last executing test programs:

1.941648977s ago: executing program 4 (id=3751):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0, r1}, 0x18)
rt_sigpending(&(0x7f00000001c0), 0x8)

1.922648149s ago: executing program 4 (id=3752):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x0, 0x10, 0x0, 0x8, 0x0, 0x200000100, 0xb5120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000300)}, 0x4000, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xc, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
mkdir(&(0x7f00000004c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[], 0x50)
memfd_secret(0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000400)={0xa})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)

1.367388861s ago: executing program 1 (id=3767):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x0, 0x10, 0x0, 0x8, 0x0, 0x200000100, 0xb5120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000300)}, 0x4000, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xc, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
mkdir(&(0x7f00000004c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="02000000040000"], 0x50)
memfd_secret(0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000400)={0xa})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)

1.05944527s ago: executing program 4 (id=3773):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0, r1}, 0x18)
rt_sigpending(&(0x7f00000001c0), 0x8)

1.059123871s ago: executing program 4 (id=3774):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)="01000000c00000005a90f57f07703aefe7364ebbee07022c2277ae2a00"/42, 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

949.044601ms ago: executing program 4 (id=3777):
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1022002, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="140000000580000000008a2e65040000000004020000000004000000c9ceadde81e3bb3290cfadbffb7ce5a2c661f36ed1cbb94abe70254e143a619dcd902c0000e5d2a600034578411b2aaeabb83da4a95149c7c7e36e17892bce54061a6ac47e5ddce12cae675f19d44ffb25b68ea0dbe78d44c03ac98051a9b87426e944d000950bd23381d8dd57e7c02ce46a8fde4a0ce526488042d1aa25d80341744f77fbad4210e0e71cb5f336569444223e7f0e8702b2de72948693cf303ae79f3d9dc6ac73ade5cd93739f0f3b13103ac4cda4b2ad331d22dadd34526c0f3519f4a2e5482d2c8790d41335712c29d2fec4fbe50ce3f41742"], &(0x7f00000003c0), 0x400)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = mq_open(&(0x7f0000000380)='!]\x05^-\x00', 0x80, 0x0, &(0x7f0000000640)={0x0, 0x2, 0x3fe, 0x100})
mq_timedreceive(r0, &(0x7f0000000680)=""/162, 0xa2, 0xd, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x6}, 0x220}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
open(&(0x7f0000000000)='./file0\x00', 0x200, 0x81)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8905, &(0x7f0000000000)={'veth0_vlan\x00', @random="0100002010ff"})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r3=>r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000100000"], 0x0, 0xfa50, 0x0, 0x0, 0x0, 0x48}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000880, 0x0, 0x1, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f00000000c0), 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x61c0, 0x700)

734.796171ms ago: executing program 2 (id=3783):
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c00000000000000000000000800", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4000804)

708.522664ms ago: executing program 2 (id=3784):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1}, 0x10)
utime(&(0x7f0000000600)='./file2\x00', 0x0)

697.437755ms ago: executing program 4 (id=3786):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x0, 0x10, 0x0, 0x8, 0x0, 0x200000100, 0xb5120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000300)}, 0x4000, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xc, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
mkdir(&(0x7f00000004c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[], 0x50)
memfd_secret(0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000400)={0xa})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)

668.579438ms ago: executing program 2 (id=3787):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x12200, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_open_dev$usbfs(&(0x7f0000000000), 0xfffffffffffffff9, 0x490080)
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x3, 0x1, 0x105, 0x0, 0x0, {0x7, 0x0, 0x4}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x125e30103a86b53a}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4)
io_destroy(r1)

659.002378ms ago: executing program 3 (id=3788):
r0 = socket$netlink(0x10, 0x3, 0x14)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x4, &(0x7f0000000040)=@framed={{0x26, 0xa, 0x0, 0x0, 0x0, 0x61, 0x10, 0x9c}}, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r3}, 0x10)
io_setup(0x2003, &(0x7f0000000340))
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x3, 'macvtap0\x00', {0xb}, 0x7})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x2000, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401000000000000000000090002002f797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844)

575.980376ms ago: executing program 3 (id=3791):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000880)=ANY=[@ANYRES32], 0x0, 0xffffffff, 0x0, 0x0, 0x820e3ce3609faa41}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f00000005c0), 0x551f03, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r2 = syz_clone3(&(0x7f0000001880)={0x300040280, 0x0, 0x0, 0x0, {0x45}, 0x0, 0x0, 0x0, 0x0}, 0x58)
wait4(r2, 0x0, 0x40000000, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
unshare(0x28000600)
r5 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000002980)={0x4002000, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[r5], 0x1}, 0x58)
wait4(0x0, 0x0, 0x80000000, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x6, 0x20200)
ioctl$LOOP_GET_STATUS64(r6, 0x4c05, &(0x7f00000006c0))
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r7, 0x0, 0x20000023896)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x58, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0}}, 0x10)
lstat(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
quotactl_fd$Q_QUOTAOFF(r4, 0x3, r9, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r3}, 0x10)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f1"], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r10, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
fcntl$getown(r0, 0x9)
r11 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x80482, 0x0)
write$vga_arbiter(r11, &(0x7f0000000340)=ANY=[@ANYBLOB="6465636f646573206e6f6e6500848506c5a67345c07ad49a4abb37f972f54541c2aeb0b0195e4f4715138eb35fa8d9aa83817e1e3fb5e85ee9484c96dcad27fe1983fd3f2dfa2827fee4271ed04edee316a795b9498c3a9f7837201f577d8bec080ac9ac52"], 0xd)
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfd, 0x7fff0000}]})
close_range(r12, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r8, 0x25, r7}, 0x94)

575.577716ms ago: executing program 0 (id=3792):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_REAPURB(r3, 0x4004550c, &(0x7f0000000380))

500.572623ms ago: executing program 1 (id=3793):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d96c8b41dc000000b800006062bb4d00e200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f50000000000080000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
close(0x3)
r4 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0519, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4002, 0xb, 0x3, 0xcd0, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, r4, 0x0)
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r5}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
fallocate(r2, 0x11, 0x2, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB="02030003130000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a004e2400000004ff010000000000000000000000000001000000000000000002000100000000000000070c0100000005000500000000000a004e24000000090000000000000000000000000000000006000000000000000200130003"], 0x98}, 0x1, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
r7 = request_key(&(0x7f0000000180)='rxrpc\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f00000004c0)='\x00', 0xfffffffffffffffd)
r8 = request_key(&(0x7f0000000500)='.request_key_auth\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)='GPL\x00', 0xfffffffffffffffe)
r9 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r10 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x0}, &(0x7f0000000580)="d5", 0x1, r10)
keyctl$KEYCTL_MOVE(0x1e, r9, 0xffffffffffffffff, r10, 0x1)
keyctl$KEYCTL_MOVE(0x1e, r7, r8, r10, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

407.857822ms ago: executing program 2 (id=3794):
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000000000000000000080000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4000804)

388.193154ms ago: executing program 1 (id=3795):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e"], &(0x7f0000000100)='GPL\x00'}, 0x94)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYRES8=0x0], 0x3, 0x21f, &(0x7f0000000940)="$eJzs2j+LXFUcBuDfXRMSN2xmxH8kIB60UJtLZmqLLJKAOKBoRoiC5Ma9o8NcZ5a5w8KImK209SNYi6WdIClttvETWNhts2UK8Uoya5INY7GIO2Kep5kXzrzccziXwynu/uvffDYa1PmgmMValsXa5diNO1m0Yy3+shuvvXL95xfeu/7BW5u93pV3U7q6ea3TTSmdf/GnD7/4/qXbs3Pv/3D+xzOx1/5o/6D7295zexf2/7j26bBOwzqNJ7NUpJuTyay4WZVpa1iP8pTeqcqiLtNwXJfTI+ODarK9PU/FeGtjfXta1nUqxvM0KudpNkmz6TwVnxTDccrzPG2sB/9E/7s7TRMHzekb0TTNk9/Gudux8Wu0InsqZU9fzp69kT2/m104aJrWqqfKv8L+P94eOtTPRlRf7/R3+ovfxfjmIIZRRRmXohW/x93X5NAiX32zd+VSuqcdX1W3Dvu3dvpPHO13ohXt5f3Oop+O9s/EesTpiMN+N1rxzPJ+d2n/bLz68kPPz6MVv3wck6hiK+52H/S/7KT0xtu9R/oX7/0PAOD/Jk/3Lb2/5fnfjS/6x7gfPnK/OhUXT6127UTU889HRVWVU0EQhPth1ScTJ+HBpq96JgAAAAAAAAAAABzHSXxOuOo1AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/21/BgAA//9DWtUg")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000000)=""/48, 0x30)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000f80)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

360.428046ms ago: executing program 3 (id=3796):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2(&(0x7f0000001cc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="69ab00e7000000002c7266646e6f3d", @ANYRESHEX=r1, @ANYRESDEC, @ANYRESHEX=r2, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf89329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00"])
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000040)={'syztnl0\x00', <r3=>0x0, 0x700, 0x20, 0x8, 0x3, {{0x2f, 0x4, 0x0, 0x6, 0xbc, 0x67, 0x0, 0x81, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x36}, @local, {[@rr={0x7, 0x17, 0x69, [@broadcast, @rand_addr=0x64010100, @private=0xa010101, @private=0xa010100, @multicast1]}, @timestamp={0x44, 0x28, 0xa2, 0x0, 0x5, [0x2d2, 0x4, 0x2, 0x4, 0x7, 0x1, 0xa, 0x3354, 0x2]}, @timestamp={0x44, 0x8, 0x31, 0x0, 0x1, [0x6]}, @generic={0x83, 0x3, "e5"}, @generic={0x83, 0xc, "7e97eba529a0a951439e"}, @lsrr={0x83, 0x1f, 0x84, [@remote, @multicast2, @dev={0xac, 0x14, 0x14, 0xa}, @dev={0xac, 0x14, 0x14, 0x38}, @multicast2, @loopback, @local]}, @end, @lsrr={0x83, 0x1f, 0xe, [@rand_addr=0x64010101, @private=0xa010101, @loopback, @multicast1, @dev={0xac, 0x14, 0x14, 0x2c}, @empty, @multicast1]}, @lsrr={0x83, 0x13, 0x5d, [@private=0xa010101, @loopback, @loopback, @loopback]}]}}}}})
setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f00000001c0)={r3, 0x1, 0x6, @broadcast}, 0x10)
r4 = socket(0x10, 0x80003, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
r6 = socket$inet(0x2, 0x2, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x44010)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000300)="0800c8460f2a2a2a", 0x8}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000)
write(r4, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(r7, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, &(0x7f0000000240)=[0x0, 0x5])
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x109)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x183, 0x6}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r9, r9, 0x0, 0xb)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000600)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r8}, 0x18)

325.91384ms ago: executing program 0 (id=3797):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000590000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1}, 0x10)
utime(&(0x7f0000000600)='./file2\x00', 0x0)

325.50561ms ago: executing program 2 (id=3798):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

325.00738ms ago: executing program 0 (id=3799):
socket$xdp(0x2c, 0x3, 0x0)
socket$phonet(0x23, 0x2, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0x10, 0x3, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x81)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f00000037c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000a70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c21f664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffaf4ab87b1bfed9fbe586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae460f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf8714d7bb2366fde41f94290c2a5fdecb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1f5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27832b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd210819203a513a67da4a571ce585a17a02a210382f14d12ca3c3431ee97471c785a69da7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedda1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a540f0c10ec3a11667290b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad95971030000007d00000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfadfdd708789a20287d58187fbd49fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91647b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf06d0000f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe6e7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a1914b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c056d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c617f005ac2d371a95b8adc67ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c259d3f28b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bdd27e663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70780025072e20586b19127d75fa71577f265c51000000000000000000000000000000000000000000915c2cde78db002a20e370600f56b3803786ffff268fa1782c240a1d3b62bb5c9c5712bc58a0f276f5224b6efaceab36d1468b0800000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='sys_enter\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x103b01)
signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000)
pipe2$9p(&(0x7f0000001900), 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x303, 0x300}})

296.775392ms ago: executing program 3 (id=3800):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2(&(0x7f0000001cc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="69ab00e7000000002c7266646e6f3d", @ANYRESHEX=r1, @ANYRESDEC, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf89329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00"])
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000040)={'syztnl0\x00', <r3=>0x0, 0x700, 0x20, 0x8, 0x3, {{0x30, 0x4, 0x0, 0x6, 0xc0, 0x67, 0x0, 0x81, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x36}, @local, {[@rr={0x7, 0x17, 0x69, [@broadcast, @rand_addr=0x64010100, @private=0xa010101, @private=0xa010100, @multicast1]}, @timestamp={0x44, 0x28, 0xa2, 0x0, 0x5, [0x2d2, 0x4, 0x2, 0x4, 0x7, 0x1, 0xa, 0x3354, 0x2]}, @timestamp={0x44, 0x8, 0x31, 0x0, 0x1, [0x6]}, @generic={0x83, 0x3, "e5"}, @generic={0x83, 0xc, "7e97eba529a0a951439e"}, @lsrr={0x83, 0x1f, 0x84, [@remote, @multicast2, @dev={0xac, 0x14, 0x14, 0xa}, @dev={0xac, 0x14, 0x14, 0x38}, @multicast2, @loopback, @local]}, @end, @lsrr={0x83, 0x23, 0xe, [@rand_addr=0x64010101, @private=0xa010101, @loopback, @multicast1, @dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr=0x64010101, @empty, @multicast1]}, @lsrr={0x83, 0x13, 0x5d, [@private=0xa010101, @loopback, @loopback, @loopback]}]}}}}})
setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f00000001c0)={r3, 0x1, 0x6, @broadcast}, 0x10)
r4 = socket(0x10, 0x80003, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
r6 = socket$inet(0x2, 0x2, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x44010)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000300)="0800c8460f2a2a2a", 0x8}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000)
write(r4, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, &(0x7f0000000240)=[0x0, 0x5])
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x109)
sendfile(r9, r9, 0x0, 0xb)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000600)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r8}, 0x18)

