last executing test programs:

3.384040676s ago: executing program 1 (id=2678):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB='\n\x00\x00\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
lsetxattr$security_selinux(&(0x7f0000000900)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:netutils_exec_t:s0\x00', 0x25, 0x0) (fail_nth: 5)

3.211217732s ago: executing program 1 (id=2680):
socket$packet(0x11, 0x3, 0x300)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x6004, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={<r1=>r0})
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f00000000c0)={0x1})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fadvise64(r2, 0x36a9, 0x9, 0x1)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'geneve0\x00', <r4=>0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000300)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1c, 0x0, 0x7ffc1ffb}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='kvm_unmap_hva_range\x00', r5, 0x0, 0x89}, 0x18)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r2, 0x20, &(0x7f0000000500)={&(0x7f0000000440)=""/99, 0x63, <r7=>0x0, &(0x7f00000004c0)=""/10, 0xa}}, 0x10)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x8, '\x00', r4, r2, 0x5, 0x1, 0x2}, 0x50)
r9 = syz_open_dev$vcsu(&(0x7f0000000700), 0x9, 0x20000)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r10=>r6, {0x5}}, './file0\x00'})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r2, <r11=>0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x19, 0x17, &(0x7f0000000240)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7643c093}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x37}}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @alu={0x7, 0x0, 0xb, 0x8, 0x1, 0x100, 0x4}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x9}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}], &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x11, '\x00', r4, @fallback=0x2b, r2, 0x8, &(0x7f0000000400)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, r7, r5, 0x4, &(0x7f0000000840)=[r8, r2, r9, r10, r11], &(0x7f0000000880)=[{0x0, 0x2, 0x7, 0x7}, {0x2, 0x3, 0x10, 0xc}, {0x4, 0x1, 0x3, 0x8}, {0x3, 0x3, 0x2, 0xa}], 0x10, 0x1}, 0x94)
ioprio_set$uid(0x3, 0x0, 0x4007)
fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000140))
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r12, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r12, 0x6, 0xd, &(0x7f0000000200)='vegas', 0x5)
bind$inet(r12, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r12, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14", 0x3}], 0x1}}], 0x1, 0x20008000)
r13 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r13, &(0x7f0000000140)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r14, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0)

2.309140469s ago: executing program 1 (id=2695):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={<r1=>0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1f}}]}, &(0x7f0000000240)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x82, &(0x7f0000000040)={r1}, &(0x7f00000000c0)=0x8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40))
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000340), &(0x7f0000000380)=r5}, 0x20)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r6, 0x545c, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x8000000)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'dummy0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x4000080)

2.060028893s ago: executing program 4 (id=2696):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x14, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x92}, 0x50)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r1], 0x50)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0)
timer_create(0x0, &(0x7f0000000600)={0x0, 0x10, 0x3, @thr={&(0x7f0000000280)="8da168035e47d89e15070768a332a0e91f", &(0x7f0000000580)="f75e137d3796ca00f32079178c976a456777c4146f2ce85e47524b67ba04b375fc2e2351738b0e49208b8ec6ad0f66140acb7d2b7b09c82eb84abf1cca01c2fb27884f784e149f7aa8a16bb1c002e22c72aeffdeb4c9"}}, &(0x7f0000000640)=<r3=>0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xa9, 0x1, 0x0, 0x0, 0x0, 0xb, 0x42718, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xd07, 0x40}, 0x100b28, 0x6, 0x80, 0x1, 0xb, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x40, 0x9, 0x7ffc0002}]})
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000004340), 0x8800, 0x0)
lseek(r4, 0x1, 0x4)
timer_settime(r3, 0x0, &(0x7f0000000680)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
pread64(r2, &(0x7f0000000040)=""/54, 0x36, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f0000000140)=""/126, 0x7e}], 0x1, 0xfffffffc, 0x7)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000003c0)={@loopback}, &(0x7f0000000400)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x18)
acct(&(0x7f0000000100)='./file1\x00')
mount_setattr(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000200)={0x20, 0x100073, 0x80000}, 0x20)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
read$watch_queue(r5, &(0x7f0000000140)=""/203, 0xcb)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r7, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
acct(0x0)
acct(0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000000)={'gretap0\x00', 0x4800000})

1.999893888s ago: executing program 4 (id=2697):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
fremovexattr(r0, &(0x7f0000000cc0)=@known='trusted.overlay.upper\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c80)={0xffffffffffffffff, 0xe0, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000005c0)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x6, 0x3, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0], 0x0, 0xd3, &(0x7f00000006c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000980), &(0x7f0000000b00), 0x8, 0x6f, 0x8, 0x8, &(0x7f0000000b40)}}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x20, '\x00', r2, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='kfree\x00', r3}, 0x10)
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r4, &(0x7f0000000440)={0xf97cff8c, 0x8}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000e00)=ANY=[], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000dc0)={r1, &(0x7f0000000d00)="53c5b18a308bddd9ae112239645fabb97e0aa710e7c749e611da5996a1ea5cb5554ca54953b474742609fd540007a7576f66fc222b216a238b4891801078d8b80266a03e304c78a704d65ee52061b8694acdda1767cf77c6dd19015b94ac5cc82162f10dcf3ebd71d227df7b1bc842c43a5dd99666872fddee653f29d9174924a1d0c759f41d63b63a3071cf005709e3d15ea01d48cdb54d9fe2705061b369e8286748d423397fef0a3b"}, 0x20)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x3c1)
ioctl$USBDEVFS_CONNECTINFO(r5, 0x80045520, &(0x7f0000000000))
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0xfffffffffffffffc}, 0x18)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000002110001180090001006c61737400000000480000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001c0003800c00008008000340000000020c0000800800034000000002"], 0xdc}}, 0x0)

1.899668758s ago: executing program 4 (id=2700):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x48}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)

1.786153469s ago: executing program 4 (id=2701):
socket$packet(0x11, 0x3, 0x300)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x6004, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={<r1=>r0})
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f00000000c0)={0x1})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fadvise64(r2, 0x36a9, 0x9, 0x1)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'geneve0\x00', <r4=>0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000300)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1c, 0x0, 0x7ffc1ffb}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b7000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='kvm_unmap_hva_range\x00', r5, 0x0, 0x89}, 0x18)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r2, 0x20, &(0x7f0000000500)={&(0x7f0000000440)=""/99, 0x63, <r7=>0x0, &(0x7f00000004c0)=""/10, 0xa}}, 0x10)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x8, '\x00', r4, r2, 0x5, 0x1, 0x2}, 0x50)
r9 = syz_open_dev$vcsu(&(0x7f0000000700), 0x9, 0x20000)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r10=>r6, {0x5}}, './file0\x00'})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r2, <r11=>0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x19, 0x17, &(0x7f0000000240)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7643c093}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x37}}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @alu={0x7, 0x0, 0xb, 0x8, 0x1, 0x100, 0x4}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x9}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}], &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x11, '\x00', r4, @fallback=0x2b, r2, 0x8, &(0x7f0000000400)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, r7, r5, 0x4, &(0x7f0000000840)=[r8, r2, r9, r10, r11], &(0x7f0000000880)=[{0x0, 0x2, 0x7, 0x7}, {0x2, 0x3, 0x10, 0xc}, {0x4, 0x1, 0x3, 0x8}, {0x3, 0x3, 0x2, 0xa}], 0x10, 0x1}, 0x94)
ioprio_set$uid(0x3, 0x0, 0x4007)
fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000140))
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r12, 0x6, 0xd, &(0x7f0000000200)='vegas', 0x5)
bind$inet(r12, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r12, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14", 0x3}], 0x1}}], 0x1, 0x20008000)
r13 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r13, &(0x7f0000000140)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r14, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0)

1.650585102s ago: executing program 0 (id=2703):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
mq_timedsend(0xffffffffffffffff, &(0x7f0000000400)="8536bca89c648f93097a58ccabe1ee003eb2a8fcee38db0fc2c4f53a3179088eb190eeeb9425bd74f46a00bc85ce20dc34362500bb614ddbf198e8bd78242a73a88e1b9f4b7c114b427f23683b17b478bbc2b5e7", 0x54, 0x80000001, 0x0)

1.605446496s ago: executing program 0 (id=2705):
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xa, 0x4, 0x8, 0x1}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000107000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000030900010073797a310000000054000000030a010400000000000000000100ffff0900030073797a310000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000140004"], 0xe8}}, 0x0)
getpgid(0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e4ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241af5ac30189eced78c1611b972d03bfef046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f381f7092dfb7f6d62986f43ecd509a406c67ea148dbb23749867abbb19987f0b10dfcff289c85adf70eabe71996022ea5a26271fecd6441bdfdae0d03b"], 0x1, 0x240, &(0x7f0000000a00)="$eJzs2k9rXFUYB+D3xkpqSjoj/qMF8aALdXNpsnbRIC2IQcU2QhSkN+ZGh9zOhNwhMCI2K936EVyLS3eCdOkmGz+BC3fZZNmFeGUy0c6EURSrE+zzbOblnvldzuUcDu/iHL7yxe3trTrfKvoxl2UxdzX2414W7ZiL3+zHyy+uf//sjfV3X19ZXb32dkrXV24uLaeULj733XuffP383f6Fd765+O18HLTfPzxa/ung6YNLh7/c/KhTp06dur1+KtJGr9cvNqoybXbq7Tylt6qyqMvU6dbl7sT4VtXb2Rmkoru5uLCzW9Z1KrqDtF0OUr+X+ruDVHxYdLopz/O0uBD8E2tf3WuaOGoevRVN0zz2ZVy4G4s/Riuyx1P2xNXsqVvZM/vZpaOmac16qvwrrP/D7cb6fEQcH+rnI6rP99b21ka/o/GVrehEFWVciVb8HMNtcmJUX39t9dqVdKwdn1V3TvJ39tYemcwvRSva0/NLo3yazM/Hwnh+OVrx5PT88tT8+XjphbF8Hq344YPoRRWbMczez3+6lNKrb66eyl8+/h8AwP9Nnn43tX/L8z8aH+X/pD+cj8n+8FR/dS4un5vttxNRDz7eLqqq3FUo/l4x3D5nYBqKsSK7/UZ7uC4P4IWzPpn4L9xf9PGnG7ObEAAAAAAAAAAAAH/JqUt/2cnjB3otccafCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnHG/BgAA//819sxU")
socket$nl_generic(0x10, 0x3, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x9, 0x6f)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)

1.537536013s ago: executing program 0 (id=2706):
r0 = socket(0x2b, 0x1, 0x1)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, 0x0, 0x0)

1.515955285s ago: executing program 3 (id=2707):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x14, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x92}, 0x50)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r1], 0x50)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0)
timer_create(0x0, &(0x7f0000000600)={0x0, 0x10, 0x3, @thr={&(0x7f0000000280)="8da168035e47d89e15070768a332a0e91f", &(0x7f0000000580)="f75e137d3796ca00f32079178c976a456777c4146f2ce85e47524b67ba04b375fc2e2351738b0e49208b8ec6ad0f66140acb7d2b7b09c82eb84abf1cca01c2fb27884f784e149f7aa8a16bb1c002e22c72aeffdeb4c9"}}, &(0x7f0000000640)=<r3=>0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xa9, 0x1, 0x0, 0x0, 0x0, 0xb, 0x42718, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xd07, 0x40}, 0x100b28, 0x6, 0x80, 0x1, 0xb, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x40, 0x9, 0x7ffc0002}]})
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000004340), 0x8800, 0x0)
lseek(r4, 0x1, 0x4)
timer_settime(r3, 0x0, &(0x7f0000000680)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
pread64(r2, &(0x7f0000000040)=""/54, 0x36, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f0000000140)=""/126, 0x7e}], 0x1, 0xfffffffc, 0x7)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000003c0)={@loopback}, &(0x7f0000000400)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x18)
acct(&(0x7f0000000100)='./file1\x00')
mount_setattr(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000200)={0x20, 0x100073, 0x80000}, 0x20)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
read$watch_queue(r5, &(0x7f0000000140)=""/203, 0xcb)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r7, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
acct(0x0)
acct(0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000000)={'gretap0\x00', 0x4800000})

1.442232352s ago: executing program 1 (id=2709):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000014000480080002400000000008000140"], 0xf0}}, 0x0)

1.437416522s ago: executing program 3 (id=2710):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000c0000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0xe, 0xff0f, &(0x7f0000000540)="e460334470b8d480eb20c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$l2tp(0x2, 0x2, 0x73)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)={0x30, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000011}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r2, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, r5, 0x8, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008041}, 0x4000800)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f00000022c0)=[{{0x0, 0x0, 0x0}, 0x700}], 0x1, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r6}, 0x10)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="270e28bd70000000000004"], 0x14}, 0x1, 0x40030000000000}, 0x4000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000003c0)={0x3, &(0x7f0000000380)=[{0x3, 0x3, 0x8, 0x8}, {0x7, 0x6, 0x5, 0xd}, {0x401, 0x4, 0x9, 0x60}]})

1.401760186s ago: executing program 1 (id=2711):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r2, 0x0, 0x10000001}, 0x18)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x5, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2e, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT')
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f0000000280), &(0x7f00000002c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100000100a7d900"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x4, 0x8, &(0x7f0000002500)=ANY=[@ANYRES64=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x96, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r8, 0xd0009411, 0x0)
clock_nanosleep(0x2, 0x0, 0x0, 0x0)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r10, 0x89a2, &(0x7f0000000200)='bridge0\x00')
ioctl$sock_SIOCBRDELBR(r9, 0x89a3, &(0x7f0000000200)='bridge0\x00')
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x200, 0x80}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x20dc755}]}}}]}, 0x40}}, 0x40000c0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x6}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40080}, 0x4000c00)

1.315408754s ago: executing program 2 (id=2712):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="24000080b9a043c47b19e00e45024ed00d3127d7ad9cfc2992413e3dcd52b487ea40d0bf7548348dc5d1ea4776a2f43e9de275ef67780e18997024bdd59dd89da5137dde9193bab5f7b97e3c2490ab7b7f2b193980f4541b03014453668998c0c18eef91834e3ea100fed2a266b4788a687b127591012aaf6d5417f438b50ec14e609da1716d729febd665834d076f0a9b822e5ae9134913e26f06000000000000002a2790c811303ce73fc7b3bff7ffffffffffffffb6c22167ffb7f7090c89f005b5543a0e4b5ab0fdbc84bf2646482842a0d785ce59b74ccf31a343689cf6351c78b26d9599c339885022f5680079b6e7f0e69effeccde4ffcff99920565d6c1fa7af0e0ddba51ae6f172cbe1f564324c5421e1a5726eb7bdb8a3343e445180917d10f7e3d3930c5c497f01", @ANYRES16=r4, @ANYBLOB="c5ff000600000000003b4c460008004a74", @ANYRES32=0x0, @ANYRES8=r7], 0x24}, 0x1, 0x0, 0x0, 0x20008858}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, &(0x7f0000000180)=""/17, 0x0, 0x11, 0x1, 0x80000001}, 0x28)
r8 = socket(0x400000000010, 0x3, 0x0)
setsockopt$sock_int(r8, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
socket(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r9}, 0x18)
r10 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x840, 0x0)
ioctl$SNAPSHOT_S2RAM(r11, 0x330b)
r12 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r12, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0})
read$ptp(r10, &(0x7f0000000280)=""/176, 0xb0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)
ioctl$TCSBRKP(r1, 0x5425, 0x0)

1.234651432s ago: executing program 3 (id=2713):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="24000080b9a043c47b19e00e45024ed00d3127d7ad9cfc2992413e3dcd52b487ea40d0bf7548348dc5d1ea4776a2f43e9de275ef67780e18997024bdd59dd89da5137dde9193bab5f7b97e3c2490ab7b7f2b193980f4541b03014453668998c0c18eef91834e3ea100fed2a266b4788a687b127591012aaf6d5417f438b50ec14e609da1716d729febd665834d076f0a9b822e5ae9134913e26f06000000000000002a2790c811303ce73fc7b3bff7ffffffffffffffb6c22167ffb7f7090c89f005b5543a0e4b5ab0fdbc84bf2646482842a0d785ce59b74ccf31a343689cf6351c78b26d9599c339885022f5680079b6e7f0e69effeccde4ffcff99920565d6c1fa7af0e0ddba51ae6f172cbe1f564324c5421e1a5726eb7bdb8a3343e445180917d10f7e3d3930c5c497f01", @ANYRES16=r4, @ANYBLOB="c5ff000600000000003b4c460008004a74", @ANYRES32=0x0, @ANYRES8=r7], 0x24}, 0x1, 0x0, 0x0, 0x20008858}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, &(0x7f0000000180)=""/17, 0x0, 0x11, 0x1, 0x80000001}, 0x28)
r8 = socket(0x400000000010, 0x3, 0x0)
setsockopt$sock_int(r8, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
socket(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r9}, 0x18)
r10 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
r11 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x840, 0x0)
ioctl$SNAPSHOT_S2RAM(r11, 0x330b)
r12 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0xfd, 0x3, 0x2, 0x5c, @local, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7800, 0x40, 0x4, 0x4}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r12, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0})
read$ptp(r10, &(0x7f0000000280)=""/176, 0xb0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)
ioctl$TCSBRKP(r1, 0x5425, 0x0)

