893669][T15254] syz.7.6212[15254] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  216.893745][T15254] syz.7.6212[15254] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  216.973700][T15259] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15259 comm=syz.8.6210
[  217.248980][T15297] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  217.277442][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6237'.
[  217.322576][T15312] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6240'.
[  217.356684][T15316] incfs: Options parsing error. -22
[  217.362007][T15316] incfs: mount failed -22
[  217.382211][T15319] loop3: detected capacity change from 0 to 512
[  217.409461][T15319] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  218.601460][T15364] loop3: detected capacity change from 0 to 512
[  218.620570][T15364] EXT4-fs: Ignoring removed mblk_io_submit option
[  218.636180][T15364] EXT4-fs: Ignoring removed mblk_io_submit option
[  218.653112][T15364] EXT4-fs (loop3): Test dummy encryption mode enabled
[  218.661645][T15364] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  218.680396][T15370] 9pnet_fd: Insufficient options for proto=fd
[  218.688899][T15364] EXT4-fs (loop3): 1 truncate cleaned up
[  218.694574][T15364] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  218.877589][T15396] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6277'.
[  219.077469][T15411] loop8: detected capacity change from 0 to 1024
[  219.086815][T15411] EXT4-fs: Ignoring removed bh option
[  219.100547][T15411] EXT4-fs: Ignoring removed nomblk_io_submit option
[  219.125245][T15411] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  219.609118][T12102] EXT4-fs (loop3): unmounting filesystem.
[  219.637635][T15455] loop3: detected capacity change from 0 to 2048
[  219.679776][T15455] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  219.711691][T12102] EXT4-fs (loop3): unmounting filesystem.
[  219.740262][T15461] bridge: RTM_NEWNEIGH with invalid ether address
[  219.840787][T15472] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6306'.
[  220.182508][ T5624] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  220.309609][T14678] EXT4-fs (loop8): unmounting filesystem.
[  220.388479][ T5624] usb 4-1: Using ep0 maxpacket: 16
[  220.395768][ T5624] usb 4-1: too many endpoints for config 0 interface 0 altsetting 1: 253, using maximum allowed: 30
[  220.412161][ T5624] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  220.428526][ T5624] usb 4-1: config 0 interface 0 has no altsetting 0
[  220.435345][ T5624] usb 4-1: New USB device found, idVendor=056a, idProduct=037a, bcdDevice= 0.00
[  220.444583][ T5624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.453537][ T5624] usb 4-1: config 0 descriptor??
[  220.826850][T15521] loop8: detected capacity change from 0 to 512
[  220.836009][T15521] EXT4-fs: Ignoring removed bh option
[  220.845719][T15521] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  220.891577][T14678] EXT4-fs (loop8): unmounting filesystem.
[  220.898388][ T5624] wacom 0003:056A:037A.0028: Unknown device_type for 'HID 056a:037a'. Assuming pen.
[  220.908496][ T5624] wacom 0003:056A:037A.0028: hidraw0: USB HID v0.03 Device [HID 056a:037a] on usb-dummy_hcd.3-1/input0
[  220.922846][ T5624] input: Wacom One by Wacom S Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:037A.0028/input/input38
[  221.139398][ T5624] usb 4-1: USB disconnect, device number 7
[  221.368050][T15558] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15558 comm=syz.8.6343
[  221.396637][T15561] netem: incorrect ge model size
[  221.402622][T15561] netem: change failed
[  221.593979][T15571] tipc: Failed to remove unknown binding: 66,1,1/2886997039:40096012/40096014
[  221.603095][T15571] tipc: Failed to remove unknown binding: 66,1,1/2886997039:40096012/40096014
[  221.745717][T15586] loop3: detected capacity change from 0 to 256
[  221.807696][T15586] FAT-fs (loop3): error, clusters badly computed (0 != 128)
[  221.825127][T15586] FAT-fs (loop3): Filesystem has been set read-only
[  221.832154][T15586] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  221.845397][T15586] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  221.854574][T15586] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  221.952435][T15597] syz.8.6361[15597] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  221.952503][T15597] syz.8.6361[15597] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  222.041371][   T28] kauditd_printk_skb: 45 callbacks suppressed
[  222.041390][   T28] audit: type=1400 audit(220.677:1673): avc:  denied  { wake_alarm } for  pid=15602 comm="syz.1.6363" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  222.187945][T15584] overlayfs: failed to clone upperpath
[  222.269552][   T28] audit: type=1400 audit(220.889:1674): avc:  denied  { ioctl } for  pid=15615 comm="" path="socket:[80011]" dev="sockfs" ino=80011 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  222.448552][   T28] audit: type=1400 audit(221.055:1675): avc:  denied  { read write } for  pid=15629 comm="syz.8.6375" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  222.511857][   T28] audit: type=1400 audit(221.083:1676): avc:  denied  { open } for  pid=15629 comm="syz.8.6375" path="/dev/rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  222.576862][   T28] audit: type=1400 audit(221.083:1677): avc:  denied  { ioctl } for  pid=15629 comm="syz.8.6375" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  222.979175][T15645] loop8: detected capacity change from 0 to 512
[  223.016323][T15645] EXT4-fs: Ignoring removed mblk_io_submit option
[  223.056895][T15645] EXT4-fs: Ignoring removed mblk_io_submit option
[  223.124438][T15645] EXT4-fs (loop8): Test dummy encryption mode enabled
[  223.154380][T15645] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  223.209513][T15645] EXT4-fs (loop8): 1 truncate cleaned up
[  223.227482][T15645] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  223.591965][T15661] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15661 comm=syz.7.6386
[  223.863086][   T28] audit: type=1400 audit(222.356:1678): avc:  denied  { listen } for  pid=15677 comm="syz.7.6392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  223.907973][   T28] audit: type=1400 audit(222.356:1679): avc:  denied  { accept } for  pid=15677 comm="syz.7.6392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  224.006338][T14678] EXT4-fs (loop8): unmounting filesystem.