261.299756ms ago: executing program 1 (id=3801):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
clock_gettime(0x0, &(0x7f00000001c0))

260.881866ms ago: executing program 0 (id=3802):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000)

191.087002ms ago: executing program 3 (id=3803):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0)
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0xaf, 0x400)
cachestat(r0, &(0x7f0000000380)={0x4, 0x3}, &(0x7f0000000500), 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
r1 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
linkat(r1, &(0x7f0000000040)='./file1\x00', r1, &(0x7f0000000180)='./bus\x00', 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000006c0)=@generic={&(0x7f0000000480)='./file0\x00', r3}, 0x18)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x210, 0x940c, 0x3002, 0x210, 0x2c0, 0x300, 0x3d8, 0x3d8, 0x300, 0x3d8, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, @private2, [0xff000000, 0xff000000, 0xff000000, 0xff000000], [0xff, 0xff000000, 0xffffffff, 0xff], 'veth1_to_team\x00', 'macsec0\x00', {}, {}, 0x62, 0x61, 0x0, 0x8}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x1ffffc, 0x0, 0x1, 0x0, 'syz1\x00'}}, @common=@unspec=@addrtype1={{0x28}, {0x2, 0x140, 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x916, {0x7c7a1f6d}}}}, {{@ipv6={@mcast1, @remote, [0xff000000, 0x0, 0xffffffff, 0xffffffff], [0xffffff00, 0x0, 0xff000000, 0xffffff00], 'syzkaller0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x9, 0x4, 0x10}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
close(r4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x10a942, 0x84)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\v\x00\x00\x00B\x00'/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r9}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r7}, &(0x7f0000000140), &(0x7f0000000500)}, 0x20)

171.277564ms ago: executing program 0 (id=3804):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8405}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000140)={0x16b, @time={0x6fd, 0x7}, 0x0, {0x0, 0xff}, 0x0, 0x0, 0x2})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x0)

160.853495ms ago: executing program 1 (id=3805):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d96c8b41dc000000b800006062bb4d00e200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000005000000010000000100001304000000020000"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f50000000000080000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
close(0x3)
r4 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0519, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4002, 0xb, 0x3, 0xcd0, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, r4, 0x0)
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r5}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
fallocate(r2, 0x11, 0x2, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB="02030003130000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a004e2400000004ff010000000000000000000000000001000000000000000002000100000000000000070c0100000005000500000000000a004e24000000090000000000000000000000000000000006000000000000000200130003"], 0x98}, 0x1, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
r7 = request_key(&(0x7f0000000180)='rxrpc\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f00000004c0)='\x00', 0xfffffffffffffffd)
r8 = request_key(&(0x7f0000000500)='.request_key_auth\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)='GPL\x00', 0xfffffffffffffffe)
r9 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r10 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x0}, &(0x7f0000000580)="d5", 0x1, r10)
keyctl$KEYCTL_MOVE(0x1e, r9, 0xffffffffffffffff, r10, 0x1)
keyctl$KEYCTL_MOVE(0x1e, r7, r8, r10, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

112.66129ms ago: executing program 0 (id=3806):
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ppoll(&(0x7f0000000740)=[{r0, 0x104}], 0x1, 0x0, 0x0, 0x0)
pread64(r0, &(0x7f0000000480), 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x8000000000007, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000009440))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r8 = gettid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010028bd7000ffdbdf2514000000080001000100000008001c00", @ANYRES32=r8, @ANYBLOB="2a997dee7022a69a668b5d91e4fc5efe77bcb02013af3a43884aa6fd8b38b1bc00000101000000db19717495fcb791b6"], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="00b5bad9ff78ffdbdfffad9992010000000000000000000100000035b74a120e0ecb88151435b58fe374dfca44b4e311261b620ae26a160a29ef4dbbdfd18fa7f6cfe20c7e740051b7e8778d339476a45824f477aeeef11906dfbc1a4b597e23bd242e31e30da338e9f47de01b32607972c8abf658d8bdfadc02b6ba2c04cd773d44a0fec93513e197a87167e4f0069c84380bc56bb5474697dcd78306a886d878c725cec84ca5e898"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4000004)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r9, &(0x7f0000004740)={0x0, 0x0, &(0x7f0000004700)={&(0x7f0000000780)=ANY=[@ANYRES8=r9], 0x40}, 0x1, 0x0, 0x0, 0xc010}, 0x0)
unshare(0x62040200)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1200000009000000040000000500000000000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000c00)=@buf="d642257353ff9455c1fcf4497e7e09e5d6e64330999c187d33c476d7c19bd05e88373b13c630fdb0e1e0308195bbccfa14458d71f9be240a89e84c63256928a3576b9d3b56729c4ce73241b7e37392e4ba530d0808c7295b9b48c9695aef4d7d39db7db6cf3e4e8de2787b43053d13c03f35c5cc1dcd3c322065db0668f060349613b4a6274317f9ef83ecbb9daeb8caf65cb8f77b8baa10cf40111b0b8195d26fafd89515d022c1e37dec44615b6e913b37121fd0d7046a453f8b3ab8b8ffdc5c363acec51bea650bbd5f025809c0cdf63538cdef408057adbc", 0x1}, 0x20)
syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010002000000872505a8a440000102010109022400010103a0070904000101070103060905010210008a0381090582020800b404c9"], &(0x7f0000000480)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x210, 0x6, 0xe, 0x7f, 0xff, 0x8}, 0x3e, &(0x7f00000005c0)=ANY=[@ANYRESHEX=r3, @ANYRESDEC=r8, @ANYRESOCT=r6, @ANYRES16=r6]})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r12 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), r11)
sendmsg$WG_CMD_SET_DEVICE(r10, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000880)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r12, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000100000000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32], 0x22c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

102.540761ms ago: executing program 3 (id=3807):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000880)=ANY=[@ANYRES32], 0x0, 0xffffffff, 0x0, 0x0, 0x820e3ce3609faa41}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f00000005c0), 0x551f03, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r2 = syz_clone3(&(0x7f0000001880)={0x300040280, 0x0, 0x0, 0x0, {0x45}, 0x0, 0x0, 0x0, 0x0}, 0x58)
wait4(r2, 0x0, 0x40000000, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
unshare(0x28000600)
r5 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000002980)={0x4002000, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[r5], 0x1}, 0x58)
wait4(0x0, 0x0, 0x80000000, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x6, 0x20200)
ioctl$LOOP_GET_STATUS64(r6, 0x4c05, &(0x7f00000006c0))
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r7, 0x0, 0x20000023896)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x58, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0}}, 0x10)
lstat(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
quotactl_fd$Q_QUOTAOFF(r4, 0x3, r9, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r3}, 0x10)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f1"], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r10, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
fcntl$getown(r0, 0x9)
r11 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x80482, 0x0)
write$vga_arbiter(r11, &(0x7f0000000340)=ANY=[@ANYBLOB="6465636f646573206e6f6e6500848506c5a67345c07ad49a4abb37f972f54541c2aeb0b0195e4f4715138eb35fa8d9aa83817e1e3fb5e85ee9484c96dcad27fe1983fd3f2dfa2827fee4271ed04edee316a795b9498c3a9f7837201f577d8bec080ac9ac52"], 0xd) (fail_nth: 1)
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfd, 0x7fff0000}]})
close_range(r12, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r8, 0x25, r7}, 0x94)

33.033717ms ago: executing program 2 (id=3808):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000880)=ANY=[@ANYRES32], 0x0, 0xffffffff, 0x0, 0x0, 0x820e3ce3609faa41}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f00000005c0), 0x551f03, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r3 = syz_clone3(&(0x7f0000001880)={0x300040280, 0x0, 0x0, 0x0, {0x45}, 0x0, 0x0, 0x0, 0x0}, 0x58)
wait4(r3, 0x0, 0x20000000, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
unshare(0x2c040400)
r6 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000002980)={0x4002000, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[r6], 0x1}, 0x58)
wait4(0x0, 0x0, 0x80000000, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000080), 0x6, 0x20200)
ioctl$LOOP_GET_STATUS64(r7, 0x4c05, &(0x7f0000000680))
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r5, r8, 0x0, 0x20000023896)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r2, 0x58, &(0x7f0000000040)}, 0x10)
lstat(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
quotactl_fd$Q_QUOTAOFF(r5, 0x3, r9, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r4}, 0x10)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000009c0)=@bpf_tracing={0x1a, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="1869000006000000000000000600000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018430000060000000000000000000000185400000000000000000000000000009500000000000000186200000f000000000000000900000018210000", @ANYRES32=r0, @ANYBLOB="e6000000ef010300"], &(0x7f0000000200)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x17, r8, 0x8, &(0x7f0000000600)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000780)={0x0, 0x3, 0x7, 0x3}, 0x10, 0x544e, r8, 0x4, 0x0, &(0x7f00000008c0)=[{0x3, 0x3, 0x3, 0x7}, {0x5, 0x1, 0xd}, {0x3, 0x5, 0xf, 0xb}, {0x1, 0x5, 0xe, 0x1}], 0x10, 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r10, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
fcntl$getown(r1, 0x9)
r11 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x80482, 0x0)
write$vga_arbiter(r11, &(0x7f0000000340)=ANY=[@ANYBLOB="6465636f646573206e6f6e6500848506c5a67345c07ad49a4abb37f972f54541c2aeb0b0195e4f4715138eb35fa8d9aa83817e1e3fb5e85ee9484c96dcad27fe1983fd3f2dfa2827fee4271ed04edee316a795b9498c3a9f7837201f577d8bec080ac9ac52"], 0xd)
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfd, 0x7ffd0000}]})
close_range(r12, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=3809):
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000000000000000000080000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4000804)

kernel console output (not intermixed with test programs):