1.112345054s ago: executing program 1 (id=2714):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0xd, &(0x7f0000000700)=ANY=[@ANYRES16, @ANYRES32, @ANYRES64], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r2=>0x0})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000080), 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=@newqdisc={0x304, 0x24, 0xd0f, 0x70bd2b, 0xfffffffc, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x2d4, 0x2, [@TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x104, 0x2, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0xd}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xe}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x6}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x4}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x7e}]}, {0x24, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x73}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x4}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x6}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x6}]}, {0x24, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x6}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x70b}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4e96}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x3}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x3}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x6}]}, {0x34, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x2}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x6}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x1}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x4}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x3}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xf, [0x2, 0x4, 0x7, 0xf, 0xf, 0xc, 0x1, 0x9, 0x1, 0x6, 0x6, 0x6, 0xb, 0x4, 0xa, 0x4], 0x0, [0xa, 0x0, 0x3, 0x76, 0xff48, 0x9, 0x3, 0x0, 0x89a3, 0x7, 0xe1d2, 0x1, 0x9, 0x0, 0x5, 0x3ff], [0xff, 0x3, 0x9, 0x9, 0x9873, 0x4, 0x400, 0x81, 0x2, 0x2, 0x4, 0x68, 0x0, 0x9, 0x5, 0x40]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x400}, @TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x90, 0x2, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xf74}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x10001}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x5}]}, {0x3c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x7ff}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x7}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x1}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xffff}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0xb6}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x10001}]}]}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xd, [0xc, 0x5, 0xc, 0xe, 0xe, 0x4, 0xd, 0xa, 0xb, 0x2, 0x10, 0x8, 0x8, 0x2, 0xe], 0x0, [0x8, 0x1ff, 0x4, 0x0, 0x0, 0x6, 0x6a, 0x5, 0xf, 0x4, 0x1, 0x400, 0x7, 0x4, 0x6, 0x1180], [0x5, 0x3, 0x0, 0x2, 0x92, 0x100, 0xfff, 0x1, 0x8, 0x6, 0x9, 0x4, 0x3ff, 0x0, 0xe4b1, 0xd]}}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xa, [0x7, 0x5, 0xc, 0xd, 0xe, 0x3, 0x5, 0xe, 0xa, 0xa, 0xe, 0x10, 0xb, 0xf, 0x5, 0x7], 0x1, [0x5, 0x1d7, 0x6, 0x6, 0x400, 0x7, 0x1, 0xff, 0x2, 0xc, 0x3ff, 0x4, 0xc3, 0x0, 0x100, 0x100], [0x0, 0x6, 0x1, 0xfff2, 0xd, 0xfffe, 0x1, 0x0, 0x81, 0x4, 0x1, 0x7, 0xfffb, 0x7, 0x2, 0xf]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x5}]}}]}, 0x304}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r4, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x9, 0x9})
fcntl$lock(r4, 0x5, &(0x7f0000000340)={0x1, 0x1, 0x1000000007, 0xaa})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000904000000040000004500000088140000674b8e47388292c465840f0c993a45da2bd4ba3953ac639552fc5fe95f8a", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
openat(r4, &(0x7f0000000180)='./file2\x00', 0x20242, 0x112)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r7}, 0x10)
setitimer(0x2, 0x0, 0x0)

930.200741ms ago: executing program 4 (id=2715):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES16=0x0, @ANYBLOB="4928a091e3c7e4f64e198f8fcc9c6f65ff72c2cfabda6744444ea47aeb19e4c1d3bd92696df43a79e702bc43ed347805eb640636165ccf1bc297afba35e416c21493a2206865d5b0f74d4e6a84ee0d698699d43657e32493bcdc01c8c3133fc93f58f663bbb03fa1a5f317029aaf8abb1b43d6fe8ada81b93315602f5a43ce4e0d4d104a1c4afa74108fed9c9e4480baefaa3c0c4ad3c2689becf8c13cfb478cf59a181a183438fe9d4f6b1201de497a04c59230b0e101fb496892c379c7783ca78d01cba16f384bfdc0a08033b2a53be3a3b639fd3d9fb0c4d4e951c3d4789ac716c476fc4926565c402d84ad1b2fc6180f90f7dc61c1184462baaddc1ae5", @ANYRES64=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@deltclass={0x24, 0x29, 0x2, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xb, 0xfff3}, {0xffff, 0x9}}}, 0x24}}, 0x74000800)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="04102cbd7000fadbdf251600000008000300", @ANYRES32, @ANYBLOB="0a001a0008021100000100000a00060008021100000100000a00060008021100000000000a001a0008021100000000000a00060008021100000100000a001a0008021100000100000a0006000802110000000000"], 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x48000)
close(r0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
socket$kcm(0x29, 0x2, 0x0)
syz_clone(0x402a2111, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r6, r6, 0x0, 0x40000f63a)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x20081e, &(0x7f0000000840)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xa30}}, {@grpquota}]}, 0x1, 0x52a, &(0x7f0000001440)="$eJzs3c9vHFcdAPDvjL22k7h1WnoABG1oCwFFWcebNqp6gHJCCFVC9AhSauyNFWXXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di7tpPYXmv385FG+9688XzfizPvzbxd7wtgbF2LiO2ImIqI9yNirtyflFu8093y4z7bebi0u/NwKYkse++fSVGe74uen8ldKc85ExE/+E7Ej5PDcdubWw8WG436epmf7zTX5tubWzfvNxdX6iv11VrtzsKdW2/dfrP2BK2ZObL0leZUmfryp3/Y/sZP82rNlnt623Gauk2v7MfJTUbE984i2BBMlO2ZGnZFeCppRLwYEa8W1/9cTBS/TQBglGXZXGRzvXkAYNSlxRxYklbLuYDZSNNqtTuH91JcThutdufGvdbG6nJ3ruxqVNJ79xv1W+Vc4dWoJHl+oUg/ytcO5G9HxAsR8YvpS0W+utRqLA/zxgcAxtiVA+P/f6a74z8AMOKO/tgMADCKjP8AMH6M/wAwfoz/ADB+uuP/pSf9sSzLfnYW1QEAzoHnfwAYP8Z/ABgr33/33XzLdsvvv17+YHPjQeuDm8v19oNqc2OputRaX6uutForxXf2NI87X6PVWlt4IzY+vPrNtXZnvr25dbfZ2ljt3C2+1/tuvVIctX0OLQMABnnhlU/+nOQj8tuXii161nKoDLVmwFlLh10BYGgmhl0BYGi6q331WaAPGHmPnvGf+EMApgdgRBx3BzDT7w+EsizLzq5KwBm7/gXz/zCuyvn/SZ8ChvFz3Px/sTawNwlhJE0OuwLA0GRZctI1/+OkBwIAF9sRc/xXz/M+BBieAe//v1i+/rZ8c+BHyweP+PgsawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX2976v9Vymd/ZSNNqNeK5YgGgSnLvfqN+KyKej4g/TVem8/zCkOsMADyr9G9Juf7X9bnXZx8revnKfnIqIn7yq/d++eFip7P+x4ip5F/Te/s7H5f7a8cGmzmLFgAAR9sbp4vXngf5z3YeLu1t51mfv3+7e1eQx93dmYrd/fiTMVm8zkQlIi7/OynzXUnP3MWz2P4oIj7fr/1JzBZzIN1bloPx89jPnVL8iRPFTx+Ln5YLNKflv8XnTqEuMG4+yfufd/pdf2lcK177X/8zRQ/17Mr+Lz/V0m7RBz6Kv9f/TQzo/66dNMYbv/9uN3XpcNlHEV+cjNiLvdvT/+zFTwbEf/2E8f/ypZdfHVSW/TrievSP3xtrvtNcm29vbt2831xcqa/UV2u1Owt3br11+83afDFHPT94NPjH2zeeH1SWt//ygPgzx7T/q4NOeuAp9zf/e/+HXzki/tdf6xc/jZeOiJ+PiV8b2OLHLV7+3cDn7jz+8uH2Jyf5/d84YfxP/7p1aNlwAGB42ptbDxYbjfq6hMTFT+T/ZS9ANfomvnVesaaif9HPX+te0weKsuypYg3qMU5j1g24CPYv+oj477ArAwAAAAAAAAAAAAAA9HUef7E07DYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwuv4fAAD//9VG0+g=")
r7 = creat(&(0x7f0000000340)='./bus\x00', 0x182)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r7)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r8, 0x0, 0x80005}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)

887.130355ms ago: executing program 2 (id=2716):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB='(\x00', @ANYRES16=r1, @ANYBLOB="a183000000000000000005000000080003"], 0x28}, 0x1, 0x0, 0x0, 0x24048014}, 0x24000040)

858.674828ms ago: executing program 2 (id=2717):
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000180)=0x14)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket(0x1e, 0x4, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

746.550019ms ago: executing program 2 (id=2718):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="24000080b9a043c47b19e00e45024ed00d3127d7ad9cfc2992413e3dcd52b487ea40d0bf7548348dc5d1ea4776a2f43e9de275ef67780e18997024bdd59dd89da5137dde9193bab5f7b97e3c2490ab7b7f2b193980f4541b03014453668998c0c18eef91834e3ea100fed2a266b4788a687b127591012aaf6d5417f438b50ec14e609da1716d729febd665834d076f0a9b822e5ae9134913e26f06000000000000002a2790c811303ce73fc7b3bff7ffffffffffffffb6c22167ffb7f7090c89f005b5543a0e4b5ab0fdbc84bf2646482842a0d785ce59b74ccf31a343689cf6351c78b26d9599c339885022f5680079b6e7f0e69effeccde4ffcff99920565d6c1fa7af0e0ddba51ae6f172cbe1f564324c5421e1a5726eb7bdb8a3343e445180917d10f7e3d3930c5c497f01", @ANYRES16=r4, @ANYBLOB="c5ff000600000000003b4c460008004a74", @ANYRES32=0x0, @ANYRES8=r7], 0x24}, 0x1, 0x0, 0x0, 0x20008858}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, &(0x7f0000000180)=""/17, 0x0, 0x11, 0x1, 0x80000001}, 0x28)
r8 = socket(0x400000000010, 0x3, 0x0)
setsockopt$sock_int(r8, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
socket(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r9}, 0x18)
r10 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
r11 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x840, 0x0)
ioctl$SNAPSHOT_S2RAM(r11, 0x330b)
r12 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0xfd, 0x3, 0x2, 0x5c, @local, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7800, 0x40, 0x4, 0x4}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r12, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0})
read$ptp(r10, &(0x7f0000000280)=""/176, 0xb0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)
ioctl$TCSBRKP(r1, 0x5425, 0x0)

661.305847ms ago: executing program 0 (id=2719):
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xa, 0x4, 0x8, 0x1}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000030900010073797a310000000054000000030a010400000000000000000100ffff0900030073797a310000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000140004"], 0xe8}}, 0x0)
getpgid(0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e4ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241af5ac30189eced78c1611b972d03bfef046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f381f7092dfb7f6d62986f43ecd509a406c67ea148dbb23749867abbb19987f0b10dfcff289c85adf70eabe71996022ea5a26271fecd6441bdfdae0d03b"], 0x1, 0x240, &(0x7f0000000a00)="$eJzs2k9rXFUYB+D3xkpqSjoj/qMF8aALdXNpsnbRIC2IQcU2QhSkN+ZGh9zOhNwhMCI2K936EVyLS3eCdOkmGz+BC3fZZNmFeGUy0c6EURSrE+zzbOblnvldzuUcDu/iHL7yxe3trTrfKvoxl2UxdzX2414W7ZiL3+zHyy+uf//sjfV3X19ZXb32dkrXV24uLaeULj733XuffP383f6Fd765+O18HLTfPzxa/ung6YNLh7/c/KhTp06dur1+KtJGr9cvNqoybXbq7Tylt6qyqMvU6dbl7sT4VtXb2Rmkoru5uLCzW9Z1KrqDtF0OUr+X+ruDVHxYdLopz/O0uBD8E2tf3WuaOGoevRVN0zz2ZVy4G4s/Riuyx1P2xNXsqVvZM/vZpaOmac16qvwrrP/D7cb6fEQcH+rnI6rP99b21ka/o/GVrehEFWVciVb8HMNtcmJUX39t9dqVdKwdn1V3TvJ39tYemcwvRSva0/NLo3yazM/Hwnh+OVrx5PT88tT8+XjphbF8Hq344YPoRRWbMczez3+6lNKrb66eyl8+/h8AwP9Nnn43tX/L8z8aH+X/pD+cj8n+8FR/dS4un5vttxNRDz7eLqqq3FUo/l4x3D5nYBqKsSK7/UZ7uC4P4IWzPpn4L9xf9PGnG7ObEAAAAAAAAAAAAH/JqUt/2cnjB3otccafCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnHG/BgAA//819sxU")
socket$nl_generic(0x10, 0x3, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x9, 0x6f)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)

604.208922ms ago: executing program 3 (id=2720):
ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0)

527.42065ms ago: executing program 3 (id=2721):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x14, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x92}, 0x50)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r1], 0x50)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0)
timer_create(0x0, &(0x7f0000000600)={0x0, 0x10, 0x3, @thr={&(0x7f0000000280)="8da168035e47d89e15070768a332a0e91f", &(0x7f0000000580)="f75e137d3796ca00f32079178c976a456777c4146f2ce85e47524b67ba04b375fc2e2351738b0e49208b8ec6ad0f66140acb7d2b7b09c82eb84abf1cca01c2fb27884f784e149f7aa8a16bb1c002e22c72aeffdeb4c9"}}, &(0x7f0000000640)=<r3=>0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xa9, 0x1, 0x0, 0x0, 0x0, 0xb, 0x42718, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xd07, 0x40}, 0x100b28, 0x6, 0x80, 0x1, 0xb, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x40, 0x9, 0x7ffc0002}]})
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000004340), 0x8800, 0x0)
lseek(r4, 0x1, 0x4)
timer_settime(r3, 0x0, &(0x7f0000000680)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
pread64(r2, &(0x7f0000000040)=""/54, 0x36, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f0000000140)=""/126, 0x7e}], 0x1, 0xfffffffc, 0x7)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000003c0)={@loopback}, &(0x7f0000000400)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x18)
acct(&(0x7f0000000100)='./file1\x00')
mount_setattr(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000200)={0x20, 0x100073, 0x80000}, 0x20)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
read$watch_queue(r5, &(0x7f0000000140)=""/203, 0xcb)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r7, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
acct(0x0)
acct(0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000000)={'gretap0\x00', 0x4800000})

462.966406ms ago: executing program 0 (id=2722):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000c0000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0xe, 0xff0f, &(0x7f0000000540)="e460334470b8d480eb20c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$l2tp(0x2, 0x2, 0x73)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)={0x30, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000011}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r2, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, r5, 0x8, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008041}, 0x4000800)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f00000022c0)=[{{0x0, 0x0, 0x0}, 0x700}], 0x1, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r6}, 0x10)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="270e28bd70000000000004"], 0x14}, 0x1, 0x40030000000000}, 0x4000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000003c0)={0x3, &(0x7f0000000380)=[{0x3, 0x3, 0x8, 0x8}, {0x7, 0x6, 0x5, 0xd}, {0x401, 0x4, 0x9, 0x60}]})

414.08406ms ago: executing program 3 (id=2723):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x89f9, &(0x7f0000000140)={'bond0\x00'})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'xfrm0\x00', &(0x7f00000004c0)=@ethtool_coalesce={0xe, 0x0, 0x5, 0x40, 0x3c, 0x6, 0x6, 0x100, 0x83, 0x72f19384, 0x5b6f, 0x6, 0xfa, 0x80000000, 0x4, 0x7, 0x92, 0xac, 0x9, 0x3, 0xffff, 0x10001, 0x4}})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4}, &(0x7f0000000180), &(0x7f0000000200))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
fchdir(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000023c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x2, 0xb0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000000), &(0x7f0000000180)=r6}, 0x20)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1c)
sendmsg$inet(r7, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, 0x0, 0x5b}, 0x2004c880)
io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r4, 0x19, &(0x7f00000001c0)={0x5, 0x3, 0x8}, 0x0)
sendto$inet6(r7, &(0x7f00000000c0)="b3", 0x1, 0x24000084, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x10)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
unshare(0x22020600)
r11 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_MOD(r11, 0x3, r10, &(0x7f0000000280)={0x3000001b})
write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
ioctl$KDSKBSENT(r9, 0x4b49, &(0x7f0000000c00)={0x9, "86e7a55b8f4e6d27ce084fea12b40f2fd6e78e8fa7d00408167b6a78c2980c11b97ffc823e393a67fddcd600db32cf3ae017818403ba98b091ec7615b90cbb9dc6c5e71260b9a9b772fb65802a13463bc1c801e27f836d9549fcd97ec8f3838b9621020488ac0e5e0fa8d09cb555db36b584c81600492c0d627ed94ddc6fd375d6e5272d8fb3db946f5aa56dd3f626307d89b095b5d9e697469df251a76ea8b6cbf90bea56625b6f73b5b94711aaf86904874acc57e885654f6fa615fb259e6e0f9d9781c2bec7c3b20d755bdbc447b6713b5ba28940bdba9ce0e3db9f65f46caae775080a3cc97e75e8b0805ff7c7159b221d1bbb56abbb2b2d589cdef79482476f2054c28212050c950b47aa96069c748fb85790221c7f41ca8c475610c31bded363383efb8c182ab2dbb303fc569fa7470d9e72bf2470bcbdd1e5732f60dd531f908c68726eb0cbac81dfe0e2c55fe56de5b2af58a5dc0c76786ac68c2791287a6b307997e0d71a69834e9d5624131139bedd4605a0e901ef752e89159ea837cdf38512ae2b585e1dfed228717c007c19d98dce4714a77ddbe64c54279c9e647c92caf84d49f30b35981ac02a3ae02705e6355606addcb4bcc4e8b5320d48139e9f7609fa0b567e9f136e6bdcf84c6c273fba5a021522e44e686c06c5ef52a24daf1523abbb170099db03b39ef218f6bce18fce8ea3c0c4992d45db7d77fb"})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)