[  224.291862][T15691] overlayfs: failed to clone upperpath
[  224.320869][T15713] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  224.375877][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  224.391455][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  224.409190][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  224.428328][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  224.436790][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  224.445250][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  224.463055][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  224.471284][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  224.841641][   T28] audit: type=1400 audit(735.269:1680): avc:  denied  { write } for  pid=15740 comm="syz.3.6419" name="001" dev="devtmpfs" ino=185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  225.529734][T15772] device wireguard0 entered promiscuous mode
[  225.556882][   T28] audit: type=1400 audit(735.924:1681): avc:  denied  { remount } for  pid=15742 comm="syz.0.6420" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  225.678925][T15782] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  225.744289][T15786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6437'.
[  225.903949][T15792] netlink: 'syz.0.6440': attribute type 1 has an invalid length.
[  226.072526][T15798] xt_hashlimit: size too large, truncated to 1048576
[  226.881132][   T28] audit: type=1400 audit(737.142:1682): avc:  denied  { connect } for  pid=15810 comm="syz.1.6448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  226.967421][T15815] fuse: Bad value for 'fd'
[  227.305479][T15858] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6468'.
[  227.314945][T15858] device bridge_slave_1 left promiscuous mode
[  227.321323][T15858] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.330340][T15858] device bridge_slave_0 left promiscuous mode
[  227.336802][T15858] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.522256][T15871] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6473'.
[  227.542697][   T28] kauditd_printk_skb: 5 callbacks suppressed
[  227.542713][   T28] audit: type=1400 audit(737.751:1688): avc:  denied  { unmount } for  pid=14678 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  227.780246][   T28] audit: type=1400 audit(737.973:1689): avc:  denied  { create } for  pid=15904 comm="syz.3.6486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  228.102312][ T5625] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  228.297345][ T5625] usb 4-1: Using ep0 maxpacket: 16
[  228.305529][ T5625] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  228.320459][ T5625] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  228.331658][ T5625] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  228.341178][ T5625] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.349228][ T5625] usb 4-1: Product: syz
[  228.354213][ T5625] usb 4-1: Manufacturer: syz
[  228.360865][ T5625] usb 4-1: SerialNumber: syz
[  228.366348][ T5625] r8152-cfgselector 4-1: config 0 descriptor??
[  228.808974][ T5623] usb 4-1: USB disconnect, device number 8
[  228.907364][   T28] audit: type=1400 audit(739.016:1690): avc:  denied  { read } for  pid=15963 comm="syz.0.6513" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  228.950778][   T28] audit: type=1400 audit(739.016:1691): avc:  denied  { open } for  pid=15963 comm="syz.0.6513" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  228.975177][   T28] audit: type=1400 audit(739.016:1692): avc:  denied  { ioctl } for  pid=15963 comm="syz.0.6513" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  229.034999][   T28] audit: type=1400 audit(739.136:1693): avc:  denied  { mount } for  pid=15973 comm="syz.8.6519" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  229.078178][   T28] audit: type=1400 audit(739.173:1694): avc:  denied  { watch } for  pid=15973 comm="syz.8.6519" path="/99/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  229.120746][   T28] audit: type=1400 audit(739.191:1695): avc:  denied  { mounton } for  pid=15973 comm="syz.8.6519" path="/99/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  229.161083][   T28] audit: type=1400 audit(739.191:1696): avc:  denied  { unmount } for  pid=14678 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  229.333250][T16004] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6523'.
[  229.701854][T16035] overlayfs: missing 'lowerdir'
[  229.727815][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6545'.
[  229.758548][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6545'.
[  230.026732][T16091] overlayfs: failed to clone upperpath
[  230.160389][   T28] audit: type=1400 audit(740.161:1697): avc:  denied  { create } for  pid=16098 comm="syz.1.6573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  230.695834][T16150] syz.8.6594[16150] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.695954][T16150] syz.8.6594[16150] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.778405][ T5623] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  230.798167][T16154] xt_hashlimit: size too large, truncated to 1048576
[  230.996132][ T5623] usb 4-1: config 0 has no interfaces?