][T13860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.840460][T13860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.866398][T13860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.878498][T13860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.885581][T13860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.911507][T13860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.946434][T13860] hsr_slave_0: entered promiscuous mode
[  208.952880][T13860] hsr_slave_1: entered promiscuous mode
[  208.958960][T13860] debugfs: 'hsr0' already exists in 'hsr'
[  208.964762][T13860] Cannot create hsr debugfs directory
[  209.207700][T14303] loop4: detected capacity change from 0 to 2048
[  209.229919][T14308] loop2: detected capacity change from 0 to 512
[  209.237850][T14308] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.2918: error while reading EA inode 32 err=-116
[  209.250288][T14308] EXT4-fs (loop2): Remounting filesystem read-only
[  209.257019][T14308] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  209.262099][T14303] Alternate GPT is invalid, using primary GPT.
[  209.273668][T14303]  loop4: p2 p3 p7
[  209.273831][T14308] EXT4-fs (loop2): 1 orphan inode deleted
[  209.285178][T14308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.309369][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.351858][T14333] FAULT_INJECTION: forcing a failure.
[  209.351858][T14333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.364984][T14333] CPU: 1 UID: 0 PID: 14333 Comm: syz.2.2922 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  209.365045][T14333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  209.365058][T14333] Call Trace:
[  209.365065][T14333]  <TASK>
[  209.365073][T14333]  __dump_stack+0x1d/0x30
[  209.365100][T14333]  dump_stack_lvl+0xe8/0x140
[  209.365120][T14333]  dump_stack+0x15/0x1b
[  209.365159][T14333]  should_fail_ex+0x265/0x280
[  209.365204][T14333]  should_fail+0xb/0x20
[  209.365220][T14333]  should_fail_usercopy+0x1a/0x20
[  209.365243][T14333]  _copy_from_user+0x1c/0xb0
[  209.365268][T14333]  ___sys_sendmsg+0xc1/0x1d0
[  209.365296][T14333]  __x64_sys_sendmsg+0xd4/0x160
[  209.365359][T14333]  x64_sys_call+0x191e/0x3000
[  209.365387][T14333]  do_syscall_64+0xd2/0x200
[  209.365411][T14333]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  209.365467][T14333]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  209.365506][T14333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.365529][T14333] RIP: 0033:0x7f0a3645f6c9
[  209.365545][T14333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.365567][T14333] RSP: 002b:00007f0a34ec7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.365621][T14333] RAX: ffffffffffffffda RBX: 00007f0a366b5fa0 RCX: 00007f0a3645f6c9
[  209.365636][T14333] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  209.365652][T14333] RBP: 00007f0a34ec7090 R08: 0000000000000000 R09: 0000000000000000
[  209.365711][T14333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.365723][T14333] R13: 00007f0a366b6038 R14: 00007f0a366b5fa0 R15: 00007ffcfe0f9c68
[  209.365742][T14333]  </TASK>
[  209.540580][T13860] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  209.550675][T13860] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  209.571323][T14344] hub 9-0:1.0: USB hub found
[  209.576558][T13860] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  209.583444][T14344] hub 9-0:1.0: 8 ports detected
[  209.598264][T13860] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  209.611323][T14356] loop4: detected capacity change from 0 to 512
[  209.660606][T13860] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.677767][T14373] syzkaller0: entered promiscuous mode
[  209.683531][T14373] syzkaller0: entered allmulticast mode
[  209.687816][T14377] loop1: detected capacity change from 0 to 512
[  209.700418][T13860] 8021q: adding VLAN 0 to HW filter on device team0
[  209.704518][T14377] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  209.710834][ T1793] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.724414][T14377] EXT4-fs (loop1): mount failed
[  209.728643][ T1793] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.746800][T14377] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  209.754478][T14377] loop1: detected capacity change from 0 to 128
[  209.755874][ T1793] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.767867][ T1793] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.818284][T14393] loop2: detected capacity change from 0 to 2048
[  209.836761][T13860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.862186][T14393] Alternate GPT is invalid, using primary GPT.
[  209.868734][T14393]  loop2: p2 p3 p7
[  209.920356][T13860] veth0_vlan: entered promiscuous mode
[  209.928393][T13860] veth1_vlan: entered promiscuous mode
[  209.949485][T13860] veth0_macvtap: entered promiscuous mode
[  209.972758][T13860] veth1_macvtap: entered promiscuous mode
[  209.984606][T13860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.996083][T13860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.019005][ T1606] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.035621][   T53] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.048539][   T53] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.057794][   T53] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.136098][T14426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.144754][T14426] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.187887][T14430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2883'.
[  210.879481][T14453] hub 9-0:1.0: USB hub found
[  210.888681][T14453] hub 9-0:1.0: 8 ports detected
[  211.228242][T14466] loop1: detected capacity change from 0 to 2048
[  211.313497][T14466] Alternate GPT is invalid, using primary GPT.
[  211.320225][T14466]  loop1: p2 p3 p7
[  211.691698][   T29] kauditd_printk_skb: 338 callbacks suppressed
[  211.691783][   T29] audit: type=1326 audit(1762869182.689:12887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  211.749146][T14499] hub 9-0:1.0: USB hub found
[  211.762421][T14499] hub 9-0:1.0: 8 ports detected
[  211.890760][   T29] audit: type=1326 audit(1762869182.719:12888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  211.912641][T14452] chnl_net:caif_netlink_parms(): no params data found
[  211.914471][   T29] audit: type=1326 audit(1762869182.719:12889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  211.944779][   T29] audit: type=1326 audit(1762869182.719:12890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  211.968603][   T29] audit: type=1326 audit(1762869182.719:12891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  211.992320][   T29] audit: type=1326 audit(1762869182.719:12892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faf3878df10 code=0x7ffc0000
[  212.016012][   T29] audit: type=1326 audit(1762869182.729:12893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  212.039939][   T29] audit: type=1326 audit(1762869182.729:12894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  212.044585][T14613] loop3: detected capacity change from 0 to 128
[  212.063519][   T29] audit: type=1326 audit(1762869182.729:12895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  212.093221][   T29] audit: type=1326 audit(1762869182.729:12896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14494 comm="syz.3.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  212.105957][T14613] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  212.124667][T14613] FAT-fs (loop3): Filesystem has been set read-only
[  212.160214][T14613] syz.3.2952: attempt to access beyond end of device
[  212.160214][T14613] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  212.176683][T14613] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  212.184586][T14613] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  212.192679][T14613] syz.3.2952: attempt to access beyond end of device
[  212.192679][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.205968][T14613] syz.3.2952: attempt to access beyond end of device
[  212.205968][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.219252][T14613] syz.3.2952: attempt to access beyond end of device
[  212.219252][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.232644][T14613] syz.3.2952: attempt to access beyond end of device
[  212.232644][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.245980][T14613] syz.3.2952: attempt to access beyond end of device
[  212.245980][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.259269][T14613] syz.3.2952: attempt to access beyond end of device
[  212.259269][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.283292][T14613] syz.3.2952: attempt to access beyond end of device
[  212.283292][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.307281][T14452] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.310364][T14613] syz.3.2952: attempt to access beyond end of device
[  212.310364][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.314607][T14452] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.335341][T14452] bridge_slave_0: entered allmulticast mode
[  212.341826][T14613] syz.3.2952: attempt to access beyond end of device
[  212.341826][T14613] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  212.342736][T14452] bridge_slave_0: entered promiscuous mode
[  212.362920][T14452] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.370000][T14452] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.377299][T14452] bridge_slave_1: entered allmulticast mode
[  212.383868][T14452] bridge_slave_1: entered promiscuous mode
[  212.403522][T14662] hub 9-0:1.0: USB hub found
[  212.408502][T14662] hub 9-0:1.0: 8 ports detected
[  212.415426][T14452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  212.427006][T14452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  212.641003][T14452] team0: Port device team_slave_0 added
[  212.653885][T14452] team0: Port device team_slave_1 added
[  212.684432][T14452] batman_adv: batadv0: Adding interface: batadv_slave_0
[  212.691579][T14452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  212.717488][T14452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.729146][T14452] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.736294][T14452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  212.762367][T14452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.802517][T14452] hsr_slave_0: entered promiscuous mode
[  212.826855][T14452] hsr_slave_1: entered promiscuous mode
[  212.840474][T14452] debugfs: 'hsr0' already exists in 'hsr'
[  212.846242][T14452] Cannot create hsr debugfs directory
[  213.093408][T14837] hub 9-0:1.0: USB hub found
[  213.098267][T14837] hub 9-0:1.0: 8 ports detected
[  213.354156][T14452] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  213.363289][T14452] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  213.372968][T14452] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  213.383347][T14452] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  213.441876][T14877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  213.450631][T14877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.358096][T14888] loop1: detected capacity change from 0 to 512
[  214.450294][T14886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.459088][T14886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.603348][T14452] 8021q: adding VLAN 0 to HW filter on device bond0
[  214.616339][T14452] 8021q: adding VLAN 0 to HW filter on device team0
[  214.638488][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.645640][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.501624][ T1793] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.508745][ T1793] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.232097][T14452] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  216.242548][T14452] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  216.586862][T14452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  216.702742][T14939] hub 9-0:1.0: USB hub found
[  216.704009][   T29] kauditd_printk_skb: 168 callbacks suppressed
[  216.704063][   T29] audit: type=1326 audit(1762869187.699:13065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.707442][T14939] hub 9-0:1.0: 8 ports detected
[  216.713717][   T29] audit: type=1326 audit(1762869187.699:13066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.713792][   T29] audit: type=1326 audit(1762869187.699:13067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.792064][   T29] audit: type=1326 audit(1762869187.789:13068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.815729][   T29] audit: type=1326 audit(1762869187.789:13069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.839671][   T29] audit: type=1326 audit(1762869187.809:13070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.855708][T14452] veth0_vlan: entered promiscuous mode
[  216.863313][   T29] audit: type=1326 audit(1762869187.809:13071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.875401][T14452] veth1_vlan: entered promiscuous mode
[  216.892279][   T29] audit: type=1326 audit(1762869187.809:13072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14938 comm="syz.2.2980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  216.938556][T14452] veth0_macvtap: entered promiscuous mode
[  216.948247][T14452] veth1_macvtap: entered promiscuous mode
[  216.966448][T14452] batman_adv: batadv0: Interface activated: batadv_slave_0
[  216.981737][T14955] loop2: detected capacity change from 0 to 2048
[  217.008686][T14452] batman_adv: batadv0: Interface activated: batadv_slave_1
[  217.020958][   T52] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  217.041446][   T52] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  217.048633][T14955] Alternate GPT is invalid, using primary GPT.
[  217.050494][   T52] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  217.056553][T14955]  loop2: p2 p3 p7
[  217.065218][   T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.089729][   T29] audit: type=1326 audit(1762869188.069:13073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14959 comm="syz.3.2983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  217.113442][   T29] audit: type=1326 audit(1762869188.069:13074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14959 comm="syz.3.2983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  217.145408][T14961] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  217.204815][T14971] loop4: detected capacity change from 0 to 512
[  217.230836][T14980] loop2: detected capacity change from 0 to 512
[  217.237680][T14971] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.2939: error while reading EA inode 32 err=-116
[  217.257240][T14971] EXT4-fs (loop4): Remounting filesystem read-only
[  217.263909][T14971] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  217.289853][T14971] EXT4-fs (loop4): 1 orphan inode deleted
[  217.296253][T14980] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  217.296147][T14971] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.309779][T14980] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.2986: invalid indirect mapped block 2683928664 (level 1)
[  217.336993][T14980] EXT4-fs (loop2): Remounting filesystem read-only
[  217.346568][T14985] hub 9-0:1.0: USB hub found
[  217.350901][T14980] EXT4-fs (loop2): 1 truncate cleaned up
[  217.351934][T14985] hub 9-0:1.0: 8 ports detected
[  217.357792][T14980] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.362574][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.470458][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.504591][T15018] loop1: detected capacity change from 0 to 512
[  217.551297][T15031] loop4: detected capacity change from 0 to 512
[  217.562855][T15031] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.2998: error while reading EA inode 32 err=-116
[  217.575452][T15031] EXT4-fs (loop4): Remounting filesystem read-only
[  217.582196][T15031] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  217.592788][T15031] EXT4-fs (loop4): 1 orphan inode deleted
[  217.598949][T15031] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.625463][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.750348][T15058] FAULT_INJECTION: forcing a failure.
[  217.750348][T15058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  217.763612][T15058] CPU: 0 UID: 0 PID: 15058 Comm: syz.4.3007 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  217.763665][T15058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  217.763679][T15058] Call Trace:
[  217.763708][T15058]  <TASK>
[  217.763716][T15058]  __dump_stack+0x1d/0x30
[  217.763742][T15058]  dump_stack_lvl+0xe8/0x140
[  217.763834][T15058]  dump_stack+0x15/0x1b
[  217.763852][T15058]  should_fail_ex+0x265/0x280
[  217.763941][T15058]  should_fail+0xb/0x20
[  217.763960][T15058]  should_fail_usercopy+0x1a/0x20
[  217.763985][T15058]  _copy_from_user+0x1c/0xb0
[  217.764094][T15058]  ___sys_recvmsg+0xaa/0x370
[  217.764117][T15058]  ? _parse_integer+0x27/0x40
[  217.764204][T15058]  do_recvmmsg+0x1ef/0x540
[  217.764232][T15058]  ? fput+0x8f/0xc0
[  217.764250][T15058]  __x64_sys_recvmmsg+0xe5/0x170
[  217.764272][T15058]  x64_sys_call+0x27aa/0x3000
[  217.764295][T15058]  do_syscall_64+0xd2/0x200