293.977792ms ago: executing program 2 (id=2724):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x3800488, &(0x7f0000002200), 0x66, 0x78f, &(0x7f0000002240)="$eJzs3c1rXFUbAPDnTr7Tvm/zwgtaVwFBA6UTU2Or4KLiQgQLBV3bhsk01kwyJTMpTQjYIoIbQcWFoJuuFevOrehW/wsXUimaFisuJHLnI5kmM0nGTmZq+/vBTc65594597nnfpyZc5kJ4JE1nv7JRByNiA+TiCO1+UlEDFRS/RGnq8vdXV/LpVMSGxuv/5pUlrmzvpaLhnVSh2qZxyPiu/cijmV21ltaWZ2fKRTyS7X8ZHnh0mRpZfX4xYWZufxcfvHk1PT0iVPPnTrZuVh//3H18C8fvfL0V6f/fPexGx98n8TpOFwra4yjU8ZjvLZPBtJdeI+XO11ZjyW7Fzc5AngQpA3TVz3L42gcib5KqoWRbm4ZAHBQ3omIjVb6WpYAAP9qSev7PwDwUKp/DnBnfS1Xn3r7iUR33XopIoar8dfHN6sl/bUxu+HKOOjoneSekZEkIsY6UP94RHz+zZtfplMc0DgkQDNXr0XE+bHxndf/ZNszC+0P/j6zj2XGt+Xbu/7tMlYN7OnbtP/zfLP+X2az/xNN+j9DTc7df2Lv8z9zswPVtJT2/15seLbtbkP8NWN9tdx/Kn2+geTCxUI+vbb9NyImYmAozU/tUsfE7b9utypr7P/99vHbX6T1p/+3lsjc7B+6d53ZmfLM/cTc6Na1iCf6m8WfbLZ/0qL/e3afdbz6wvuftSpL40/jrU874z9YG9cjnmra/ltPtCW7Pp84WTkcJusHRRNf//TpaKv6G9s/ndL66+8FuiFt/9Hd4x9LGp/XLLVfxw/X32pZti3+gZ3xNz/+B5M3KunB2rwrM+Xy0lTEYPLazvknttat5+vLp/FPPNn8/N/t+E/fE55vf1fsFX9P2n+2rfZvP3Hj7nxfq/r3jj9t/+lKaqI2Zz/Xv/1u4P3sOwAAAAAAAAAAAAAAAAAAAAAAAADYr0xEHI4kk91MZzLZbPU3vP8fo5lCsVQ+dqG4vDgbld/KHouBTP2rLo80fB/qVO378Ov5E9vyz0bE/yLik6GRSj6bKxZmex08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQcavH7/6mfh3q9dQDAgRnu6/UWAADdNtzf6y0AALptuK2lRw5sOwCA7mnv/g8APAzc/wHg0eP+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAE7e+ZMOm38sb6WS/Ozl1eW54uXj8/mS/PZheVcNldcupSdKxbnCvlsrrjQ8oWuVv8VisVL07G4fGWynC+VJ0srq+cWisuL5XMXF2bm8ufyA5sr9HUhOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYn9LK6vxMoZBfkpB4+BMRnX7Bq9Xz6EEJsHOJGNy6Soz07PoEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8KD7OwAA//808SKR")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
set_mempolicy(0x1, 0x0, 0x5)
mount(&(0x7f0000003340)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000300)='./bus\x00', 0x6200, 0x5d)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./bus/file0\x00'}, 0x18)
preadv2(r2, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x2, 0x0, 0x0, 0x0)

198.460812ms ago: executing program 0 (id=2726):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r2, 0x0, 0x10000001}, 0x18)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x5, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2e, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT')
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f0000000280), &(0x7f00000002c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100000100a7d900"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x4, 0x8, &(0x7f0000002500)=ANY=[@ANYRES64=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x96, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r8, 0xd0009411, 0x0)
clock_nanosleep(0x2, 0x0, 0x0, 0x0)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r10, 0x89a2, &(0x7f0000000200)='bridge0\x00')
ioctl$sock_SIOCBRDELBR(r9, 0x89a3, &(0x7f0000000200)='bridge0\x00')
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x200, 0x80}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x20dc755}]}}}]}, 0x40}}, 0x40000c0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x6}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40080}, 0x4000c00)

62.035105ms ago: executing program 2 (id=2727):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="24000080b9a043c47b19e00e45024ed00d3127d7ad9cfc2992413e3dcd52b487ea40d0bf7548348dc5d1ea4776a2f43e9de275ef67780e18997024bdd59dd89da5137dde9193bab5f7b97e3c2490ab7b7f2b193980f4541b03014453668998c0c18eef91834e3ea100fed2a266b4788a687b127591012aaf6d5417f438b50ec14e609da1716d729febd665834d076f0a9b822e5ae9134913e26f06000000000000002a2790c811303ce73fc7b3bff7ffffffffffffffb6c22167ffb7f7090c89f005b5543a0e4b5ab0fdbc84bf2646482842a0d785ce59b74ccf31a343689cf6351c78b26d9599c339885022f5680079b6e7f0e69effeccde4ffcff99920565d6c1fa7af0e0ddba51ae6f172cbe1f564324c5421e1a5726eb7bdb8a3343e445180917d10f7e3d3930c5c497f01", @ANYRES16=r4, @ANYBLOB="c5ff000600000000003b4c460008004a74", @ANYRES32=0x0, @ANYRES8=r7], 0x24}, 0x1, 0x0, 0x0, 0x20008858}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, &(0x7f0000000180)=""/17, 0x0, 0x11, 0x1, 0x80000001}, 0x28)
r8 = socket(0x400000000010, 0x3, 0x0)
setsockopt$sock_int(r8, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
socket(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r9}, 0x18)
r10 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x840, 0x0)
ioctl$SNAPSHOT_S2RAM(r11, 0x330b)
r12 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r12, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0})
read$ptp(r10, &(0x7f0000000280)=""/176, 0xb0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)
ioctl$TCSBRKP(r1, 0x5425, 0x0)

0s ago: executing program 4 (id=2728):
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000180)=0x14)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket(0x1e, 0x4, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

kernel console output (not intermixed with test programs):