[  231.002786][ T5623] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  231.033349][ T5623] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  231.055228][ T5623] usb 4-1: Product: syz
[  231.064048][ T5623] usb 4-1: Manufacturer: syz
[  231.077419][ T5623] usb 4-1: config 0 descriptor??
[  233.733220][ T5624] usb 4-1: USB disconnect, device number 9
[  233.922635][   T28] kauditd_printk_skb: 5 callbacks suppressed
[  233.922653][   T28] audit: type=1400 audit(743.640:1703): avc:  denied  { append } for  pid=16194 comm="syz.8.6613" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  234.107745][T16207] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  234.149745][T16209] syz.8.6619[16209] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.149845][T16209] syz.8.6619[16209] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.189448][T16209] syz.8.6619[16209] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.212968][T16209] syz.8.6619[16209] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.547417][   T28] audit: type=1400 audit(744.212:1704): avc:  denied  { execute_no_trans } for  pid=16252 comm="+}[@" path="/1335/file0" dev="tmpfs" ino=6990 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  234.717449][T16255] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.734927][T16255] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.760586][T16255] device bridge_slave_0 entered promiscuous mode
[  234.781527][T16255] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.790289][   T28] audit: type=1400 audit(744.443:1705): avc:  denied  { setattr } for  pid=16273 comm="syz.7.6648" name="/" dev="configfs" ino=13054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  234.793444][T16255] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.832470][T16255] device bridge_slave_1 entered promiscuous mode
[  234.841728][   T28] audit: type=1400 audit(744.443:1706): avc:  denied  { unmount } for  pid=12102 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  234.889757][   T28] audit: type=1400 audit(744.526:1707): avc:  denied  { accept } for  pid=16280 comm="syz.3.6651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.949319][T16283] device syz_tun left promiscuous mode
[  234.957215][T16283] bridge0: port 3(syz_tun) entered disabled state
[  234.965947][T16283] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  234.978253][T16283] device bridge_slave_0 left promiscuous mode
[  234.984685][T16283] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.992388][T16283] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.038024][   T28] audit: type=1400 audit(744.674:1708): avc:  denied  { write } for  pid=16289 comm="syz.3.6655" name="unix" dev="proc" ino=4026532464 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  235.131183][T16255] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.138289][T16255] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.145610][T16255] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.152662][T16255] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.199235][ T3740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  235.214217][ T3740] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.227427][ T3740] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.256100][T16309] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  235.362768][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): veth7: link becomes ready
[  235.386526][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): veth6: link becomes ready
[  235.418440][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.455881][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.483005][ T4079] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.490082][ T4079] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.540487][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  235.571909][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.603210][ T4079] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.610298][ T4079] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.668432][ T4113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  235.697310][ T4113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  235.751911][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  235.769910][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  235.802310][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  235.813448][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  235.849778][T16255] device veth0_vlan entered promiscuous mode
[  235.861256][T16318] bridge: RTM_NEWNEIGH with invalid ether address
[  235.878327][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  235.896623][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  235.922336][T16255] device veth1_macvtap entered promiscuous mode
[  235.957626][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  235.983164][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  236.014207][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  236.058930][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  236.096953][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  236.113374][ T3859] device veth1_macvtap left promiscuous mode
[  236.120560][   T28] audit: type=1400 audit(745.671:1709): avc:  denied  { read append } for  pid=16337 comm="syz.0.6674" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  236.156752][ T3859] device veth0_vlan left promiscuous mode
[  236.198749][   T28] audit: type=1400 audit(745.708:1710): avc:  denied  { open } for  pid=16337 comm="syz.0.6674" path="/dev/binderfs/binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  236.232017][   T28] audit: type=1400 audit(745.772:1711): avc:  denied  { read } for  pid=16344 comm="syz.3.6676" name="/" dev="configfs" ino=13054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  236.262415][   T28] audit: type=1400 audit(745.772:1712): avc:  denied  { open } for  pid=16344 comm="syz.3.6676" path="/" dev="configfs" ino=13054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  236.290096][T16334] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  236.326989][T16341] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  236.345265][ T4098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  236.359895][ T4098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  236.381628][ T4098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  236.390984][ T4098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  236.455502][  T294] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  236.592054][T16362] loop3: detected capacity change from 0 to 512
[  236.603610][T16364] netlink: 5 bytes leftover after parsing attributes in process `syz.1.6683'.
[  236.613447][T16362] EXT4-fs: Ignoring removed mblk_io_submit option
[  236.628968][T16362] EXT4-fs: Ignoring removed nomblk_io_submit option
[  236.646213][T16362] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  236.661345][  T294] usb 1-1: Using ep0 maxpacket: 16
[  236.661546][T16362] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  236.676629][  T294] usb 1-1: config 0 interface 0 has no altsetting 0
[  236.697510][  T294] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  236.707335][  T294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.726559][  T294] usb 1-1: config 0 descriptor??