[  217.764397][T15058]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  217.764427][T15058]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  217.764473][T15058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.764565][T15058] RIP: 0033:0x7fe31f15f6c9
[  217.764649][T15058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.764669][T15058] RSP: 002b:00007fe31dbc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  217.764688][T15058] RAX: ffffffffffffffda RBX: 00007fe31f3b5fa0 RCX: 00007fe31f15f6c9
[  217.764750][T15058] RDX: 0000000000000001 RSI: 00002000000018c0 RDI: 0000000000000004
[  217.764765][T15058] RBP: 00007fe31dbc7090 R08: 0000000000000000 R09: 0000000000000000
[  217.764779][T15058] R10: 0000000040010002 R11: 0000000000000246 R12: 0000000000000001
[  217.764794][T15058] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  217.764814][T15058]  </TASK>
[  218.141839][  T265] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.213043][  T265] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.271434][  T265] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.331583][  T265] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.435962][  T265] bridge_slave_1: left allmulticast mode
[  218.441700][  T265] bridge_slave_1: left promiscuous mode
[  218.447413][  T265] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.480910][  T265] bridge_slave_0: left allmulticast mode
[  218.486582][  T265] bridge_slave_0: left promiscuous mode
[  218.492321][  T265] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.645269][  T265] team0: Port device geneve1 removed
[  218.676087][T15081] loop4: detected capacity change from 0 to 8192
[  218.686189][T15081] FAULT_INJECTION: forcing a failure.
[  218.686189][T15081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.699307][T15081] CPU: 0 UID: 0 PID: 15081 Comm: syz.4.3012 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  218.699340][T15081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  218.699356][T15081] Call Trace:
[  218.699363][T15081]  <TASK>
[  218.699372][T15081]  __dump_stack+0x1d/0x30
[  218.699398][T15081]  dump_stack_lvl+0xe8/0x140
[  218.699491][T15081]  dump_stack+0x15/0x1b
[  218.699555][T15081]  should_fail_ex+0x265/0x280
[  218.699577][T15081]  should_fail+0xb/0x20
[  218.699596][T15081]  should_fail_usercopy+0x1a/0x20
[  218.699618][T15081]  copy_fpstate_to_sigframe+0x628/0x7d0
[  218.699659][T15081]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  218.699742][T15081]  ? x86_task_fpu+0x36/0x60
[  218.699776][T15081]  get_sigframe+0x34d/0x490
[  218.699795][T15081]  ? get_signal+0xdc7/0xf70
[  218.699865][T15081]  x64_setup_rt_frame+0xa8/0x580
[  218.699893][T15081]  arch_do_signal_or_restart+0x23e/0x440
[  218.699922][T15081]  exit_to_user_mode_loop+0x77/0x110
[  218.699990][T15081]  do_syscall_64+0x1d6/0x200
[  218.700015][T15081]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  218.700044][T15081]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  218.700083][T15081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.700182][T15081] RIP: 0033:0x7fe31f15e17f
[  218.700201][T15081] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  218.700222][T15081] RSP: 002b:00007fe31dbc7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  218.700244][T15081] RAX: 0000000000000001 RBX: 0000000000000005 RCX: 00007fe31f15e17f
[  218.700259][T15081] RDX: 0000000000000001 RSI: 00007fe31dbc7090 RDI: 0000000000000005
[  218.700374][T15081] RBP: 00007fe31dbc7090 R08: 0000000000000000 R09: 00007fe31dbc6df7
[  218.700394][T15081] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  218.700408][T15081] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  218.700428][T15081]  </TASK>
[  218.920095][  T265] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.938305][  T265] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.950637][  T265] bond0 (unregistering): Released all slaves
[  218.966888][T15201] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.987727][T15060] chnl_net:caif_netlink_parms(): no params data found
[  219.032120][T15222] FAULT_INJECTION: forcing a failure.
[  219.032120][T15222] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.045317][T15222] CPU: 0 UID: 0 PID: 15222 Comm: syz.4.3020 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  219.045462][T15222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  219.045521][T15222] Call Trace:
[  219.045529][T15222]  <TASK>
[  219.045538][T15222]  __dump_stack+0x1d/0x30
[  219.045563][T15222]  dump_stack_lvl+0xe8/0x140
[  219.045587][T15222]  dump_stack+0x15/0x1b
[  219.045608][T15222]  should_fail_ex+0x265/0x280
[  219.045631][T15222]  should_fail+0xb/0x20
[  219.045651][T15222]  should_fail_usercopy+0x1a/0x20
[  219.045739][T15222]  _copy_from_user+0x1c/0xb0
[  219.045766][T15222]  ___sys_sendmsg+0xc1/0x1d0
[  219.045794][T15222]  __x64_sys_sendmsg+0xd4/0x160
[  219.045819][T15222]  x64_sys_call+0x191e/0x3000
[  219.045922][T15222]  do_syscall_64+0xd2/0x200
[  219.045947][T15222]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  219.045981][T15222]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  219.046076][T15222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.046098][T15222] RIP: 0033:0x7fe31f15f6c9
[  219.046112][T15222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.046132][T15222] RSP: 002b:00007fe31dbc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  219.046155][T15222] RAX: ffffffffffffffda RBX: 00007fe31f3b5fa0 RCX: 00007fe31f15f6c9
[  219.046170][T15222] RDX: 0000000000000080 RSI: 0000200000000000 RDI: 0000000000000003
[  219.046256][T15222] RBP: 00007fe31dbc7090 R08: 0000000000000000 R09: 0000000000000000
[  219.046270][T15222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.046285][T15222] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  219.046305][T15222]  </TASK>
[  219.050809][  T265] tipc: Left network mode
[  219.147316][T15075] loop3: detected capacity change from 0 to 8192
[  219.155056][T15244] FAULT_INJECTION: forcing a failure.
[  219.155056][T15244] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.243529][T15244] CPU: 1 UID: 0 PID: 15244 Comm: syz.4.3022 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  219.243567][T15244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  219.243581][T15244] Call Trace:
[  219.243588][T15244]  <TASK>
[  219.243597][T15244]  __dump_stack+0x1d/0x30
[  219.243624][T15244]  dump_stack_lvl+0xe8/0x140
[  219.243702][T15244]  dump_stack+0x15/0x1b
[  219.243801][T15244]  should_fail_ex+0x265/0x280
[  219.243824][T15244]  should_fail+0xb/0x20
[  219.243844][T15244]  should_fail_usercopy+0x1a/0x20
[  219.243871][T15244]  _copy_from_user+0x1c/0xb0
[  219.243897][T15244]  __sys_connect+0xd0/0x2b0
[  219.243987][T15244]  __x64_sys_connect+0x3f/0x50
[  219.244018][T15244]  x64_sys_call+0x2c0c/0x3000
[  219.244067][T15244]  do_syscall_64+0xd2/0x200
[  219.244088][T15244]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  219.244118][T15244]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  219.244198][T15244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.244245][T15244] RIP: 0033:0x7fe31f15f6c9
[  219.244263][T15244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.244285][T15244] RSP: 002b:00007fe31dbc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  219.244366][T15244] RAX: ffffffffffffffda RBX: 00007fe31f3b5fa0 RCX: 00007fe31f15f6c9
[  219.244380][T15244] RDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000004
[  219.244393][T15244] RBP: 00007fe31dbc7090 R08: 0000000000000000 R09: 0000000000000000
[  219.244407][T15244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.244421][T15244] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  219.244439][T15244]  </TASK>
[  219.245523][T15249] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3021'.
[  219.348891][T15214] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3018'.
[  219.470539][T15258] FAULT_INJECTION: forcing a failure.
[  219.470539][T15258] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.483781][T15258] CPU: 1 UID: 0 PID: 15258 Comm: syz.4.3024 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  219.483900][T15258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  219.483915][T15258] Call Trace:
[  219.483922][T15258]  <TASK>
[  219.483990][T15258]  __dump_stack+0x1d/0x30
[  219.484018][T15258]  dump_stack_lvl+0xe8/0x140
[  219.484044][T15258]  dump_stack+0x15/0x1b
[  219.484066][T15258]  should_fail_ex+0x265/0x280
[  219.484091][T15258]  should_fail+0xb/0x20
[  219.484135][T15258]  should_fail_usercopy+0x1a/0x20
[  219.484215][T15258]  _copy_to_user+0x20/0xa0
[  219.484247][T15258]  simple_read_from_buffer+0xb5/0x130
[  219.484298][T15258]  proc_fail_nth_read+0x10e/0x150
[  219.484343][T15258]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  219.484456][T15258]  vfs_read+0x1a8/0x770
[  219.484565][T15258]  ? __rcu_read_unlock+0x4f/0x70
[  219.484598][T15258]  ? __fget_files+0x184/0x1c0
[  219.484627][T15258]  ksys_read+0xda/0x1a0
[  219.484659][T15258]  __x64_sys_read+0x40/0x50
[  219.484760][T15258]  x64_sys_call+0x27c0/0x3000
[  219.484789][T15258]  do_syscall_64+0xd2/0x200
[  219.484815][T15258]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  219.484851][T15258]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  219.484937][T15258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.484964][T15258] RIP: 0033:0x7fe31f15e0dc
[  219.484982][T15258] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  219.485005][T15258] RSP: 002b:00007fe31dbc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  219.485029][T15258] RAX: ffffffffffffffda RBX: 00007fe31f3b5fa0 RCX: 00007fe31f15e0dc
[  219.485094][T15258] RDX: 000000000000000f RSI: 00007fe31dbc70a0 RDI: 0000000000000005
[  219.485110][T15258] RBP: 00007fe31dbc7090 R08: 0000000000000000 R09: 0000000000000000
[  219.485132][T15258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.485147][T15258] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  219.485169][T15258]  </TASK>
[  219.796362][T15298] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  219.803067][T15298] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  219.810650][T15298] vhci_hcd vhci_hcd.0: Device attached
[  219.848524][T15299] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 0
[  219.855537][T15303] loop4: detected capacity change from 0 to 128
[  219.861910][  T265] hsr_slave_0: left promiscuous mode
[  219.869168][   T52] vhci_hcd: stop threads
[  219.873459][   T52] vhci_hcd: release socket
[  219.877872][   T52] vhci_hcd: disconnect device
[  219.882603][  T265] hsr_slave_1: left promiscuous mode
[  219.950101][T15313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  219.958705][T15313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.093619][  T265] veth1_macvtap: left promiscuous mode
[  220.100048][  T265] veth0_macvtap: left promiscuous mode
[  220.131891][  T265] veth1_vlan: left promiscuous mode
[  220.159538][  T265] veth0_vlan: left promiscuous mode
[  220.362731][  T265] team0 (unregistering): Port device team_slave_1 removed
[  220.375108][  T265] team0 (unregistering): Port device team_slave_0 removed
[  220.383429][   T53] smc: removing ib device syz!
[  220.446589][T15298] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3029'.
[  220.455594][T15298] tipc: Started in network mode
[  220.460452][T15298] tipc: Node identity 7, cluster identity 4711
[  220.466603][T15298] tipc: Node number set to 7
[  220.478169][T15322] syzkaller0: entered promiscuous mode
[  220.483800][T15322] syzkaller0: entered allmulticast mode
[  220.515577][T15060] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.522795][T15060] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.536303][T15060] bridge_slave_0: entered allmulticast mode
[  220.549066][T15060] bridge_slave_0: entered promiscuous mode
[  220.649873][T15060] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.656968][T15060] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.698437][T15060] bridge_slave_1: entered allmulticast mode
[  220.774387][T15060] bridge_slave_1: entered promiscuous mode
[  220.845639][T15367] loop1: detected capacity change from 0 to 128
[  220.908813][T15060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.987563][T15060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.118893][  T265] IPVS: stop unused estimator thread 0...
[  221.129279][T15060] team0: Port device team_slave_0 added
[  221.154044][T15060] team0: Port device team_slave_1 added
[  221.188190][T15060] batman_adv: batadv0: Adding interface: batadv_slave_0
[  221.195220][T15060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  221.221248][T15060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  221.237668][T15455] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3038'.
[  221.260616][T15455] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3038'.
[  221.297328][T15455] netlink: 'syz.3.3038': attribute type 10 has an invalid length.
[  221.305242][T15455] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3038'.
[  221.393475][T15464] loop3: detected capacity change from 0 to 1024
[  221.402622][T15464] EXT4-fs: Ignoring removed orlov option
[  221.443306][T15464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.475402][T15479] hub 9-0:1.0: USB hub found
[  221.481989][T15479] hub 9-0:1.0: 8 ports detected
[  221.489508][T15455] batman_adv: batadv0: Adding interface: veth1_vlan
[  221.496153][T15455] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  221.514242][T15458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.525255][T15455] batman_adv: batadv0: Interface activated: veth1_vlan
[  221.530274][T15458] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.546232][T15060] batman_adv: batadv0: Adding interface: batadv_slave_1
[  221.553263][T15060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  221.579256][T15060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  221.590920][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.629376][T15060] hsr_slave_0: entered promiscuous mode
[  221.635687][T15060] hsr_slave_1: entered promiscuous mode
[  221.922061][T15060] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  221.930533][   T29] kauditd_printk_skb: 249 callbacks suppressed
[  221.930548][   T29] audit: type=1326 audit(1762869192.929:13324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  221.960569][   T29] audit: type=1326 audit(1762869192.929:13325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  221.986497][T15060] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  221.993798][   T29] audit: type=1326 audit(1762869192.929:13326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.001742][T15060] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  222.017415][   T29] audit: type=1326 audit(1762869192.929:13327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.047624][   T29] audit: type=1326 audit(1762869192.929:13328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.071267][   T29] audit: type=1326 audit(1762869192.929:13329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.094827][   T29] audit: type=1326 audit(1762869192.929:13330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.118422][   T29] audit: type=1326 audit(1762869192.929:13331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.123267][T15642] FAULT_INJECTION: forcing a failure.
[  222.123267][T15642] name failslab, interval 1, probability 0, space 0, times 0
[  222.142154][   T29] audit: type=1326 audit(1762869192.929:13332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.154759][T15642] CPU: 0 UID: 0 PID: 15642 Comm: syz.4.3050 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  222.154849][T15642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  222.154864][T15642] Call Trace:
[  222.154871][T15642]  <TASK>
[  222.154880][T15642]  __dump_stack+0x1d/0x30
[  222.154906][T15642]  dump_stack_lvl+0xe8/0x140
[  222.154930][T15642]  dump_stack+0x15/0x1b
[  222.155009][T15642]  should_fail_ex+0x265/0x280
[  222.155032][T15642]  ? __se_sys_mount+0xef/0x2e0
[  222.155062][T15642]  should_failslab+0x8c/0xb0
[  222.155135][T15642]  __kmalloc_cache_noprof+0x4c/0x4a0
[  222.155177][T15642]  ? __fget_files+0x184/0x1c0
[  222.155209][T15642]  __se_sys_mount+0xef/0x2e0
[  222.155237][T15642]  ? fput+0x8f/0xc0
[  222.155257][T15642]  ? ksys_write+0x192/0x1a0
[  222.155323][T15642]  __x64_sys_mount+0x67/0x80
[  222.155353][T15642]  x64_sys_call+0x2b51/0x3000
[  222.155379][T15642]  do_syscall_64+0xd2/0x200
[  222.155403][T15642]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  222.155438][T15642]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  222.155476][T15642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.155501][T15642] RIP: 0033:0x7fe31f15f6c9
[  222.155518][T15642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.155585][T15642] RSP: 002b:00007fe31dbc7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  222.155607][T15642] RAX: ffffffffffffffda RBX: 00007fe31f3b5fa0 RCX: 00007fe31f15f6c9
[  222.155622][T15642] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000000
[  222.155636][T15642] RBP: 00007fe31dbc7090 R08: 0000200000000240 R09: 0000000000000000
[  222.155663][T15642] R10: 0000000000084022 R11: 0000000000000246 R12: 0000000000000001
[  222.155678][T15642] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  222.155699][T15642]  </TASK>