  184.580886][ T9202] bridge0: port 3(gretap0) entered disabled state
[  184.621396][ T9202] netlink: 'syz.0.1947': attribute type 13 has an invalid length.
[  184.643904][ T9205] netlink: 'syz.1.1950': attribute type 13 has an invalid length.
[  184.675323][ T9195] lo speed is unknown, defaulting to 1000
[  184.824634][ T9201] lo speed is unknown, defaulting to 1000
[  185.195780][ T9225] bridge0: port 3(gretap0) entered blocking state
[  185.202468][ T9225] bridge0: port 3(gretap0) entered disabled state
[  185.232617][ T9225] gretap0: entered allmulticast mode
[  185.242343][ T9225] gretap0: entered promiscuous mode
[  185.252535][ T9230] netlink: 'syz.0.1958': attribute type 13 has an invalid length.
[  185.264491][ T9222] lo speed is unknown, defaulting to 1000
[  185.274933][   T29] kauditd_printk_skb: 942 callbacks suppressed
[  185.274948][   T29] audit: type=1326 audit(1766473338.955:54867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.321153][ T9226] rdma_rxe: rxe_newlink: failed to add bond0
[  185.354283][   T29] audit: type=1326 audit(1766473338.955:54868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.378021][   T29] audit: type=1326 audit(1766473338.955:54869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.401643][   T29] audit: type=1326 audit(1766473338.955:54870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.425244][   T29] audit: type=1326 audit(1766473338.955:54871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.448896][   T29] audit: type=1326 audit(1766473338.955:54872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.472553][   T29] audit: type=1326 audit(1766473338.955:54873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.496291][   T29] audit: type=1326 audit(1766473338.955:54874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.519902][   T29] audit: type=1326 audit(1766473338.965:54875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.543947][   T29] audit: type=1326 audit(1766473338.965:54876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9223 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d36cd2005 code=0x7ffc0000
[  185.809518][ T9242] __nla_validate_parse: 18 callbacks suppressed
[  185.809538][ T9242] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1964'.
[  185.861019][ T9245] xt_SECMARK: invalid mode: 2
[  185.904635][ T9244] syzkaller0: entered promiscuous mode
[  185.910279][ T9244] syzkaller0: entered allmulticast mode
[  185.944775][ T9247] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1966'.
[  185.969824][ T9247] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1966'.
[  186.026903][ T9249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.055721][ T9249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.320761][ T9272] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1977'.
[  186.330067][ T9272] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1977'.
[  186.350348][ T9267] loop0: detected capacity change from 0 to 1024
[  186.371762][ T9267] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  186.391004][ T9274] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9274 comm=syz.4.1977
[  186.394891][ T9267] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  186.448483][ T9267] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  186.465140][ T9267] EXT4-fs (loop0): orphan cleanup on readonly fs
[  186.474860][ T9267] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.1976: Inode bitmap for bg 0 marked uninitialized
[  186.505498][ T9267] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  186.557618][ T9279] loop4: detected capacity change from 0 to 512
[  186.570548][ T9279] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  186.642062][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.666896][ T9279] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.683563][ T9272] lo speed is unknown, defaulting to 1000
[  186.729821][ T9279] ext4 filesystem being mounted at /390/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  186.813325][ T9289] syzkaller0: entered promiscuous mode
[  186.818976][ T9289] syzkaller0: entered allmulticast mode
[  186.829742][ T9290] xt_SECMARK: invalid mode: 2
[  187.211451][ T9296] netlink: 'syz.0.1982': attribute type 13 has an invalid length.
[  187.266549][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.280331][ T9295] lo speed is unknown, defaulting to 1000
[  187.620888][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1989'.
[  187.717137][ T9312] rdma_rxe: rxe_newlink: failed to add bond0
[  187.795475][ T9323] loop0: detected capacity change from 0 to 512
[  187.822424][ T9323] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  187.866576][ T9323] EXT4-fs (loop0): 1 truncate cleaned up
[  187.872750][ T9323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.971476][ T9323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1994'.
[  188.000829][ T9323] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1994'.
[  188.009995][ T9323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1994'.
[  188.112801][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.216846][ T3489] usb 7-1: enqueue for inactive port 0
[  188.230105][ T3489] usb 7-1: enqueue for inactive port 0
[  188.305669][ T9346] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2003'.
[  188.334943][ T3489] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  188.808288][ T9366] lo speed is unknown, defaulting to 1000
[  189.682394][ T9372] gretap0: left allmulticast mode
[  189.687888][ T9372] gretap0: left promiscuous mode
[  189.693725][ T9372] bridge0: port 3(gretap0) entered disabled state
[  189.754217][ T9378] netlink: 'syz.3.2014': attribute type 13 has an invalid length.
[  189.823657][ T9370] lo speed is unknown, defaulting to 1000
[  189.876549][ T9381] 8021q: adding VLAN 0 to HW filter on device bond1
[  189.920851][ T9385] bond1: (slave batadv1): Opening slave failed
[  189.995590][ T9388] xt_SECMARK: invalid mode: 2
[  190.051792][ T9384] syzkaller0: entered promiscuous mode
[  190.057494][ T9384] syzkaller0: entered allmulticast mode
[  190.285133][   T29] kauditd_printk_skb: 1313 callbacks suppressed
[  190.285151][   T29] audit: type=1326 audit(1766473343.965:56190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9373 comm="syz.1.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  190.389169][ T9408] audit: audit_backlog=65 > audit_backlog_limit=64
[  190.395846][ T9408] audit: audit_lost=36 audit_rate_limit=0 audit_backlog_limit=64
[  190.403793][ T9408] audit: backlog limit exceeded
[  190.408755][ T9408] audit: audit_backlog=65 > audit_backlog_limit=64
[  190.415484][ T9408] audit: audit_lost=37 audit_rate_limit=0 audit_backlog_limit=64
[  190.423320][ T9408] audit: backlog limit exceeded
[  190.429725][   T29] audit: type=1326 audit(1766473343.995:56191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9373 comm="syz.1.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  190.453393][   T29] audit: type=1326 audit(1766473343.995:56192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9373 comm="syz.1.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  190.476987][   T29] audit: type=1326 audit(1766473344.005:56193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9373 comm="syz.1.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  190.564670][ T9408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.573902][ T9410] syz2: rxe_newlink: already configured on bond0
[  190.582927][ T9408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.617480][ T9419] bridge0: port 3(gretap0) entered blocking state
[  190.624173][ T9419] bridge0: port 3(gretap0) entered disabled state
[  190.653124][ T9419] gretap0: entered allmulticast mode
[  190.659183][ T9419] gretap0: entered promiscuous mode
[  190.666394][ T9419] netlink: 'syz.3.2031': attribute type 13 has an invalid length.
[  190.803867][ T9414] lo speed is unknown, defaulting to 1000
[  191.040286][ T9436] gretap0: left allmulticast mode
[  191.045644][ T9436] gretap0: left promiscuous mode
[  191.050856][ T9436] bridge0: port 3(gretap0) entered disabled state
[  191.080360][ T9433] lo speed is unknown, defaulting to 1000
[  191.080519][ T9436] netlink: 'syz.0.2039': attribute type 13 has an invalid length.
[  191.151554][ T9440] __nla_validate_parse: 9 callbacks suppressed
[  191.151569][ T9440] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2042'.
[  191.194759][ T9440] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2042'.
[  191.203491][ T9438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2041'.
[  191.413479][ T9453] rdma_rxe: rxe_newlink: failed to add bond0
[  191.558646][ T9459] syzkaller0: entered promiscuous mode
[  191.564207][ T9459] syzkaller0: entered allmulticast mode
[  191.576344][ T9459] xt_SECMARK: invalid mode: 2
[  191.586701][ T9460] bridge0: port 3(gretap0) entered blocking state
[  191.593294][ T9460] bridge0: port 3(gretap0) entered disabled state
[  191.601512][ T9460] gretap0: entered allmulticast mode
[  191.607233][ T9459] loop2: detected capacity change from 0 to 1024
[  191.636462][ T9460] gretap0: entered promiscuous mode
[  191.646097][ T9457] lo speed is unknown, defaulting to 1000
[  191.658592][ T9460] netlink: 'syz.4.2049': attribute type 13 has an invalid length.
[  191.671720][ T9459] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.689443][ T9459] ext4 filesystem being mounted at /393/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.823773][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.834819][ T9473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2055'.
[  191.937212][ T9480] netlink: 'syz.2.2057': attribute type 29 has an invalid length.
[  191.945279][ T9482] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2058'.
[  191.966531][ T9479] gretap0: left allmulticast mode
[  191.971831][ T9479] gretap0: left promiscuous mode
[  191.977092][ T9479] bridge0: port 3(gretap0) entered disabled state
[  191.999284][ T9479] netlink: 'syz.4.2054': attribute type 13 has an invalid length.
[  192.040767][ T9475] lo speed is unknown, defaulting to 1000
[  192.111464][ T9491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2062'.
[  192.138875][ T9491] netlink: 312 bytes leftover after parsing attributes in process `syz.1.2062'.
[  192.278259][ T9506] bridge0: port 3(gretap0) entered blocking state
[  192.284829][ T9506] bridge0: port 3(gretap0) entered disabled state
[  192.299311][ T9506] gretap0: entered allmulticast mode
[  192.313245][ T9506] gretap0: entered promiscuous mode
[  192.329897][ T9511] netlink: 'syz.4.2065': attribute type 13 has an invalid length.
[  192.350264][ T9512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2068'.
[  192.401049][ T9497] lo speed is unknown, defaulting to 1000
[  192.412594][ T9503] syz2: rxe_newlink: already configured on bond0
[  192.645867][ T9530] gretap0: left allmulticast mode
[  192.651069][ T9530] gretap0: left promiscuous mode
[  192.656262][ T9530] bridge0: port 3(gretap0) entered disabled state
[  192.683453][ T9528] lo speed is unknown, defaulting to 1000
[  192.689942][ T9530] netlink: 'syz.1.2076': attribute type 13 has an invalid length.
[  192.860255][ T9539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2080'.
[  193.229195][ T9545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2082'.
[  193.526192][ T9551] lo speed is unknown, defaulting to 1000
[  193.548422][ T9561] loop2: detected capacity change from 0 to 512
[  193.582175][ T9561] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  193.618825][ T9561] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.646028][ T9561] ext4 filesystem being mounted at /403/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  194.116002][ T9576] rdma_rxe: rxe_newlink: failed to add bond0
[  194.251047][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.277804][ T9583] netlink: 'syz.0.2095': attribute type 17 has an invalid length.
[  194.349273][ T9588] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9588 comm=syz.0.2095
[  194.378240][ T9578] loop3: detected capacity change from 0 to 4096
[  194.391659][ T9578] EXT4-fs: Ignoring removed nomblk_io_submit option
[  194.411163][ T9578] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.532198][ T9593] loop0: detected capacity change from 0 to 512
[  194.580783][ T9593] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  194.591106][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.631660][ T9593] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.652813][ T9583] lo speed is unknown, defaulting to 1000
[  194.666783][ T9593] ext4 filesystem being mounted at /390/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  195.060289][ T9613] loop3: detected capacity change from 0 to 512
[  195.081888][ T9613] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  195.097918][ T9614] 8021q: adding VLAN 0 to HW filter on device bond2
[  195.113731][ T9613] EXT4-fs (loop3): 1 truncate cleaned up
[  195.125107][ T9613] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.137787][ T9614] bond2: (slave batadv1): Opening slave failed
[  195.183126][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.260420][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.298240][   T29] kauditd_printk_skb: 1917 callbacks suppressed
[  195.298338][   T29] audit: type=1400 audit(1766473348.975:58111): avc:  denied  { create } for  pid=9617 comm="syz.2.2107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  195.378284][ T9618] rdma_rxe: rxe_newlink: failed to add bond0
[  195.399925][   T29] audit: type=1400 audit(1766473349.015:58112): avc:  denied  { read } for  pid=9617 comm="syz.2.2107" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  195.423166][   T29] audit: type=1400 audit(1766473349.015:58113): avc:  denied  { open } for  pid=9617 comm="syz.2.2107" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  195.446788][   T29] audit: type=1400 audit(1766473349.035:58114): avc:  denied  { create } for  pid=9621 comm="syz.3.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  195.466733][   T29] audit: type=1400 audit(1766473349.035:58115): avc:  denied  { create } for  pid=9622 comm="syz.4.2109" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  195.487598][   T29] audit: type=1400 audit(1766473349.035:58116): avc:  denied  { create } for  pid=9622 comm="syz.4.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  195.507277][   T29] audit: type=1400 audit(1766473349.035:58117): avc:  denied  { ioctl } for  pid=9622 comm="syz.4.2109" path="socket:[29516]" dev="sockfs" ino=29516 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  195.532121][   T29] audit: type=1400 audit(1766473349.035:58118): avc:  denied  { ioctl } for  pid=9622 comm="syz.4.2109" path="socket:[29517]" dev="sockfs" ino=29517 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sock_file permissive=1
[  195.547156][ T9626] loop0: detected capacity change from 0 to 1024
[  195.556823][   T29] audit: type=1400 audit(1766473349.035:58119): avc:  denied  { read } for  pid=9622 comm="syz.4.2109" name="file0" dev="tmpfs" ino=2280 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  195.585755][   T29] audit: type=1400 audit(1766473349.035:58120): avc:  denied  { open } for  pid=9622 comm="syz.4.2109" path="/421/file0" dev="tmpfs" ino=2280 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  195.603321][ T9626] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  195.660689][ T9633] netlink: 'syz.2.2111': attribute type 29 has an invalid length.
[  195.673302][ T9626] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  195.716406][ T9626] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  195.739288][ T9626] EXT4-fs (loop0): orphan cleanup on readonly fs
[  195.764902][ T9626] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.2110: Inode bitmap for bg 0 marked uninitialized
[  195.791740][ T9626] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  195.902765][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.189051][ T9650] loop2: detected capacity change from 0 to 4096
[  196.220716][ T9650] EXT4-fs: Ignoring removed nomblk_io_submit option
[  196.246746][ T9653] loop0: detected capacity change from 0 to 512
[  196.282434][ T9653] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  196.298779][ T9650] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.345628][ T9653] EXT4-fs (loop0): 1 truncate cleaned up
[  196.369782][ T9661] netlink: 'syz.3.2121': attribute type 29 has an invalid length.
[  196.384885][ T9653] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.399942][ T9663] netlink: 'syz.4.2122': attribute type 29 has an invalid length.
[  196.481781][ T9667] __nla_validate_parse: 8 callbacks suppressed
[  196.481798][ T9667] netlink: 768 bytes leftover after parsing attributes in process `syz.4.2123'.
[  196.523378][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.535779][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2118'.
[  196.554116][ T9669] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2124'.
[  196.569702][ T9653] netlink: 312 bytes leftover after parsing attributes in process `syz.0.2118'.
[  196.578902][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2118'.
[  196.616163][ T9669] 8021q: adding VLAN 0 to HW filter on device bond1
[  196.638779][ T9675] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2125'.
[  196.653422][ T9673] bond1: (slave batadv0): Opening slave failed
[  196.670072][ T9675] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2125'.
[  196.690429][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.754883][ T9681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2129'.
[  196.823063][ T9684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2130'.
[  196.870376][ T9686] loop3: detected capacity change from 0 to 512
[  196.922753][ T9686] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  196.949767][ T9686] EXT4-fs (loop3): orphan cleanup on readonly fs
[  197.006384][ T9686] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.2132: corrupted inode contents
[  197.058261][ T9686] EXT4-fs (loop3): Remounting filesystem read-only
[  197.069090][ T9701] loop0: detected capacity change from 0 to 512
[  197.082455][ T9686] EXT4-fs (loop3): 1 truncate cleaned up
[  197.089015][   T97] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  197.099640][ T9701] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  197.109678][   T97] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  197.132481][ T9704] loop4: detected capacity change from 0 to 1024
[  197.150488][ T9701] EXT4-fs (loop0): 1 truncate cleaned up
[  197.156541][ T9707] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2140'.
[  197.167832][ T9704] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  197.200323][ T9701] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.235749][   T97] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  197.246294][ T9704] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  197.247401][ T9686] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  197.272905][ T9704] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  197.308540][ T9704] EXT4-fs (loop4): orphan cleanup on readonly fs
[  197.315754][ T9704] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.2139: Inode bitmap for bg 0 marked uninitialized
[  197.315862][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.338458][ T9704] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  197.364486][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.441347][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.640747][ T9743] loop4: detected capacity change from 0 to 128
[  197.669343][ T9743] EXT4-fs: test_dummy_encryption option not supported
[  197.684213][ T3311] udevd[3311]: incorrect ext4 checksum on /dev/loop4
[  197.714910][ T9748] gretap0: left allmulticast mode
[  197.720058][ T9748] gretap0: left promiscuous mode
[  197.725278][ T9748] bridge0: port 3(gretap0) entered disabled state
[  197.745726][ T9748] netlink: 'syz.3.2153': attribute type 13 has an invalid length.
[  197.915289][ T9756] netlink: 'syz.4.2154': attribute type 1 has an invalid length.
[  197.976045][ T9740] lo speed is unknown, defaulting to 1000
[  198.588190][ T9777] 8021q: adding VLAN 0 to HW filter on device bond1
[  198.798597][ T9789] loop0: detected capacity change from 0 to 1024
[  198.815253][ T9789] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  198.851175][ T9789] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  198.883956][ T9789] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  198.965285][ T9789] EXT4-fs (loop0): orphan cleanup on readonly fs
[  198.978592][ T9789] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.2168: Inode bitmap for bg 0 marked uninitialized
[  199.017589][ T9789] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  199.124932][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.224522][ T9806] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9806 comm=syz.0.2173
[  199.365919][ T9803] smc: net device bond0 applied user defined pnetid SYZ0
[  199.374328][ T9814] loop0: detected capacity change from 0 to 512
[  199.383638][ T9803] smc: net device bond0 erased user defined pnetid SYZ0
[  199.422145][ T9814] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  199.436981][ T9806] lo speed is unknown, defaulting to 1000
[  199.481212][ T9814] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.523705][ T9814] ext4 filesystem being mounted at /409/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  200.095817][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.308325][   T29] kauditd_printk_skb: 1863 callbacks suppressed
[  200.308340][   T29] audit: type=1400 audit(1766473353.985:59976): avc:  denied  { create } for  pid=9845 comm="syz.3.2188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  200.409637][ T9849] 8021q: adding VLAN 0 to HW filter on device bond2