[  236.743529][T16362] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3836: comm syz.3.6682: Allocating blocks 41-42 which overlap fs metadata
[  236.775464][T16362] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3836: comm syz.3.6682: Allocating blocks 41-42 which overlap fs metadata
[  236.828440][T16362] EXT4-fs error (device loop3): ext4_acquire_dquot:6803: comm syz.3.6682: Failed to acquire dquot type 1
[  236.848067][T16362] EXT4-fs error (device loop3): mb_free_blocks:1810: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  236.870961][T16362] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.6682: corrupted inode contents
[  236.893975][T16362] EXT4-fs error (device loop3): ext4_dirty_inode:6121: inode #12: comm syz.3.6682: mark_inode_dirty error
[  236.916746][T16362] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.6682: corrupted inode contents
[  236.951317][T16362] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #12: comm syz.3.6682: mark_inode_dirty error
[  236.984834][T16362] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.6682: corrupted inode contents
[  237.013609][T16362] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  237.029006][T16362] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.6682: corrupted inode contents
[  237.051555][T16362] EXT4-fs error (device loop3): ext4_truncate:4314: inode #12: comm syz.3.6682: mark_inode_dirty error
[  237.063122][T16362] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  237.072346][T16362] EXT4-fs (loop3): 1 truncate cleaned up
[  237.079329][T16377] loop8: detected capacity change from 0 to 128
[  237.086038][T16362] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  237.141883][T16362] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  237.194735][T12102] EXT4-fs (loop3): unmounting filesystem.
[  237.395457][  T294] usb 1-1: USB disconnect, device number 25
[  237.482596][T16408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6701'.
[  237.491663][T16408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6701'.
[  237.499748][T16398] loop8: detected capacity change from 0 to 40427
[  237.508022][T16398] F2FS-fs (loop8): Image doesn't support compression
[  237.511644][T16408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6701'.
[  237.514907][T16398] F2FS-fs (loop8): heap/no_heap options were deprecated
[  237.523949][T16408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6701'.
[  237.539805][T16398] F2FS-fs (loop8): invalid crc value
[  237.540744][T16398] F2FS-fs (loop8): Found nat_bits in checkpoint
[  237.584436][T16398] F2FS-fs (loop8): Start checkpoint disabled!
[  237.591287][T16398] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  237.633115][T16398] syz.8.6696: attempt to access beyond end of device
[  237.633115][T16398] loop8: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  237.647375][T16398] syz.8.6696: attempt to access beyond end of device
[  237.647375][T16398] loop8: rw=2049, sector=53280, nr_sectors = 24 limit=40427
[  237.661481][T16398] syz.8.6696: attempt to access beyond end of device
[  237.661481][T16398] loop8: rw=2049, sector=53312, nr_sectors = 24 limit=40427
[  237.675586][T16398] syz.8.6696: attempt to access beyond end of device
[  237.675586][T16398] loop8: rw=2049, sector=53344, nr_sectors = 16 limit=40427
[  237.689687][T16398] syz.8.6696: attempt to access beyond end of device
[  237.689687][T16398] loop8: rw=2049, sector=53384, nr_sectors = 16 limit=40427
[  237.705451][T16398] syz.8.6696: attempt to access beyond end of device
[  237.705451][T16398] loop8: rw=2049, sector=53408, nr_sectors = 8 limit=40427
[  237.719336][T16398] syz.8.6696: attempt to access beyond end of device
[  237.719336][T16398] loop8: rw=2049, sector=53448, nr_sectors = 24 limit=40427
[  237.733336][T16398] syz.8.6696: attempt to access beyond end of device
[  237.733336][T16398] loop8: rw=2049, sector=53480, nr_sectors = 16 limit=40427
[  237.778847][ T4098] kworker/u4:382: attempt to access beyond end of device
[  237.778847][ T4098] loop8: rw=1, sector=53248, nr_sectors = 8 limit=40427
[  237.792903][ T4098] kworker/u4:382: attempt to access beyond end of device
[  237.792903][ T4098] loop8: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  237.966159][T16434] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  238.001669][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  238.018002][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  238.249446][T16463] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6726'.
[  238.265192][T16463] sch_fq: defrate 0 ignored.
[  238.368756][T16450] loop3: detected capacity change from 0 to 40427
[  238.385009][T16450] F2FS-fs (loop3): Image doesn't support compression
[  238.393193][T16450] F2FS-fs (loop3): heap/no_heap options were deprecated
[  238.401218][T16450] F2FS-fs (loop3): invalid crc value
[  238.430703][T16450] F2FS-fs (loop3): Found nat_bits in checkpoint
[  238.465388][T16478] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6731'.
[  238.493349][T16450] F2FS-fs (loop3): Start checkpoint disabled!
[  238.500609][T16450] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  238.533959][ T3859] Bluetooth: hci0: Frame reassembly failed (-84)
[  238.786283][T16506] netlink: 'syz.3.6746': attribute type 1 has an invalid length.