[  222.361613][   T29] audit: type=1326 audit(1762869192.929:13333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15639 comm="syz.4.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  222.387215][T15060] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  222.456644][T15060] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.484276][T15060] 8021q: adding VLAN 0 to HW filter on device team0
[  222.512271][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.519394][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.528376][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.535516][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.642381][T15664] SELinux: failed to load policy
[  222.700468][T15060] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.700561][T15660] mmap: syz.4.3051 (15660) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  222.813864][T15660] hugetlbfs: Bad value for 'nr_inodes'
[  222.831445][T15675] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3055'.
[  223.087175][T15060] veth0_vlan: entered promiscuous mode
[  223.116793][T15060] veth1_vlan: entered promiscuous mode
[  223.182299][T15060] veth0_macvtap: entered promiscuous mode
[  223.195935][T15060] veth1_macvtap: entered promiscuous mode
[  223.209240][T15060] batman_adv: batadv0: Interface activated: batadv_slave_0
[  223.219152][T15060] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.232624][T15690] FAULT_INJECTION: forcing a failure.
[  223.232624][T15690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.245808][T15690] CPU: 0 UID: 0 PID: 15690 Comm: syz.3.3059 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  223.245840][T15690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  223.245893][T15690] Call Trace:
[  223.245899][T15690]  <TASK>
[  223.245985][T15690]  __dump_stack+0x1d/0x30
[  223.246008][T15690]  dump_stack_lvl+0xe8/0x140
[  223.246029][T15690]  dump_stack+0x15/0x1b
[  223.246048][T15690]  should_fail_ex+0x265/0x280
[  223.246127][T15690]  should_fail+0xb/0x20
[  223.246145][T15690]  should_fail_usercopy+0x1a/0x20
[  223.246167][T15690]  _copy_from_iter+0xd2/0xe80
[  223.246192][T15690]  ? __build_skb_around+0x1ab/0x200
[  223.246223][T15690]  ? __alloc_skb+0x223/0x320
[  223.246314][T15690]  netlink_sendmsg+0x471/0x6b0
[  223.246338][T15690]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.246359][T15690]  __sock_sendmsg+0x145/0x180
[  223.246426][T15690]  ____sys_sendmsg+0x31e/0x4e0
[  223.246463][T15690]  ___sys_sendmsg+0x17b/0x1d0
[  223.246493][T15690]  __x64_sys_sendmsg+0xd4/0x160
[  223.246572][T15690]  x64_sys_call+0x191e/0x3000
[  223.246598][T15690]  do_syscall_64+0xd2/0x200
[  223.246621][T15690]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  223.246673][T15690]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  223.246709][T15690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.246733][T15690] RIP: 0033:0x7faf3878f6c9
[  223.246832][T15690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.246850][T15690] RSP: 002b:00007faf371ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  223.246869][T15690] RAX: ffffffffffffffda RBX: 00007faf389e5fa0 RCX: 00007faf3878f6c9
[  223.246887][T15690] RDX: 0000000000002014 RSI: 0000200000000000 RDI: 0000000000000003
[  223.246901][T15690] RBP: 00007faf371ef090 R08: 0000000000000000 R09: 0000000000000000
[  223.246915][T15690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.246928][T15690] R13: 00007faf389e6038 R14: 00007faf389e5fa0 R15: 00007ffe9bf243a8
[  223.247026][T15690]  </TASK>
[  223.460233][   T52] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.472409][   T52] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.502251][   T52] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.532786][   T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.552718][T15697] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  223.710836][T15706] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3064'.
[  223.773267][T15713] loop4: detected capacity change from 0 to 2048
[  223.855791][T15713] Alternate GPT is invalid, using primary GPT.
[  223.862303][T15713]  loop4: p2 p3 p7
[  223.889900][T15710] netlink: 'syz.4.3065': attribute type 3 has an invalid length.
[  223.910025][T15725] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  223.923821][T15724] hub 9-0:1.0: USB hub found
[  223.934080][T15712] loop1: detected capacity change from 0 to 8192
[  223.942313][T15724] hub 9-0:1.0: 8 ports detected
[  223.971209][T15712] FAULT_INJECTION: forcing a failure.
[  223.971209][T15712] name failslab, interval 1, probability 0, space 0, times 0
[  223.975219][T15738] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  223.983862][T15712] CPU: 1 UID: 0 PID: 15712 Comm: syz.1.3068 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  223.983890][T15712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  223.983903][T15712] Call Trace:
[  223.983948][T15712]  <TASK>
[  223.983956][T15712]  __dump_stack+0x1d/0x30
[  223.983981][T15712]  dump_stack_lvl+0xe8/0x140
[  223.984071][T15712]  dump_stack+0x15/0x1b
[  223.984091][T15712]  should_fail_ex+0x265/0x280
[  223.984113][T15712]  should_failslab+0x8c/0xb0
[  223.984146][T15712]  kmem_cache_alloc_noprof+0x50/0x480
[  223.984181][T15712]  ? fat_parse_long+0x5d/0x430
[  223.984204][T15712]  fat_parse_long+0x5d/0x430
[  223.984307][T15712]  __fat_readdir+0x477/0xd80
[  223.984331][T15712]  ? kstrtouint_from_user+0x9f/0xf0
[  223.984360][T15712]  fat_readdir+0x2f/0x40
[  223.984391][T15712]  iterate_dir+0x114/0x330
[  223.984474][T15712]  ? mutex_lock+0xd/0x30
[  223.984508][T15712]  __se_sys_getdents+0x88/0x1b0
[  223.984532][T15712]  ? __pfx_filldir+0x10/0x10
[  223.984617][T15712]  __x64_sys_getdents+0x43/0x50
[  223.984714][T15712]  x64_sys_call+0xee7/0x3000
[  223.984746][T15712]  do_syscall_64+0xd2/0x200
[  223.984768][T15712]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  223.984800][T15712]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  223.984849][T15712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.984872][T15712] RIP: 0033:0x7f351e4af6c9
[  223.984891][T15712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.984911][T15712] RSP: 002b:00007f351cf0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  223.984933][T15712] RAX: ffffffffffffffda RBX: 00007f351e705fa0 RCX: 00007f351e4af6c9
[  223.985011][T15712] RDX: 000000000000ff48 RSI: 0000200000000340 RDI: 0000000000000004
[  223.985026][T15712] RBP: 00007f351cf0f090 R08: 0000000000000000 R09: 0000000000000000
[  223.985040][T15712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.985053][T15712] R13: 00007f351e706038 R14: 00007f351e705fa0 R15: 00007fffb644cf18
[  223.985073][T15712]  </TASK>
[  224.069327][T15743] netlink: 'syz.0.3076': attribute type 4 has an invalid length.
[  224.203025][T15743] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3076'.
[  224.219096][T15743] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  224.291795][T15757] loop3: detected capacity change from 0 to 128
[  224.327192][T15754] loop1: detected capacity change from 0 to 8192
[  224.334390][T15754] vfat: Unknown parameter ''
[  224.472167][T15786] loop1: detected capacity change from 0 to 164
[  224.583098][T15798] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  224.590384][T15798] syzkaller0: entered promiscuous mode
[  224.595855][T15798] syzkaller0: entered allmulticast mode
[  224.615080][T15798] tipc: Resetting bearer <eth:syzkaller0>
[  224.623723][T15796] tipc: Resetting bearer <eth:syzkaller0>
[  224.633024][T15796] tipc: Disabling bearer <eth:syzkaller0>
[  224.652679][T15803] netlink: 388 bytes leftover after parsing attributes in process `syz.0.3091'.
[  224.863298][T15821] vhci_hcd: invalid port number 9
[  224.868346][T15821] vhci_hcd: invalid port number 9
[  224.874840][ T7616] Bluetooth: hci0: Frame reassembly failed (-84)
[  224.945021][T15828] loop2: detected capacity change from 0 to 2048
[  224.971658][T15828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.389385][T15838] FAULT_INJECTION: forcing a failure.
[  225.389385][T15838] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.402520][T15838] CPU: 1 UID: 0 PID: 15838 Comm: syz.4.3100 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  225.402552][T15838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  225.402585][T15838] Call Trace:
[  225.402593][T15838]  <TASK>
[  225.402603][T15838]  __dump_stack+0x1d/0x30
[  225.402701][T15838]  dump_stack_lvl+0xe8/0x140
[  225.402725][T15838]  dump_stack+0x15/0x1b
[  225.402747][T15838]  should_fail_ex+0x265/0x280
[  225.402772][T15838]  should_fail+0xb/0x20
[  225.402792][T15838]  should_fail_usercopy+0x1a/0x20
[  225.402848][T15838]  _copy_to_user+0x20/0xa0
[  225.402880][T15838]  simple_read_from_buffer+0xb5/0x130
[  225.402912][T15838]  proc_fail_nth_read+0x10e/0x150
[  225.402970][T15838]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  225.403141][T15838]  vfs_read+0x1a8/0x770
[  225.403170][T15838]  ? __rcu_read_unlock+0x4f/0x70
[  225.403198][T15838]  ? __fget_files+0x184/0x1c0
[  225.403229][T15838]  ? finish_task_switch+0xad/0x2b0
[  225.403271][T15838]  ksys_read+0xda/0x1a0
[  225.403363][T15838]  __x64_sys_read+0x40/0x50
[  225.403390][T15838]  x64_sys_call+0x27c0/0x3000
[  225.403415][T15838]  do_syscall_64+0xd2/0x200
[  225.403437][T15838]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  225.403476][T15838]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  225.403517][T15838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.403539][T15838] RIP: 0033:0x7fe31f15e0dc
[  225.403555][T15838] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  225.403632][T15838] RSP: 002b:00007fe31dbc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  225.403656][T15838] RAX: ffffffffffffffda RBX: 00007fe31f3b5fa0 RCX: 00007fe31f15e0dc
[  225.403671][T15838] RDX: 000000000000000f RSI: 00007fe31dbc70a0 RDI: 0000000000000004
[  225.403684][T15838] RBP: 00007fe31dbc7090 R08: 0000000000000000 R09: 0000000000000000
[  225.403727][T15838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.403740][T15838] R13: 00007fe31f3b6038 R14: 00007fe31f3b5fa0 R15: 00007ffc72dcadb8
[  225.403759][T15838]  </TASK>
[  225.820817][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.001958][T15889] loop2: detected capacity change from 0 to 512
[  226.010871][T15889] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  226.019957][T15889] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  226.029847][T15889] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  226.057403][T15889] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  226.074766][T15889] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.116874][T15889] EXT4-fs error (device loop2): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.2.3118: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  226.137474][T15889] EXT4-fs error (device loop2) in ext4_delete_entry:2739: Corrupt filesystem
[  226.146558][T15889] EXT4-fs warning (device loop2): ext4_rename_delete:3731: inode #2: comm syz.2.3118: Deleting old file: nlink 4, error=-117
[  226.179776][T15889] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3118: bg 0: block 353: padding at end of block bitmap is not set
[  226.269679][T15889] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  226.409709][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.447561][T15902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3121'.
[  226.475811][T15902] 8021q: adding VLAN 0 to HW filter on device bond1
[  226.494788][T15902] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3121'.
[  226.559770][T15941] FAULT_INJECTION: forcing a failure.
[  226.559770][T15941] name failslab, interval 1, probability 0, space 0, times 0
[  226.572487][T15941] CPU: 0 UID: 0 PID: 15941 Comm: syz.3.3122 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  226.572520][T15941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  226.572616][T15941] Call Trace:
[  226.572629][T15941]  <TASK>
[  226.572637][T15941]  __dump_stack+0x1d/0x30
[  226.572667][T15941]  dump_stack_lvl+0xe8/0x140
[  226.572690][T15941]  dump_stack+0x15/0x1b
[  226.572722][T15941]  should_fail_ex+0x265/0x280
[  226.572743][T15941]  should_failslab+0x8c/0xb0
[  226.572850][T15941]  __kvmalloc_node_noprof+0x12e/0x670
[  226.572889][T15941]  ? xt_alloc_table_info+0x40/0x80
[  226.572916][T15941]  xt_alloc_table_info+0x40/0x80
[  226.572938][T15941]  do_ipt_set_ctl+0x59c/0x820
[  226.572969][T15941]  ? lock_sock_nested+0x112/0x140
[  226.573004][T15941]  nf_setsockopt+0x199/0x1b0
[  226.573028][T15941]  ip_setsockopt+0x102/0x110
[  226.573131][T15941]  udp_setsockopt+0x99/0xb0
[  226.573205][T15941]  sock_common_setsockopt+0x69/0x80
[  226.573233][T15941]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  226.573362][T15941]  __sys_setsockopt+0x184/0x200
[  226.573403][T15941]  __x64_sys_setsockopt+0x64/0x80
[  226.573522][T15941]  x64_sys_call+0x20ec/0x3000
[  226.573551][T15941]  do_syscall_64+0xd2/0x200
[  226.573604][T15941]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  226.573646][T15941]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  226.573713][T15941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.573811][T15941] RIP: 0033:0x7faf3878f6c9
[  226.573827][T15941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.573845][T15941] RSP: 002b:00007faf371ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  226.573866][T15941] RAX: ffffffffffffffda RBX: 00007faf389e6090 RCX: 00007faf3878f6c9
[  226.573919][T15941] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000000a
[  226.573934][T15941] RBP: 00007faf371ce090 R08: 0000000000000328 R09: 0000000000000000
[  226.573950][T15941] R10: 0000200000000fc0 R11: 0000000000000246 R12: 0000000000000001
[  226.574032][T15941] R13: 00007faf389e6128 R14: 00007faf389e6090 R15: 00007ffe9bf243a8
[  226.574054][T15941]  </TASK>
[  226.822909][T15949] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3126'.
[  226.919745][ T3726] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  226.972591][T15963] loop1: detected capacity change from 0 to 128
[  227.072270][T15975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.080921][T15975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.112714][T15978] xt_hashlimit: max too large, truncated to 1048576
[  227.120214][T15978] xt_CT: You must specify a L4 protocol and not use inversions on it
[  227.202638][T15982] netlink: 'syz.1.3136': attribute type 1 has an invalid length.
[  227.519398][   T29] kauditd_printk_skb: 327 callbacks suppressed
[  227.519419][   T29] audit: type=1326 audit(1762869198.509:13661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.567306][T15992] hub 9-0:1.0: USB hub found
[  227.594395][T15992] hub 9-0:1.0: 8 ports detected
[  227.679342][   T29] audit: type=1326 audit(1762869198.549:13662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.703167][   T29] audit: type=1326 audit(1762869198.549:13663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.727051][   T29] audit: type=1326 audit(1762869198.549:13664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.750706][   T29] audit: type=1326 audit(1762869198.549:13665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.774266][   T29] audit: type=1326 audit(1762869198.549:13666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f351e4adf10 code=0x7ffc0000
[  227.797912][   T29] audit: type=1326 audit(1762869198.549:13667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.821677][   T29] audit: type=1326 audit(1762869198.549:13668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.845290][   T29] audit: type=1326 audit(1762869198.549:13669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.868974][   T29] audit: type=1326 audit(1762869198.559:13670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15991 comm="syz.1.3139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351e4af6c9 code=0x7ffc0000
[  227.955008][T16000] vhci_hcd: invalid port number 9
[  227.960164][T16000] vhci_hcd: invalid port number 9
[  228.148212][T16002] loop2: detected capacity change from 0 to 512
[  228.244870][T16002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.259669][T16002] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.277637][T16014] loop1: detected capacity change from 0 to 128
[  228.408853][T16028] FAULT_INJECTION: forcing a failure.
[  228.408853][T16028] name failslab, interval 1, probability 0, space 0, times 0
[  228.421555][T16028] CPU: 1 UID: 0 PID: 16028 Comm: syz.3.3145 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  228.421594][T16028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  228.421607][T16028] Call Trace:
[  228.421614][T16028]  <TASK>
[  228.421622][T16028]  __dump_stack+0x1d/0x30
[  228.421700][T16028]  dump_stack_lvl+0xe8/0x140
[  228.421721][T16028]  dump_stack+0x15/0x1b
[  228.421739][T16028]  should_fail_ex+0x265/0x280
[  228.421876][T16028]  should_failslab+0x8c/0xb0
[  228.421910][T16028]  kmem_cache_alloc_noprof+0x50/0x480
[  228.422006][T16028]  ? getname_flags+0x80/0x3b0
[  228.422044][T16028]  getname_flags+0x80/0x3b0
[  228.422140][T16028]  __x64_sys_lgetxattr+0xfd/0x140
[  228.422229][T16028]  x64_sys_call+0x2fb3/0x3000
[  228.422281][T16028]  do_syscall_64+0xd2/0x200
[  228.422302][T16028]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  228.422336][T16028]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  228.422371][T16028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.422419][T16028] RIP: 0033:0x7faf3878f6c9