[  200.536047][   T29] audit: type=1400 audit(1766473354.215:59977): avc:  denied  { map_read map_write } for  pid=9852 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  200.605832][   T29] audit: type=1400 audit(1766473354.235:59978): avc:  denied  { prog_run } for  pid=9852 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  200.625170][   T29] audit: type=1400 audit(1766473354.235:59979): avc:  denied  { create } for  pid=9852 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  200.627411][ T9855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.646067][   T29] audit: type=1400 audit(1766473354.245:59980): avc:  denied  { write } for  pid=9852 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  200.646111][   T29] audit: type=1400 audit(1766473354.255:59981): avc:  denied  { create } for  pid=9852 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  200.694873][   T29] audit: type=1400 audit(1766473354.255:59982): avc:  denied  { setopt } for  pid=9852 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  200.707475][ T9855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.717072][   T29] audit: type=1400 audit(1766473354.295:59983): avc:  denied  { read write } for  pid=9854 comm="syz.4.2191" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  200.746059][   T29] audit: type=1400 audit(1766473354.295:59984): avc:  denied  { open } for  pid=9854 comm="syz.4.2191" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  200.769872][   T29] audit: type=1400 audit(1766473354.295:59985): avc:  denied  { ioctl } for  pid=9854 comm="syz.4.2191" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  200.825147][ T9858] loop3: detected capacity change from 0 to 128
[  201.187356][ T9880] bridge0: port 3(gretap0) entered blocking state
[  201.193903][ T9880] bridge0: port 3(gretap0) entered disabled state
[  201.224831][ T9880] gretap0: entered allmulticast mode
[  201.247063][ T9880] gretap0: entered promiscuous mode
[  201.263593][ T9884] gretap0: left allmulticast mode
[  201.268808][ T9884] gretap0: left promiscuous mode
[  201.273958][ T9884] bridge0: port 3(gretap0) entered disabled state
[  201.291888][ T9880] netlink: 'syz.0.2198': attribute type 13 has an invalid length.
[  201.322478][ T9872] lo speed is unknown, defaulting to 1000
[  201.543309][ T9890] rdma_rxe: rxe_newlink: failed to add bond0
[  201.567414][ T9902] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9902 comm=syz.1.2208
[  201.619690][ T9903] __nla_validate_parse: 13 callbacks suppressed
[  201.619710][ T9903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2209'.
[  201.691485][ T9902] lo speed is unknown, defaulting to 1000
[  202.048603][ T9914] loop4: detected capacity change from 0 to 1024
[  202.073302][ T9914] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  202.113845][ T9914] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  202.140810][ T9914] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  202.149194][ T9914] EXT4-fs (loop4): orphan cleanup on readonly fs
[  202.156062][ T9914] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.2213: Inode bitmap for bg 0 marked uninitialized
[  202.169659][ T9914] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  202.213153][ T9919] pim6reg: entered allmulticast mode
[  202.229453][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.231648][ T9919] pim6reg: left allmulticast mode
[  202.296215][ T9924] vlan0: entered promiscuous mode
[  202.307085][ T9924] dummy0: entered promiscuous mode
[  202.312353][ T9924] vlan0: left allmulticast mode
[  202.320201][ T9921] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2215'.
[  202.329502][ T9921] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2215'.
[  202.369888][ T9927] loop4: detected capacity change from 0 to 128
[  202.376353][ T9928] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9928 comm=syz.3.2216
[  202.444619][ T9930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2217'.
[  202.506411][ T9930] 8021q: adding VLAN 0 to HW filter on device bond2
[  202.524304][ T9939] loop3: detected capacity change from 0 to 512
[  202.561653][ T9935] bond2: (slave batadv2): Opening slave failed
[  202.616096][ T9939] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  202.626727][ T9938] bridge0: port 3(gretap0) entered blocking state
[  202.633218][ T9938] bridge0: port 3(gretap0) entered disabled state
[  202.664956][ T9941] netlink: 'syz.2.2219': attribute type 13 has an invalid length.
[  202.684296][ T9938] gretap0: entered allmulticast mode
[  202.695436][ T9939] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.721996][ T9938] gretap0: entered promiscuous mode
[  202.741465][ T9928] lo speed is unknown, defaulting to 1000
[  202.754644][ T9940] gretap0: left allmulticast mode
[  202.759756][ T9940] gretap0: left promiscuous mode
[  202.765280][ T9940] bridge0: port 3(gretap0) entered disabled state
[  202.777762][ T9939] ext4 filesystem being mounted at /441/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  202.816046][ T9934] lo speed is unknown, defaulting to 1000
[  202.938461][ T9953] xt_SECMARK: invalid mode: 2
[  203.046385][ T9953] loop4: detected capacity change from 0 to 1024
[  203.088483][ T9953] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.160943][ T9953] ext4 filesystem being mounted at /445/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  203.267328][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.317720][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.363278][ T9966] loop3: detected capacity change from 0 to 512
[  203.406849][ T9966] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  203.446464][ T9966] EXT4-fs (loop3): orphan cleanup on readonly fs
[  203.487610][ T9966] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.2224: corrupted inode contents
[  203.542523][ T9966] EXT4-fs (loop3): Remounting filesystem read-only
[  203.560393][ T9966] EXT4-fs (loop3): 1 truncate cleaned up
[  203.566586][ T8897] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  203.577344][ T8897] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  203.633880][ T9978] syzkaller0: entered promiscuous mode
[  203.634916][ T8897] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  203.639440][ T9978] syzkaller0: entered allmulticast mode
[  203.668981][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2228'.
[  203.705847][ T9966] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  203.787976][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.835117][ T9983] rdma_rxe: rxe_newlink: failed to add bond0
[  203.958048][ T9997] xt_SECMARK: invalid mode: 2
[  203.985626][ T9994] xt_SECMARK: invalid mode: 2
[  204.005043][ T9990] loop2: detected capacity change from 0 to 1024
[  204.033365][ T9990] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.053365][ T9994] loop3: detected capacity change from 0 to 1024
[  204.060674][ T9990] ext4 filesystem being mounted at /433/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.087875][ T9994] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.100722][ T9994] ext4 filesystem being mounted at /444/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.133043][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.145848][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.307572][T10014] loop0: detected capacity change from 0 to 4096
[  204.321326][T10014] EXT4-fs: Ignoring removed nomblk_io_submit option
[  204.342629][T10014] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.383614][T10014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2239'.
[  204.426500][T10025] syzkaller0: entered promiscuous mode
[  204.432108][T10025] syzkaller0: entered allmulticast mode
[  204.540366][T10026] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  204.591091][T10029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.612065][T10029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.815985][T10030] lo speed is unknown, defaulting to 1000
[  205.094323][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.178957][T10041] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2247'.
[  205.188204][T10041] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2247'.
[  205.229278][T10045] loop0: detected capacity change from 0 to 128
[  205.321020][   T29] kauditd_printk_skb: 2789 callbacks suppressed
[  205.321038][   T29] audit: type=1326 audit(1766473358.995:62769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.381732][   T29] audit: type=1326 audit(1766473359.035:62770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.405597][   T29] audit: type=1326 audit(1766473359.035:62771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.429245][   T29] audit: type=1326 audit(1766473359.035:62772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.452920][   T29] audit: type=1326 audit(1766473359.035:62773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.476559][   T29] audit: type=1326 audit(1766473359.045:62774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.500203][   T29] audit: type=1326 audit(1766473359.045:62775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.524475][   T29] audit: type=1326 audit(1766473359.045:62776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.548438][   T29] audit: type=1326 audit(1766473359.045:62777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.572113][   T29] audit: type=1326 audit(1766473359.055:62778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10043 comm="syz.4.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  205.656975][T10054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10054 comm=syz.1.2251
[  205.692691][T10059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  205.702930][T10059] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  205.836906][T10050] lo speed is unknown, defaulting to 1000
[  206.124821][T10071] smc: net device bond0 applied user defined pnetid SYZ0
[  206.145184][T10071] smc: net device bond0 erased user defined pnetid SYZ0
[  206.237385][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2260'.
[  206.396834][T10082] loop4: detected capacity change from 0 to 512
[  206.474604][T10082] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2263: bg 0: block 248: padding at end of block bitmap is not set
[  206.510458][T10082] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2263: Failed to acquire dquot type 1
[  206.567997][T10092] smc: net device bond0 applied user defined pnetid SYZ0
[  206.579264][T10082] EXT4-fs (loop4): 1 truncate cleaned up
[  206.607743][T10082] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.625111][T10092] smc: net device bond0 erased user defined pnetid SYZ0
[  206.667135][T10082] ext4 filesystem being mounted at /454/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.724057][T10082] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.808191][T10100] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2271'.
[  206.817351][T10100] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2271'.
[  206.872068][T10098] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2270: bg 0: block 248: padding at end of block bitmap is not set
[  206.887609][T10102] pim6reg: entered allmulticast mode
[  206.895172][T10098] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.2270: Failed to acquire dquot type 1
[  206.907378][T10102] pim6reg: left allmulticast mode
[  206.907503][T10098] EXT4-fs (loop0): 1 truncate cleaned up
[  206.918893][T10098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.931872][T10098] ext4 filesystem being mounted at /424/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.943530][T10098] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.012519][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2273'.
[  207.256704][T10118] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10118 comm=syz.0.2278
[  207.303431][T10123] macsec1: entered allmulticast mode
[  207.417847][T10125] set_capacity_and_notify: 2 callbacks suppressed
[  207.417868][T10125] loop0: detected capacity change from 0 to 512
[  207.469914][T10118] lo speed is unknown, defaulting to 1000
[  207.481421][T10125] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  207.516425][T10132] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10132 comm=syz.4.2280
[  207.589836][T10125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.691439][T10139] loop4: detected capacity change from 0 to 512
[  207.706645][T10125] ext4 filesystem being mounted at /427/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  207.717563][T10139] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  207.755725][T10139] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.829946][T10139] ext4 filesystem being mounted at /459/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  207.863684][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2283'.
[  207.879069][T10127] lo speed is unknown, defaulting to 1000
[  208.093561][T10147] bridge0: port 3(gretap0) entered blocking state
[  208.100151][T10147] bridge0: port 3(gretap0) entered disabled state
[  208.115148][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.157989][T10147] gretap0: entered allmulticast mode
[  208.193083][T10153] netlink: 'syz.3.2284': attribute type 13 has an invalid length.
[  208.208740][T10147] gretap0: entered promiscuous mode
[  208.239486][T10149] gretap0: left allmulticast mode
[  208.244864][T10149] gretap0: left promiscuous mode
[  208.250268][T10149] bridge0: port 3(gretap0) entered disabled state
[  208.257487][T10154] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2287'.
[  208.266584][T10154] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2287'.
[  208.309511][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.319184][T10157] loop2: detected capacity change from 0 to 128
[  208.403406][T10159] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2289'.
[  208.509380][T10159] 8021q: adding VLAN 0 to HW filter on device bond2
[  208.557395][T10165] bond2: (slave batadv1): Opening slave failed
[  208.576486][T10146] lo speed is unknown, defaulting to 1000
[  208.644084][T10169] pim6reg: entered allmulticast mode
[  208.681782][T10169] pim6reg: left allmulticast mode
[  208.716940][T10171] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2292'.
[  208.855187][T10173] syzkaller0: entered promiscuous mode
[  208.860746][T10173] syzkaller0: entered allmulticast mode
[  208.889138][T10180] macsec1: entered allmulticast mode
[  208.891387][T10185] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10185 comm=syz.2.2296
[  208.947761][T10175] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2294'.
[  209.099192][T10190] loop2: detected capacity change from 0 to 512
[  209.154140][T10190] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  209.163881][T10192] smc: net device bond0 applied user defined pnetid SYZ0
[  209.212667][T10192] smc: net device bond0 erased user defined pnetid SYZ0
[  209.271282][T10190] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.351714][T10177] lo speed is unknown, defaulting to 1000
[  209.395373][T10190] ext4 filesystem being mounted at /446/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  209.411177][T10206] pim6reg: entered allmulticast mode
[  209.447108][T10207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2302'.
[  209.714208][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.813525][T10225] loop2: detected capacity change from 0 to 128
[  210.072597][T10235] rdma_rxe: rxe_newlink: failed to add bond0
[  210.269488][T10242] loop2: detected capacity change from 0 to 128
[  210.324837][   T29] kauditd_printk_skb: 1509 callbacks suppressed
[  210.324853][   T29] audit: type=1326 audit(1766473364.005:64284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10232 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  210.399971][   T29] audit: type=1400 audit(1766473364.005:64285): avc:  denied  { firmware_load } for  pid=10241 comm="syz.2.2320" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  210.425128][   T29] audit: type=1326 audit(1766473364.015:64286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.448830][   T29] audit: type=1326 audit(1766473364.015:64287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.468183][T10245] bridge0: port 3(gretap0) entered blocking state
[  210.472604][   T29] audit: type=1326 audit(1766473364.015:64288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.479001][T10245] bridge0: port 3(gretap0) entered disabled state
[  210.502522][   T29] audit: type=1326 audit(1766473364.015:64289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.532587][   T29] audit: type=1326 audit(1766473364.025:64290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.556345][   T29] audit: type=1326 audit(1766473364.025:64291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.580076][   T29] audit: type=1326 audit(1766473364.025:64292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.603715][   T29] audit: type=1326 audit(1766473364.025:64293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10212 comm="syz.1.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6b55772005 code=0x7ffc0000
[  210.644905][T10245] gretap0: entered allmulticast mode
[  210.657726][T10245] gretap0: entered promiscuous mode
[  210.669379][T10246] gretap0: left allmulticast mode
[  210.674553][T10246] gretap0: left promiscuous mode
[  210.679847][T10246] bridge0: port 3(gretap0) entered disabled state
[  210.690912][T10247] netlink: 'syz.3.2321': attribute type 13 has an invalid length.
[  210.773735][T10251] loop0: detected capacity change from 0 to 128
[  210.935725][T10244] lo speed is unknown, defaulting to 1000
[  211.069511][T10257] 8021q: adding VLAN 0 to HW filter on device bond4
[  211.165021][T10264] bond4: (slave batadv2): Opening slave failed
[  211.442429][T10272] rdma_rxe: rxe_newlink: failed to add bond0
[  211.967178][T10290] __nla_validate_parse: 14 callbacks suppressed
[  211.967276][T10290] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2337'.
[  212.000099][T10290] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2337'.
[  212.078182][T10293] loop0: detected capacity change from 0 to 512
[  212.097838][T10293] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  212.129199][T10293] EXT4-fs (loop0): 1 truncate cleaned up
[  212.143143][T10293] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  212.199734][T10293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2338'.
[  212.219713][T10293] netlink: 312 bytes leftover after parsing attributes in process `syz.0.2338'.
[  212.228973][T10293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2338'.
[  212.314042][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.387018][T10299] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10299 comm=syz.0.2340
[  212.464777][T10304] bridge0: port 3(gretap0) entered blocking state
[  212.471460][T10304] bridge0: port 3(gretap0) entered disabled state
[  212.494830][T10304] gretap0: entered allmulticast mode
[  212.511097][T10304] gretap0: entered promiscuous mode
[  212.520775][T10301] lo speed is unknown, defaulting to 1000
[  212.521429][T10305] gretap0: left allmulticast mode
[  212.531652][T10305] gretap0: left promiscuous mode
[  212.536850][T10305] bridge0: port 3(gretap0) entered disabled state
[  212.547698][T10304] netlink: 'syz.3.2341': attribute type 13 has an invalid length.
[  212.751822][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2343'.
[  212.787380][T10319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2347'.
[  212.796527][T10319] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2347'.
[  212.823781][T10319] loop2: detected capacity change from 0 to 128
[  212.886284][T10323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2348'.
[  212.895520][T10323] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2348'.
[  213.452225][T10340] lo speed is unknown, defaulting to 1000
[  213.467696][T10341] bridge0: port 3(gretap0) entered blocking state
[  213.474207][T10341] bridge0: port 3(gretap0) entered disabled state
[  213.480848][T10341] gretap0: entered allmulticast mode
[  213.488232][T10341] gretap0: entered promiscuous mode
[  213.500282][T10341] gretap0: left allmulticast mode
[  213.505502][T10341] gretap0: left promiscuous mode
[  213.510730][T10341] bridge0: port 3(gretap0) entered disabled state
[  213.526566][T10341] netlink: 'syz.2.2354': attribute type 13 has an invalid length.
[  213.716460][T10353] bridge0: port 3(gretap0) entered blocking state
[  213.723042][T10353] bridge0: port 3(gretap0) entered disabled state
[  213.745304][T10353] gretap0: entered allmulticast mode
[  213.759569][T10353] gretap0: entered promiscuous mode
[  213.782916][T10353] netlink: 'syz.3.2358': attribute type 13 has an invalid length.
[  213.804037][T10351] lo speed is unknown, defaulting to 1000
[  214.000867][T10358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.018584][T10358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.118127][T10361] macsec1: entered allmulticast mode
[  214.193659][T10363] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10363 comm=syz.0.2362
[  214.262998][T10363] lo speed is unknown, defaulting to 1000
[  214.318697][T10369] loop0: detected capacity change from 0 to 512
[  214.330058][T10368] syzkaller0: entered promiscuous mode
[  214.335709][T10368] syzkaller0: entered allmulticast mode
[  214.345446][T10369] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  214.357938][T10370] xt_SECMARK: invalid mode: 2
[  214.383976][T10369] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.422481][T10369] ext4 filesystem being mounted at /444/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  214.627934][T10380] syzkaller0: entered promiscuous mode
[  214.633469][T10380] syzkaller0: entered allmulticast mode
[  214.654314][T10383] xt_SECMARK: invalid mode: 2
[  214.674874][T10380] loop4: detected capacity change from 0 to 1024
[  214.700575][T10380] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.737258][T10380] ext4 filesystem being mounted at /477/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  214.758265][T10389] gretap0: left allmulticast mode
[  214.763376][T10389] gretap0: left promiscuous mode
[  214.768519][T10389] bridge0: port 3(gretap0) entered disabled state
[  214.809150][T10389] netlink: 'syz.3.2367': attribute type 13 has an invalid length.
[  214.903941][T10392] bridge0: port 3(gretap0) entered blocking state
[  214.910521][T10392] bridge0: port 3(gretap0) entered disabled state
[  214.947502][T10392] gretap0: entered allmulticast mode
[  214.964639][T10392] gretap0: entered promiscuous mode
[  214.971493][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.980604][T10385] lo speed is unknown, defaulting to 1000
[  214.981133][T10393] gretap0: left allmulticast mode
[  214.991627][T10393] gretap0: left promiscuous mode
[  214.996829][T10393] bridge0: port 3(gretap0) entered disabled state
[  215.011494][T10392] netlink: 'syz.1.2369': attribute type 13 has an invalid length.
[  215.036500][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.174712][T10395] syzkaller0: entered promiscuous mode
[  215.180321][T10395] syzkaller0: entered allmulticast mode
[  215.187855][T10400] xt_SECMARK: invalid mode: 2
[  215.197171][T10391] lo speed is unknown, defaulting to 1000
[  215.358295][   T29] kauditd_printk_skb: 2572 callbacks suppressed
[  215.358313][   T29] audit: type=1400 audit(1766473369.035:66866): avc:  denied  { wake_alarm } for  pid=10406 comm="syz.3.2375" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  215.422960][   T29] audit: type=1326 audit(1766473369.065:66867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.447293][   T29] audit: type=1326 audit(1766473369.065:66868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.471079][   T29] audit: type=1326 audit(1766473369.075:66869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.494659][   T29] audit: type=1326 audit(1766473369.075:66870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.518412][   T29] audit: type=1326 audit(1766473369.075:66871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.542079][   T29] audit: type=1326 audit(1766473369.075:66872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.565763][   T29] audit: type=1326 audit(1766473369.075:66873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.589662][   T29] audit: type=1326 audit(1766473369.075:66874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.613330][   T29] audit: type=1326 audit(1766473369.075:66875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10406 comm="syz.3.2375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9f5963f749 code=0x7ffc0000
[  215.642596][T10410] loop3: detected capacity change from 0 to 128
[  215.752534][T10417] loop4: detected capacity change from 0 to 512
[  215.793459][T10417] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2379: bg 0: block 248: padding at end of block bitmap is not set
[  215.844792][T10417] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2379: Failed to acquire dquot type 1
[  215.899437][T10417] EXT4-fs (loop4): 1 truncate cleaned up
[  215.939060][T10417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.003868][T10424] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10424 comm=syz.3.2381
[  216.005708][T10417] ext4 filesystem being mounted at /480/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  216.086306][T10417] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.159441][T10431] loop3: detected capacity change from 0 to 512
[  216.205906][T10431] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  216.228106][T10424] lo speed is unknown, defaulting to 1000
[  216.277574][T10431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.303370][T10431] ext4 filesystem being mounted at /465/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  216.437502][T10446] netlink: 'syz.4.2384': attribute type 13 has an invalid length.
[  216.677375][T10443] lo speed is unknown, defaulting to 1000
[  216.783593][T10452] syz2: rxe_newlink: already configured on bond0
[  216.825843][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.898309][T10465] loop3: detected capacity change from 0 to 128
[  217.099963][T10475] __nla_validate_parse: 13 callbacks suppressed
[  217.099983][T10475] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2398'.
[  217.129864][T10476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2396'.
[  217.299420][T10485] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2402'.
[  217.368536][T10485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10485 comm=syz.4.2402
[  217.480789][T10489] loop2: detected capacity change from 0 to 512
[  217.509113][T10489] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2403: bg 0: block 248: padding at end of block bitmap is not set
[  217.527876][T10492] loop4: detected capacity change from 0 to 512
[  217.541746][T10485] lo speed is unknown, defaulting to 1000
[  217.550438][T10489] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.2403: Failed to acquire dquot type 1
[  217.563132][T10492] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  217.596454][T10489] EXT4-fs (loop2): 1 truncate cleaned up
[  217.616100][T10492] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.620532][T10489] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.647856][T10489] ext4 filesystem being mounted at /463/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.658982][T10492] ext4 filesystem being mounted at /488/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  217.672044][T10489] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.935437][T10506] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10506 comm=syz.2.2405
[  217.982028][T10505] xt_SECMARK: invalid mode: 2
[  218.000465][T10508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2407'.
[  218.009642][T10508] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2407'.
[  218.067502][T10508] loop3: detected capacity change from 0 to 128
[  218.125409][T10511] loop2: detected capacity change from 0 to 512
[  218.191571][T10511] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  218.262487][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.274471][T10501] lo speed is unknown, defaulting to 1000
[  218.302876][T10511] ext4 filesystem being mounted at /465/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  218.403166][T10516] smc: net device bond0 applied user defined pnetid SYZ0
[  218.435469][T10516] smc: net device bond0 erased user defined pnetid SYZ0
[  218.667146][T10527] loop4: detected capacity change from 0 to 4096
[  218.704914][T10527] EXT4-fs: Ignoring removed nomblk_io_submit option
[  218.773958][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2414'.
[  218.799003][T10536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2416'.
[  218.837947][T10527] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  219.055046][T10545] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2421'.
[  219.136912][T10548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10548 comm=syz.2.2421
[  219.327569][T10551] loop2: detected capacity change from 0 to 512
[  219.369461][T10551] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  219.397093][T10545] lo speed is unknown, defaulting to 1000
[  219.423505][T10551] ext4 filesystem being mounted at /468/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  219.443744][T10550] lo speed is unknown, defaulting to 1000
[  219.773925][T10553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2422'.
[  219.925883][T10566] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2427'.
[  220.175028][T10571] syzkaller0: entered promiscuous mode
[  220.180760][T10571] syzkaller0: entered allmulticast mode
[  220.200255][T10574] loop2: detected capacity change from 0 to 1024
[  220.232556][T10574] ext4 filesystem being mounted at /469/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  220.367555][   T29] kauditd_printk_skb: 1467 callbacks suppressed
[  220.367570][   T29] audit: type=1326 audit(1766473374.045:68339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.1.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f6b5573f749 code=0x7ffc0000
[  220.540189][   T29] audit: type=1326 audit(1766473374.075:68340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.1.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b5573f749 code=0x7ffc0000
[  220.564060][   T29] audit: type=1326 audit(1766473374.085:68341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.1.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f6b5573f749 code=0x7ffc0000
[  220.587889][   T29] audit: type=1326 audit(1766473374.085:68342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.1.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f6b5573f749 code=0x7ffc0000
[  220.612071][   T29] audit: type=1326 audit(1766473374.085:68343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.1.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b5573f749 code=0x7ffc0000
[  220.635935][   T29] audit: type=1400 audit(1766473374.125:68344): avc:  denied  { create } for  pid=10582 comm="syz.4.2432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  220.655993][   T29] audit: type=1400 audit(1766473374.125:68345): avc:  denied  { ioctl } for  pid=10582 comm="syz.4.2432" path="socket:[33441]" dev="sockfs" ino=33441 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  220.681399][   T29] audit: type=1400 audit(1766473374.135:68346): avc:  denied  { create } for  pid=10582 comm="syz.4.2432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  221.117724][   T29] audit: type=1400 audit(1766473374.445:68347): avc:  denied  { open } for  pid=10587 comm="syz.2.2434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  221.137325][   T29] audit: type=1400 audit(1766473374.445:68348): avc:  denied  { kernel } for  pid=10587 comm="syz.2.2434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  221.160453][T10606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10606 comm=syz.2.2438
[  221.364325][T10613] loop2: detected capacity change from 0 to 512
[  221.384935][T10615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.408106][T10613] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  221.427759][T10615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.488291][T10613] ext4 filesystem being mounted at /471/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  221.494746][T10606] lo speed is unknown, defaulting to 1000
[  221.524164][T10617] rdma_rxe: rxe_newlink: failed to add bond0
[  221.569662][T10621] syzkaller0: entered promiscuous mode
[  221.575239][T10621] syzkaller0: entered allmulticast mode
[  221.609916][T10624] loop4: detected capacity change from 0 to 1024
[  221.656530][T10624] ext4 filesystem being mounted at /496/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  221.872418][ T3324] EXT4-fs unmount: 10 callbacks suppressed
[  221.872433][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.030708][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.140620][T10644] bridge0: port 3(gretap0) entered blocking state
[  222.147256][T10644] bridge0: port 3(gretap0) entered disabled state
[  222.171435][T10643] loop2: detected capacity change from 0 to 1024
[  222.202553][T10644] gretap0: entered allmulticast mode
[  222.223267][T10644] gretap0: entered promiscuous mode
[  222.236125][T10643] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  222.262347][T10644] netlink: 'syz.0.2450': attribute type 13 has an invalid length.
[  222.274761][T10645] gretap0: left allmulticast mode
[  222.279844][T10645] gretap0: left promiscuous mode
[  222.285049][T10645] bridge0: port 3(gretap0) entered disabled state
[  222.306293][T10643] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  222.323809][T10639] lo speed is unknown, defaulting to 1000
[  222.350215][T10643] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  222.389986][T10643] EXT4-fs (loop2): orphan cleanup on readonly fs
[  222.422300][T10643] EXT4-fs error (device loop2): ext4_read_inode_bitmap:167: comm syz.2.2451: Inode bitmap for bg 0 marked uninitialized
[  222.502621][T10643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  222.650484][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.755185][T10656] __nla_validate_parse: 2 callbacks suppressed
[  222.755230][T10656] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2454'.
[  222.770728][T10656] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2454'.
[  222.802021][T10656] loop2: detected capacity change from 0 to 128
[  222.868736][T10658] loop0: detected capacity change from 0 to 1024
[  222.903200][T10658] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  222.964720][T10658] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  222.997187][T10658] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  223.037816][T10658] EXT4-fs (loop0): orphan cleanup on readonly fs
[  223.066265][T10658] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.2456: Inode bitmap for bg 0 marked uninitialized
[  223.079977][T10658] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  223.151326][T10666] loop3: detected capacity change from 0 to 512
[  223.162319][T10668] rdma_rxe: rxe_newlink: failed to add bond0
[  223.169175][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.192339][T10666] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  223.249751][T10666] EXT4-fs (loop3): 1 truncate cleaned up
[  223.271111][T10666] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.365297][T10684] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2465'.
[  223.374354][T10684] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2465'.
[  223.439119][T10666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2459'.
[  223.439824][T10684] loop2: detected capacity change from 0 to 128
[  223.459611][T10692] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  223.476991][T10666] netlink: 312 bytes leftover after parsing attributes in process `syz.3.2459'.
[  223.486147][T10666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2459'.
[  223.573522][T10697] FAULT_INJECTION: forcing a failure.
[  223.573522][T10697] name failslab, interval 1, probability 0, space 0, times 0
[  223.586395][T10697] CPU: 1 UID: 0 PID: 10697 Comm: syz.0.2468 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  223.586422][T10697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  223.586443][T10697] Call Trace:
[  223.586455][T10697]  <TASK>
[  223.586466][T10697]  __dump_stack+0x1d/0x30
[  223.586531][T10697]  dump_stack_lvl+0x95/0xd0
[  223.586559][T10697]  dump_stack+0x15/0x1b
[  223.586585][T10697]  should_fail_ex+0x265/0x280
[  223.586615][T10697]  should_failslab+0x8c/0xb0
[  223.586710][T10697]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  223.586761][T10697]  ? __request_module+0x1df/0x3e0
[  223.586784][T10697]  ? should_failslab+0x8c/0xb0
[  223.586815][T10697]  kstrdup+0x3e/0xd0
[  223.586867][T10697]  __request_module+0x1df/0x3e0
[  223.586895][T10697]  ? capable+0x7c/0xb0
[  223.586935][T10697]  ? security_capable+0x83/0x90
[  223.587008][T10697]  dev_load+0x61/0xc0
[  223.587039][T10697]  dev_ioctl+0x777/0x960
[  223.587080][T10697]  sock_ioctl+0x593/0x610
[  223.587177][T10697]  ? __pfx_sock_ioctl+0x10/0x10
[  223.587215][T10697]  __se_sys_ioctl+0xce/0x140
[  223.587282][T10697]  __x64_sys_ioctl+0x43/0x50
[  223.587338][T10697]  x64_sys_call+0x14b0/0x3000
[  223.587406][T10697]  do_syscall_64+0xca/0x2b0
[  223.587453][T10697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.587495][T10697] RIP: 0033:0x7f685352f749
[  223.587527][T10697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.587549][T10697] RSP: 002b:00007f6851f8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  223.587621][T10697] RAX: ffffffffffffffda RBX: 00007f6853785fa0 RCX: 00007f685352f749
[  223.587634][T10697] RDX: 0000200000000080 RSI: 00000000000089f4 RDI: 0000000000000004
[  223.587646][T10697] RBP: 00007f6851f8f090 R08: 0000000000000000 R09: 0000000000000000
[  223.587662][T10697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.587677][T10697] R13: 00007f6853786038 R14: 00007f6853785fa0 R15: 00007ffdba513268
[  223.587703][T10697]  </TASK>
[  223.893783][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.026193][T10713] rdma_rxe: rxe_newlink: failed to add bond0
[  224.237857][T10724] smc: net device bond0 applied user defined pnetid SYZ0
[  224.269613][T10725] bridge0: port 3(gretap0) entered blocking state
[  224.276566][T10725] bridge0: port 3(gretap0) entered disabled state
[  224.284071][T10724] smc: net device bond0 erased user defined pnetid SYZ0
[  224.313215][T10725] gretap0: entered allmulticast mode
[  224.319479][T10726] netlink: 'syz.3.2479': attribute type 13 has an invalid length.
[  224.330450][T10725] gretap0: entered promiscuous mode
[  224.517013][T10734] netlink: 'syz.2.2482': attribute type 29 has an invalid length.
[  224.522275][T10723] lo speed is unknown, defaulting to 1000
[  224.551091][T10733] smc: net device bond0 applied user defined pnetid SYZ0
[  224.606805][T10730] smc: net device bond0 erased user defined pnetid SYZ0
[  224.822927][T10749] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=10749 comm=syz.3.2488
[  224.981282][T10757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2489'.
[  225.148515][T10761] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2492'.
[  225.374681][   T29] kauditd_printk_skb: 999 callbacks suppressed
[  225.374751][   T29] audit: type=1326 audit(1766473379.055:69346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6853562005 code=0x7ffc0000
[  225.405391][   T29] audit: type=1326 audit(1766473379.085:69347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6853562005 code=0x7ffc0000
[  225.429479][   T29] audit: type=1326 audit(1766473379.105:69348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6853562005 code=0x7ffc0000
[  225.453845][   T29] audit: type=1326 audit(1766473379.125:69349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6853562005 code=0x7ffc0000
[  225.478193][   T29] audit: type=1326 audit(1766473379.155:69350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6853562005 code=0x7ffc0000
[  225.503424][   T29] audit: type=1326 audit(1766473379.175:69351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f685352f749 code=0x7ffc0000
[  225.527191][   T29] audit: type=1326 audit(1766473379.175:69352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685352f749 code=0x7ffc0000
[  225.550904][   T29] audit: type=1326 audit(1766473379.175:69353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685352f749 code=0x7ffc0000
[  225.574523][   T29] audit: type=1326 audit(1766473379.175:69354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10739 comm="syz.0.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f685352f749 code=0x7ffc0000
[  225.608620][   T29] audit: type=1400 audit(1766473379.285:69355): avc:  denied  { create } for  pid=10766 comm="syz.0.2494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  225.612445][T10767] syz2: rxe_newlink: already configured on bond0
[  225.662461][T10769] Falling back ldisc for ttyS3.
[  225.773361][T10773] smc: net device bond0 applied user defined pnetid SYZ0
[  225.780720][T10773] smc: net device bond0 erased user defined pnetid SYZ0
[  225.804204][T10775] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2498'.
[  225.874788][T10781] loop3: detected capacity change from 0 to 512
[  225.907553][T10781] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2501: bg 0: block 248: padding at end of block bitmap is not set
[  225.924035][T10777] syz2: rxe_newlink: already configured on bond0
[  225.939344][T10781] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.2501: Failed to acquire dquot type 1
[  225.947861][T10783] syzkaller0: entered promiscuous mode
[  225.956203][T10783] syzkaller0: entered allmulticast mode
[  225.969539][T10781] EXT4-fs (loop3): 1 truncate cleaned up
[  225.975922][T10781] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.989176][T10781] ext4 filesystem being mounted at /480/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.008132][T10781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.216374][T10799] bridge0: port 3(gretap0) entered blocking state
[  226.222894][T10799] bridge0: port 3(gretap0) entered disabled state
[  226.254858][T10799] gretap0: entered allmulticast mode
[  226.264469][T10799] gretap0: entered promiscuous mode
[  226.281330][T10801] gretap0: left allmulticast mode
[  226.286631][T10801] gretap0: left promiscuous mode
[  226.291890][T10801] bridge0: port 3(gretap0) entered disabled state
[  226.301272][T10799] netlink: 'syz.1.2506': attribute type 13 has an invalid length.
[  226.309463][T10796] lo speed is unknown, defaulting to 1000
[  226.587609][T10814] syzkaller0: entered promiscuous mode
[  226.593137][T10814] syzkaller0: entered allmulticast mode
[  226.660306][T10816] loop2: detected capacity change from 0 to 128
[  226.728223][T10820] loop4: detected capacity change from 0 to 512
[  226.749728][T10820] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2517: bg 0: block 248: padding at end of block bitmap is not set
[  226.772740][T10820] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2517: Failed to acquire dquot type 1
[  226.790810][T10820] EXT4-fs (loop4): 1 truncate cleaned up
[  226.811062][T10820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.825707][T10820] ext4 filesystem being mounted at /507/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.837102][T10826] Falling back ldisc for ttyS3.
[  226.838906][T10820] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.842434][T10826] FAULT_INJECTION: forcing a failure.
[  226.842434][T10826] name failslab, interval 1, probability 0, space 0, times 0
[  226.863728][T10826] CPU: 1 UID: 0 PID: 10826 Comm: syz.2.2519 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  226.863768][T10826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  226.863827][T10826] Call Trace:
[  226.863836][T10826]  <TASK>
[  226.863846][T10826]  __dump_stack+0x1d/0x30
[  226.863871][T10826]  dump_stack_lvl+0x95/0xd0
[  226.863978][T10826]  dump_stack+0x15/0x1b
[  226.864005][T10826]  should_fail_ex+0x265/0x280
[  226.864037][T10826]  should_failslab+0x8c/0xb0
[  226.864065][T10826]  __kmalloc_node_noprof+0xbe/0x5c0
[  226.864146][T10826]  ? __vmalloc_node_range_noprof+0x433/0x1310
[  226.864179][T10826]  __vmalloc_node_range_noprof+0x433/0x1310
[  226.864286][T10826]  ? finish_task_switch+0x7a/0x2a0
[  226.864347][T10826]  ? irq_work_queue+0x93/0x100
[  226.864444][T10826]  ? n_tty_open+0x1b/0xd0
[  226.864478][T10826]  vzalloc_noprof+0x82/0xc0
[  226.864506][T10826]  ? n_tty_open+0x1b/0xd0
[  226.864538][T10826]  n_tty_open+0x1b/0xd0
[  226.864591][T10826]  tty_ldisc_failto+0xe8/0x1a0
[  226.864619][T10826]  tty_ldisc_restore+0x71/0xc0
[  226.864639][T10826]  tty_set_ldisc+0x209/0x380
[  226.864659][T10826]  tiocsetd+0x51/0x60
[  226.864766][T10826]  tty_ioctl+0xa79/0xb80
[  226.864792][T10826]  ? __pfx_tty_ioctl+0x10/0x10
[  226.864816][T10826]  __se_sys_ioctl+0xce/0x140
[  226.864855][T10826]  __x64_sys_ioctl+0x43/0x50
[  226.864981][T10826]  x64_sys_call+0x14b0/0x3000
[  226.865164][T10826]  do_syscall_64+0xca/0x2b0
[  226.865202][T10826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.865225][T10826] RIP: 0033:0x7f6d36c9f749
[  226.865286][T10826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.865308][T10826] RSP: 002b:00007f6d356ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  226.865328][T10826] RAX: ffffffffffffffda RBX: 00007f6d36ef5fa0 RCX: 00007f6d36c9f749
[  226.865341][T10826] RDX: 0000200000000300 RSI: 0000000000005423 RDI: 0000000000000005
[  226.865355][T10826] RBP: 00007f6d356ff090 R08: 0000000000000000 R09: 0000000000000000
[  226.865368][T10826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.865421][T10826] R13: 00007f6d36ef6038 R14: 00007f6d36ef5fa0 R15: 00007ffdb8b980d8
[  226.865442][T10826]  </TASK>
[  227.085526][T10826] syz.2.2519: vmalloc error: size 12288, failed to allocated page array size 24, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  227.102897][T10826] CPU: 1 UID: 0 PID: 10826 Comm: syz.2.2519 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  227.102925][T10826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  227.102938][T10826] Call Trace:
[  227.102963][T10826]  <TASK>
[  227.102973][T10826]  __dump_stack+0x1d/0x30
[  227.103000][T10826]  dump_stack_lvl+0x95/0xd0
[  227.103099][T10826]  dump_stack+0x15/0x1b
[  227.103123][T10826]  warn_alloc+0x12b/0x1a0
[  227.103160][T10826]  __vmalloc_node_range_noprof+0x7fc/0x1310
[  227.103193][T10826]  ? finish_task_switch+0x7a/0x2a0
[  227.103335][T10826]  ? n_tty_open+0x1b/0xd0
[  227.103364][T10826]  vzalloc_noprof+0x82/0xc0
[  227.103391][T10826]  ? n_tty_open+0x1b/0xd0
[  227.103418][T10826]  n_tty_open+0x1b/0xd0
[  227.103488][T10826]  tty_ldisc_failto+0xe8/0x1a0
[  227.103512][T10826]  tty_ldisc_restore+0x71/0xc0
[  227.103598][T10826]  tty_set_ldisc+0x209/0x380
[  227.103625][T10826]  tiocsetd+0x51/0x60
[  227.103672][T10826]  tty_ioctl+0xa79/0xb80
[  227.103757][T10826]  ? __pfx_tty_ioctl+0x10/0x10
[  227.103849][T10826]  __se_sys_ioctl+0xce/0x140
[  227.103962][T10826]  __x64_sys_ioctl+0x43/0x50
[  227.104000][T10826]  x64_sys_call+0x14b0/0x3000
[  227.104103][T10826]  do_syscall_64+0xca/0x2b0
[  227.104139][T10826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.104229][T10826] RIP: 0033:0x7f6d36c9f749
[  227.104244][T10826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.104290][T10826] RSP: 002b:00007f6d356ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  227.104314][T10826] RAX: ffffffffffffffda RBX: 00007f6d36ef5fa0 RCX: 00007f6d36c9f749
[  227.104329][T10826] RDX: 0000200000000300 RSI: 0000000000005423 RDI: 0000000000000005
[  227.104343][T10826] RBP: 00007f6d356ff090 R08: 0000000000000000 R09: 0000000000000000
[  227.104355][T10826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.104449][T10826] R13: 00007f6d36ef6038 R14: 00007f6d36ef5fa0 R15: 00007ffdb8b980d8
[  227.104474][T10826]  </TASK>
[  227.104490][T10826] Mem-Info:
[  227.308738][T10826] active_anon:7653 inactive_anon:0 isolated_anon:0
[  227.308738][T10826]  active_file:28090 inactive_file:2577 isolated_file:0
[  227.308738][T10826]  unevictable:0 dirty:274 writeback:0
[  227.308738][T10826]  slab_reclaimable:3433 slab_unreclaimable:150535
[  227.308738][T10826]  mapped:31229 shmem:247 pagetables:1385
[  227.308738][T10826]  sec_pagetables:0 bounce:0
[  227.308738][T10826]  kernel_misc_reclaimable:0
[  227.308738][T10826]  free:1727597 free_pcp:14858 free_cma:0
[  227.335747][T10830] 9p: Bad value for 'rfdno'
[  227.353802][T10826] Node 0 active_anon:30612kB inactive_anon:0kB active_file:112360kB inactive_file:10308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124916kB dirty:1096kB writeback:0kB shmem:988kB kernel_stack:4064kB pagetables:5540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  227.353877][T10826] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  227.415619][T10826] lowmem_reserve[]: 0 2880 7859 7859
[  227.420980][T10826] Node 0 DMA32 free:2945884kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949516kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3528kB free_cma:0kB
[  227.452481][T10826] lowmem_reserve[]: 0 0 4978 4978
[  227.457598][T10826] Node 0 Normal free:3949144kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30612kB inactive_anon:0kB active_file:112360kB inactive_file:10308kB unevictable:0kB writepending:1096kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:55604kB local_pcp:41396kB free_cma:0kB
[  227.466276][T10837] loop3: detected capacity change from 0 to 512
[  227.490823][T10826] lowmem_reserve[]: 0 0 0 0
[  227.490870][T10826] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  227.509041][T10837] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  227.514433][T10826] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 4*16kB (M) 2*32kB (M) 3*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945884kB
[  227.540397][T10826] Node 0 Normal: 899*4kB (UME) 840*8kB (UM) 1309*16kB (UME) 1011*32kB (UM) 643*64kB (UME) 291*128kB (UM) 106*256kB (UM) 65*512kB (UME) 53*1024kB (UME) 45*2048kB (UM) 879*4096kB (UM) = 3949244kB
[  227.559809][T10826] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  227.569168][T10826] 30961 total pagecache pages
[  227.573889][T10826] 0 pages in swap cache
[  227.578103][T10826] Free swap  = 124996kB
[  227.582321][T10826] Total swap = 124996kB
[  227.586537][T10826] 2097051 pages RAM
[  227.590359][T10826] 0 pages HighMem/MovableOnly
[  227.595086][T10826] 81272 pages reserved
[  227.604508][T10837] EXT4-fs (loop3): 1 truncate cleaned up
[  227.617593][T10837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.698548][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.773557][T10849] gretap0: left allmulticast mode
[  227.778990][T10849] gretap0: left promiscuous mode
[  227.784144][T10849] bridge0: port 3(gretap0) entered disabled state
[  227.787334][T10852] loop2: detected capacity change from 0 to 512
[  227.837316][T10852] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  227.846557][T10855] netlink: 'syz.4.2525': attribute type 13 has an invalid length.
[  227.859628][T10852] EXT4-fs (loop2): 1 truncate cleaned up
[  227.891239][T10852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.917415][T10844] lo speed is unknown, defaulting to 1000
[  228.052733][T10852] SELinux: failed to load policy
[  228.087396][T10873] bridge0: port 3(gretap0) entered blocking state
[  228.092475][T10874] __nla_validate_parse: 15 callbacks suppressed
[  228.092526][T10874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2536'.
[  228.093995][T10873] bridge0: port 3(gretap0) entered disabled state
[  228.128389][T10873] gretap0: entered allmulticast mode
[  228.136739][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.148877][T10875] netlink: 'syz.0.2534': attribute type 13 has an invalid length.
[  228.156887][T10873] gretap0: entered promiscuous mode
[  228.166387][T10866] lo speed is unknown, defaulting to 1000
[  228.181319][T10877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.204160][T10877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.273977][T10880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2538'.
[  228.283448][T10880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2538'.
[  228.310721][T10882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.319878][T10882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.855589][T10897] loop3: detected capacity change from 0 to 4096
[  228.862570][T10897] EXT4-fs: Ignoring removed nomblk_io_submit option
[  228.887170][T10897] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.922982][T10897] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  228.957826][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.969445][T10911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10911 comm=syz.4.2548
[  229.002102][T10914] bridge0: port 3(gretap0) entered blocking state
[  229.008689][T10914] bridge0: port 3(gretap0) entered disabled state
[  229.019186][T10914] gretap0: entered allmulticast mode
[  229.025610][T10914] gretap0: entered promiscuous mode
[  229.041118][T10914] netlink: 'syz.1.2549': attribute type 13 has an invalid length.
[  229.075236][T10919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.084462][T10917] loop3: detected capacity change from 0 to 1024
[  229.094481][T10919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.097915][T10917] EXT4-fs: inline encryption not supported
[  229.115757][T10917] ext4: Bad value for 'min_batch_time'
[  229.147564][T10905] lo speed is unknown, defaulting to 1000
[  229.166626][T10920] loop4: detected capacity change from 0 to 512
[  229.188116][T10917] loop3: detected capacity change from 0 to 1764
[  229.198077][T10920] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  229.228166][T10920] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.284260][T10920] ext4 filesystem being mounted at /510/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  229.328088][T10917] loop3: detected capacity change from 0 to 8192
[  229.341047][T10902] lo speed is unknown, defaulting to 1000
[  229.390394][T10917]  loop3: p1 p2 p3 p4
[  229.396260][T10917] loop3: p1 start 13435904 is beyond EOD, truncated
[  229.402928][T10917] loop3: p2 start 4195840 is beyond EOD, truncated
[  229.409590][T10917] loop3: p3 start 458783 is beyond EOD, truncated
[  229.416111][T10917] loop3: p4 start 65537 is beyond EOD, truncated
[  229.464950][T10917] netlink: 'syz.3.2552': attribute type 3 has an invalid length.
[  229.603134][T10933] gretap0: left allmulticast mode
[  229.608416][T10933] gretap0: left promiscuous mode
[  229.614271][T10933] bridge0: port 3(gretap0) entered disabled state
[  229.655026][T10936] netlink: 'syz.1.2555': attribute type 13 has an invalid length.
[  229.691794][T10929] lo speed is unknown, defaulting to 1000
[  229.761794][T10942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2559'.
[  229.770821][T10942] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2559'.
[  229.787848][T10943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2558'.
[  229.800972][T10942] loop0: detected capacity change from 0 to 128
[  229.830621][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.951132][T10949] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2562'.
[  229.960295][T10949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2562'.
[  229.993430][T10949] loop0: detected capacity change from 0 to 128
[  230.064871][T10954] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  230.071444][T10954] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  230.079219][T10954] vhci_hcd vhci_hcd.0: Device attached
[  230.177073][T10961] loop0: detected capacity change from 0 to 512
[  230.216189][T10961] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2566: bg 0: block 248: padding at end of block bitmap is not set
[  230.257692][T10961] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.2566: Failed to acquire dquot type 1
[  230.265286][ T3487] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  230.286675][T10961] EXT4-fs (loop0): 1 truncate cleaned up
[  230.299811][T10961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.325915][T10961] ext4 filesystem being mounted at /489/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.345185][ T3487] usb 5-1: new full-speed USB device number 6 using vhci_hcd
[  230.354085][T10961] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.384658][   T29] kauditd_printk_skb: 2605 callbacks suppressed
[  230.384677][   T29] audit: type=1326 audit(1766473384.055:71955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.466507][   T29] audit: type=1326 audit(1766473384.095:71956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.490176][   T29] audit: type=1326 audit(1766473384.105:71957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.513854][   T29] audit: type=1326 audit(1766473384.105:71958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.537591][   T29] audit: type=1326 audit(1766473384.105:71959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.561593][   T29] audit: type=1326 audit(1766473384.105:71960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.585263][   T29] audit: type=1326 audit(1766473384.105:71961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.609054][   T29] audit: type=1326 audit(1766473384.115:71962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.632730][   T29] audit: type=1326 audit(1766473384.115:71963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.656401][   T29] audit: type=1326 audit(1766473384.115:71964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10946 comm="syz.4.2560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7436c82005 code=0x7ffc0000
[  230.834304][T10980] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2573'.
[  230.843384][T10980] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2573'.
[  230.871489][T10983] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10983 comm=syz.3.2571
[  230.897689][T10986] loop4: detected capacity change from 0 to 128
[  230.963978][T10955] vhci_hcd: connection reset by peer
[  230.994634][ T2028] vhci_hcd vhci_hcd.2: stop threads
[  230.999932][ T2028] vhci_hcd vhci_hcd.2: release socket
[  231.005395][ T2028] vhci_hcd vhci_hcd.2: disconnect device
[  231.024269][T10989] loop3: detected capacity change from 0 to 512
[  231.054545][T10989] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  231.087591][T10989] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.115114][T10989] ext4 filesystem being mounted at /496/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  231.221314][T10976] lo speed is unknown, defaulting to 1000
[  231.252831][T10996] rdma_rxe: rxe_newlink: failed to add bond0
[  231.589291][T11008] macsec1: entered allmulticast mode
[  231.666932][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.823879][T11012] netlink: 'syz.3.2582': attribute type 13 has an invalid length.
[  231.935285][T11011] lo speed is unknown, defaulting to 1000
[  232.303017][T11017] EXT4-fs: Ignoring removed nomblk_io_submit option
[  232.349912][T11017] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.401633][T11017] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  232.435593][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.486797][T11028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.524533][T11028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.623775][T11033] macsec1: entered allmulticast mode
[  232.970866][T11040] lo speed is unknown, defaulting to 1000
[  234.041957][T11055] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  234.089890][T11055] netlink: 'syz.1.2599': attribute type 5 has an invalid length.
[  234.090064][T11055] vhci_hcd vhci_hcd.2: invalid port number 96
[  234.090147][T11055] vhci_hcd vhci_hcd.2: default hub control req: 2000 vfffc i0060 l7
[  234.101979][T11058] rdma_rxe: rxe_newlink: failed to add bond0
[  234.207478][T11064] xt_SECMARK: invalid mode: 2
[  234.212175][T11061] syzkaller0: entered promiscuous mode
[  234.212269][T11061] syzkaller0: entered allmulticast mode
[  234.224491][T11063] __nla_validate_parse: 7 callbacks suppressed
[  234.224621][T11063] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2603'.
[  234.270711][T11064] set_capacity_and_notify: 4 callbacks suppressed
[  234.270733][T11064] loop3: detected capacity change from 0 to 1024
[  234.308565][T11064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  234.349319][T11064] ext4 filesystem being mounted at /503/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.548055][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.764870][T11089] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2612'.
[  234.773790][T11089] netlink: 'syz.4.2612': attribute type 30 has an invalid length.
[  234.909139][T11089] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=11089 comm=syz.4.2612
[  234.923996][   T52] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  234.944745][   T52] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  234.953500][   T52] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  234.984915][   T52] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  235.292393][ T3324] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  235.303391][ T3324] CPU: 0 UID: 0 PID: 3324 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  235.303426][ T3324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  235.303508][ T3324] Call Trace:
[  235.303517][ T3324]  <TASK>
[  235.303528][ T3324]  __dump_stack+0x1d/0x30
[  235.303560][ T3324]  dump_stack_lvl+0x95/0xd0
[  235.303588][ T3324]  dump_stack+0x15/0x1b
[  235.303611][ T3324]  dump_header+0x81/0x240
[  235.303638][ T3324]  oom_kill_process+0x295/0x350
[  235.303695][ T3324]  out_of_memory+0x97b/0xb80
[  235.303727][ T3324]  try_charge_memcg+0x610/0xa10
[  235.303764][ T3324]  charge_memcg+0x51/0xc0
[  235.303839][ T3324]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  235.303879][ T3324]  __read_swap_cache_async+0x17b/0x2d0
[  235.303923][ T3324]  swap_cluster_readahead+0x262/0x3c0
[  235.304018][ T3324]  swapin_readahead+0xde/0x820
[  235.304085][ T3324]  ? next_uptodate_folio+0x81c/0x890
[  235.304121][ T3324]  ? percpu_counter_add_batch+0xb6/0x130
[  235.304148][ T3324]  ? __rcu_read_unlock+0x4f/0x70
[  235.304168][ T3324]  ? swap_cache_get_folio+0x277/0x280
[  235.304238][ T3324]  do_swap_page+0x2b4/0x21e0
[  235.304284][ T3324]  ? __pfx_default_wake_function+0x10/0x10
[  235.304338][ T3324]  handle_mm_fault+0x9d8/0x2c60
[  235.304386][ T3324]  do_user_addr_fault+0x630/0x1080
[  235.304504][ T3324]  exc_page_fault+0x62/0xa0
[  235.304541][ T3324]  asm_exc_page_fault+0x26/0x30
[  235.304574][ T3324] RIP: 0033:0x7f7436b25fd7
[  235.304628][ T3324] Code: 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 c8 f7 ea 00 48 69 8c 24 90 00 00 00 e8 03 00 00 8b 78 08 <48> 8b 44 24 18 48 c1 ea 12 4c 8b 0d d9 f6 ea 00 48 01 d1 39 7c 24
[  235.304660][ T3324] RSP: 002b:00007fff932b00f0 EFLAGS: 00010202
[  235.304680][ T3324] RAX: 0000001b34024000 RBX: 000000000000055d RCX: 00000000000395f8
[  235.304696][ T3324] RDX: 0000000002934509 RSI: 00007fff932b0180 RDI: 0000000000000017
[  235.304712][ T3324] RBP: 00007fff932b012c R08: 0000000009d2ea0b R09: 7fffffffffffffff
[  235.304728][ T3324] R10: 3fffffffffffffff R11: 0000000000000202 R12: 0000000000001388
[  235.304743][ T3324] R13: 00000000000927c0 R14: 00000000000395c7 R15: 00007fff932b0180
[  235.304797][ T3324]  </TASK>
[  235.415110][   T29] kauditd_printk_skb: 1107 callbacks suppressed
[  235.415154][   T29] audit: type=1326 audit(1766473389.095:73072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.421192][ T3324] memory: usage 307200kB, limit 307200kB, failcnt 2264
[  235.453807][   T29] audit: type=1326 audit(1766473389.105:73073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.464147][ T3324] memory+swap: usage 307940kB, limit 9007199254740988kB, failcnt 0
[  235.464174][ T3324] kmem: usage 307156kB, limit 9007199254740988kB, failcnt 0
[  235.470297][   T29] audit: type=1326 audit(1766473389.105:73074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.478393][ T3324] Memory cgroup stats for 
[  235.486329][   T29] audit: type=1326 audit(1766473389.105:73075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.494315][ T3324] /syz4:
[  235.550787][ T3487] usb 5-1: enqueue for inactive port 0
[  235.574141][   T29] audit: type=1326 audit(1766473389.105:73076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.672849][   T29] audit: type=1326 audit(1766473389.105:73077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.696667][   T29] audit: type=1326 audit(1766473389.115:73078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.696674][ T3487] usb 5-1: enqueue for inactive port 0
[  235.726007][   T29] audit: type=1326 audit(1766473389.115:73079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.749711][   T29] audit: type=1326 audit(1766473389.115:73080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.764728][ T3487] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  235.773625][   T29] audit: type=1326 audit(1766473389.115:73081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.3.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9f59672005 code=0x7ffc0000
[  235.859139][ T3324] cache 0
[  235.862227][ T3324] rss 53248
[  235.865555][ T3324] shmem 0
[  235.868516][ T3324] mapped_file 0
[  235.871988][ T3324] dirty 0
[  235.875070][ T3324] writeback 28672
[  235.878733][ T3324] workingset_refault_anon 16
[  235.883350][ T3324] workingset_refault_file 13
[  235.888049][ T3324] swap 692224
[  235.891351][ T3324] swapcached 102400
[  235.895207][ T3324] pgpgin 415663
[  235.898686][ T3324] pgpgout 415636
[  235.902250][ T3324] pgfault 148785
[  235.905890][ T3324] pgmajfault 11
[  235.909368][ T3324] inactive_anon 28672
[  235.913420][ T3324] active_anon 81920
[  235.917295][ T3324] inactive_file 0
[  235.920952][ T3324] active_file 0
[  235.924438][ T3324] unevictable 0
[  235.928031][ T3324] hierarchical_memory_limit 314572800
[  235.933441][ T3324] hierarchical_memsw_limit 9223372036854771712
[  235.939730][ T3324] total_cache 0
[  235.943216][ T3324] total_rss 53248
[  235.946904][ T3324] total_shmem 0
[  235.950389][ T3324] total_mapped_file 0
[  235.954420][ T3324] total_dirty 0
[  235.957972][ T3324] total_writeback 28672
[  235.962152][ T3324] total_workingset_refault_anon 16
[  235.967310][ T3324] total_workingset_refault_file 13
[  235.972441][ T3324] total_swap 692224
[  235.976364][ T3324] total_swapcached 102400
[  235.980744][ T3324] total_pgpgin 415663
[  235.984812][ T3324] total_pgpgout 415636
[  235.988911][ T3324] total_pgfault 148785
[  235.993000][ T3324] total_pgmajfault 11
[  235.997034][ T3324] total_inactive_anon 28672
[  236.001557][ T3324] total_active_anon 81920
[  236.006103][ T3324] total_inactive_file 0
[  236.010279][ T3324] total_active_file 0
[  236.014286][ T3324] total_unevictable 0
[  236.018394][ T3324] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.2612,pid=11087,uid=0
[  236.033406][ T3324] Memory cgroup out of memory: Killed process 11087 (syz.4.2612) total-vm:94100kB, anon-rss:1136kB, file-rss:22696kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  236.054829][T11093] syz.4.2612 (11093) used greatest stack depth: 8920 bytes left
[  236.068273][T11111] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2619'.
[  236.102361][T11113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.153030][T11113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.167527][T11117] rdma_rxe: rxe_newlink: failed to add bond0
[  236.372715][T11123] loop3: detected capacity change from 0 to 4096
[  236.382936][T11123] EXT4-fs: Ignoring removed nomblk_io_submit option
[  236.395741][T11123] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.450840][T11123] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  236.502270][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.716750][T11136] bridge0: port 3(gretap0) entered blocking state
[  236.723259][T11136] bridge0: port 3(gretap0) entered disabled state
[  236.734845][T11136] gretap0: entered allmulticast mode
[  236.748589][T11136] gretap0: entered promiscuous mode
[  236.761251][T11135] lo speed is unknown, defaulting to 1000
[  236.771599][T11136] gretap0: left allmulticast mode
[  236.776766][T11136] gretap0: left promiscuous mode
[  236.782007][T11136] bridge0: port 3(gretap0) entered disabled state
[  236.807022][T11139] loop0: detected capacity change from 0 to 1024
[  236.817063][T11139] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  236.834417][T11141] netlink: 'syz.4.2630': attribute type 13 has an invalid length.
[  236.842347][T11140] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2631'.
[  236.851484][T11140] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2631'.
[  236.851733][T11139] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  236.880614][ T2028] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.892063][T11139] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  236.904617][ T2028] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.911426][T11139] EXT4-fs (loop0): orphan cleanup on readonly fs
[  236.913547][ T2028] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.922268][T11139] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.2632: Inode bitmap for bg 0 marked uninitialized
[  236.929307][ T2028] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.965412][T11139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  237.028068][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.053818][T11146] x_tables: duplicate underflow at hook 1
[  237.137243][T11150] loop0: detected capacity change from 0 to 512
[  237.173461][T11150] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  237.205124][T11150] EXT4-fs (loop0): 1 truncate cleaned up
[  237.215090][T11150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.298951][T11150] SELinux: failed to load policy
[  237.319078][T11152] rdma_rxe: rxe_newlink: failed to add bond0
[  237.370276][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.486523][T11166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.506581][T11166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  237.679058][T11174] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11174 comm=syz.4.2645
[  237.779415][T11185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2647'.
[  237.788660][T11185] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2647'.
[  237.814819][T11186] loop4: detected capacity change from 0 to 512
[  237.815998][T11174] lo speed is unknown, defaulting to 1000
[  237.832977][T11186] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  237.898819][T11186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.944738][T11186] ext4 filesystem being mounted at /532/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  238.425834][T11198] xt_ecn: cannot match TCP bits for non-tcp packets
[  238.506481][T11204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.521962][T11204] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.530605][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.610229][T11208] SELinux: failed to load policy
[  238.655881][T11210] loop4: detected capacity change from 0 to 1024
[  238.665612][T11210] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  238.679756][T11210] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  238.691522][T11210] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  238.699688][T11210] EXT4-fs (loop4): orphan cleanup on readonly fs
[  238.707039][T11210] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.2655: Inode bitmap for bg 0 marked uninitialized
[  238.720476][T11210] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  238.746353][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.886156][T11224] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2658'.
[  238.981830][T11226] loop4: detected capacity change from 0 to 2048
[  239.012573][T11226] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.091728][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.100934][T11237] macsec1: entered allmulticast mode
[  239.398410][T11247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2667'.
[  239.407629][T11247] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2667'.
[  239.423761][T11247] loop0: detected capacity change from 0 to 128
[  239.490775][T11249] loop0: detected capacity change from 0 to 512
[  239.511341][T11249] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.2668: invalid block
[  239.535008][T11249] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2668: invalid indirect mapped block 4294967295 (level 1)
[  239.549734][T11249] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2668: invalid indirect mapped block 4294967295 (level 1)
[  239.564998][T11249] EXT4-fs (loop0): 2 truncates cleaned up
[  239.571328][T11249] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.586806][T11249] EXT4-fs error (device loop0): ext4_get_parent:1832: inode #11: comm syz.0.2668: bad parent inode number: 3
[  239.610144][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.871362][T11269] loop2: detected capacity change from 0 to 512
[  239.890607][T11269] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  239.908953][T11269] EXT4-fs (loop2): 1 truncate cleaned up
[  239.921111][T11273] FAULT_INJECTION: forcing a failure.
[  239.921111][T11273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.927130][T11269] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.934632][T11273] CPU: 1 UID: 0 PID: 11273 Comm: syz.1.2678 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  239.934716][T11273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  239.934760][T11273] Call Trace:
[  239.934777][T11273]  <TASK>
[  239.934800][T11273]  __dump_stack+0x1d/0x30
[  239.934902][T11273]  dump_stack_lvl+0x95/0xd0
[  239.934961][T11273]  dump_stack+0x15/0x1b
[  239.935117][T11273]  should_fail_ex+0x265/0x280
[  239.935221][T11273]  should_fail+0xb/0x20
[  239.935364][T11273]  should_fail_usercopy+0x1a/0x20
[  239.935446][T11273]  strncpy_from_user+0x27/0x260
[  239.935541][T11273]  getname_flags+0xae/0x3b0
[  239.935624][T11273]  path_setxattrat+0x223/0x310
[  239.935835][T11273]  __x64_sys_lsetxattr+0x71/0x90
[  239.935895][T11273]  x64_sys_call+0x2ef0/0x3000
[  239.935980][T11273]  do_syscall_64+0xca/0x2b0
[  239.936089][T11273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.936225][T11273] RIP: 0033:0x7f6b5573f749
[  239.936283][T11273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.936336][T11273] RSP: 002b:00007f6b541a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  239.936398][T11273] RAX: ffffffffffffffda RBX: 00007f6b55995fa0 RCX: 00007f6b5573f749
[  239.936444][T11273] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000200000000900
[  239.936486][T11273] RBP: 00007f6b541a7090 R08: 0000000000000000 R09: 0000000000000000
[  239.936560][T11273] R10: 0000000000000025 R11: 0000000000000246 R12: 0000000000000001
[  239.936672][T11273] R13: 00007f6b55996038 R14: 00007f6b55995fa0 R15: 00007ffd839fe118
[  239.936735][T11273]  </TASK>
[  240.194793][T11282] smc: net device bond0 applied user defined pnetid SYZ0
[  240.218427][T11282] smc: net device bond0 erased user defined pnetid SYZ0
[  240.226170][T11283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2680'.
[  240.251209][T11287] SELinux:  Context system_u:object_r:netutils_exec_t:s0 is not valid (left unmapped).
[  240.261914][T11269] SELinux: failed to load policy
[  240.296312][T11284] smc: net device bond0 applied user defined pnetid SYZ0
[  240.303881][T11284] smc: net device bond0 erased user defined pnetid SYZ0
[  240.405819][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.427242][   T29] kauditd_printk_skb: 3726 callbacks suppressed
[  240.427259][   T29] audit: type=1400 audit(1766473394.105:76806): avc:  denied  { create } for  pid=11295 comm="syz.2.2687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  240.482466][   T29] audit: type=1400 audit(1766473394.135:76807): avc:  denied  { map_read map_write } for  pid=11295 comm="syz.2.2687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  240.502684][   T29] audit: type=1400 audit(1766473394.135:76808): avc:  denied  { prog_run } for  pid=11295 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  240.521643][   T29] audit: type=1400 audit(1766473394.145:76809): avc:  denied  { setopt } for  pid=11291 comm="syz.4.2686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  240.561813][T11303] bridge0: port 3(gretap0) entered blocking state
[  240.564142][   T29] audit: type=1400 audit(1766473394.215:76810): avc:  denied  { create } for  pid=11301 comm="syz.0.2689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  240.568524][T11303] bridge0: port 3(gretap0) entered disabled state
[  240.584873][T11303] gretap0: entered allmulticast mode
[  240.588678][   T29] audit: type=1400 audit(1766473394.215:76811): avc:  denied  { open } for  pid=11301 comm="syz.0.2689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  240.616130][T11304] netlink: 'syz.2.2687': attribute type 13 has an invalid length.
[  240.619879][   T29] audit: type=1400 audit(1766473394.215:76812): avc:  denied  { kernel } for  pid=11301 comm="syz.0.2689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  240.647273][   T29] audit: type=1400 audit(1766473394.215:76813): avc:  denied  { tracepoint } for  pid=11301 comm="syz.0.2689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  240.667668][   T29] audit: type=1326 audit(1766473394.225:76814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11301 comm="syz.0.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685352f749 code=0x7ffc0000
[  240.667807][T11303] gretap0: entered promiscuous mode
[  240.696997][   T29] audit: type=1326 audit(1766473394.225:76815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11301 comm="syz.0.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f685352f749 code=0x7ffc0000
[  240.708389][T11296] lo speed is unknown, defaulting to 1000
[  240.732681][T11306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.743091][T11306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  241.036161][T11319] macsec1: entered allmulticast mode
[  241.295600][T11323] SELinux: failed to load policy
[  241.397770][T11327] lo speed is unknown, defaulting to 1000
[  241.411423][T11331] gretap0: left allmulticast mode
[  241.416636][T11331] gretap0: left promiscuous mode
[  241.421738][T11331] bridge0: port 3(gretap0) entered disabled state
[  241.430429][T11331] netlink: 'syz.3.2699': attribute type 13 has an invalid length.
[  241.514361][T11336] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2702'.
[  241.523414][T11336] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2702'.
[  241.537046][T11336] loop3: detected capacity change from 0 to 128
[  241.586247][T11337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2701'.
[  241.671880][T11343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2705'.
[  241.681145][T11343] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2705'.
[  241.692021][T11343] loop0: detected capacity change from 0 to 128
[  241.879773][T11356] smc: net device bond0 applied user defined pnetid SYZ0
[  241.895272][T11356] smc: net device bond0 erased user defined pnetid SYZ0
[  241.922357][T11359] smc: net device bond0 applied user defined pnetid SYZ0
[  241.938327][T11359] smc: net device bond0 erased user defined pnetid SYZ0
[  241.971885][T11362] bridge0: port 3(gretap0) entered blocking state
[  241.978464][T11362] bridge0: port 3(gretap0) entered disabled state
[  242.004924][T11362] gretap0: entered allmulticast mode
[  242.011492][T11362] gretap0: entered promiscuous mode
[  242.027214][T11362] gretap0: left allmulticast mode
[  242.032619][T11362] gretap0: left promiscuous mode
[  242.038014][T11362] bridge0: port 3(gretap0) entered disabled state
[  242.047476][T11358] lo speed is unknown, defaulting to 1000
[  242.054888][T11362] netlink: 'syz.1.2711': attribute type 13 has an invalid length.
[  242.097025][T11361] rdma_rxe: rxe_newlink: failed to add bond0
[  242.129933][T11365] rdma_rxe: rxe_newlink: failed to add bond0
[  242.348791][T11371] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11371 comm=syz.4.2715
[  242.435048][T11371] lo speed is unknown, defaulting to 1000
[  242.476783][T11371] loop4: detected capacity change from 0 to 512
[  242.489858][T11371] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  242.536329][T11371] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.555912][T11371] ext4 filesystem being mounted at /549/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  242.626398][T11383] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2719'.
[  242.635575][T11383] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2719'.
[  242.652069][T11381] rdma_rxe: rxe_newlink: failed to add bond0
[  242.683955][T11386] loop0: detected capacity change from 0 to 128
[  242.907686][T11393] smc: net device bond0 applied user defined pnetid SYZ0
[  242.931781][T11393] smc: net device bond0 erased user defined pnetid SYZ0
[  243.031373][T11396] loop2: detected capacity change from 0 to 2048
[  243.090085][T11396] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.205608][T11402] gretap0: left allmulticast mode
[  243.210819][T11402] gretap0: left promiscuous mode
[  243.216516][T11402] bridge0: port 3(gretap0) entered disabled state
[  243.226556][ T3328] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  243.258159][T11402] netlink: 'syz.0.2726': attribute type 13 has an invalid length.
[  243.269155][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.271779][ T3328] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  243.295136][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.312143][ T3324] ==================================================================
[  243.320293][ T3324] BUG: KCSAN: data-race in shmem_getattr / shmem_recalc_inode
[  243.327822][ T3324] 
[  243.330181][ T3324] read-write to 0xffff8881409a5468 of 8 bytes by task 11377 on cpu 0:
[  243.338393][ T3324]  shmem_recalc_inode+0x3f/0x1f0
[  243.343393][ T3324]  shmem_get_folio_gfp+0x79d/0xd50
[  243.348559][ T3324]  shmem_write_begin+0xfc/0x1f0
[  243.353463][ T3324]  generic_perform_write+0x184/0x490
[  243.358791][ T3324]  shmem_file_write_iter+0xc5/0xf0
[  243.363963][ T3324]  __kernel_write_iter+0x2d6/0x540
[  243.369119][ T3324]  dump_user_range+0x61e/0x8f0
[  243.373931][ T3324]  elf_core_dump+0x1de7/0x1f80
[  243.378750][ T3324]  coredump_write+0xacf/0xdf0
[  243.383470][ T3324]  vfs_coredump+0x24f7/0x2e60
[  243.388187][ T3324]  get_signal+0xd84/0xf70
[  243.392554][ T3324]  arch_do_signal_or_restart+0x96/0x450
[  243.398142][ T3324]  irqentry_exit+0xfb/0x560
[  243.402704][ T3324]  asm_exc_page_fault+0x26/0x30
[  243.407590][ T3324] 
[  243.409947][ T3324] read to 0xffff8881409a5468 of 8 bytes by task 3324 on cpu 1:
[  243.417524][ T3324]  shmem_getattr+0x41/0x200
[  243.419194][T11401] lo speed is unknown, defaulting to 1000
[  243.422076][ T3324]  vfs_getattr_nosec+0x146/0x1e0
[  243.422105][ T3324]  vfs_statx+0x113/0x390
[  243.422129][ T3324]  vfs_fstatat+0x115/0x170
[  243.441491][ T3324]  __se_sys_newfstatat+0x55/0x260
[  243.446567][ T3324]  __x64_sys_newfstatat+0x55/0x70
[  243.451638][ T3324]  x64_sys_call+0x111f/0x3000
[  243.456367][ T3324]  do_syscall_64+0xca/0x2b0
[  243.460941][ T3324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.466890][ T3324] 
[  243.469240][ T3324] value changed: 0x0000000000001ffe -> 0x0000000000002000
[  243.476376][ T3324] 
[  243.478729][ T3324] Reported by Kernel Concurrency Sanitizer on:
[  243.484910][ T3324] CPU: 1 UID: 0 PID: 3324 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  243.494845][ T3324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  243.504943][ T3324] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  243.645393][T11409] rdma_rxe: rxe_newlink: failed to add bond0
[  244.733891][ T1641] gretap0: left allmulticast mode
[  244.739165][ T1641] gretap0: left promiscuous mode
[  244.744364][ T1641] bridge0: port 3(gretap0) entered disabled state
[  244.751873][ T1641] bridge_slave_1: left allmulticast mode
[  244.757690][ T1641] bridge_slave_1: left promiscuous mode
[  244.763464][ T1641] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.774152][ T1641] bridge_slave_0: left allmulticast mode
[  244.779920][ T1641] bridge_slave_0: left promiscuous mode
[  244.785977][ T1641] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.794256][ T1641] bridge_slave_1: left allmulticast mode
[  244.800010][ T1641] bridge_slave_1: left promiscuous mode
[  244.805787][ T1641] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.813374][ T1641] bridge_slave_0: left allmulticast mode
[  244.819152][ T1641] bridge_slave_0: left promiscuous mode
[  244.824996][ T1641] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.833279][ T1641] bridge_slave_1: left allmulticast mode
[  244.839165][ T1641] bridge_slave_1: left promiscuous mode
[  244.845009][ T1641] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.852660][ T1641] bridge_slave_0: left allmulticast mode
[  244.858403][ T1641] bridge_slave_0: left promiscuous mode
[  244.864109][ T1641] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.872582][ T1641] batadv1: left allmulticast mode
[  244.877678][ T1641] batadv1: left promiscuous mode
[  244.882710][ T1641] bridge0: port 4(batadv1) entered disabled state
[  244.889923][ T1641] bridge_slave_1: left allmulticast mode
[  244.895616][ T1641] bridge_slave_1: left promiscuous mode
[  244.901262][ T1641] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.909258][ T1641] bridge_slave_0: left allmulticast mode
[  244.914948][ T1641] bridge_slave_0: left promiscuous mode
[  244.920659][ T1641] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.967683][ T1641] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.976946][ T1641] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.986184][ T1641] bond0 (unregistering): Released all slaves
[  244.994603][ T1641] bond1 (unregistering): Released all slaves
[  245.046209][ T2028] smc: removing ib device syz2
[  245.051809][ T1641] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.061426][ T1641] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.070568][ T1641] bond0 (unregistering): Released all slaves
[  245.079074][ T1641] bond1 (unregistering): Released all slaves
[  245.087650][ T1641] bond2 (unregistering): Released all slaves
[  245.157667][ T1641] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.167229][ T1641] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.176802][ T1641] bond0 (unregistering): Released all slaves
[  245.185301][ T1641] bond1 (unregistering): Released all slaves
[  245.193947][ T1641] bond2 (unregistering): Released all slaves
[  245.223225][ T1641] bond1 (unregistering): (slave geneve2): Releasing active interface
[  245.366503][ T1641] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.376077][ T1641] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.385288][ T1641] bond0 (unregistering): Released all slaves
[  245.393827][ T1641] bond1 (unregistering): Released all slaves
[  245.402195][ T1641] bond2 (unregistering): Released all slaves
[  245.580628][ T1641] IPVS: stopping backup sync thread 10692 ...
[  245.628459][ T1641] hsr_slave_0: left promiscuous mode
[  245.634193][ T1641] hsr_slave_1: left promiscuous mode
[  245.640298][ T1641] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.652162][ T1641] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.662617][ T1641] hsr_slave_0: left promiscuous mode
[  245.668510][ T1641] hsr_slave_1: left promiscuous mode
[  245.674226][ T1641] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.682034][ T1641] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.692258][ T1641] hsr_slave_0: left promiscuous mode
[  245.698253][ T1641] hsr_slave_1: left promiscuous mode
[  245.706377][ T1641] hsr_slave_0: left promiscuous mode
[  245.712042][ T1641] hsr_slave_1: left promiscuous mode
[  245.717791][ T1641] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.725861][ T1641] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.761836][ T1641] team0 (unregistering): Port device team_slave_0 removed
[  245.826334][ T1641] team0 (unregistering): Port device team_slave_1 removed
[  245.836231][ T1641] team0 (unregistering): Port device team_slave_0 removed
[  245.897817][ T1641] team0 (unregistering): Port device team_slave_1 removed
[  245.907775][ T1641] team0 (unregistering): Port device team_slave_0 removed
[  245.976400][ T1641] team0 (unregistering): Port device team_slave_1 removed
[  245.986512][ T1641] team0 (unregistering): Port device team_slave_0 removed
[  247.021627][ T1641] IPVS: stop unused estimator thread 0...