[  238.814784][T16516] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  238.848994][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  238.868504][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  238.882464][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  238.890722][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  238.899347][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  238.907737][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  238.916146][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  238.926182][ T3859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  239.254828][T16559] loop8: detected capacity change from 0 to 256
[  239.266846][T16559] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  239.279185][T16559] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  239.883874][   T28] kauditd_printk_skb: 20 callbacks suppressed
[  239.883904][   T28] audit: type=1400 audit(749.141:1729): avc:  denied  { watch } for  pid=16611 comm="syz.7.6789" path="/1365/mnt" dev="tmpfs" ino=7146 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  240.293097][T16654] netlink: 44 bytes leftover after parsing attributes in process `syz.7.6810'.
[  240.528380][   T28] audit: type=1400 audit(749.732:1730): avc:  denied  { setattr } for  pid=16677 comm="syz.8.6821" name="file0" dev="incremental-fs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  240.596191][   T28] audit: type=1400 audit(749.806:1731): avc:  denied  { write } for  pid=16683 comm="syz.8.6824" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  240.648339][   T28] audit: type=1400 audit(749.806:1732): avc:  denied  { add_name } for  pid=16683 comm="syz.8.6824" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  240.694751][   T28] audit: type=1400 audit(749.806:1733): avc:  denied  { create } for  pid=16683 comm="syz.8.6824" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  240.735783][ T1490] Bluetooth: hci0: command 0x1003 tx timeout
[  240.736556][   T28] audit: type=1400 audit(749.806:1734): avc:  denied  { associate } for  pid=16683 comm="syz.8.6824" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  240.741868][  T369] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  240.783130][T16692] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.810926][T16692] FAT-fs (loop1): unable to read boot sector
[  240.875697][   T28] audit: type=1400 audit(749.963:1735): avc:  denied  { create } for  pid=16690 comm="syz.0.6828" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  241.003756][   T28] audit: type=1400 audit(749.972:1736): avc:  denied  { mounton } for  pid=16690 comm="syz.0.6828" path="/339/file0" dev="tmpfs" ino=1812 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  241.065241][   T28] audit: type=1400 audit(750.037:1737): avc:  denied  { unlink } for  pid=12101 comm="syz-executor" name="file0" dev="tmpfs" ino=1812 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  241.136335][   T28] audit: type=1400 audit(750.083:1738): avc:  denied  { read } for  pid=16696 comm="syz.0.6830" name="file0" dev="incremental-fs" ino=1819 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  241.192585][T16722] xt_bpf: check failed: parse error
[  241.301432][T16734] overlayfs: failed to clone upperpath
[  241.530413][T16748] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16748 comm=syz.0.6854
[  241.592130][T16750] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  241.638632][T16766] overlayfs: failed to resolve './file0': -2
[  241.726189][T16789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6872'.
[  241.737094][T16789] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  241.876691][T16797] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  241.898905][T16797] overlayfs: failed to look up (tracing) for ino (-66)
[  241.962283][T16808] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6881'.
[  241.991852][T16808] device sit2 entered promiscuous mode
[  242.482751][T16867] syz.1.6915[16867] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  242.482816][T16867] syz.1.6915[16867] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  243.191422][T16891] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=16891 comm=syz.7.6914
[  243.736153][ T5623] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  243.897063][T16937] 9pnet_virtio: no channels available for device syz
[  243.931168][ T5623] usb 4-1: Using ep0 maxpacket: 32
[  243.937527][ T5623] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  243.951611][ T5623] usb 4-1: config 0 has no interface number 0
[  243.966954][ T5623] usb 4-1: config 0 interface 184 has no altsetting 0
[  243.992385][ T5623] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  244.012499][ T5623] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.028802][ T5623] usb 4-1: Product: syz
[  244.033000][ T5623] usb 4-1: Manufacturer: syz
[  244.048525][ T5623] usb 4-1: SerialNumber: syz
[  244.054000][ T5623] usb 4-1: config 0 descriptor??
[  244.070621][ T5623] smsc75xx v1.0.0
[  244.307141][T16987] tipc: Started in network mode
[  244.320493][T16987] tipc: Node identity 8a0d850f7b5e, cluster identity 4711
[  244.329499][T16987] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  244.350500][T16987] tipc: Disabling bearer <eth:syzkaller0>
[  244.540372][T17003] 9p: Unknown uid 00000000004294967295
[  244.570157][T17009] device bridge0 entered promiscuous mode
[  244.577649][T17009] bridge0: port 1(macsec2) entered blocking state
[  244.584776][T17009] bridge0: port 1(macsec2) entered disabled state
[  244.592601][T17009] device bridge0 left promiscuous mode
[  244.634877][T17011] __nla_validate_parse: 1 callbacks suppressed
[  244.634894][T17011] netlink: 1351 bytes leftover after parsing attributes in process `syz.1.6969'.