[  228.422437][T16028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.422460][T16028] RSP: 002b:00007faf371ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  228.422483][T16028] RAX: ffffffffffffffda RBX: 00007faf389e5fa0 RCX: 00007faf3878f6c9
[  228.422537][T16028] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000000
[  228.422551][T16028] RBP: 00007faf371ef090 R08: 0000000000000000 R09: 0000000000000000
[  228.422566][T16028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.422582][T16028] R13: 00007faf389e6038 R14: 00007faf389e5fa0 R15: 00007ffe9bf243a8
[  228.422604][T16028]  </TASK>
[  228.719785][T16032] loop3: detected capacity change from 0 to 2048
[  228.730515][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.793029][T16032] Alternate GPT is invalid, using primary GPT.
[  228.799632][T16032]  loop3: p2 p3 p7
[  228.816115][T16039] loop1: detected capacity change from 0 to 128
[  228.886029][T16039] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 54)
[  228.894083][T16039] FAT-fs (loop1): Filesystem has been set read-only
[  228.926021][T16038] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 54)
[  229.108191][T16064] loop3: detected capacity change from 0 to 4096
[  229.115778][T16064] EXT4-fs: Ignoring removed nomblk_io_submit option
[  229.157316][T16064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.398136][T16078] __nla_validate_parse: 2 callbacks suppressed
[  229.398155][T16078] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3160'.
[  229.637367][T16097] netlink: 'syz.1.3164': attribute type 1 has an invalid length.
[  229.687617][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.925529][T16145] x_tables: duplicate underflow at hook 2
[  229.998037][T16155] hub 9-0:1.0: USB hub found
[  230.002762][T16155] hub 9-0:1.0: 8 ports detected
[  230.040429][ T3726] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  230.074004][T16171] loop3: detected capacity change from 0 to 128
[  230.543905][T16192] hub 9-0:1.0: USB hub found
[  230.548721][T16192] hub 9-0:1.0: 8 ports detected
[  230.688758][T16200] hub 9-0:1.0: USB hub found
[  230.700661][T16200] hub 9-0:1.0: 8 ports detected
[  230.708212][T16203] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3202'.
[  230.717382][T16203] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3202'.
[  230.726417][T16203] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3202'.
[  230.825782][T16214] loop4: detected capacity change from 0 to 128
[  230.868851][T16220] hub 9-0:1.0: USB hub found
[  230.873788][T16220] hub 9-0:1.0: 8 ports detected
[  230.984050][T16230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.002924][T16230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.106496][T16241] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3213'.
[  231.115734][T16241] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3213'.
[  231.124765][T16241] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3213'.
[  231.271908][T16256] loop3: detected capacity change from 0 to 128
[  231.305261][T16236] loop2: detected capacity change from 0 to 32768
[  231.320767][T16270] loop3: detected capacity change from 0 to 512
[  231.331071][T16270] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  231.346456][T16270] EXT4-fs (loop3): mount failed
[  231.352201][T16236]  loop2: p1 p2 p3 < > p4 < p5 p6 >
[  231.357740][T16236] loop2: p1 start 460800 is beyond EOD, truncated
[  231.364239][T16236] loop2: p2 size 83886080 extends beyond EOD, truncated
[  231.381271][T16236] loop2: p5 start 460800 is beyond EOD, truncated
[  231.387813][T16236] loop2: p6 size 83886080 extends beyond EOD, truncated
[  231.395788][T16270] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  231.404070][T16270] loop3: detected capacity change from 0 to 128
[  231.557004][T16313] loop3: detected capacity change from 0 to 128
[  231.805310][T16356] loop2: detected capacity change from 0 to 2048
[  231.878411][T16356] Alternate GPT is invalid, using primary GPT.
[  231.884898][T16356]  loop2: p2 p3 p7
[  231.892004][T16329] chnl_net:caif_netlink_parms(): no params data found
[  231.906757][ T7622] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.934895][ T7622] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.984804][T16499] netlink: 'syz.2.3252': attribute type 1 has an invalid length.
[  232.026806][ T7622] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.042894][T16329] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.050156][T16329] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.063858][T16329] bridge_slave_0: entered allmulticast mode
[  232.070576][T16329] bridge_slave_0: entered promiscuous mode
[  232.079843][T16329] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.086913][T16329] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.094191][T16329] bridge_slave_1: entered allmulticast mode
[  232.100813][T16329] bridge_slave_1: entered promiscuous mode
[  232.137832][ T7622] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.180149][T16329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.198592][T16329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.223275][T16561] loop4: detected capacity change from 0 to 4096
[  232.234277][T16561] EXT4-fs: Ignoring removed nomblk_io_submit option
[  232.250348][T16329] team0: Port device team_slave_0 added
[  232.252282][T16593] loop2: detected capacity change from 0 to 2048
[  232.257025][T16329] team0: Port device team_slave_1 added
[  232.270857][T16561] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.275841][T16611] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  232.293787][T16593] Alternate GPT is invalid, using primary GPT.
[  232.300159][T16593]  loop2: p2 p3 p7
[  232.328167][T16329] batman_adv: batadv0: Adding interface: batadv_slave_0
[  232.335224][T16329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  232.361281][T16329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  232.374378][T16329] batman_adv: batadv0: Adding interface: batadv_slave_1
[  232.381424][T16329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  232.407460][T16329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  232.465211][ T7622] bridge_slave_1: left allmulticast mode
[  232.471103][ T7622] bridge_slave_1: left promiscuous mode
[  232.476841][ T7622] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.512588][ T7622] bridge_slave_0: left allmulticast mode
[  232.518266][ T7622] bridge_slave_0: left promiscuous mode
[  232.524044][ T7622] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.597203][T16691] loop2: detected capacity change from 0 to 512
[  232.633955][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.664517][T16691] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.683489][   T29] kauditd_printk_skb: 548 callbacks suppressed
[  232.683506][   T29] audit: type=1326 audit(1762869203.679:14218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.713536][   T29] audit: type=1326 audit(1762869203.679:14219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.713937][T16691] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.737169][   T29] audit: type=1326 audit(1762869203.679:14220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.737521][   T29] audit: type=1326 audit(1762869203.679:14221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faf3878df10 code=0x7ffc0000
[  232.737624][   T29] audit: type=1326 audit(1762869203.679:14222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.737664][   T29] audit: type=1326 audit(1762869203.679:14223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.842666][   T29] audit: type=1326 audit(1762869203.679:14224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.866321][   T29] audit: type=1326 audit(1762869203.679:14225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  232.889994][   T29] audit: type=1326 audit(1762869203.679:14226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7faf3878f703 code=0x7ffc0000
[  232.913424][   T29] audit: type=1326 audit(1762869203.679:14227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16702 comm="syz.3.3267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7faf3878f703 code=0x7ffc0000
[  232.938932][ T7622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  232.943388][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.959886][ T7622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  232.978224][ T7622] bond0 (unregistering): Released all slaves
[  232.987568][ T7622] bond1 (unregistering): Released all slaves
[  232.997162][ T7622] bond2 (unregistering): Released all slaves
[  233.007952][T16329] hsr_slave_0: entered promiscuous mode
[  233.014587][T16329] hsr_slave_1: entered promiscuous mode
[  233.020648][T16329] debugfs: 'hsr0' already exists in 'hsr'
[  233.026384][T16329] Cannot create hsr debugfs directory
[  233.045988][ T7622] tipc: Left network mode
[  233.053851][T16718] hub 9-0:1.0: USB hub found
[  233.058961][T16718] hub 9-0:1.0: 8 ports detected
[  233.153491][T16761] loop3: detected capacity change from 0 to 128
[  233.163426][T16761] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54)
[  233.171570][T16761] FAT-fs (loop3): Filesystem has been set read-only
[  233.192773][T16760] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54)
[  233.232741][ T7622] hsr_slave_0: left promiscuous mode
[  233.241972][ T7622] hsr_slave_1: left promiscuous mode
[  233.251538][ T7622] veth1_macvtap: left promiscuous mode
[  233.257271][ T7622] veth0_macvtap: left promiscuous mode
[  233.316312][T16786] netlink: 'syz.0.3281': attribute type 1 has an invalid length.
[  233.331888][ T7622] team0 (unregistering): Port device team_slave_1 removed
[  233.337759][T16788] hub 9-0:1.0: USB hub found
[  233.343837][ T7622] team0 (unregistering): Port device team_slave_0 removed
[  233.344683][T16788] hub 9-0:1.0: 8 ports detected
[  233.372064][ T7622] team0 (unregistering): Port device dummy0 removed
[  233.469982][T16817] loop3: detected capacity change from 0 to 512
[  233.500265][T16817] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.513601][T16817] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.557687][T16839] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  233.591216][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.650188][T16863] netlink: 'syz.0.3294': attribute type 1 has an invalid length.
[  233.691070][ T7622] IPVS: stop unused estimator thread 0...
[  233.724707][T16859] loop3: detected capacity change from 0 to 512
[  233.760562][T16859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.776767][T16859] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.865472][T16329] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  233.892403][T16329] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  233.911944][T16329] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  233.925705][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.927206][T16329] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  234.003233][T16329] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.017858][T16329] 8021q: adding VLAN 0 to HW filter on device team0
[  234.072323][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.079429][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.107575][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.114727][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.126663][T16925] netlink: 'syz.3.3307': attribute type 1 has an invalid length.
[  234.135534][T16922] xt_CT: No such helper "snmp_trap"
[  234.185870][T16927] loop2: detected capacity change from 0 to 2048
[  234.191480][T16929] tipc: Started in network mode
[  234.197130][T16929] tipc: Node identity 92be3dd7731, cluster identity 4711
[  234.204272][T16929] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  234.218223][T16929] syzkaller0: entered promiscuous mode
[  234.223908][T16929] syzkaller0: entered allmulticast mode
[  234.237404][T16929] tipc: Resetting bearer <eth:syzkaller0>
[  234.244457][T16928] tipc: Resetting bearer <eth:syzkaller0>
[  234.252768][T16928] tipc: Disabling bearer <eth:syzkaller0>
[  234.261630][T16927] Alternate GPT is invalid, using primary GPT.
[  234.268156][T16927]  loop2: p2 p3 p7
[  234.316198][T16329] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.361360][T16961] netlink: 'syz.0.3313': attribute type 1 has an invalid length.
[  234.414526][T16329] veth0_vlan: entered promiscuous mode
[  234.442475][T16329] veth1_vlan: entered promiscuous mode
[  234.466489][T16972] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  234.485629][T16974] xt_CT: No such helper "snmp_trap"
[  234.497279][T16329] veth0_macvtap: entered promiscuous mode
[  234.505208][T16329] veth1_macvtap: entered promiscuous mode
[  234.517127][T16329] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.533718][T16329] batman_adv: batadv0: Interface activated: batadv_slave_1
[  234.557306][   T52] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.566876][T16979] netlink: 'syz.0.3319': attribute type 1 has an invalid length.
[  234.639851][ T7622] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.648645][ T7622] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.681896][ T7622] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.693463][T16997] tipc: Started in network mode
[  234.698348][T16997] tipc: Node identity ceab896b322c, cluster identity 4711
[  234.705590][T16997] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  234.726391][T16997] syzkaller0: entered promiscuous mode
[  234.731924][T16997] syzkaller0: entered allmulticast mode
[  234.733979][T17004] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  234.747465][T16997] tipc: Resetting bearer <eth:syzkaller0>
[  234.767181][T16995] tipc: Resetting bearer <eth:syzkaller0>
[  234.774692][T17009] xt_CT: No such helper "snmp_trap"
[  234.785677][T16995] tipc: Disabling bearer <eth:syzkaller0>
[  234.921986][T17040] netlink: 'syz.1.3341': attribute type 1 has an invalid length.
[  234.975362][T17045] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  235.020504][T17051] xt_CT: No such helper "snmp_trap"
[  235.145400][T17070] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  235.155282][T17070] syzkaller0: entered promiscuous mode
[  235.161381][T17070] syzkaller0: entered allmulticast mode
[  235.195421][T17070] tipc: Resetting bearer <eth:syzkaller0>
[  235.203410][T17067] tipc: Resetting bearer <eth:syzkaller0>
[  235.211312][T17067] tipc: Disabling bearer <eth:syzkaller0>
[  235.221871][T17082] netlink: 'syz.0.3356': attribute type 1 has an invalid length.
[  235.289477][T17090] xt_CT: No such helper "snmp_trap"
[  235.335150][T17094] loop1: detected capacity change from 0 to 4096
[  235.365910][T17094] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.372291][T17105] hub 9-0:1.0: USB hub found
[  235.384282][T17105] hub 9-0:1.0: 8 ports detected
[  235.390787][T17094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.425480][T17121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3369'.
[  235.434390][T17121] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3369'.
[  235.443414][T17121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3369'.
[  235.486866][T17126] netlink: 'syz.4.3371': attribute type 1 has an invalid length.
[  235.651247][T16329] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.689493][T17162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.708361][T17162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.768297][T17194] xt_CT: No such helper "snmp_trap"
[  235.776418][T17201] netlink: 'syz.0.3384': attribute type 1 has an invalid length.
[  235.893338][T17215] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  236.121167][T17235] loop1: detected capacity change from 0 to 128
[  236.209103][T17244] xt_CT: No such helper "snmp_trap"
[  236.332197][T17251] netlink: 'syz.4.3399': attribute type 1 has an invalid length.
[  236.385937][T17249] loop1: detected capacity change from 0 to 512
[  236.462685][T17249] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.479326][T17261] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  236.487060][T17249] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.533937][T16329] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.537084][T17265] hub 9-0:1.0: USB hub found
[  236.547775][T17265] hub 9-0:1.0: 8 ports detected
[  236.608634][T17275] xt_CT: No such helper "snmp_trap"
[  236.682113][T17286] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3412'.
[  236.691145][T17286] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3412'.
[  236.757260][T17296] loop3: detected capacity change from 0 to 128
[  236.799015][T17312] xt_CT: No such helper "snmp_trap"
[  237.097447][T17345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.363509][T17345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  237.995839][   T29] kauditd_printk_skb: 1423 callbacks suppressed
[  237.995853][   T29] audit: type=1326 audit(1762869208.989:15651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  237.999781][T17413] hub 9-0:1.0: USB hub found
[  238.031010][T17413] hub 9-0:1.0: 8 ports detected
[  238.097828][   T29] audit: type=1326 audit(1762869208.989:15652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.121477][   T29] audit: type=1326 audit(1762869208.989:15653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.145067][   T29] audit: type=1326 audit(1762869208.989:15654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f84b35cdf10 code=0x7ffc0000
[  238.168746][   T29] audit: type=1326 audit(1762869208.989:15655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.192330][   T29] audit: type=1326 audit(1762869208.989:15656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.215952][   T29] audit: type=1326 audit(1762869208.989:15657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.239607][   T29] audit: type=1326 audit(1762869208.989:15658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.263294][   T29] audit: type=1326 audit(1762869208.989:15659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.287102][   T29] audit: type=1326 audit(1762869209.029:15660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17412 comm="syz.0.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84b35cf6c9 code=0x7ffc0000
[  238.381937][T17423] loop1: detected capacity change from 0 to 128
[  238.458286][T17441] validate_nla: 2 callbacks suppressed
[  238.458302][T17441] netlink: 'syz.3.3450': attribute type 1 has an invalid length.
[  238.704017][T17449] loop1: detected capacity change from 0 to 512
[  238.756437][T17449] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  238.765892][T17449] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  238.880555][T17449] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  238.900207][T17449] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  238.915925][T17449] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.940218][T17458] hub 9-0:1.0: USB hub found
[  238.948828][T17458] hub 9-0:1.0: 8 ports detected
[  238.965787][T17449] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.1.3452: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  238.992510][T17463] vhci_hcd: invalid port number 9
[  238.997591][T17463] vhci_hcd: invalid port number 9
[  239.005899][  T265] Bluetooth: hci0: Frame reassembly failed (-84)
[  239.012341][T17449] EXT4-fs error (device loop1) in ext4_delete_entry:2739: Corrupt filesystem
[  239.021547][T17449] EXT4-fs warning (device loop1): ext4_rename_delete:3731: inode #2: comm syz.1.3452: Deleting old file: nlink 4, error=-117
[  239.035150][T17449] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3452: bg 0: block 353: padding at end of block bitmap is not set
[  239.050679][T17449] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  239.065943][T17471] loop4: detected capacity change from 0 to 128
[  239.096844][T17477] netlink: 'syz.0.3458': attribute type 1 has an invalid length.
[  239.131156][T16329] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.171707][T17485] loop1: detected capacity change from 0 to 128
[  239.305957][T17491] loop2: detected capacity change from 0 to 512
[  239.372375][T17491] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.391750][T17491] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.416224][T17510] loop4: detected capacity change from 0 to 128
[  239.429165][T17509] hub 9-0:1.0: USB hub found
[  239.434070][T17509] hub 9-0:1.0: 8 ports detected
[  239.469361][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.542201][T17525] loop2: detected capacity change from 0 to 512
[  239.551392][T17525] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  239.560736][T17525] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  239.571606][T17525] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  239.581363][T17525] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  239.590705][T17525] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.604449][T17525] EXT4-fs error (device loop2): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.2.3471: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  239.624581][T17525] EXT4-fs error (device loop2) in ext4_delete_entry:2739: Corrupt filesystem
[  239.633724][T17525] EXT4-fs warning (device loop2): ext4_rename_delete:3731: inode #2: comm syz.2.3471: Deleting old file: nlink 4, error=-117
[  239.648073][T17525] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3471: bg 0: block 353: padding at end of block bitmap is not set
[  239.648712][T17532] __nla_validate_parse: 17 callbacks suppressed
[  239.648740][T17532] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  239.665709][T17525] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  239.702456][T17538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3474'.
[  239.711467][T17538] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3474'.
[  239.720568][T17538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3474'.
[  239.756207][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.794512][T17547] loop2: detected capacity change from 0 to 128
[  240.194543][T17556] hub 9-0:1.0: USB hub found
[  240.205991][T17556] hub 9-0:1.0: 8 ports detected
[  240.298919][T17574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  240.335063][T17585] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3486'.
[  240.344165][T17585] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3486'.
[  240.353234][T17585] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3486'.
[  240.376491][T17587] loop2: detected capacity change from 0 to 512
[  240.384422][T17587] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  240.393521][T17587] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  240.403289][T17587] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  240.412831][T17587] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  240.424350][T17587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  240.438154][T17587] EXT4-fs error (device loop2): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.2.3487: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  240.458575][T17587] EXT4-fs error (device loop2) in ext4_delete_entry:2739: Corrupt filesystem
[  240.467726][T17587] EXT4-fs warning (device loop2): ext4_rename_delete:3731: inode #2: comm syz.2.3487: Deleting old file: nlink 4, error=-117
[  240.481225][T17587] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3487: bg 0: block 353: padding at end of block bitmap is not set
[  240.495906][T17587] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  240.523483][T17597] netlink: 'syz.0.3490': attribute type 1 has an invalid length.
[  240.593559][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.611930][T17599] hub 9-0:1.0: USB hub found
[  240.617057][T17599] hub 9-0:1.0: 8 ports detected
[  240.628263][T17607] loop2: detected capacity change from 0 to 128
[  240.685593][T17614] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  240.717115][T17624] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3499'.
[  240.876953][T17618] loop1: detected capacity change from 0 to 512
[  240.899909][T17636] xt_CT: No such helper "snmp_trap"
[  240.983792][T17646] hub 9-0:1.0: USB hub found
[  240.991323][T17646] hub 9-0:1.0: 8 ports detected
[  241.052766][T17618] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.073501][T17650] loop4: detected capacity change from 0 to 2048
[  241.080843][ T3726] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  241.108863][T17618] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.308284][T17650] Alternate GPT is invalid, using primary GPT.
[  241.314714][T17650]  loop4: p2 p3 p7
[  241.954432][T17659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  241.963170][T17659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.148473][T16329] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.193427][T17684] loop4: detected capacity change from 0 to 128
[  242.229319][T17682] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  242.283337][T17691] loop4: detected capacity change from 0 to 128
[  242.462407][T17700] hub 9-0:1.0: USB hub found
[  242.492473][T17700] hub 9-0:1.0: 8 ports detected
[  242.585596][T17713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.608267][T17694] loop2: detected capacity change from 0 to 512
[  242.686602][T17713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.708888][T17694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.773682][T17694] ext4 filesystem being mounted at /129/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.003086][   T29] kauditd_printk_skb: 768 callbacks suppressed
[  243.003102][   T29] audit: type=1326 audit(1762869213.999:16429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17731 comm="syz.1.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7b4dff6c9 code=0x7ffc0000
[  243.088728][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.239573][   T29] audit: type=1326 audit(1762869214.039:16430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17731 comm="syz.1.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7b4dff6c9 code=0x7ffc0000
[  243.263238][   T29] audit: type=1326 audit(1762869214.229:16431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.287046][   T29] audit: type=1326 audit(1762869214.229:16432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.310659][   T29] audit: type=1326 audit(1762869214.229:16433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.312221][T17752] loop4: detected capacity change from 0 to 512
[  243.334477][   T29] audit: type=1326 audit(1762869214.229:16434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.334515][   T29] audit: type=1326 audit(1762869214.229:16435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.484903][T17758] loop1: detected capacity change from 0 to 512
[  243.544402][T17752] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.558333][T17752] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.582011][T17758] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.596020][T17758] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.695694][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.711000][T16329] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.829576][   T29] audit: type=1326 audit(1762869214.239:16436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.853205][   T29] audit: type=1326 audit(1762869214.239:16437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  243.876878][   T29] audit: type=1326 audit(1762869214.239:16438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17761 comm="syz.2.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a3645f6c9 code=0x7ffc0000
[  244.133079][T17789] loop1: detected capacity change from 0 to 128
[  244.206998][T17806] loop1: detected capacity change from 0 to 512
[  244.241272][T17806] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  244.269922][T17806] EXT4-fs (loop1): mount failed
[  244.292037][T17814] loop4: detected capacity change from 0 to 512
[  244.383389][T17814] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  244.392497][T17814] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  244.411346][T17806] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  244.423484][T17806] loop1: detected capacity change from 0 to 128
[  244.470121][T17814] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  244.484626][T17814] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  244.519388][T17814] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.536506][T17829] loop1: detected capacity change from 0 to 2048
[  244.557354][T17814] EXT4-fs error (device loop4): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.4.3539: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  244.593614][T17814] EXT4-fs error (device loop4) in ext4_delete_entry:2739: Corrupt filesystem
[  244.607660][T17829] Alternate GPT is invalid, using primary GPT.
[  244.614134][T17829]  loop1: p2 p3 p7
[  244.624425][T17814] EXT4-fs warning (device loop4): ext4_rename_delete:3731: inode #2: comm syz.4.3539: Deleting old file: nlink 4, error=-117
[  244.669433][T17814] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3539: bg 0: block 353: padding at end of block bitmap is not set
[  244.694132][T17814] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  244.755657][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.786588][T17852] __nla_validate_parse: 6 callbacks suppressed
[  244.786603][T17852] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  244.823352][T17856] loop4: detected capacity change from 0 to 128
[  244.852044][T17865] netlink: 'syz.4.3550': attribute type 1 has an invalid length.
[  244.883990][T17869] xt_CT: No such helper "snmp_trap"
[  244.895015][T17869] loop4: detected capacity change from 0 to 512
[  244.912112][T17869] EXT4-fs: Ignoring removed bh option
[  244.917834][T17869] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  244.927764][T17869] EXT4-fs (loop4): 1 truncate cleaned up
[  244.933978][T17869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.957358][T17869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.007498][T17886] loop2: detected capacity change from 0 to 2048
[  245.009140][T17888] xt_CT: No such helper "snmp_trap"
[  245.045772][T17894] loop4: detected capacity change from 0 to 128
[  245.051759][T17886] Alternate GPT is invalid, using primary GPT.
[  245.058429][T17886]  loop2: p2 p3 p7
[  245.085558][T17905] netlink: 'syz.4.3562': attribute type 1 has an invalid length.
[  245.237916][T17922] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3569'.
[  245.246985][T17922] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3569'.
[  245.305482][T17935] hub 9-0:1.0: USB hub found
[  245.310214][T17935] hub 9-0:1.0: 8 ports detected
[  245.638650][T17949] loop2: detected capacity change from 0 to 512
[  245.647103][T17953] loop3: detected capacity change from 0 to 512
[  245.703156][T17955] xt_CT: No such helper "snmp_trap"
[  245.717195][T17949] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.735125][T17953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.766052][T17949] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.781727][T17953] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.798781][T17965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3583'.
[  245.807867][T17965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3583'.
[  245.933796][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.943736][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.027297][T17983] loop1: detected capacity change from 0 to 128
[  246.057712][T17986] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  246.153217][T17991] hub 9-0:1.0: USB hub found
[  246.157873][T17991] hub 9-0:1.0: 8 ports detected
[  246.283063][T18008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  246.291605][T18008] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  246.363685][T18011] loop4: detected capacity change from 0 to 2048
[  246.408332][T18003] loop3: detected capacity change from 0 to 512
[  246.433868][T18011] Alternate GPT is invalid, using primary GPT.
[  246.440298][T18011]  loop4: p2 p3 p7
[  246.568306][T18003] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  246.603817][T18034] loop4: detected capacity change from 0 to 128
[  246.614881][T18003] ext4 filesystem being mounted at /146/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  246.782130][T18053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  246.805778][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.887286][T18053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.290639][T18094] loop4: detected capacity change from 0 to 4096
[  247.297841][T18094] EXT4-fs: Ignoring removed nomblk_io_submit option
[  247.308097][T18094] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.706766][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.938456][T18116] loop4: detected capacity change from 0 to 512
[  247.982437][T18116] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.011389][T18116] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.034585][T18120] loop2: detected capacity change from 0 to 512
[  248.110717][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.124899][   T29] kauditd_printk_skb: 508 callbacks suppressed
[  248.124921][   T29] audit: type=1326 audit(1762869219.119:16946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.154847][   T29] audit: type=1326 audit(1762869219.119:16947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.171626][T18120] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.178674][   T29] audit: type=1326 audit(1762869219.129:16948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.214755][   T29] audit: type=1326 audit(1762869219.129:16949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.238435][   T29] audit: type=1326 audit(1762869219.129:16950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.262111][   T29] audit: type=1326 audit(1762869219.129:16951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.285800][   T29] audit: type=1326 audit(1762869219.129:16952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.309444][   T29] audit: type=1326 audit(1762869219.129:16953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.333106][   T29] audit: type=1326 audit(1762869219.129:16954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.356860][   T29] audit: type=1326 audit(1762869219.129:16955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18133 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3878f6c9 code=0x7ffc0000