[  244.707065][T17025] netem: change failed
[  244.712706][ T5623] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  244.738419][ T5623] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  245.091392][T17060] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  245.410602][ T5623] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  245.433419][ T5623] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  245.443864][ T5623] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  245.461989][ T5623] smsc75xx: probe of 4-1:0.184 failed with error -71
[  245.478796][ T5623] usb 4-1: USB disconnect, device number 10
[  245.580565][T17091] tipc: Started in network mode
[  245.585469][T17091] tipc: Node identity 820b0a08784d, cluster identity 4711
[  245.593412][T17091] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  245.611304][T17091] tipc: Disabling bearer <eth:syzkaller0>
[  245.621483][T17093] device ipip0 entered promiscuous mode
[  245.627179][T17093] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  245.914530][T17119] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7015'.
[  245.973929][   T28] kauditd_printk_skb: 20 callbacks suppressed
[  245.973949][   T28] audit: type=1400 audit(1010.768:1759): avc:  denied  { setattr } for  pid=17122 comm="syz.7.7017" name="file0" dev="tmpfs" ino=7526 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  246.027756][   T28] audit: type=1400 audit(1010.805:1760): avc:  denied  { mounton } for  pid=17124 comm="syz.3.7018" path="/442/file0" dev="tmpfs" ino=2360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  246.131346][T17134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7022'.
[  246.389583][T17156] tipc: Enabled bearer <udp:s>, priority 10
[  246.486134][T17167] loop3: detected capacity change from 0 to 1024
[  246.532057][T17167] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  246.552202][   T28] audit: type=1400 audit(1011.295:1761): avc:  denied  { append } for  pid=17164 comm="syz.3.7037" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  246.580216][   T28] audit: type=1400 audit(1011.295:1762): avc:  denied  { map } for  pid=17164 comm="syz.3.7037" path="/dev/loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  246.623555][T12102] EXT4-fs (loop3): unmounting filesystem.
[  246.970377][T17199] tipc: Failed to remove unknown binding: 66,1,1/2886997039:1994373163/1994373165
[  247.032364][T17205] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7052'.
[  247.213488][   T28] audit: type=1326 audit(1011.904:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17231 comm="syz.3.7065" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f858118eec9 code=0x0
[  247.237889][   T28] audit: type=1400 audit(1011.922:1764): avc:  denied  { read write } for  pid=17234 comm="syz.0.7066" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  247.278229][   T28] audit: type=1400 audit(1011.922:1765): avc:  denied  { open } for  pid=17234 comm="syz.0.7066" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  247.375151][T17257] netlink: 'syz.1.7075': attribute type 2 has an invalid length.
[  247.399708][T17261] netem: change failed
[  247.463069][   T19] tipc: Node number set to 4198894088
[  247.518856][   T28] audit: type=1400 audit(1012.199:1766): avc:  denied  { read } for  pid=17271 comm="poweroff" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  247.847027][T17307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17307 comm=syz.7.7095
Stopping sshd: stopped /usr/sbin/sshd (pid 194)
OK
Stopping crond: stopped /usr/sbin/crond (pid 187)
OK
Stopping dhcpcd...
stopped /sbin/dhcpcd (pid 141)
[  248.159698][   T28] audit: type=1400 audit(1012.781:1767): avc:  denied  { search } for  pid=17327 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
Stopping network: [  248.317392][   T28] audit: type=1400 audit(1012.928:1768): avc:  denied  { read write } for  pid=17348 comm="ip" path="/dev/console" dev="rootfs" ino=5528 scontext=system_u:system_r:ifconfig_t tcontext=system_u:object_r:root_t tclass=chr_file permissive=1
[  248.319931][T17351] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7106'.
[  248.417721][ T3859] ==================================================================
[  248.425837][ T3859] BUG: KASAN: use-after-free in l2tp_session_delete+0x27/0x4e0
[  248.433418][ T3859] Write of size 8 at addr ffff88810e1fac08 by task kworker/u4:143/3859
[  248.441682][ T3859] 
[  248.444025][ T3859] CPU: 1 PID: 3859 Comm: kworker/u4:143 Not tainted syzkaller #0
[  248.451776][ T3859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  248.461853][ T3859] Workqueue: l2tp l2tp_tunnel_del_work
[  248.467354][ T3859] Call Trace:
[  248.470651][ T3859]  <TASK>
[  248.473592][ T3859]  __dump_stack+0x21/0x24
[  248.477940][ T3859]  dump_stack_lvl+0xee/0x150
[  248.482536][ T3859]  ? __cfi_dump_stack_lvl+0x8/0x8
[  248.487566][ T3859]  ? release_firmware_map_entry+0x194/0x194
[  248.493459][ T3859]  ? l2tp_session_delete+0x27/0x4e0
[  248.498660][ T3859]  print_address_description+0x71/0x200
[  248.504210][ T3859]  print_report+0x4a/0x60
[  248.508544][ T3859]  kasan_report+0x122/0x150
[  248.513044][ T3859]  ? l2tp_session_delete+0x27/0x4e0
[  248.518323][ T3859]  ? __this_cpu_preempt_check+0x13/0x20
[  248.523965][ T3859]  kasan_check_range+0x280/0x290
[  248.528901][ T3859]  __kasan_check_write+0x14/0x20
[  248.533834][ T3859]  l2tp_session_delete+0x27/0x4e0
[  248.538859][ T3859]  l2tp_tunnel_del_work+0x201/0x420
[  248.544061][ T3859]  process_one_work+0x71f/0xc40
[  248.548911][ T3859]  worker_thread+0xa29/0x11f0
[  248.553589][ T3859]  kthread+0x281/0x320
[  248.557656][ T3859]  ? __cfi_worker_thread+0x10/0x10
[  248.562768][ T3859]  ? __cfi_kthread+0x10/0x10
[  248.567401][ T3859]  ret_from_fork+0x1f/0x30
[  248.571822][ T3859]  </TASK>
[  248.574836][ T3859] 
[  248.577159][ T3859] Allocated by task 17361:
[  248.581571][ T3859]  kasan_set_track+0x4b/0x70
[  248.586179][ T3859]  kasan_save_alloc_info+0x25/0x30
[  248.591293][ T3859]  __kasan_kmalloc+0x95/0xb0
[  248.595881][ T3859]  __kmalloc+0xb1/0x1e0
[  248.600059][ T3859]  l2tp_session_create+0x38/0xbe0
[  248.605083][ T3859]  pppol2tp_connect+0xb35/0x1570
[  248.610017][ T3859]  __sys_connect+0x398/0x420
[  248.614601][ T3859]  __x64_sys_connect+0x7a/0x90
[  248.619357][ T3859]  x64_sys_call+0x88d/0x9a0
[  248.623855][ T3859]  do_syscall_64+0x4c/0xa0
[  248.628268][ T3859]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  248.634158][ T3859] 
[  248.636476][ T3859] Freed by task 13:
[  248.640274][ T3859]  kasan_set_track+0x4b/0x70
[  248.644862][ T3859]  kasan_save_free_info+0x31/0x50
[  248.649884][ T3859]  ____kasan_slab_free+0x132/0x180
[  248.654988][ T3859]  __kasan_slab_free+0x11/0x20
[  248.659745][ T3859]  slab_free_freelist_hook+0xc2/0x190
[  248.665114][ T3859]  __kmem_cache_free+0xb7/0x1b0
[  248.669959][ T3859]  kfree+0x6f/0xf0
[  248.673678][ T3859]  l2tp_session_dec_refcount+0xaf/0x1a0
[  248.679220][ T3859]  pppol2tp_session_destruct+0xb1/0xf0
[  248.684681][ T3859]  __sk_destruct+0x64/0x600
[  248.689189][ T3859]  __sk_free+0x313/0x410
[  248.693432][ T3859]  sk_free+0x54/0x90
[  248.697325][ T3859]  pppol2tp_put_sk+0x7a/0xb0
[  248.702342][ T3859]  rcu_do_batch+0x515/0xb90
[  248.706852][ T3859]  rcu_core+0x5a5/0xe70
[  248.711024][ T3859]  rcu_core_si+0x9/0x10
[  248.715190][ T3859]  handle_softirqs+0x1d7/0x600
[  248.719958][ T3859]  run_ksoftirqd+0x28/0x30
[  248.724378][ T3859]  smpboot_thread_fn+0x4a0/0x910
[  248.729316][ T3859]  kthread+0x281/0x320
[  248.733382][ T3859]  ret_from_fork+0x1f/0x30
[  248.737798][ T3859] 
[  248.740119][ T3859] Last potentially related work creation:
[  248.745827][ T3859]  kasan_save_stack+0x3a/0x60
[  248.750591][ T3859]  __kasan_record_aux_stack+0xb6/0xc0
[  248.755972][ T3859]  kasan_record_aux_stack_noalloc+0xb/0x10
[  248.761780][ T3859]  call_rcu+0xd4/0xf90
[  248.765845][ T3859]  pppol2tp_release+0x208/0x2d0
[  248.770694][ T3859]  sock_close+0xf1/0x290
[  248.774988][ T3859]  __fput+0x1fc/0x8f0
[  248.778965][ T3859]  ____fput+0x15/0x20
[  248.782941][ T3859]  task_work_run+0x1db/0x240
[  248.787526][ T3859]  do_exit+0xa25/0x2650
[  248.791689][ T3859]  do_group_exit+0x210/0x2d0
[  248.796277][ T3859]  get_signal+0x13b5/0x1520
[  248.800785][ T3859]  arch_do_signal_or_restart+0xb0/0x1030
[  248.806418][ T3859]  exit_to_user_mode_loop+0x7a/0xb0
[  248.811618][ T3859]  exit_to_user_mode_prepare+0x5a/0xa0
[  248.817074][ T3859]  syscall_exit_to_user_mode+0x1a/0x30
[  248.822540][ T3859]  do_syscall_64+0x58/0xa0
[  248.826951][ T3859]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  248.832846][ T3859] 
[  248.835164][ T3859] The buggy address belongs to the object at ffff88810e1fac00
[  248.835164][ T3859]  which belongs to the cache kmalloc-512 of size 512
[  248.849212][ T3859] The buggy address is located 8 bytes inside of
[  248.849212][ T3859]  512-byte region [ffff88810e1fac00, ffff88810e1fae00)
[  248.862307][ T3859] 
[  248.864631][ T3859] The buggy address belongs to the physical page:
[  248.871037][ T3859] page:ffffea0004387e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e1f8
[  248.881275][ T3859] head:ffffea0004387e00 order:2 compound_mapcount:0 compound_pincount:0
[  248.889596][ T3859] flags: 0x4000000000010200(slab|head|zone=1)
[  248.895664][ T3859] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[  248.904255][ T3859] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  248.912829][ T3859] page dumped because: kasan: bad access detected
[  248.919250][ T3859] page_owner tracks the page as allocated
[  248.924953][ T3859] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5181, tgid 5181 (syz-executor), ts 81518248398, free_ts 79115676247
[  248.947699][ T3859]  post_alloc_hook+0x1f5/0x210
[  248.952468][ T3859]  prep_new_page+0x1c/0x110
[  248.956984][ T3859]  get_page_from_freelist+0x2c7b/0x2cf0
[  248.962531][ T3859]  __alloc_pages+0x1c3/0x450
[  248.967125][ T3859]  alloc_slab_page+0x6e/0xf0
[  248.971716][ T3859]  new_slab+0x98/0x3d0
[  248.975790][ T3859]  ___slab_alloc+0x6bd/0xb20
[  248.980378][ T3859]  __slab_alloc+0x5e/0xa0
[  248.984704][ T3859]  __kmem_cache_alloc_node+0x203/0x2c0
[  248.990163][ T3859]  __kmalloc_node_track_caller+0xa0/0x1e0
[  248.996069][ T3859]  __alloc_skb+0x236/0x4b0
[  249.000492][ T3859]  netlink_sendmsg+0x626/0xbc0
[  249.005249][ T3859]  __sys_sendto+0x464/0x5e0
[  249.009745][ T3859]  __x64_sys_sendto+0xe5/0x100
[  249.014514][ T3859]  x64_sys_call+0x83/0x9a0
[  249.018931][ T3859]  do_syscall_64+0x4c/0xa0
[  249.023340][ T3859] page last free stack trace:
[  249.028006][ T3859]  free_unref_page_prepare+0x742/0x750
[  249.033466][ T3859]  free_unref_page+0x8f/0x530
[  249.038143][ T3859]  __free_pages+0x67/0x100
[  249.042554][ T3859]  __free_slab+0xca/0x1a0
[  249.046887][ T3859]  discard_slab+0x29/0x40
[  249.051214][ T3859]  __slab_free+0x201/0x280
[  249.055629][ T3859]  ___cache_free+0xbf/0xd0
[  249.060071][ T3859]  qlist_free_all+0xc6/0x140
[  249.064659][ T3859]  kasan_quarantine_reduce+0x14a/0x170
[  249.070112][ T3859]  __kasan_slab_alloc+0x24/0x80
[  249.074963][ T3859]  slab_post_alloc_hook+0x4f/0x2d0
[  249.080074][ T3859]  kmem_cache_alloc+0x16e/0x330
[  249.084931][ T3859]  getname_flags+0xb9/0x500
[  249.089438][ T3859]  user_path_at_empty+0x30/0x1c0
[  249.094370][ T3859]  __x64_sys_umount+0xf1/0x160
[  249.099128][ T3859]  x64_sys_call+0x86a/0x9a0
[  249.103634][ T3859] 
[  249.105974][ T3859] Memory state around the buggy address:
[  249.111599][ T3859]  ffff88810e1fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  249.119653][ T3859]  ffff88810e1fab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  249.127708][ T3859] >ffff88810e1fac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  249.135766][ T3859]                       ^
[  249.140097][ T3859]  ffff88810e1fac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  249.148153][ T3859]  ffff88810e1fad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  249.156209][ T3859] ==================================================================
OK
[  249.176384][ T3859] Disabling lock debugging due to kernel taint
Stopping iptables: OK
Stopping system message bus: done
killall: udevd: no process killed
Stopping klogd: OK
Stopping acpid: OK
Stopping syslogd: stopped /sbin/syslogd (pid 85)
OK
umount: can't remount debugfs read-only
Connection to 10.128.1.49 closed by remote host.
umount: sysfs busy - remounted read-only
umount: devtmpfs busy - remounted read-only
umount: can't remouSent SIGTERM to all processes
[  251.613160][ T3780] device veth1_macvtap left promiscuous mode
Sent SIGKILL to all processes
Requesting system poweroff
[  253.013722][T17392] kvm: exiting hardware virtualization
[  253.019861][T17392] sd 0:0:1:0: [sda] Synchronizing SCSI cache
[  253.026479][T17392] ACPI: PM: Preparing to enter system sleep state S5
[  253.033507][T17392] reboot: Power down
serialport: VM disconnected.