[  248.381763][T18140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.390295][T18140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.462994][T18120] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.754264][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.373557][T18171] hub 9-0:1.0: USB hub found
[  249.396494][T18171] hub 9-0:1.0: 8 ports detected
[  249.436330][T18175] loop2: detected capacity change from 0 to 512
[  249.496151][T18175] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  249.551966][T18175] EXT4-fs (loop2): mount failed
[  249.574881][T18186] loop1: detected capacity change from 0 to 512
[  249.595835][T18175] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  249.605966][T18175] loop2: detected capacity change from 0 to 128
[  249.616443][T18190] loop3: detected capacity change from 0 to 512
[  249.632178][T18190] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  249.741205][T18190] EXT4-fs (loop3): mount failed
[  249.884977][T18186] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  249.899907][T18186] EXT4-fs (loop1): mount failed
[  249.916967][T18186] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  249.924942][T18186] loop1: detected capacity change from 0 to 128
[  249.931797][T18190] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  249.939993][T18190] loop3: detected capacity change from 0 to 128
[  249.973970][T18226] loop3: detected capacity change from 0 to 128
[  250.006693][T18232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.037182][T18232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.046679][T18240] netlink: 'syz.3.3642': attribute type 1 has an invalid length.
[  250.067387][T18242] loop1: detected capacity change from 0 to 512
[  250.083937][T18242] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  250.093058][T18242] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  250.124076][T18242] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  250.133566][T18242] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  250.150539][T18242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  250.170790][T18242] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.1.3643: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  250.192473][T18242] EXT4-fs error (device loop1) in ext4_delete_entry:2739: Corrupt filesystem
[  250.208734][T18242] EXT4-fs warning (device loop1): ext4_rename_delete:3731: inode #2: comm syz.1.3643: Deleting old file: nlink 4, error=-117
[  250.222511][T18242] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3643: bg 0: block 353: padding at end of block bitmap is not set
[  250.237216][T18242] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  250.321320][T16329] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.357942][T18288] loop1: detected capacity change from 0 to 128
[  250.409249][T18286] loop4: detected capacity change from 0 to 512
[  250.438648][T18286] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.452274][T18286] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  250.512175][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.528239][T18311] loop3: detected capacity change from 0 to 512
[  250.539974][T18311] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  250.549085][T18311] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  250.558651][T18311] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  250.569192][T18311] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  250.581618][T18311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  250.608036][T18311] EXT4-fs error (device loop3): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.3.3660: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  250.629352][T18311] EXT4-fs error (device loop3) in ext4_delete_entry:2739: Corrupt filesystem
[  250.638358][T18311] EXT4-fs warning (device loop3): ext4_rename_delete:3731: inode #2: comm syz.3.3660: Deleting old file: nlink 4, error=-117
[  250.661837][T18311] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3660: bg 0: block 353: padding at end of block bitmap is not set
[  250.722347][T18311] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  250.807312][T18337] netlink: 'syz.4.3667': attribute type 1 has an invalid length.
[  250.831335][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.851636][T18343] hub 9-0:1.0: USB hub found
[  250.856347][T18343] hub 9-0:1.0: 8 ports detected
[  250.896610][T18346] loop1: detected capacity change from 0 to 128
[  250.916990][T18352] loop4: detected capacity change from 0 to 512
[  250.934539][T18340] loop2: detected capacity change from 0 to 512
[  250.955046][T18352] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  250.979920][T18352] EXT4-fs (loop4): mount failed
[  250.988613][T18340] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.009133][T18350] loop3: detected capacity change from 0 to 512
[  251.020220][T18340] ext4 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.062937][T18350] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.088017][T18350] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.117724][T18352] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  251.125720][T18352] loop4: detected capacity change from 0 to 128
[  251.159767][T13283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.184007][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.224208][T18398] vhci_hcd: invalid port number 9
[  251.229330][T18398] vhci_hcd: invalid port number 9
[  251.233122][T18397] loop3: detected capacity change from 0 to 512
[  251.252139][T18397] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  251.261241][T18397] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  251.270950][T18397] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  251.303000][T18397] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=8002e01c, mo2=0006]
[  251.331696][T18397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.355863][T18397] EXT4-fs error (device loop3): ext4_generic_delete_entry:2668: inode #2: block 3: comm syz.3.3681: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0
[  251.376091][T18397] EXT4-fs error (device loop3) in ext4_delete_entry:2739: Corrupt filesystem
[  251.390405][T18397] EXT4-fs warning (device loop3): ext4_rename_delete:3731: inode #2: comm syz.3.3681: Deleting old file: nlink 4, error=-117
[  251.407975][T18397] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3681: bg 0: block 353: padding at end of block bitmap is not set
[  251.427004][T18397] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  251.461999][T13860] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.500830][T18418] vhci_hcd: invalid port number 9
[  251.505923][T18418] vhci_hcd: invalid port number 9
[  251.513633][ T7622] Bluetooth: hci1: Frame reassembly failed (-84)
[  251.580748][T18421] loop2: detected capacity change from 0 to 512
[  251.590772][T18427] loop4: detected capacity change from 0 to 512
[  251.629053][T18421] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.631312][T18427] ext4 filesystem being mounted at /144/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.643683][T18421] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.708069][T18440] loop4: detected capacity change from 0 to 512
[  251.727608][T18440] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  251.743109][T18440] EXT4-fs (loop4): mount failed
[  251.754746][T18440] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  251.762855][T18440] loop4: detected capacity change from 0 to 128
[  251.901770][T18457] hub 9-0:1.0: USB hub found
[  251.906433][T18457] hub 9-0:1.0: 8 ports detected
[  252.106304][T18471] netlink: 'syz.1.3701': attribute type 1 has an invalid length.
[  252.189987][T18472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.198537][T18472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.560061][T18476] hub 9-0:1.0: USB hub found
[  252.574582][T18476] hub 9-0:1.0: 8 ports detected
[  252.932919][T18484] loop1: detected capacity change from 0 to 512
[  253.010052][T18484] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.231419][   T29] kauditd_printk_skb: 468 callbacks suppressed
[  253.231436][   T29] audit: type=1326 audit(1762869224.229:17419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.303115][   T29] audit: type=1326 audit(1762869224.259:17420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.326909][   T29] audit: type=1326 audit(1762869224.259:17421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.350582][   T29] audit: type=1326 audit(1762869224.259:17422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.359631][ T3726] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  253.374311][   T29] audit: type=1326 audit(1762869224.259:17423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.404005][   T29] audit: type=1326 audit(1762869224.259:17424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.427636][   T29] audit: type=1326 audit(1762869224.259:17425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.451403][   T29] audit: type=1326 audit(1762869224.259:17426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.475249][   T29] audit: type=1326 audit(1762869224.259:17427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.498868][   T29] audit: type=1326 audit(1762869224.259:17428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18493 comm="syz.4.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31f15f6c9 code=0x7ffc0000
[  253.646322][ T3726] Bluetooth: hci1: command 0x1003 tx timeout
[  253.655671][   T44] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  253.912841][T18526] xt_CT: No such helper "snmp_trap"
[  253.974626][T18535] vhci_hcd: invalid port number 9
[  253.979817][T18535] vhci_hcd: invalid port number 9
[  253.989858][ T7616] Bluetooth: hci0: Frame reassembly failed (-84)
[  254.008558][T18540] loop3: detected capacity change from 0 to 2048
[  254.042221][T18540] Alternate GPT is invalid, using primary GPT.
[  254.048688][T18540]  loop3: p2 p3 p7
[  254.075793][T18552] netlink: 'syz.3.3720': attribute type 1 has an invalid length.
[  254.287599][T18571] loop3: detected capacity change from 0 to 512
[  254.318636][T18571] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.649154][T18593] netlink: 'syz.3.3732': attribute type 1 has an invalid length.
[  254.812469][T18636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.821661][T18636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.046429][T18650] hub 9-0:1.0: USB hub found
[  255.051782][T18650] hub 9-0:1.0: 8 ports detected
[  255.149016][T18661] netlink: 'syz.4.3745': attribute type 1 has an invalid length.
[  255.179432][T18663] loop4: detected capacity change from 0 to 128
[  255.257469][T18675] loop2: detected capacity change from 0 to 128
[  255.265410][T18677] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  255.507215][T18699] loop3: detected capacity change from 0 to 512
[  255.548667][T18699] ext4 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  255.588973][T18707] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  255.621084][T18713] netlink: 'syz.3.3758': attribute type 1 has an invalid length.
[  255.774879][T18738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  255.790732][T18738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  256.039598][ T3726] Bluetooth: hci0: command 0x1003 tx timeout
[  256.039580][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  256.171206][T18775] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  256.314961][T18785] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  256.314961][T18785]    program syz.4.3774 not setting count and/or reply_len properly
[  256.369856][T18798] vhci_hcd: invalid port number 9
[  256.374955][T18798] vhci_hcd: invalid port number 9
[  256.449340][T18797] loop4: detected capacity change from 0 to 512
[  256.498664][T18797] EXT4-fs mount: 9 callbacks suppressed
[  256.498753][T18797] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.535744][T18797] ext4 filesystem being mounted at /161/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.606861][T14452] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.656938][T18828] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  256.667949][T18834] netlink: 'syz.0.3789': attribute type 1 has an invalid length.
[  256.830287][T18844] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  257.074888][T18867] netlink: 'syz.0.3802': attribute type 1 has an invalid length.
[  257.149214][T18869] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  257.165190][T18869] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3803'.
[  257.272178][T18892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.296471][T18898] FAULT_INJECTION: forcing a failure.
[  257.296471][T18898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.310445][T18898] CPU: 0 UID: 0 PID: 18898 Comm: syz.3.3807 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  257.310546][T18898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  257.310562][T18898] Call Trace:
[  257.310570][T18898]  <TASK>
[  257.310579][T18898]  __dump_stack+0x1d/0x30
[  257.310606][T18898]  dump_stack_lvl+0xe8/0x140
[  257.310662][T18898]  dump_stack+0x15/0x1b
[  257.310685][T18898]  should_fail_ex+0x265/0x280
[  257.310755][T18898]  should_fail+0xb/0x20
[  257.310775][T18898]  should_fail_usercopy+0x1a/0x20
[  257.310803][T18898]  _copy_from_user+0x1c/0xb0
[  257.310832][T18898]  vga_arb_write+0x98/0x13d0
[  257.310976][T18898]  ? avc_policy_seqno+0x15/0x30
[  257.311002][T18898]  ? __pfx_vga_arb_write+0x10/0x10
[  257.311037][T18898]  vfs_write+0x269/0x960
[  257.311066][T18898]  ? __rcu_read_unlock+0x4f/0x70
[  257.311158][T18898]  ? __fget_files+0x184/0x1c0
[  257.311198][T18892] ==================================================================
[  257.311195][T18898]  ksys_write+0xda/0x1a0
[  257.311226][T18898]  __x64_sys_write+0x40/0x50
[  257.311313][T18898]  x64_sys_call+0x2802/0x3000
[  257.311405][T18898]  do_syscall_64+0xd2/0x200
[  257.311429][T18898]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  257.311462][T18898]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  257.311501][T18898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.311548][T18898] RIP: 0033:0x7faf3878f6c9
[  257.311566][T18898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.311586][T18898] RSP: 002b:00007faf371ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  257.311669][T18898] RAX: ffffffffffffffda RBX: 00007faf389e6090 RCX: 00007faf3878f6c9
[  257.311684][T18898] RDX: 000000000000000d RSI: 0000200000000340 RDI: 0000000000000008
[  257.311698][T18898] RBP: 00007faf371ce090 R08: 0000000000000000 R09: 0000000000000000
[  257.311712][T18898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.311746][T18898] R13: 00007faf389e6128 R14: 00007faf389e6090 R15: 00007ffe9bf243a8
[  257.311766][T18898]  </TASK>
[  257.515646][T18892] BUG: KCSAN: data-race in data_alloc / prb_reserve
[  257.522262][T18892] 
[  257.524579][T18892] write to 0xffffffff8686beb0 of 8 bytes by task 18898 on cpu 0:
[  257.532289][T18892]  data_alloc+0x280/0x2e0
[  257.536616][T18892]  prb_reserve+0x807/0xaf0
[  257.541027][T18892]  vprintk_store+0x56d/0x860
[  257.545619][T18892]  vprintk_emit+0x10d/0x580
[  257.550119][T18892]  vprintk_default+0x26/0x30
[  257.554711][T18892]  vprintk+0x1d/0x30
[  257.558610][T18892]  _printk+0x79/0xa0
[  257.562512][T18892]  show_trace_log_lvl+0x4e3/0x560
[  257.567539][T18892]  __dump_stack+0x1d/0x30
[  257.571864][T18892]  dump_stack_lvl+0xe8/0x140
[  257.576449][T18892]  dump_stack+0x15/0x1b
[  257.580600][T18892]  should_fail_ex+0x265/0x280
[  257.585271][T18892]  should_fail+0xb/0x20
[  257.589443][T18892]  should_fail_usercopy+0x1a/0x20
[  257.594484][T18892]  _copy_from_user+0x1c/0xb0
[  257.599094][T18892]  vga_arb_write+0x98/0x13d0
[  257.603701][T18892]  vfs_write+0x269/0x960
[  257.607946][T18892]  ksys_write+0xda/0x1a0
[  257.612195][T18892]  __x64_sys_write+0x40/0x50
[  257.616797][T18892]  x64_sys_call+0x2802/0x3000
[  257.621488][T18892]  do_syscall_64+0xd2/0x200
[  257.626000][T18892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.631893][T18892] 
[  257.634215][T18892] read to 0xffffffff8686beb0 of 8 bytes by task 18892 on cpu 1:
[  257.641840][T18892]  prb_reserve+0x220/0xaf0
[  257.646254][T18892]  vprintk_store+0x56d/0x860
[  257.650843][T18892]  vprintk_emit+0x10d/0x580
[  257.655345][T18892]  dev_vprintk_emit+0x242/0x2a0
[  257.660205][T18892]  dev_printk_emit+0x84/0xb0
[  257.664793][T18892]  __dev_printk+0xf3/0x110
[  257.669206][T18892]  _dev_err+0x9b/0xd0
[  257.673180][T18892]  raw_ioctl+0x1a1b/0x1d00
[  257.677596][T18892]  __se_sys_ioctl+0xce/0x140
[  257.682177][T18892]  __x64_sys_ioctl+0x43/0x50
[  257.686761][T18892]  x64_sys_call+0x1816/0x3000
[  257.691431][T18892]  do_syscall_64+0xd2/0x200
[  257.695925][T18892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.701823][T18892] 
[  257.704132][T18892] value changed: 0xfffffffffffcadf0 -> 0x00000000000653b8
[  257.711221][T18892] 
[  257.713531][T18892] Reported by Kernel Concurrency Sanitizer on:
[  257.719664][T18892] CPU: 1 UID: 0 PID: 18892 Comm: syz.0.3806 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  257.729462][T18892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  257.739509][T18892] ==================================================================
[  257.311064][T18892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.795126][T18897] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem