last executing test programs:

1m42.733421737s ago: executing program 3 (id=578):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r2)
sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x19c, r3, 0xe701ac47a3d23ecd, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0x17e, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00\x91d\xe6,\xd3@I\x17\xf3\xbeeI8bz\xdb\xb8s0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93U6\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\xacs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4\x8fK=40\xe8R\x83p,J\xca\x85\xcb\xfa:\xdb\xda\x05\xed\xc8\xad\xa2\xfc0C\x9e3\x8e*\xae\x91\xa4\xc7)\xc0\x87\x9b\xee~\xdb\xac\x03\x90\xb1\x05\x81\xb1j\xfaO`\xa7\xa0\xeb\x83\x13 \xc8\x98\xdb\v \x95\x8eD\xc3\xc6:\xcc%\x88\xc7\xa5\xe5\xfc\xccl\x96F_\x92\xa2\xc3\xea@\"\xb1\x1b`o~B\xb4W\xd8\v\xabCBL\x81A\x92D\xd5{K\xf0\xd5\x91\n\x94\x9b\xd9\xdb2E\\\xb1\x90\xf1\xfc\xc1}\x96\xf4\xba3g\xc8\xf7j\xbc\xf1\x11\xe3\x05\xean9M\xeb&\xd2\xdf\xbe\xa1\xe8[\x91\xa5\x90uX\xd0IH!\xe3\x8a9k\x94\xc8\xde\xea\xc6^\x96\xceV\xb2\xcba\x8b\xbc\xe9'}]}, 0x19c}, 0x1, 0x0, 0x0, 0x2}, 0x4000840)

1m42.318180688s ago: executing program 3 (id=582):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x1, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r2, 0x0, 0x5, &(0x7f0000000240)={@local, @empty, 0xfffb, "66c5aff8a7eb3af1f6cec2e7420000008c84aea31700", 0x96bd, 0x1000000, 0x7e, 0x6b}, 0x3c)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000000080)=0x300, 0x4)

1m41.969861883s ago: executing program 3 (id=590):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00')
close_range(r3, 0xffffffffffffffff, 0x0)

1m41.806264105s ago: executing program 3 (id=595):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1d0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x2a05004, 0x0)
umount2(&(0x7f0000000300)='./file0/file0/file0\x00', 0x1)

1m41.695236253s ago: executing program 3 (id=597):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1m41.230697557s ago: executing program 3 (id=607):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x5, 0x10000000, 0x0, 0x0, 0x40000000)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000004c0)={[{@acl}, {@barrier}, {@barrier_val}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xf8, 0x587, &(0x7f0000002100)="$eJzs3U1rG9caAOB3ZMn5cO6NAyHcexeXQBZNSSPHdj9SKDRdljY00O5TYSsmWI6CJYfYDTRZNJtuSiiU0kDpD+i+y9A/0F8RaAOhBNMuSkFl5JGt2JIdOzJSoueBSc6ZD595feY9PqORUABD62T6Ty7ivxHxVRJxtG1bPrKNJ9f2W31yayZdkmg0Pv49iSRb19o/yf4fyyr/iYifv4g4k9vabm15Zb5UqZQXs/pEfeH6RG155ezVhdJcea58bWp6+vwb01Nvv/Vmz2J99dKf33704P3zX55a/ebHR8fuJXEhjmTb2uN4DrfbKydLf2elQlzYtONkDxobJEm/T4A9GcnyvBDpGHA0RrKsB15+n0dEY02uAQyZpJn/YxvjADAkWvOA1r19j+6DXxiP31u7AWrGPtoef37ttZE42Lw3OryaPHVnlN7vjveg/bSNn367fy9dYvvXIQ7tUAfYldt3IuJcPr91/E+y8W/vzjVfPN7e5jaG7e8P9NODdP7zWqf5X259/hMd5j9jHXJ3L3bO/9yjHjTTVTr/e6fj/Hd96BofyWr/as75CsmVq5XyuYj4d0ScjsKBtL7d85zzqw8b3ba1z//SJW2/NRfMzuNR/sDTx8yW6qWIGH2euFse34n4X75T/Ml6/ycd+j/9fVzq+BMLW9acKN//f7f2d45/fzV+iHilY/9vPNFKtn8+OdG8HiZaV8VWf9w98Uu39vsdf9r/h7ePfzxpf15b230b3x/8q9xt216v/9Hkk2a5lQQ3S/X64mTEaPJhs36wff3UxrGtemv/NP7Tp7Yf/zpd/+nN16fPGP/d43e77joI/T+7q/7ffeHhB5991639Z+v/15ul09mabPzrLLtWnvUEn/f3BwAAAAAAAIMkFxFHIskV18u5XLG49v6O43E4V6nW6meuVJeuzUbzs7LjUci1nnQfbXs/xGT2fthWfWpTfToijkXE1yOHmvXiTLUy2+/gAQAAAAAAAAAAAAAAAAAAYECMdfn8f+rXkX6fHbDvml9scKDfZwH0w45f+d+Lb3oCBtKO+Q+8tOQ/DC/5D8NL/sPwkv8wvOQ/DC/5D8NL/gMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXbp4MV0aq09uzaT12RvLS/PVG2dny7X54sLSTHGmuni9OFetzlXKxZnqwk4/r1KtXp+ciqWbE/VyrT5RW165vFBdula/fHWhNFe+XC5s7Jrb38gAAAAAAAAAAAAAAAAAAADgxVFbXpkvVSrlRYWuhXdjIE5jPwNcs6fD84MShUKXwp2se3d3VB8HJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY5J8AAAD//9ybLZI=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000a80)='./file1\x00', 0x8, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@sb={'sb', 0x3d, 0x64}}, {@orlov}, {@quota}, {@data_err_abort}, {@nomblk_io_submit}]}, 0x66, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xc, 0x0, &(0x7f0000000000))

1m41.084225419s ago: executing program 32 (id=607):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x5, 0x10000000, 0x0, 0x0, 0x40000000)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000004c0)={[{@acl}, {@barrier}, {@barrier_val}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xf8, 0x587, &(0x7f0000002100)="$eJzs3U1rG9caAOB3ZMn5cO6NAyHcexeXQBZNSSPHdj9SKDRdljY00O5TYSsmWI6CJYfYDTRZNJtuSiiU0kDpD+i+y9A/0F8RaAOhBNMuSkFl5JGt2JIdOzJSoueBSc6ZD595feY9PqORUABD62T6Ty7ivxHxVRJxtG1bPrKNJ9f2W31yayZdkmg0Pv49iSRb19o/yf4fyyr/iYifv4g4k9vabm15Zb5UqZQXs/pEfeH6RG155ezVhdJcea58bWp6+vwb01Nvv/Vmz2J99dKf33704P3zX55a/ebHR8fuJXEhjmTb2uN4DrfbKydLf2elQlzYtONkDxobJEm/T4A9GcnyvBDpGHA0RrKsB15+n0dEY02uAQyZpJn/YxvjADAkWvOA1r19j+6DXxiP31u7AWrGPtoef37ttZE42Lw3OryaPHVnlN7vjveg/bSNn367fy9dYvvXIQ7tUAfYldt3IuJcPr91/E+y8W/vzjVfPN7e5jaG7e8P9NODdP7zWqf5X259/hMd5j9jHXJ3L3bO/9yjHjTTVTr/e6fj/Hd96BofyWr/as75CsmVq5XyuYj4d0ScjsKBtL7d85zzqw8b3ba1z//SJW2/NRfMzuNR/sDTx8yW6qWIGH2euFse34n4X75T/Ml6/ycd+j/9fVzq+BMLW9acKN//f7f2d45/fzV+iHilY/9vPNFKtn8+OdG8HiZaV8VWf9w98Uu39vsdf9r/h7ePfzxpf15b230b3x/8q9xt216v/9Hkk2a5lQQ3S/X64mTEaPJhs36wff3UxrGtemv/NP7Tp7Yf/zpd/+nN16fPGP/d43e77joI/T+7q/7ffeHhB5991639Z+v/15ul09mabPzrLLtWnvUEn/f3BwAAAAAAAIMkFxFHIskV18u5XLG49v6O43E4V6nW6meuVJeuzUbzs7LjUci1nnQfbXs/xGT2fthWfWpTfToijkXE1yOHmvXiTLUy2+/gAQAAAAAAAAAAAAAAAAAAYECMdfn8f+rXkX6fHbDvml9scKDfZwH0w45f+d+Lb3oCBtKO+Q+8tOQ/DC/5D8NL/sPwkv8wvOQ/DC/5D8NL/gMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXbp4MV0aq09uzaT12RvLS/PVG2dny7X54sLSTHGmuni9OFetzlXKxZnqwk4/r1KtXp+ciqWbE/VyrT5RW165vFBdula/fHWhNFe+XC5s7Jrb38gAAAAAAAAAAAAAAAAAAADgxVFbXpkvVSrlRYWuhXdjIE5jPwNcs6fD84MShUKXwp2se3d3VB8HJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY5J8AAAD//9ybLZI=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000a80)='./file1\x00', 0x8, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@sb={'sb', 0x3d, 0x64}}, {@orlov}, {@quota}, {@data_err_abort}, {@nomblk_io_submit}]}, 0x66, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xc, 0x0, &(0x7f0000000000))

1m32.990868363s ago: executing program 5 (id=800):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
socket$packet(0x11, 0x3, 0x300)

1m32.771152839s ago: executing program 5 (id=803):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000080009000200000008000b"], 0x24}}, 0x10)

1m32.752471721s ago: executing program 5 (id=804):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc86a00", "4617a9f6040839230fb7fead776dd8dc", "c6db0872", "a44a883fca4400"}, 0x28)
ppoll(&(0x7f0000000000)=[{r0, 0x4}], 0x1, 0x0, 0x0, 0x0)

1m32.723401503s ago: executing program 5 (id=807):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@quota}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ")
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[], 0x48)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x9, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
write$binfmt_misc(r0, &(0x7f00000003c0)='(', 0x1)

1m31.94893074s ago: executing program 5 (id=837):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000)

1m31.641496833s ago: executing program 5 (id=848):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xfff3, 0xf}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x34, 0x2, [@TCA_MATCHALL_ACT={0x30, 0x2, [@m_ife={0x2c, 0x21, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40045}, 0x0)

1m31.641337252s ago: executing program 33 (id=848):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xfff3, 0xf}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x34, 0x2, [@TCA_MATCHALL_ACT={0x30, 0x2, [@m_ife={0x2c, 0x21, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40045}, 0x0)

1m23.163879916s ago: executing program 4 (id=1194):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xffffffff}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1m23.140352468s ago: executing program 4 (id=1198):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x6}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

1m23.086294211s ago: executing program 4 (id=1201):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180600000000001700000000000000001812", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70700000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ptrace(0x10, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

1m23.016630937s ago: executing program 4 (id=1203):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@quota}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ")
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[], 0x48)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x9, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
write$binfmt_misc(r0, &(0x7f00000003c0)='(', 0x1)

1m21.896345699s ago: executing program 4 (id=1229):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x53)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000000)
pipe2$watch_queue(0x0, 0x80)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x9, 0x4)
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000600)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @private2={0xfc, 0x2, '\x00', 0xfd}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

1m21.634552328s ago: executing program 4 (id=1240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
syz_clone3(&(0x7f0000000000)={0x170e4000, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r2], 0x1}, 0x58)

1m21.61234973s ago: executing program 34 (id=1240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
syz_clone3(&(0x7f0000000000)={0x170e4000, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r2], 0x1}, 0x58)

27.787635707s ago: executing program 6 (id=3016):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0)
close(r3)
write(r1, 0x0, 0x0)

27.655359367s ago: executing program 6 (id=3029):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f00000001c0)=0x400000001, 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, 0x0, 0x2, 0x0, 0x0, 0x0)

27.571241293s ago: executing program 6 (id=3032):
r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f00000074c0)={0x42, 0x3, 0x3}, 0x10)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000100)={0x30, r0, 0x1, 0x0, 0x0, {{}, {}, {0x14}}}, 0x30}}, 0x0)

27.537997456s ago: executing program 6 (id=3023):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00'}, 0x18)
syz_mount_image$msdos(&(0x7f0000000480), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYRES64=0x0, @ANYRESOCT, @ANYRES32, @ANYRES16, @ANYRES32], 0x1, 0x159, &(0x7f0000000500)="$eJzs27HK01AUB/ATv6hVl87iEHBxKuoTKFJBDChKB4uDQnVppWCX6NRH8YV8FEE6dbuiKbXWVigYY7/+fksP/Sdw7pCc3EBe3Xg3Hk1nb6dPF9HJssjvRRHLLLpxIc6iNg8A4DxZphRfU0rp8jyufIqUUtsdAQBNM/8B4PSY/wBwev40/7ttNgYANOb5i+Hj+2XZf1YUnYgv82pQDerfOn/4qOzfLn7YeBxYVNXgbJ3fqfPi1/xiXF3ld3fml+LWzTr/nj14Um7l12LU/PIBAADgJPSKtZ37+16++uu3vK423g9s7d/zuJ7/kyUAAAeaffg4fj2ZvHmvUBxBMcwi/oM2jq/4/DLioLPavjMBTft50bfdCQAAAAAAAAAAAAAAsM/f+sAoj4h9x7S9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANj2LQAA//+EAU2W")
chdir(&(0x7f0000000100)='./file0\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})

27.33565048s ago: executing program 6 (id=3030):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x6c8100, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22ff8984"], 0xffbf)

27.275770045s ago: executing program 6 (id=3038):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000012c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

27.253990337s ago: executing program 35 (id=3038):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000012c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

5.832698081s ago: executing program 7 (id=3886):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0xce}]})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
fchdir(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x2, 0xe0)

4.959604156s ago: executing program 7 (id=3910):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000ffff0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r3}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @multicast})

4.838571475s ago: executing program 7 (id=3913):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x0, 0x2000, 0x0, {0x0, 0xa}, {0x1}, @rumble={0xfff9, 0x8}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

3.956583549s ago: executing program 7 (id=3940):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4b2, &(0x7f0000001500)="$eJzs3cFvVFsZAPDv3ra0lEKLslCjgoiiIcy0AzSEFW40hpAYiSsXUNuhaTrTaTpTpJVF+R9MJHGlf4ILExcmrNy7050bXJigkvdCX/IW83LvTEspM9D3KDMvnd8vObn33FPmO2du7jnDB50TwMA6FxFbEXEsIu5FxGT7etIucbNVsp97+eLR/PaLR/NJNJt3/pfk7dm12PNnMifarzkWET//ScSvkjfj1jc2l+cqlfJau15sVFeL9Y3Ny0vVucXyYnmlVJqdmZ2+fuVa6dDGerb6p+c/Xrr1i7/+5VvP/r71w99k3Zpot+0dx2FqDX1kN05mOCJufYhgfTDUHs+xfneELySNiK9ExPn8+Z+MofxuAgBHWbM5Gc3JvXUA4KhL8xxYkhbauYCJSNNCoZXDOxPjaaVWb1y6X1tfWWjlyqZiJL2/VClPt3OFUzGSZPWZ/PxVvbSvfiUiTkfEb0eP5/XCfK2y0M8PPgAwwE7sW/8/Hm2t/wDAETfW7w4AAD1n/QeAwWP9B4DBY/0HgMFj/QeAwWP9B4DBY/0HgIHys9u3s9Lcbn//9cKDjfXl2oPLC+X6cqG6Pl+Yr62tFhZrtcX8O3uq73q9Sq22OnM11h8WG+V6o1jf2Lxbra2vNO7m3+t9tzzSk1EBAG9z+uzTfyYRsXXjeF5iz14O1mo42tJ+dwDom6F+dwDoG7t9weDyd3ygwxa9r+n6X4SeHH5fgN64+HX5fxhU8v8wuOT/YXDJ/8PgajYTe/4DwICR4wf8+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fhN5SdJCey/wiUjTQiHiZERMxUhyf6lSno6IUxHxj9GR0aw+0+9OAwDvKf1P0t7/6+LkhYn9rceST0bzY0T8+vd3fvdwrtFYm8mu/3/3euNJ+3qpH/0HAN5lZ53eWcd3vHzxaH6n9LI/z3/U2lw0i7vdLq2W4RjOj2MxEhHjHyXtekv2eWXoEOJvPY6Ir3Uaf5LnRqbaO5/uj5/FPtnT+Olr8dO8rXXM3ouvHkJfYNA8zeafm52evzTO5cfOz/9YPkO9v535b/uN+S/dnf+Gusx/5w4a4+rfftq17XHEN4Y7xU924ydd4l84YPx/ffPb57u1Nf8QcTE6x98bq9iorhbrG5uXl6pzi+XF8kqpNDszO339yrVSMc9RF3cy1W/6741Lp942/vEu8fM7f3ui6/i/d8Dx//HTe7/8zlvi/+C7ne//mfzY+f3P1sTvHzD+3Pifu27fncVf6DL+d93/SweM/+zfmwsH/FEAoAfqG5vLc5VKec2Jk92TnU96X5b+OOn9SZ8nJuCDe/XQ97snAAAAAAAAAAAAAABAN734daJ+jxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICj67MAAAD//9QD1i8=")
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, 0x0, 0x0}, 0x94)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

3.752180794s ago: executing program 7 (id=3949):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20)
write$sndseq(r1, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1)

3.634158453s ago: executing program 7 (id=3955):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x2}, 0x18)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

3.604487235s ago: executing program 36 (id=3955):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x2}, 0x18)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

1.832278475s ago: executing program 2 (id=4009):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
move_mount(r0, 0x0, r1, 0x0, 0x14)
sendfile(r1, r0, 0x0, 0x7ffff000)

1.312687484s ago: executing program 8 (id=4006):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='timer_start\x00', r2}, 0x18)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

1.283318736s ago: executing program 8 (id=4007):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={0x34, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x1a0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x170, 0x2, [@TCA_GRED_LIMIT={0x8}, @TCA_GRED_DPS={0x10}, @TCA_GRED_STAB={0xfffffffffffffdaa, 0x2, "9ffe2b337685d6c62f148c806e5059b783f6f41b531d60250867ae03fd97e13d4cf520900107e5d7c0213877eb58f8279c529e67715fb04803db949412a38c6d9d02fd8b04ab2d8e666b94f36ec2af9912030e517e6b73aed0316b43df04e72844a49cea10b019fa406a1e6892e25a7549230fdd218023523aebe5cdd186008f46a0f071fb5b934ec50ede5ee2ea5a75895e2d45ac82bd20af920bce940ac6d53a80acccbf6b5a96ce439b317e645b263247372ca78dcb0e753d5b19769601a8976bfc4001a33aa241749564dd9bb04b33f84e0bc38517f6922294b8113662c67564baa978278fecb027c372dfc9dffaca502c57efc2726b2855587876a0e646"}, @TCA_GRED_DPS={0x10}, @TCA_GRED_PARMS={0x38}, @TCA_GRED_LIMIT={0x8}]}}]}, 0x1a0}}, 0x0)

1.160488625s ago: executing program 8 (id=4008):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000980), 0x0, 0x2f, 0xe8034000, 0x0, 0x0, 0x0, 0x0, 0x5dc}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfee, 0x0, 0x0, 0x0, 0x0, 0x100000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080))

1.063880632s ago: executing program 8 (id=4010):
unshare(0x2c020400)
socket(0x10, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x50, 0x6}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)

963.991669ms ago: executing program 9 (id=4014):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r2)
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x48, 0x10, 0x503, 0x81ff, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, 0x4817, 0x20040}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, r3, 0x826d, 0x68020}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

919.200132ms ago: executing program 9 (id=4015):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000340)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r2, &(0x7f0000000380)={0xa, 0x0, 0xf7ffffff, @private2={0xfc, 0x2, '\x00', 0x2}}, 0x1c)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

895.599235ms ago: executing program 9 (id=4016):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000380)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = dup(r2)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a32000000000500010007000000140007800800134000000000080012"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)

865.495507ms ago: executing program 9 (id=4017):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioprio_set$pid(0x3, 0x0, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = syz_create_resource$binfmt(&(0x7f0000000000)='./file1\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

846.683468ms ago: executing program 9 (id=4018):
r0 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x2, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
creat(0x0, 0x36)

767.548244ms ago: executing program 0 (id=4021):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10)
listen(r1, 0x7fffffff)
listen(r0, 0x0)

711.982708ms ago: executing program 0 (id=4022):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x27, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r4, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0x4, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}}, 0x0)

711.652638ms ago: executing program 0 (id=4023):
r0 = socket$netlink(0x10, 0x3, 0x0)
close(r0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200)=0x1d37, 0x4)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @local}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000000)=0x7b, 0x4)
recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002002, 0x0)

711.465968ms ago: executing program 0 (id=4024):
unshare(0x40600)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00')

700.267819ms ago: executing program 0 (id=4025):
bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x100}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)

677.81312ms ago: executing program 2 (id=4026):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000100), &(0x7f0000000000), 0x2}, 0x20)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)

647.105383ms ago: executing program 9 (id=4027):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xe08, 0x0, 0x2, 0x1, 0x80000000}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8000)
syz_emit_ethernet(0x6a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaa"], 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

531.932331ms ago: executing program 0 (id=4028):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
bind$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e20, 0x2000000, @ipv4={'\x00', '\xff\xff', @loopback}, 0xb851}, 0x1c)

531.754131ms ago: executing program 37 (id=4028):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
bind$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e20, 0x2000000, @ipv4={'\x00', '\xff\xff', @loopback}, 0xb851}, 0x1c)

512.641432ms ago: executing program 1 (id=4030):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xfffffffffffffdfa, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r1}, 0x3d)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x3}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)

475.944315ms ago: executing program 1 (id=4031):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4f, 0x0, 0x0, 0x10, 0x5}, 0x86)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x3e}, 0x18)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x0, 0x80000}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)

457.835136ms ago: executing program 1 (id=4032):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000300)={'#! ', '', [{0x20, 'memory.events\x00'}]}, 0x13)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={&(0x7f0000000080)}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

387.700321ms ago: executing program 1 (id=4033):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
r4 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})

325.012726ms ago: executing program 2 (id=4034):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
unshare(0x20000400)
r1 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x5c, 0x0, 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0xffffffffffffffff, 0x3000})
io_uring_enter(r1, 0x47f5, 0x0, 0x0, 0x0, 0x0)

271.85051ms ago: executing program 1 (id=4035):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x18)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

271.41908ms ago: executing program 2 (id=4036):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f00000006c0)='kmem_cache_free\x00', r1, 0x0, 0x4}, 0x18)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448e2, 0x0)

245.046422ms ago: executing program 1 (id=4037):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
move_mount(r0, 0x0, r1, 0x0, 0x14)
sendfile(r1, r0, 0x0, 0x7ffff000)

206.512665ms ago: executing program 2 (id=4038):
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = socket(0x1e, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001000000850000005000000095"], &(0x7f0000000400)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r2}, 0x18)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a)

205.821695ms ago: executing program 8 (id=4039):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xb, 0x518, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockname$packet(r0, &(0x7f0000000700)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x878, 0x2c, 0xd2f, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {}, {0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x84c, 0x2, [@TCA_FW_POLICE={0x848, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x6, 0x3ff, 0x5, 0xfffffffd, {0x8, 0x1, 0x2, 0xf801, 0xa6d, 0x12b}, {0x5, 0x0, 0x4, 0x3701, 0xcc42, 0x7}, 0x0, 0x2, 0x6}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x401, 0xe, 0x80000001, 0x8, 0x200, 0x6, 0x8, 0x4, 0x10200000, 0x4, 0x3, 0x9, 0x3, 0xffffffff, 0xb, 0x9, 0x4, 0xd4ae, 0x5, 0x300000, 0xe1b5, 0xc5b, 0x6, 0x4, 0x9, 0x6, 0x9, 0x8, 0x3, 0x9, 0xd, 0x7f, 0x7, 0xce0, 0x1ff, 0x6, 0x6, 0x41, 0xff, 0x800, 0xfff, 0x7, 0x9, 0xd, 0x4, 0xffffff1f, 0xa, 0xc, 0x8, 0xfffffffa, 0x155, 0x7, 0x0, 0x18000, 0xc, 0x9, 0x40000, 0x101, 0x6, 0x3ff, 0x1, 0x3, 0x7554, 0x2, 0x4, 0x1, 0x4, 0xd, 0x8000, 0xff, 0x0, 0xeac2, 0x87, 0x3, 0xfe000000, 0x3, 0x8001, 0xff, 0xffff1cac, 0x2892, 0x6, 0x8c5e, 0x1, 0x5, 0xffffffff, 0x80, 0xffffffac, 0x3, 0xff1, 0x2, 0x2, 0x8, 0x2, 0x1, 0x8, 0x8, 0xfff, 0x80000001, 0x9, 0x8, 0x0, 0x8, 0x487, 0x6, 0x8, 0x1000, 0x1ff800, 0x6, 0xfffffffe, 0x3c78, 0xfa1, 0x3, 0x6, 0x9, 0xffffffff, 0x80000002, 0x2, 0xda, 0x9, 0x401, 0x6, 0x7, 0x2, 0x2, 0xe, 0x835, 0x4, 0x3, 0x6cc7, 0x6, 0x8, 0x8, 0x400, 0x8, 0x4, 0x3, 0x5, 0x5, 0x0, 0x9, 0x400, 0x3, 0x0, 0x4cc, 0xb, 0x0, 0xce, 0x6, 0x0, 0xc8, 0x4, 0x5, 0x4, 0x1ff, 0x1ff, 0x968, 0x5, 0x68cff086, 0x2, 0xfff, 0x2, 0x7ff, 0x1000, 0x80000001, 0x9, 0x9, 0x0, 0x8001, 0x1000, 0x8b7f, 0xfe, 0xc, 0x8, 0x7, 0x8000000, 0x0, 0x7fff, 0xfffffffd, 0x5, 0x815d, 0x5, 0x44, 0x4, 0x6, 0x3, 0x1, 0x8, 0x0, 0x7ff, 0x3, 0x8, 0x1, 0x2, 0x800, 0x7, 0x5, 0x10, 0xfffffff7, 0x8, 0x40, 0x1, 0x10001, 0x1000, 0xe42c, 0x1, 0x101, 0x6, 0x8, 0x4, 0x9a14, 0x4, 0x81, 0x7, 0x0, 0x8, 0x8, 0xfffffffa, 0x0, 0x30000, 0x7ff, 0x4, 0x3, 0xd, 0x5, 0x0, 0xfff, 0x3, 0x7b0, 0x7, 0x9, 0xffff, 0x5, 0xff, 0x4, 0x0, 0x4, 0x9, 0x6, 0x100, 0x81, 0x0, 0x7fc, 0x2, 0x5, 0x80, 0x2, 0xe, 0x1, 0x40, 0x1ff, 0x3, 0x380, 0x6, 0x7, 0x8, 0xfffffffb]}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x7, 0x8, 0x7, 0xffff, 0x2, 0x3, 0x7fff, 0x8, 0x0, 0x401, 0x4, 0x0, 0xf7b1, 0xa, 0x40, 0x200, 0x0, 0x1, 0x9, 0x9, 0x8, 0xbf2, 0x2, 0xffff9374, 0x9, 0x1, 0x5, 0x3ff, 0x3, 0x6, 0x5, 0x2, 0x7, 0xe, 0x5, 0x4, 0x9, 0x8, 0xf0, 0x5, 0x8000, 0x0, 0x7, 0xff, 0x2, 0x2, 0x400, 0x0, 0x5, 0x2, 0x401, 0x100, 0xf30, 0x8001, 0x9, 0x370, 0x3, 0x1, 0xfffffff9, 0x9, 0x3, 0x5, 0xb9b, 0x1, 0x5, 0x0, 0x4, 0x7, 0x6, 0x3ff, 0x3, 0x7, 0x76, 0x9, 0xffff, 0x8, 0xd, 0x80, 0x4, 0x9, 0x7ff, 0x80000001, 0x9, 0x6, 0x7f, 0x9, 0x7ff, 0x3, 0x8, 0x31, 0x1, 0x2d, 0x0, 0xf02, 0x15200, 0xa, 0x1, 0xe148, 0x7, 0x1, 0x3, 0x6, 0x6, 0xb, 0xfffffffa, 0x4, 0xdf, 0x80000000, 0x8001, 0x2, 0x3, 0x2971010e, 0x3b655406, 0x1, 0x8, 0x6, 0x6, 0x4, 0x4, 0x8, 0x80000001, 0x5dd, 0x2d3, 0x7, 0x8, 0x5, 0x79d5, 0x2, 0x800, 0x8d, 0x1, 0x2, 0x1, 0x1, 0x6, 0x338, 0x6, 0x2, 0x4, 0x1, 0x3, 0x0, 0x0, 0x8, 0x1, 0x3ff, 0x8, 0x56, 0x7, 0x401, 0x7, 0x0, 0x0, 0x0, 0xda, 0x5, 0x42, 0x18, 0xfffffff7, 0x5, 0xed2, 0x7, 0x211, 0x0, 0x2, 0xc9, 0x3, 0x8, 0x1, 0x9, 0x58, 0x8, 0x5e5, 0x5, 0x3, 0xfffffffb, 0x3, 0xff, 0x6, 0x10, 0xf7ee907a, 0xff, 0xc9, 0x9, 0x0, 0x400, 0x0, 0x7, 0x6, 0x5, 0x8, 0x8, 0x7, 0x0, 0x7, 0x0, 0x4, 0x7, 0x2, 0x3, 0x9, 0x9, 0x0, 0x7, 0x4, 0x0, 0x4, 0x4, 0x4, 0x6f3, 0x6, 0x10, 0x0, 0x7, 0xfffffff9, 0xfffffffa, 0x9, 0x53a, 0x8, 0x1, 0x4, 0xb, 0x8, 0xfffffff9, 0x400, 0x461, 0x81, 0x8, 0x2, 0x7ff, 0x2, 0x8000, 0x7, 0x4, 0xba95, 0x4, 0x4706, 0x7ff, 0x4, 0xffffffff, 0xf7b1, 0x3, 0x2, 0x5, 0x9, 0x1fffc, 0x80000000, 0x8001, 0x9, 0x4, 0x9, 0x3, 0x6, 0xce, 0x8]}]}]}}]}, 0x878}, 0x1, 0x0, 0x0, 0x20000005}, 0x40)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

42.710267ms ago: executing program 8 (id=4040):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x10, 0x140e, 0x200, 0x70bd25, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x1}, 0x20000010)

0s ago: executing program 2 (id=4041):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x14)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)

kernel console output (not intermixed with test programs):

netlink: 8 bytes leftover after parsing attributes in process `syz.7.1493'.
[   95.809523][ T7371] netlink: 'syz.7.1497': attribute type 7 has an invalid length.
[   95.902641][ T7381] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check.
[   96.276462][ T7418] SELinux: failed to load policy
[   96.306109][ T7420] geneve2: entered promiscuous mode
[   96.568664][ T3727] kernel read not supported for file /743/statm (pid: 3727 comm: kworker/0:11)
[   97.013132][ T7475] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   97.589664][ T7539] __nla_validate_parse: 7 callbacks suppressed
[   97.589678][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.604917][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.614016][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.681553][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.690716][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.699849][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.728960][ T7544] netlink: 'syz.6.1571': attribute type 1 has an invalid length.
[   97.805350][ T7544] 8021q: adding VLAN 0 to HW filter on device bond1
[   97.844450][ T7549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'.
[   97.854801][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.863912][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.872965][ T7539] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1569'.
[   97.895904][ T7550] bond1: (slave gretap1): making interface the new active one
[   97.910552][ T7550] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   97.942726][ T7550] syz.6.1571 (7550) used greatest stack depth: 9328 bytes left
[   98.042693][ T7568] hub 6-0:1.0: USB hub found
[   98.047556][ T7568] hub 6-0:1.0: 8 ports detected
[   98.177537][ T4301] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x82
[   98.372146][ T7616] loop7: detected capacity change from 0 to 136
[   98.502623][ T7632] netlink: 'syz.0.1609': attribute type 21 has an invalid length.
[   98.794194][   T29] kauditd_printk_skb: 259 callbacks suppressed
[   98.794267][   T29] audit: type=1326 audit(98.773:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   98.889190][   T29] audit: type=1326 audit(98.813:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   98.912370][   T29] audit: type=1326 audit(98.813:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd46625ec23 code=0x7ffc0000
[   98.935135][   T29] audit: type=1326 audit(98.813:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd46625ec23 code=0x7ffc0000
[   98.957779][   T29] audit: type=1326 audit(98.813:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   98.980494][   T29] audit: type=1326 audit(98.813:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   99.003201][   T29] audit: type=1326 audit(98.813:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   99.025932][   T29] audit: type=1326 audit(98.813:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   99.048705][   T29] audit: type=1326 audit(98.813:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   99.071496][   T29] audit: type=1326 audit(98.813:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7639 comm="syz.1.1612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[   99.622163][ T7705] vhci_hcd: invalid port number 96
[   99.627300][ T7705] vhci_hcd: default hub control req: 0300 vfffc i0060 l0
[  100.121523][ T7766] netlink: zone id is out of range
[  100.173509][ T7773] team_slave_0: entered promiscuous mode
[  100.179243][ T7773] team_slave_1: entered promiscuous mode
[  100.192718][ T7773] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  100.245072][ T7782] loop6: detected capacity change from 0 to 164
[  100.247229][ T7773] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  100.269939][ T7782] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  100.406391][ T7794] netlink: 'syz.0.1681': attribute type 1 has an invalid length.
[  100.499991][ T7793] delete_channel: no stack
[  101.315972][ T7820] sg_read: process 241 (syz.7.1692) changed security contexts after opening file descriptor, this is not allowed.
[  101.879794][ T7879] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  101.961427][ T7892] netlink: 'syz.2.1725': attribute type 4 has an invalid length.
[  102.623459][ T7950] hub 6-0:1.0: USB hub found
[  102.628269][ T7950] hub 6-0:1.0: 8 ports detected
[  102.711480][ T7965] __nla_validate_parse: 24 callbacks suppressed
[  102.711498][ T7965] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1756'.
[  102.733591][ T4270] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  102.752970][ T4270] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  102.762302][ T7965] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1756'.
[  102.771736][ T4270] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  102.781583][ T4270] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  102.835779][ T7976] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1761'.
[  102.886142][ T7983] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  102.951812][ T7988] loop2: detected capacity change from 0 to 2048
[  102.973826][ T7988] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.246306][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.360621][ T8030] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1785'.
[  103.401583][ T8033] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1787'.
[  103.494970][ T8042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.521616][ T8042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  103.601152][ T8050] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  103.818450][   T29] kauditd_printk_skb: 152 callbacks suppressed
[  103.818464][   T29] audit: type=1400 audit(103.793:2268): avc:  denied  { create } for  pid=8066 comm="syz.6.1802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  103.845597][   T29] audit: type=1400 audit(103.793:2269): avc:  denied  { setopt } for  pid=8066 comm="syz.6.1802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  103.878571][   T29] audit: type=1400 audit(103.853:2270): avc:  denied  { write } for  pid=8066 comm="syz.6.1802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  103.897552][   T29] audit: type=1400 audit(103.853:2271): avc:  denied  { connect } for  pid=8066 comm="syz.6.1802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  103.916626][   T29] audit: type=1400 audit(103.853:2272): avc:  denied  { name_connect } for  pid=8066 comm="syz.6.1802" dest=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  103.938591][   T29] audit: type=1400 audit(103.903:2273): avc:  denied  { shutdown } for  pid=8066 comm="syz.6.1802" laddr=fe80::12 lport=35538 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  103.992923][   T29] audit: type=1400 audit(103.973:2274): avc:  denied  { create } for  pid=8074 comm="syz.6.1806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  104.012502][   T29] audit: type=1400 audit(103.973:2275): avc:  denied  { bind } for  pid=8074 comm="syz.6.1806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  104.037624][   T29] audit: type=1400 audit(104.013:2276): avc:  denied  { write } for  pid=8074 comm="syz.6.1806" path="socket:[20309]" dev="sockfs" ino=20309 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  104.072502][   T29] audit: type=1400 audit(104.053:2277): avc:  denied  { create } for  pid=8076 comm="syz.0.1807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  104.105058][ T8079] loop7: detected capacity change from 0 to 1024
[  104.117412][ T8079] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.131745][ T8081] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1819'.
[  104.158928][ T8086] team_slave_0: entered promiscuous mode
[  104.164618][ T8086] team_slave_1: entered promiscuous mode
[  104.172625][ T8079] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  104.180137][ T8086] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  104.207456][ T8086] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  104.214768][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.282300][ T8098] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1826'.
[  104.453720][ T8120] loop6: detected capacity change from 0 to 1024
[  104.461111][ T8120] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  104.473632][ T8120] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  104.482265][ T8120] EXT4-fs (loop6): orphan cleanup on readonly fs
[  104.489262][ T8120] EXT4-fs error (device loop6): __ext4_get_inode_loc:4861: comm syz.6.1825: Invalid inode table block 0 in block_group 0
[  104.518885][ T8120] EXT4-fs (loop6): Remounting filesystem read-only
[  104.544479][ T8120] EXT4-fs (loop6): 1 truncate cleaned up
[  104.555995][ T8120] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  104.608267][ T5818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.710239][ T8144] syzkaller1: entered promiscuous mode
[  104.715755][ T8144] syzkaller1: entered allmulticast mode
[  105.140493][ T8173] loop2: detected capacity change from 0 to 1024
[  105.162439][ T8173] EXT4-fs: Ignoring removed oldalloc option
[  105.188822][ T8173] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  105.230594][ T8173] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.293643][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.350427][ T8184] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1855'.
[  105.698819][ T8215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1868'.
[  105.729483][ T8218] loop7: detected capacity change from 0 to 128
[  105.750982][ T8215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1868'.
[  105.760658][ T8218] FAT-fs (loop7): Directory bread(block 162) failed
[  105.782899][ T8218] FAT-fs (loop7): Directory bread(block 163) failed
[  105.796172][ T8218] FAT-fs (loop7): Directory bread(block 164) failed
[  105.809258][ T8218] FAT-fs (loop7): Directory bread(block 165) failed
[  105.829207][ T8218] FAT-fs (loop7): Directory bread(block 166) failed
[  105.835909][ T8218] FAT-fs (loop7): Directory bread(block 167) failed
[  105.849275][ T8218] FAT-fs (loop7): Directory bread(block 168) failed
[  105.866209][ T8218] FAT-fs (loop7): Directory bread(block 169) failed
[  105.868653][ T3678] kernel write not supported for file /863/attr/exec (pid: 3678 comm: kworker/0:7)
[  105.892991][ T8218] FAT-fs (loop7): Directory bread(block 162) failed
[  105.930655][ T8218] FAT-fs (loop7): Directory bread(block 163) failed
[  105.937641][ T8218] bio_check_eod: 15 callbacks suppressed
[  105.937657][ T8218] syz.7.1870: attempt to access beyond end of device
[  105.937657][ T8218] loop7: rw=3, sector=226, nr_sectors = 6 limit=128
[  105.956767][ T8218] syz.7.1870: attempt to access beyond end of device
[  105.956767][ T8218] loop7: rw=2051, sector=232, nr_sectors = 2 limit=128
[  106.003897][ T8229] SELinux: failed to load policy
[  106.137474][ T8243] syzkaller1: entered promiscuous mode
[  106.143106][ T8243] syzkaller1: entered allmulticast mode
[  106.157670][ T8247] rdma_op ffff88811d951d80 conn xmit_rdma 0000000000000000
[  106.186227][ T8249] netlink: 'syz.2.1885': attribute type 1 has an invalid length.
[  106.524833][ T8295] sit0: entered promiscuous mode
[  106.530195][ T8295] sit0: entered allmulticast mode
[  106.554411][ T6072] hid_parser_main: 17 callbacks suppressed
[  106.554428][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.568532][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.576471][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.583954][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.591492][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.599324][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.606714][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.614246][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.621747][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.629255][ T6072] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  106.638408][ T6072] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  106.753052][ T8320] netlink: 'syz.2.1916': attribute type 1 has an invalid length.
[  106.795100][ T8324] loop2: detected capacity change from 0 to 4096
[  106.805326][ T8324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.843312][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.955626][ T8352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.964952][ T8352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.913330][ T8426] loop6: detected capacity change from 0 to 136
[  108.030413][ T8431] __nla_validate_parse: 8 callbacks suppressed
[  108.030431][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1961'.
[  108.072217][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1961'.
[  108.150839][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1961'.
[  108.170852][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1961'.
[  109.037218][   T29] kauditd_printk_skb: 279 callbacks suppressed
[  109.037240][   T29] audit: type=1326 audit(109.013:2555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8463 comm="syz.7.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfb957ebe9 code=0x7ffc0000
[  109.066453][   T29] audit: type=1326 audit(109.013:2556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8463 comm="syz.7.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfb957ebe9 code=0x7ffc0000
[  109.089476][   T29] audit: type=1326 audit(109.013:2557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8463 comm="syz.7.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7fdfb957ebe9 code=0x7ffc0000
[  109.112370][   T29] audit: type=1326 audit(109.013:2558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8463 comm="syz.7.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfb957ebe9 code=0x7ffc0000
[  109.171322][   T29] audit: type=1400 audit(109.143:2559): avc:  denied  { create } for  pid=8465 comm="syz.2.1976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  109.333860][   T29] audit: type=1400 audit(109.313:2560): avc:  denied  { bind } for  pid=8465 comm="syz.2.1976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  109.353160][   T29] audit: type=1400 audit(109.333:2561): avc:  denied  { read } for  pid=8465 comm="syz.2.1976" path="socket:[21214]" dev="sockfs" ino=21214 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  109.404585][   T29] audit: type=1400 audit(109.383:2562): avc:  denied  { write } for  pid=8465 comm="syz.2.1976" path="socket:[21214]" dev="sockfs" ino=21214 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  109.636533][ T8484] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1984'.
[  110.000296][ T8477] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  110.841735][   T29] audit: type=1400 audit(110.823:2563): avc:  denied  { name_bind } for  pid=8506 comm="syz.1.1990" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  110.870749][   T29] audit: type=1400 audit(110.823:2564): avc:  denied  { node_bind } for  pid=8506 comm="syz.1.1990" saddr=224.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  111.037984][ T8513] vhci_hcd: invalid port number 96
[  111.043226][ T8513] vhci_hcd: default hub control req: 0300 vfffc i0060 l0
[  111.147527][ T8527] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1996'.
[  111.382607][ T8543] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2002'.
[  111.462989][ T8549] netlink: 'syz.6.2006': attribute type 6 has an invalid length.
[  111.677174][ T8559] netlink: 'syz.7.2010': attribute type 21 has an invalid length.
[  111.691705][ T8559] netlink: 132 bytes leftover after parsing attributes in process `syz.7.2010'.
[  111.700792][ T8559] netlink: 'syz.7.2010': attribute type 1 has an invalid length.
[  111.817937][ T8571] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2016'.
[  112.082222][ T8601] loop6: detected capacity change from 0 to 256
[  112.150325][ T8605] netlink: 'syz.1.2033': attribute type 1 has an invalid length.
[  112.158127][ T8605] netlink: 198116 bytes leftover after parsing attributes in process `syz.1.2033'.
[  112.190261][ T8604] delete_channel: no stack
[  112.368841][ T8636] loop6: detected capacity change from 0 to 512
[  112.389751][ T8636] EXT4-fs: Ignoring removed oldalloc option
[  112.415980][ T8636] ext4: Unknown parameter 'smackfsfloor'
[  112.441414][ T8642] netlink: 'syz.7.2050': attribute type 1 has an invalid length.
[  112.497774][ T8647] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  112.505349][ T8641] delete_channel: no stack
[  112.859677][ T8680] loop6: detected capacity change from 0 to 1764
[  113.100195][ T8686] __nla_validate_parse: 1 callbacks suppressed
[  113.100213][ T8686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2081'.
[  113.238585][ T8696] loop7: detected capacity change from 0 to 512
[  113.253936][ T8696] EXT4-fs: Ignoring removed oldalloc option
[  113.265693][ T8696] ext4: Unknown parameter 'smackfsfloor'
[  113.486676][ T8700] netlink: 'syz.2.2070': attribute type 1 has an invalid length.
[  113.494574][ T8700] netlink: 198116 bytes leftover after parsing attributes in process `syz.2.2070'.
[  113.519333][ T8698] delete_channel: no stack
[  113.585536][ T8711] loop7: detected capacity change from 0 to 256
[  113.911301][ T8725] netlink: 'syz.0.2087': attribute type 4 has an invalid length.
[  113.948558][ T8729] netlink: 'syz.7.2088': attribute type 27 has an invalid length.
[  114.084427][ T8729] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.091749][ T8729] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.115780][ T8729] team_slave_0: left promiscuous mode
[  114.121308][ T8729] team_slave_1: left promiscuous mode
[  114.157861][   T29] kauditd_printk_skb: 107 callbacks suppressed
[  114.157878][   T29] audit: type=1400 audit(114.133:2672): avc:  denied  { sys_module } for  pid=8740 comm="syz.6.2092" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  114.266806][   T29] audit: type=1400 audit(114.243:2673): avc:  denied  { watch watch_reads } for  pid=8750 comm="syz.2.2094" path="/383/file0" dev="tmpfs" ino=1991 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  114.296868][ T8729] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  114.307852][ T8729] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  114.406012][ T8729] geneve2: left promiscuous mode
[  114.471443][ T8733] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.479715][ T8733] 8021q: adding VLAN 0 to HW filter on device team0
[  114.490524][ T8733] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  114.561661][ T4297] netdevsim netdevsim7 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  114.570735][ T4297] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.582570][   T29] audit: type=1400 audit(114.563:2674): avc:  denied  { getopt } for  pid=8757 comm="syz.1.2100" lport=13 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  114.643585][ T4297] netdevsim netdevsim7 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  114.652613][ T4297] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.694696][   T29] audit: type=1400 audit(114.673:2675): avc:  denied  { mount } for  pid=8762 comm="syz.0.2102" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  114.718099][ T4297] netdevsim netdevsim7 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  114.727119][ T4297] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.749240][ T4297] netdevsim netdevsim7 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  114.758260][ T4297] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.791769][   T29] audit: type=1400 audit(114.773:2676): avc:  denied  { unmount } for  pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  114.796745][ T8776] loop7: detected capacity change from 0 to 2048
[  114.811699][ T8769] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0
[  114.833164][ T8776] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.859560][   T29] audit: type=1400 audit(114.843:2677): avc:  denied  { create } for  pid=8775 comm="syz.7.2106" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  114.894236][   T29] audit: type=1400 audit(114.863:2678): avc:  denied  { read write open } for  pid=8775 comm="syz.7.2106" path="/214/file1/bus" dev="loop7" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  114.977134][ T8788] netlink: 'syz.1.2110': attribute type 4 has an invalid length.
[  114.999425][   T29] audit: type=1400 audit(114.963:2679): avc:  denied  { mount } for  pid=8789 comm="syz.2.2109" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  115.039261][ T8796] atomic_op ffff88811b14ad28 conn xmit_atomic 0000000000000000
[  115.049899][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.834990][   T29] audit: type=1326 audit(115.813:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8793 comm="syz.6.2111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6e666ebe9 code=0x7fc00000
[  115.878809][   T29] audit: type=1400 audit(115.853:2681): avc:  denied  { listen } for  pid=8804 comm="syz.0.2129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  115.991605][ T8815] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0
[  116.028346][ T3727] hid_parser_main: 17 callbacks suppressed
[  116.028402][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.049299][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.064159][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.071642][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.079108][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.086640][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.094122][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.101521][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.108973][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.116386][ T3727] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  116.159282][ T3727] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  116.212335][ T8835] netlink: 'syz.6.2128': attribute type 4 has an invalid length.
[  116.366797][ T8844] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  116.409375][ T8847] netlink: 204 bytes leftover after parsing attributes in process `syz.0.2134'.
[  116.493321][ T8849] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2136'.
[  116.558712][ T8852] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  116.571370][ T8855] netlink: 'syz.0.2137': attribute type 27 has an invalid length.
[  116.638026][ T8855] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.645239][ T8855] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.768599][ T8855] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.797904][ T8855] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.847906][ T8852] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  116.903562][ T8860] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.001822][ T8860] 8021q: adding VLAN 0 to HW filter on device team0
[  117.011138][ T8860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  117.054665][ T4266] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.064327][ T4266] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.074087][ T4266] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.083529][ T4266] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.401182][ T8885] syzkaller1: entered promiscuous mode
[  117.406699][ T8885] syzkaller1: entered allmulticast mode
[  117.652112][ T8912] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0
[  119.202616][   T29] kauditd_printk_skb: 97 callbacks suppressed
[  119.202693][   T29] audit: type=1400 audit(119.183:2779): avc:  denied  { allowed } for  pid=8971 comm="syz.6.2179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  119.281301][   T29] audit: type=1400 audit(119.183:2780): avc:  denied  { create } for  pid=8971 comm="syz.6.2179" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  119.302033][   T29] audit: type=1400 audit(119.183:2781): avc:  denied  { map } for  pid=8971 comm="syz.6.2179" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=23117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  119.325753][   T29] audit: type=1400 audit(119.183:2782): avc:  denied  { read write } for  pid=8971 comm="syz.6.2179" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=23117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  119.360786][   T29] audit: type=1400 audit(119.333:2783): avc:  denied  { name_bind } for  pid=8977 comm="syz.0.2180" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  119.381395][   T29] audit: type=1400 audit(119.333:2784): avc:  denied  { node_bind } for  pid=8977 comm="syz.0.2180" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  119.619557][ T8991] bridge0: entered promiscuous mode
[  119.630273][ T8991] macsec0: entered promiscuous mode
[  119.641001][ T8991] bridge0: left promiscuous mode
[  120.119674][   T29] audit: type=1400 audit(120.103:2785): avc:  denied  { write } for  pid=9005 comm="syz.0.2194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  120.165800][   T29] audit: type=1400 audit(120.103:2786): avc:  denied  { read } for  pid=9005 comm="syz.0.2194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  120.214539][ T9008] SELinux: failed to load policy
[  120.216415][   T29] audit: type=1400 audit(120.193:2787): avc:  denied  { load_policy } for  pid=9007 comm="syz.0.2196" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  120.249899][ T9010] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  120.271549][ T9012] capability: warning: `syz.0.2198' uses deprecated v2 capabilities in a way that may be insecure
[  120.344892][   T29] audit: type=1326 audit(120.323:2788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.0.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  120.509229][ T9022] netlink: 'syz.6.2203': attribute type 10 has an invalid length.
[  120.837694][ T9042] loop6: detected capacity change from 0 to 128
[  120.854106][ T9042] FAT-fs (loop6): Directory bread(block 162) failed
[  120.873894][ T9042] FAT-fs (loop6): Directory bread(block 163) failed
[  120.891459][ T9042] FAT-fs (loop6): Directory bread(block 164) failed
[  120.898339][ T9042] FAT-fs (loop6): Directory bread(block 165) failed
[  120.905257][ T9042] FAT-fs (loop6): Directory bread(block 166) failed
[  120.913226][ T9042] FAT-fs (loop6): Directory bread(block 167) failed
[  120.920099][ T9042] FAT-fs (loop6): Directory bread(block 168) failed
[  120.939184][ T9042] FAT-fs (loop6): Directory bread(block 169) failed
[  120.968988][ T9042] FAT-fs (loop6): Directory bread(block 162) failed
[  120.969572][    T9] kernel write not supported for file /1020/attr/exec (pid: 9 comm: kworker/0:0)
[  120.985172][ T9042] FAT-fs (loop6): Directory bread(block 163) failed
[  121.001034][ T9042] syz.6.2209: attempt to access beyond end of device
[  121.001034][ T9042] loop6: rw=3, sector=226, nr_sectors = 6 limit=128
[  121.014634][ T9042] syz.6.2209: attempt to access beyond end of device
[  121.014634][ T9042] loop6: rw=2051, sector=232, nr_sectors = 2 limit=128
[  121.028467][ T9058] SELinux: failed to load policy
[  121.122970][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2237'.
[  121.131964][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2237'.
[  121.218729][ T9088] loop7: detected capacity change from 0 to 1024
[  121.225713][ T9088] EXT4-fs: Ignoring removed nomblk_io_submit option
[  121.240297][ T9088] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8042c018, mo2=0002]
[  121.251066][ T9088] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.291220][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.325515][ T9106] bridge0: entered promiscuous mode
[  121.331093][ T9106] macsec1: entered promiscuous mode
[  121.342710][ T9106] bridge0: left promiscuous mode
[  121.393299][ T9115] netlink: 'syz.0.2245': attribute type 3 has an invalid length.
[  121.633082][ T9139] loop7: detected capacity change from 0 to 512
[  121.643184][ T9139] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  121.657780][ T9139] EXT4-fs (loop7): failed to initialize system zone (-117)
[  121.665557][ T9139] EXT4-fs (loop7): mount failed
[  121.734115][ T9155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2263'.
[  121.743093][ T9155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2263'.
[  121.757466][ T4270] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  121.765974][ T9155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2263'.
[  121.771039][ T4270] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  121.775291][ T9155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2263'.
[  121.793863][ T4270] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  121.802827][ T9160] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  121.812080][ T4270] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  121.902510][ T9168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2266'.
[  122.090466][ T9193] bridge0: entered promiscuous mode
[  122.095919][ T9193] macsec0: entered promiscuous mode
[  122.103289][ T9193] bridge0: port 3(macsec0) entered blocking state
[  122.109897][ T9193] bridge0: port 3(macsec0) entered disabled state
[  122.116938][ T9193] macsec0: entered allmulticast mode
[  122.124230][ T9193] macsec0: left allmulticast mode
[  122.130296][ T9193] bridge0: left promiscuous mode
[  122.663223][ T9214] Set syz1 is full, maxelem 65536 reached
[  122.800010][ T9233] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.807295][ T9233] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.902484][ T9233] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.914583][ T9233] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.962308][ T4297] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  122.980535][ T4297] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.001309][ T4297] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.031544][ T4297] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.223856][ T9268] serio: Serial port ptm0
[  123.298043][ T9278] loop6: detected capacity change from 0 to 1024
[  123.306558][ T9281] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  123.319915][ T9278] EXT4-fs: Ignoring removed nomblk_io_submit option
[  123.350544][ T9278] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8042c018, mo2=0002]
[  123.360485][ T9278] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.400314][ T5818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.414544][ T9285] netlink: 'syz.0.2319': attribute type 10 has an invalid length.
[  123.422419][ T9285] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2319'.
[  123.441995][ T9297] bridge0: entered promiscuous mode
[  123.452527][ T9297] bridge0: port 3(macsec0) entered blocking state
[  123.459006][ T9297] bridge0: port 3(macsec0) entered disabled state
[  123.468475][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2323'.
[  123.469733][ T9297] macsec0: entered allmulticast mode
[  123.482844][ T9297] bridge0: entered allmulticast mode
[  123.490889][ T9300] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2323'.
[  123.500214][ T9297] macsec0: left allmulticast mode
[  123.505294][ T9297] bridge0: left allmulticast mode
[  123.517460][ T9297] bridge0: left promiscuous mode
[  123.697349][ T9317] bridge0: entered promiscuous mode
[  123.704955][ T9317] bridge0: port 3(macsec0) entered blocking state
[  123.711665][ T9317] bridge0: port 3(macsec0) entered disabled state
[  123.718339][ T9317] macsec0: entered allmulticast mode
[  123.725975][ T9317] macsec0: left allmulticast mode
[  123.738512][ T9317] bridge0: left promiscuous mode
[  123.855608][ T9328] netlink: 'syz.2.2336': attribute type 3 has an invalid length.
[  123.933634][ T9342] serio: Serial port ptm0
[  124.044969][ T9359] netlink: 'syz.1.2350': attribute type 3 has an invalid length.
[  124.109381][ T4297] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  124.118184][ T4297] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  124.135510][ T4297] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  124.144848][ T4297] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  124.580552][ T9402] netlink: 'syz.6.2365': attribute type 3 has an invalid length.
[  124.596289][   T29] kauditd_printk_skb: 185 callbacks suppressed
[  124.596302][   T29] audit: type=1400 audit(124.573:2974): avc:  denied  { write } for  pid=9396 comm="syz.2.2374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  124.733018][   T29] audit: type=1400 audit(124.713:2975): avc:  denied  { read write } for  pid=9411 comm="syz.6.2369" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  124.756760][   T29] audit: type=1400 audit(124.713:2976): avc:  denied  { open } for  pid=9411 comm="syz.6.2369" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  124.936761][   T29] audit: type=1400 audit(124.913:2977): avc:  denied  { create } for  pid=9416 comm="syz.2.2371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  124.981425][   T29] audit: type=1400 audit(124.943:2978): avc:  denied  { ioctl } for  pid=9416 comm="syz.2.2371" path="socket:[24866]" dev="sockfs" ino=24866 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  125.037518][   T29] audit: type=1400 audit(125.013:2979): avc:  denied  { read } for  pid=9421 comm="syz.2.2373" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  125.060225][   T29] audit: type=1400 audit(125.013:2980): avc:  denied  { open } for  pid=9421 comm="syz.2.2373" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  125.083394][   T29] audit: type=1400 audit(125.013:2981): avc:  denied  { ioctl } for  pid=9421 comm="syz.2.2373" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  125.115682][   T29] audit: type=1400 audit(125.093:2982): avc:  denied  { ioctl } for  pid=9423 comm="syz.2.2375" path="socket:[24875]" dev="sockfs" ino=24875 ioctlcmd=0x7459 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  125.149547][ T9426] bridge0: entered promiscuous mode
[  125.156517][ T9426] bridge0: port 3(macsec1) entered blocking state
[  125.163022][ T9426] bridge0: port 3(macsec1) entered disabled state
[  125.171132][ T9426] macsec1: entered allmulticast mode
[  125.176472][ T9426] bridge0: entered allmulticast mode
[  125.182950][ T9426] macsec1: left allmulticast mode
[  125.188008][ T9426] bridge0: left allmulticast mode
[  125.196359][ T9426] bridge0: left promiscuous mode
[  125.206301][   T29] audit: type=1400 audit(125.183:2983): avc:  denied  { create } for  pid=9427 comm="syz.2.2377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  125.595834][ T9457] ip6tnl1: entered promiscuous mode
[  125.663041][ T9464] cgroup: fork rejected by pids controller in /syz0
[  126.072012][T10458] Set syz1 is full, maxelem 65536 reached
[  126.535828][ T3486] hid_parser_main: 17 callbacks suppressed
[  126.535857][ T3486] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  126.549889][ T3486] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  126.698574][T11525] __nla_validate_parse: 5 callbacks suppressed
[  126.698591][T11525] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2430'.
[  126.750383][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2432'.
[  126.792802][T11533] IPv6: Can't replace route, no match found
[  126.925341][T11548] netlink: 168 bytes leftover after parsing attributes in process `syz.7.2440'.
[  127.666807][T11600] block device autoloading is deprecated and will be removed.
[  127.687556][T11601] loop6: detected capacity change from 0 to 128
[  127.735483][T11611] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2469'.
[  127.912288][T11633] vlan2: entered allmulticast mode
[  128.023439][T11640] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2483'.
[  128.068880][T11643] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11643 comm=syz.6.2484
[  128.175679][ T2958] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  128.184701][ T2958] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  128.419852][T11673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2496'.
[  128.434968][T11675] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2497'.
[  128.499273][T11675] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2497'.
[  128.559619][T11679] loop7: detected capacity change from 0 to 128
[  128.699463][ T3486] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=3486 comm=kworker/0:6
[  129.096067][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2530'.
[  129.109454][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2530'.
[  129.138569][T11742] netlink: 'syz.0.2531': attribute type 1 has an invalid length.
[  129.147119][T11742] netlink: 'syz.0.2531': attribute type 4 has an invalid length.
[  129.248530][ T2958] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=2958 comm=kworker/1:2
[  129.609496][T11786] netlink: 'syz.1.2547': attribute type 1 has an invalid length.
[  129.617292][T11786] netlink: 'syz.1.2547': attribute type 4 has an invalid length.
[  129.722687][   T29] kauditd_printk_skb: 169 callbacks suppressed
[  129.722702][   T29] audit: type=1400 audit(129.703:3153): avc:  denied  { setopt } for  pid=11795 comm="syz.0.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  129.893281][   T29] audit: type=1400 audit(129.873:3154): avc:  denied  { cpu } for  pid=11810 comm="syz.7.2563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  130.052504][   T29] audit: type=1400 audit(130.033:3155): avc:  denied  { create } for  pid=11819 comm="syz.7.2568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  130.072457][   T29] audit: type=1400 audit(130.033:3156): avc:  denied  { bind } for  pid=11819 comm="syz.7.2568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  130.091913][   T29] audit: type=1400 audit(130.033:3157): avc:  denied  { write } for  pid=11819 comm="syz.7.2568" path="socket:[26433]" dev="sockfs" ino=26433 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  130.330895][T11830] 8021q: adding VLAN 0 to HW filter on device bond1
[  130.359781][T11830] 8021q: adding VLAN 0 to HW filter on device bond1
[  130.367086][T11830] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  130.385791][T11830] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  130.536124][   T29] audit: type=1326 audit(130.513:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11842 comm="syz.2.2579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  130.560915][   T29] audit: type=1326 audit(130.513:3159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11842 comm="syz.2.2579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  130.584180][   T29] audit: type=1326 audit(130.513:3160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11842 comm="syz.2.2579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  130.607070][   T29] audit: type=1326 audit(130.543:3161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11842 comm="syz.2.2579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  130.630029][   T29] audit: type=1326 audit(130.543:3162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11842 comm="syz.2.2579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  130.699391][T11852] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  130.708354][T11852] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  131.959456][T11922] 8021q: adding VLAN 0 to HW filter on device bond1
[  131.991785][T11922] 8021q: adding VLAN 0 to HW filter on device bond1
[  131.998956][T11922] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  132.010694][T11922] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  132.263760][T11967] 8021q: adding VLAN 0 to HW filter on device bond2
[  132.293208][T11967] 8021q: adding VLAN 0 to HW filter on device bond2
[  132.315484][T11967] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  132.329078][T11967] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  132.767614][T12019] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12019 comm=syz.1.2659
[  132.821924][T12027] vlan2: entered allmulticast mode
[  132.987729][T12052] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12052 comm=syz.7.2673
[  133.504665][T12116] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12116 comm=syz.7.2703
[  133.619040][ T2958] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  133.635986][ T2958] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  133.637718][T12138] vlan2: entered allmulticast mode
[  133.751970][T12144] netlink: 'syz.2.2717': attribute type 1 has an invalid length.
[  134.502019][T12209] netlink: 'syz.0.2745': attribute type 1 has an invalid length.
[  134.537157][T12215] netlink: 'syz.0.2749': attribute type 1 has an invalid length.
[  134.584325][T12225] netlink: 'syz.1.2754': attribute type 13 has an invalid length.
[  134.592663][T12221] vhci_hcd: invalid port number 96
[  134.597799][T12221] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  134.640000][T12231] __nla_validate_parse: 12 callbacks suppressed
[  134.640014][T12231] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2756'.
[  134.735538][T12225] 0��{X��: refused to change device tx_queue_len
[  134.742110][T12225] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  134.753238][T12237] loop7: detected capacity change from 0 to 512
[  134.769810][   T29] kauditd_printk_skb: 268 callbacks suppressed
[  134.769827][   T29] audit: type=1400 audit(134.753:3431): avc:  denied  { mounton } for  pid=12236 comm="syz.7.2759" path="/346/bus" dev="tmpfs" ino=1799 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  134.798517][T12237] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  134.822672][T12237] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.842427][   T29] audit: type=1400 audit(134.823:3432): avc:  denied  { mount } for  pid=12236 comm="syz.7.2759" name="/" dev="loop7" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  134.874796][   T29] audit: type=1400 audit(134.853:3433): avc:  denied  { unmount } for  pid=6752 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  134.876331][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.910372][T12246] sd 0:0:1:0: device reset
[  134.914827][   T29] audit: type=1400 audit(134.893:3434): avc:  denied  { read } for  pid=12245 comm="syz.0.2763" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.937889][   T29] audit: type=1400 audit(134.893:3435): avc:  denied  { open } for  pid=12245 comm="syz.0.2763" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.961526][   T29] audit: type=1400 audit(134.893:3436): avc:  denied  { ioctl } for  pid=12245 comm="syz.0.2763" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  134.986963][   T29] audit: type=1400 audit(134.923:3437): avc:  denied  { cpu } for  pid=12247 comm="syz.7.2762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  135.008123][   T29] audit: type=1400 audit(134.993:3438): avc:  denied  { create } for  pid=12249 comm="syz.0.2764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  135.029599][   T29] audit: type=1400 audit(134.993:3439): avc:  denied  { write } for  pid=12249 comm="syz.0.2764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  135.061766][   T29] audit: type=1400 audit(135.043:3440): avc:  denied  { sqpoll } for  pid=12251 comm="syz.7.2765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  135.360281][ T2958] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  135.372143][ T2958] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  136.153304][T12349] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  136.160564][T12349] IPv6: NLM_F_CREATE should be set when creating new route
[  136.167791][T12349] IPv6: NLM_F_CREATE should be set when creating new route
[  136.177691][T12351] syzkaller1: entered promiscuous mode
[  136.183230][T12351] syzkaller1: entered allmulticast mode
[  136.479290][T12369] netlink: 332 bytes leftover after parsing attributes in process `syz.1.2816'.
[  136.994090][T12434] veth3: entered promiscuous mode
[  137.012098][T12438] bridge0: entered promiscuous mode
[  137.017600][T12438] macvtap1: entered allmulticast mode
[  137.023061][T12438] bridge0: entered allmulticast mode
[  137.029069][T12438] bridge0: port 3(macvtap1) entered blocking state
[  137.035663][T12438] bridge0: port 3(macvtap1) entered disabled state
[  137.043206][T12438] bridge0: left allmulticast mode
[  137.048224][T12438] bridge0: left promiscuous mode
[  137.192892][T12452] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2855'.
[  137.206674][T12452] macsec0: entered allmulticast mode
[  137.212213][T12452] bridge0: entered allmulticast mode
[  137.218661][T12452] bridge0: port 3(macsec0) entered blocking state
[  137.225245][T12452] bridge0: port 3(macsec0) entered disabled state
[  137.232942][T12452] bridge0: left allmulticast mode
[  138.263328][T12501] veth7: entered promiscuous mode
[  138.417913][T12520] syzkaller1: entered promiscuous mode
[  138.423538][T12520] syzkaller1: entered allmulticast mode
[  138.453080][T12527] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2889'.
[  138.494936][T12531] veth5: entered promiscuous mode
[  138.670083][T12554] loop6: detected capacity change from 0 to 512
[  138.677578][T12554] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  138.683143][T12555] syzkaller1: entered promiscuous mode
[  138.692981][T12555] syzkaller1: entered allmulticast mode
[  138.706082][T12554] EXT4-fs (loop6): 1 orphan inode deleted
[  138.711900][T12554] EXT4-fs (loop6): 1 truncate cleaned up
[  138.721495][T12554] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.740390][T12554] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  138.758556][T12554] EXT4-fs (loop6): Remounting filesystem read-only
[  138.783524][T12554] EXT4-fs (loop6): error restoring inline_data for inode -- potential data loss! (inode 12, error -30)
[  138.809753][ T5818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.879375][T12571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2908'.
[  138.892426][T12571] bridge0: entered promiscuous mode
[  138.897700][T12571] macsec0: entered allmulticast mode
[  138.903160][T12571] bridge0: entered allmulticast mode
[  138.910224][T12571] bridge0: port 3(macsec0) entered blocking state
[  138.916699][T12571] bridge0: port 3(macsec0) entered disabled state
[  138.924491][T12571] bridge0: left allmulticast mode
[  138.929619][T12571] bridge0: left promiscuous mode
[  139.057126][T12576] veth3: entered promiscuous mode
[  139.204677][T12586] loop6: detected capacity change from 0 to 2048
[  139.222981][T12586] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.376615][ T5818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.401475][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2922'.
[  139.418894][T12600] bridge0: entered promiscuous mode
[  139.424464][T12600] macsec1: entered allmulticast mode
[  139.429963][T12600] bridge0: entered allmulticast mode
[  139.437257][T12600] bridge0: port 3(macsec1) entered blocking state
[  139.443757][T12600] bridge0: port 3(macsec1) entered disabled state
[  139.456478][T12600] bridge0: left allmulticast mode
[  139.461619][T12600] bridge0: left promiscuous mode
[  139.491994][T12608] veth5: entered promiscuous mode
[  140.354896][T12647] veth9: entered promiscuous mode
[  141.161095][T12657] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2947'.
[  141.187490][T12657] bridge0: entered promiscuous mode
[  141.195237][T12657] macsec0: entered allmulticast mode
[  141.201102][T12657] bridge0: port 3(macsec0) entered blocking state
[  141.207620][T12657] bridge0: port 3(macsec0) entered disabled state
[  141.215248][T12657] bridge0: left promiscuous mode
[  141.246504][T12662] netlink: 'syz.2.2950': attribute type 3 has an invalid length.
[  141.288057][   T29] kauditd_printk_skb: 251 callbacks suppressed
[  141.288073][   T29] audit: type=1400 audit(141.263:3692): avc:  denied  { read } for  pid=12663 comm="syz.2.2951" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  141.288267][T12664] sd 0:0:1:0: device reset
[  141.302894][   T29] audit: type=1326 audit(141.283:3693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12665 comm="syz.0.2952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.346264][   T29] audit: type=1326 audit(141.323:3694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12665 comm="syz.0.2952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.369267][   T29] audit: type=1326 audit(141.323:3695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12665 comm="syz.0.2952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.392200][   T29] audit: type=1326 audit(141.323:3696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12665 comm="syz.0.2952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.484715][   T29] audit: type=1400 audit(141.423:3697): avc:  denied  { write } for  pid=12668 comm="syz.1.2954" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  141.507924][   T29] audit: type=1326 audit(141.453:3698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12671 comm="syz.0.2955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.530846][   T29] audit: type=1326 audit(141.453:3699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12671 comm="syz.0.2955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.553705][   T29] audit: type=1326 audit(141.453:3700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12671 comm="syz.0.2955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.576623][   T29] audit: type=1326 audit(141.453:3701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12671 comm="syz.0.2955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  141.624387][T12683] netlink: 'syz.6.2959': attribute type 1 has an invalid length.
[  141.637815][T12683] 8021q: adding VLAN 0 to HW filter on device bond3
[  141.677200][T12687] vlan2: entered allmulticast mode
[  141.772658][T12697] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2965'.
[  141.781789][T12697] netlink: 'syz.2.2965': attribute type 20 has an invalid length.
[  141.833090][T12705] 
: renamed from bond0
[  141.849865][T12697] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2965'.
[  141.858958][T12697] netlink: 'syz.2.2965': attribute type 20 has an invalid length.
[  141.966445][T12721] vlan2: entered allmulticast mode
[  142.032352][T12729] netdevsim netdevsim6: Direct firmware load for ./file0/file1 failed with error -2
[  142.074991][T12737] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2985'.
[  142.084113][T12737] netlink: 'syz.0.2985': attribute type 20 has an invalid length.
[  142.149545][T12737] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2985'.
[  142.158575][T12737] netlink: 'syz.0.2985': attribute type 20 has an invalid length.
[  142.199526][T12739] Falling back ldisc for ttyS3.
[  142.305507][T12750] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2991'.
[  142.345202][T12752] vlan2: entered allmulticast mode
[  142.501185][T12773] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3001'.
[  142.510227][T12773] netlink: 'syz.1.3001': attribute type 20 has an invalid length.
[  142.549081][T12773] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3001'.
[  142.549079][ T4252] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  142.549234][ T4252] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  142.558124][T12773] netlink: 'syz.1.3001': attribute type 20 has an invalid length.
[  142.575526][ T4252] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  142.619047][ T4252] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  143.199375][T12802] Falling back ldisc for ttyS3.
[  143.324554][T12806] loop6: detected capacity change from 0 to 1024
[  143.351070][T12806] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.373003][T12806] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  143.407040][ T5818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.527451][T12816] netlink: 'syz.7.3017': attribute type 1 has an invalid length.
[  143.542152][T12816] 8021q: adding VLAN 0 to HW filter on device bond2
[  143.590516][T12826] loop7: detected capacity change from 0 to 512
[  143.598282][T12826] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.3020: iget: bad i_size value: 38620345925642
[  143.611360][T12826] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.3020: couldn't read orphan inode 15 (err -117)
[  143.624606][T12826] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.647719][T12826] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm syz.7.3020: bg 0: block 5: invalid block bitmap
[  143.688679][T12835] loop6: detected capacity change from 0 to 128
[  143.689636][T12826] EXT4-fs (loop7): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28
[  143.707415][T12826] EXT4-fs (loop7): This should not happen!! Data will be lost
[  143.707415][T12826] 
[  143.717434][T12826] EXT4-fs (loop7): Total free blocks count 0
[  143.723519][T12826] EXT4-fs (loop7): Free/Dirty block details
[  143.729450][T12826] EXT4-fs (loop7): free_blocks=0
[  143.734402][T12826] EXT4-fs (loop7): dirty_blocks=64
[  143.739861][T12826] EXT4-fs (loop7): Block reservation details
[  143.746409][T12826] EXT4-fs (loop7): i_reserved_data_blocks=64
[  143.768665][T12839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3025'.
[  143.809259][T12835] loop6: detected capacity change from 128 to 64
[  143.826811][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.854195][T12847] netlink: 'syz.0.3028': attribute type 7 has an invalid length.
[  143.878806][T12849] 8021q: adding VLAN 0 to HW filter on device bond2
[  143.955192][T12862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3037'.
[  143.964205][T12862] Unsupported xt match
[  143.964216][T12862] unable to load match
[  144.132695][T12881] vlan2: entered allmulticast mode
[  144.194018][T12865] chnl_net:caif_netlink_parms(): no params data found
[  144.225530][T12887] netdevsim netdevsim0: Direct firmware load for ./file0/file1 failed with error -2
[  144.315337][T12865] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.323059][T12865] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.337399][T12865] bridge_slave_0: entered allmulticast mode
[  144.344321][T12865] bridge_slave_0: entered promiscuous mode
[  144.357015][T12865] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.364298][T12865] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.384490][T12865] bridge_slave_1: entered allmulticast mode
[  144.391105][T12865] bridge_slave_1: entered promiscuous mode
[  144.399913][ T1701] bridge_slave_1: left allmulticast mode
[  144.405591][ T1701] bridge_slave_1: left promiscuous mode
[  144.411264][ T1701] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.430567][ T1701] bridge_slave_0: left promiscuous mode
[  144.436351][ T1701] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.518653][ T1701] bond1 (unregistering): (slave gretap1): Releasing active interface
[  144.567676][ T1701] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  144.609519][ T1701] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  144.624591][ T1701] 
 (unregistering): Released all slaves
[  144.651736][ T1701] bond1 (unregistering): Released all slaves
[  144.671719][ T1701] bond2 (unregistering): Released all slaves
[  144.689834][ T1701] bond3 (unregistering): Released all slaves
[  144.733401][T12865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  144.764248][T12865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  144.788478][ T1701] hsr_slave_0: left promiscuous mode
[  144.813871][ T1701] hsr_slave_1: left promiscuous mode
[  144.848405][ T1701] batman_adv: batadv0: Removing interface: batadv_slave_0
[  144.862163][ T1701] batman_adv: batadv0: Removing interface: batadv_slave_1
[  144.924373][ T1701] team0 (unregistering): Port device team_slave_1 removed
[  144.938138][ T1701] team0 (unregistering): Port device team_slave_0 removed
[  145.013061][T12865] team0: Port device team_slave_0 added
[  145.032208][T12865] team0: Port device team_slave_1 added
[  145.077426][T12865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.084484][T12865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.110416][T12865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.122066][T12865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.129017][T12865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.154922][T12865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.221718][T12865] hsr_slave_0: entered promiscuous mode
[  145.241453][T12865] hsr_slave_1: entered promiscuous mode
[  145.323679][T12865] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  145.345624][T12865] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  145.357405][ T1701] ------------[ cut here ]------------
[  145.362947][ T1701] WARNING: CPU: 1 PID: 1701 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0
[  145.372668][ T1701] Modules linked in:
[  145.376585][ T1701] CPU: 1 UID: 0 PID: 1701 Comm: kworker/u8:6 Not tainted 6.16.0-syzkaller-11743-g6bcdbd62bd56 #0 PREEMPT(voluntary) 
[  145.388986][ T1701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  145.389397][T12865] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  145.399166][ T1701] Workqueue: netns cleanup_net
[  145.410535][ T1701] RIP: 0010:xfrm_state_fini+0x17c/0x1f0
[  145.416111][ T1701] Code: 48 8d bb 30 0e 00 00 e8 a2 4f bd fc 48 8b bb 30 0e 00 00 e8 06 cf c9 fc 5b 41 5e 41 5f 5d e9 cb 92 b3 00 cc e8 25 92 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 17 92 a2 fc 90 0f 0b 90 4c 89 f7 e8 6b
[  145.435771][ T1701] RSP: 0018:ffffc90001bd7c60 EFLAGS: 00010293
[  145.442121][ T1701] RAX: ffffffff84b5679b RBX: ffff88810c23c740 RCX: ffff888103dce300
[  145.450205][ T1701] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810c23d540
[  145.458278][ T1701] RBP: ffffffff86c8a3e0 R08: 0001ffff86847f7f R09: 0000000000000000
[  145.466450][ T1701] R10: ffffc90001bd7be8 R11: 0001c90001bd7be8 R12: ffffffff86c8a400
[  145.474461][ T1701] R13: ffff88810c23c768 R14: ffff88810c23d540 R15: ffff88810c23c740
[  145.482520][ T1701] FS:  0000000000000000(0000) GS:ffff8882aef47000(0000) knlGS:0000000000000000
[  145.491506][ T1701] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.498116][ T1701] CR2: 00007f6d34b335c0 CR3: 0000000104a72000 CR4: 00000000003506f0
[  145.506154][ T1701] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  145.514223][ T1701] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  145.522299][ T1701] Call Trace:
[  145.525582][ T1701]  <TASK>
[  145.528562][ T1701]  xfrm_net_exit+0x2d/0x60
[  145.533101][ T1701]  ops_undo_list+0x278/0x410
[  145.537699][ T1701]  cleanup_net+0x2de/0x4d0
[  145.542192][ T1701]  process_scheduled_works+0x4ce/0x9d0
[  145.547905][ T1701]  worker_thread+0x582/0x770
[  145.552618][ T1701]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  145.558478][ T1701]  kthread+0x486/0x510
[  145.562728][ T1701]  ? finish_task_switch+0xad/0x2b0
[  145.568030][ T1701]  ? __pfx_worker_thread+0x10/0x10
[  145.573283][ T1701]  ? __pfx_kthread+0x10/0x10
[  145.577942][ T1701]  ret_from_fork+0xda/0x150
[  145.582511][ T1701]  ? __pfx_kthread+0x10/0x10
[  145.587100][ T1701]  ret_from_fork_asm+0x1a/0x30
[  145.591958][ T1701]  </TASK>
[  145.595161][ T1701] ---[ end trace 0000000000000000 ]---
[  145.602923][T12865] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  145.653003][T12865] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.667639][T12865] 8021q: adding VLAN 0 to HW filter on device team0
[  145.679178][ T4252] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.686306][ T4252] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.697528][ T4252] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.704680][ T4252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.723693][T12865] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  145.734219][T12865] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  145.823816][T12865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.970974][T12865] veth0_vlan: entered promiscuous mode
[  145.981992][T12865] veth1_vlan: entered promiscuous mode
[  146.028775][T12865] veth0_macvtap: entered promiscuous mode
[  146.036975][T12865] veth1_macvtap: entered promiscuous mode
[  146.064656][T12865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  146.081789][T12865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  146.095740][ T1752] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.105370][ T1752] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.131234][ T1752] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.151285][ T1752] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.182943][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3040'.
[  146.239045][T13019] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.3089'.
[  146.313473][   T29] kauditd_printk_skb: 103 callbacks suppressed
[  146.313490][   T29] audit: type=1400 audit(146.293:3805): avc:  denied  { mount } for  pid=13027 comm="syz.8.3093" name="/" dev="ramfs" ino=31026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  146.345342][   T29] audit: type=1400 audit(146.323:3806): avc:  denied  { create } for  pid=13027 comm="syz.8.3093" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  146.393302][   T29] audit: type=1400 audit(146.373:3807): avc:  denied  { watch_reads } for  pid=13032 comm="syz.7.3096" path="/405" dev="tmpfs" ino=2096 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  146.459445][T13039] IPVS: stopping master sync thread 13041 ...
[  146.459833][T13041] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  146.466480][T13042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3100'.
[  146.485470][T13042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3100'.
[  146.494486][T13042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3100'.
[  146.519198][   T29] audit: type=1400 audit(146.493:3808): avc:  denied  { setopt } for  pid=13043 comm="syz.7.3101" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  146.544902][T13042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3100'.
[  146.553965][T13042] validate_nla: 1 callbacks suppressed
[  146.553989][T13042] netlink: 'syz.2.3100': attribute type 6 has an invalid length.
[  146.589625][   T29] audit: type=1400 audit(146.573:3809): avc:  denied  { mount } for  pid=13049 comm="syz.1.3104" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  146.598310][T13048] loop7: detected capacity change from 0 to 512
[  146.632579][T13048] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  146.659964][   T29] audit: type=1326 audit(146.633:3810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13051 comm="syz.8.3105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  146.669593][T13048] EXT4-fs error (device loop7): ext4_iget_extra_inode:5104: inode #17: comm syz.7.3103: corrupted in-inode xattr: invalid ea_ino
[  146.682892][   T29] audit: type=1326 audit(146.633:3811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13051 comm="syz.8.3105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  146.719189][   T29] audit: type=1326 audit(146.633:3812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13051 comm="syz.8.3105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  146.742161][   T29] audit: type=1326 audit(146.633:3813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13051 comm="syz.8.3105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  146.750572][T13048] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.3103: couldn't read orphan inode 17 (err -117)
[  146.765080][   T29] audit: type=1326 audit(146.633:3814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13051 comm="syz.8.3105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  146.805514][T13048] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.853490][T13059] af_packet: tpacket_rcv: packet too big, clamped from 65232 to 4294967272. macoff=96
[  146.907008][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.955208][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz.7.3111
[  146.985987][T13073] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3125'.
[  146.986898][T13071] netlink: 'syz.7.3111': attribute type 1 has an invalid length.
[  146.995093][T13073] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3125'.
[  147.011768][T13073] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3125'.
[  147.023733][T13073] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3125'.
[  147.032762][T13073] netlink: 'syz.1.3125': attribute type 6 has an invalid length.
[  147.060632][T13080] bond3: (slave bridge2): making interface the new active one
[  147.068779][T13080] bond3: (slave bridge2): Enslaving as an active interface with an up link
[  147.145802][T13091] netlink: 'syz.2.3122': attribute type 3 has an invalid length.
[  147.153632][T13091] netlink: 'syz.2.3122': attribute type 1 has an invalid length.
[  147.164520][T13095] loop8: detected capacity change from 0 to 512
[  147.171642][T13095] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  147.187895][T13095] EXT4-fs error (device loop8): ext4_iget_extra_inode:5104: inode #17: comm syz.8.3124: corrupted in-inode xattr: invalid ea_ino
[  147.204454][T13095] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.3124: couldn't read orphan inode 17 (err -117)
[  147.221738][T13095] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.234092][T13101] hsr_slave_1 (unregistering): left promiscuous mode
[  147.253881][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.333788][T13123] netlink: 'syz.8.3136': attribute type 3 has an invalid length.
[  147.341680][T13123] netlink: 'syz.8.3136': attribute type 1 has an invalid length.
[  147.452058][T13142] hsr_slave_1 (unregistering): left promiscuous mode
[  147.534204][T13155] loop8: detected capacity change from 0 to 1024
[  147.552360][T13155] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.603447][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.697224][T13184] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  147.708393][T13183] IPVS: stopping master sync thread 13184 ...
[  147.746458][T13186] hsr_slave_1 (unregistering): left promiscuous mode
[  148.144070][T13235] batman_adv: batadv0: Removing interface: batadv_slave_0
[  148.151909][T13235] batman_adv: batadv0: Removing interface: batadv_slave_1
[  149.156622][T13287] syzkaller0: entered promiscuous mode
[  149.162258][T13287] syzkaller0: entered allmulticast mode
[  149.277127][T13305] IPVS: Unknown mcast interface: vcan0
[  149.585829][T13355] hsr_slave_1 (unregistering): left promiscuous mode
[  149.780387][T13385] sd 0:0:1:0: device reset
[  149.802999][T13387] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO
[  150.067575][T13426] loop8: detected capacity change from 0 to 1024
[  150.075219][T13426] EXT4-fs (loop8): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  150.075247][T13426] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  150.076037][T13426] JBD2: no valid journal superblock found
[  150.076046][T13426] EXT4-fs (loop8): Could not load journal inode
[  150.099249][T13426] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  150.277100][T13451] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.289770][T13451] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.341921][T13456] vlan2: entered allmulticast mode
[  150.964571][T13537] vlan2: entered allmulticast mode
[  151.049454][T13545] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  151.156309][T13564] netlink: 'syz.7.3345': attribute type 39 has an invalid length.
[  151.432663][T13591] vlan2: entered allmulticast mode
[  151.505163][   T29] kauditd_printk_skb: 269 callbacks suppressed
[  151.505282][   T29] audit: type=1400 audit(151.483:4084): avc:  denied  { bind } for  pid=13599 comm="syz.7.3352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  151.533907][   T29] audit: type=1400 audit(151.513:4085): avc:  denied  { setopt } for  pid=13599 comm="syz.7.3352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  151.609551][   T29] audit: type=1326 audit(151.593:4086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.668643][   T29] audit: type=1326 audit(151.613:4087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.691734][   T29] audit: type=1326 audit(151.613:4088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.714615][   T29] audit: type=1326 audit(151.623:4089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.737501][   T29] audit: type=1326 audit(151.623:4090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.760417][   T29] audit: type=1326 audit(151.623:4091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.783421][   T29] audit: type=1326 audit(151.623:4092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.806286][   T29] audit: type=1326 audit(151.623:4093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13605 comm="syz.8.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d33ddebe9 code=0x7ffc0000
[  151.864435][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.871935][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.879433][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.886977][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.894493][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.901921][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.909375][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.916776][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.924176][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.931594][ T3486] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0
[  151.942395][ T3486] hid-generic 0008:0006:0007.000A: hidraw0: <UNKNOWN> HID v0.0b Device [syz1] on syz1
[  152.121107][T13573] syz.0.3337 (13573) used greatest stack depth: 7528 bytes left
[  152.133132][T13624] __nla_validate_parse: 35 callbacks suppressed
[  152.133216][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.148601][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.178358][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.222820][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.231856][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.249375][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.297807][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.306920][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.334424][T13624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3361'.
[  152.390178][T13658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3376'.
[  152.556918][T13669] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  152.880208][T13697] netlink: 'syz.2.3393': attribute type 6 has an invalid length.
[  152.968565][T13711] loop8: detected capacity change from 0 to 512
[  152.984694][T13711] FAT-fs (loop8): IO charset macturkis@ not found
[  153.001057][T13711] loop8: detected capacity change from 0 to 1024
[  153.017756][T13711] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.033242][T13711] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  153.049435][T13711] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[  153.061833][T13711] EXT4-fs (loop8): This should not happen!! Data will be lost
[  153.061833][T13711] 
[  153.071507][T13711] EXT4-fs (loop8): Total free blocks count 0
[  153.077572][T13711] EXT4-fs (loop8): Free/Dirty block details
[  153.083512][T13711] EXT4-fs (loop8): free_blocks=4293918720
[  153.089305][T13711] EXT4-fs (loop8): dirty_blocks=16
[  153.094408][T13711] EXT4-fs (loop8): Block reservation details
[  153.100447][T13711] EXT4-fs (loop8): i_reserved_data_blocks=1
[  153.124141][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.136109][T13720] netlink: 'syz.2.3403': attribute type 39 has an invalid length.
[  153.260737][T13740] loop7: detected capacity change from 0 to 512
[  153.287585][T13740] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.327447][T13740] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #2: comm syz.7.3413: corrupted inode contents
[  153.358093][T13740] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #2: comm syz.7.3413: mark_inode_dirty error
[  153.379299][T13749] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  153.397942][T13740] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #2: comm syz.7.3413: corrupted inode contents
[  153.487174][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.194603][T13819] netlink: 'syz.2.3446': attribute type 5 has an invalid length.
[  154.315984][T13831] loop8: detected capacity change from 0 to 2048
[  154.340891][T13831] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.385209][T13831] Invalid ELF header magic: != ELF
[  154.422353][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.422931][T13847] netlink: 'syz.1.3458': attribute type 1 has an invalid length.
[  154.568717][T13856] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  154.598543][T13863] netlink: 'syz.8.3464': attribute type 1 has an invalid length.
[  154.618877][T13863] 8021q: adding VLAN 0 to HW filter on device bond1
[  154.712648][T13867] bond1 (unregistering): Released all slaves
[  154.724270][   T10] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  156.590772][T14004] loop7: detected capacity change from 0 to 2048
[  156.632667][T14004] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.699488][T14004] Invalid ELF header magic: != ELF
[  156.743915][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.776997][   T29] kauditd_printk_skb: 116 callbacks suppressed
[  156.777012][   T29] audit: type=1326 audit(156.753:4210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.833310][   T29] audit: type=1326 audit(156.793:4211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.856279][   T29] audit: type=1326 audit(156.793:4212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.879329][   T29] audit: type=1326 audit(156.793:4213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.902255][   T29] audit: type=1326 audit(156.793:4214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.925203][   T29] audit: type=1326 audit(156.793:4215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.948012][   T29] audit: type=1326 audit(156.793:4216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.970871][   T29] audit: type=1326 audit(156.793:4217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  156.993777][   T29] audit: type=1326 audit(156.793:4218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd46625d550 code=0x7ffc0000
[  157.016843][   T29] audit: type=1326 audit(156.793:4219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14029 comm="syz.1.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46625ebe9 code=0x7ffc0000
[  157.044397][T14036] loop8: detected capacity change from 0 to 512
[  157.053614][T14036] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  157.071487][T14045] block device autoloading is deprecated and will be removed.
[  157.074992][T14047] can0: slcan on ttyS3.
[  157.094337][T14036] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.129282][T14047] can0 (unregistered): slcan off ttyS3.
[  157.160512][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.178657][T14052] Invalid ELF header magic: != ELF
[  157.285942][T14070] pim6reg1: entered promiscuous mode
[  157.291439][T14070] pim6reg1: entered allmulticast mode
[  157.300089][T14078] ref_ctr_offset mismatch. inode: 0x9ba offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000
[  157.453201][T14090] Invalid ELF header magic: != ELF
[  157.508137][T14105] Q�6��\b��Y�4��: renamed from lo (while UP)
[  157.596061][T14117] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (15)
[  157.656662][T14118] loop7: detected capacity change from 0 to 8192
[  157.720467][T14118]  loop7: p2 p3 p4
[  157.725262][T14118] loop7: p2 start 2936012800 is beyond EOD, truncated
[  157.732176][T14118] loop7: p3 start 1912602624 is beyond EOD, truncated
[  157.739012][T14118] loop7: p4 size 656640 extends beyond EOD, truncated
[  157.786343][T14131] __nla_validate_parse: 13 callbacks suppressed
[  157.786359][T14131] netlink: 372 bytes leftover after parsing attributes in process `syz.0.3581'.
[  157.980646][T14156] block device autoloading is deprecated and will be removed.
[  158.119988][ T9241] hid_parser_main: 44 callbacks suppressed
[  158.120005][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x4
[  158.133743][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x2
[  158.169650][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.177640][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.185370][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.193065][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.200815][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.208619][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.216336][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.224250][ T9241] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x0
[  158.258660][ T9241] hid-generic 0000:3000000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  158.279759][T14169] vhci_hcd: invalid port number 96
[  158.284895][T14169] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  158.325919][T14175] can0: slcan on ttyS3.
[  158.399623][T14175] can0 (unregistered): slcan off ttyS3.
[  158.429178][T14188] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (15)
[  158.601449][T14202] loop7: detected capacity change from 0 to 512
[  158.638502][T14202] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.721153][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.733239][T14210] loop8: detected capacity change from 0 to 512
[  158.741097][T14210] vfat: Bad value for 'shortname'
[  158.753643][T14212] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3613'.
[  158.844781][T14221] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3618'.
[  158.875486][T14223] pim6reg1: entered promiscuous mode
[  158.880895][T14223] pim6reg1: entered allmulticast mode
[  158.962841][T14231] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3621'.
[  159.128338][T14254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3630'.
[  159.137607][T14152] syz.1.3588 (14152) used greatest stack depth: 6344 bytes left
[  159.250020][T14275] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3641'.
[  159.260755][T14275] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3641'.
[  159.260819][ T4251] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  159.289241][ T4251] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  159.299049][T14267] loop1: detected capacity change from 0 to 8192
[  159.306204][ T4251] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  159.315946][ T4251] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  159.366796][T14267]  loop1: p2 p3 p4
[  159.371632][T14267] loop1: p2 start 2936012800 is beyond EOD, truncated
[  159.378543][T14267] loop1: p3 start 1912602624 is beyond EOD, truncated
[  159.385613][T14267] loop1: p4 size 656640 extends beyond EOD, truncated
[  159.394455][T14283] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3645'.
[  159.496101][T14299] sctp: [Deprecated]: syz.7.3649 (pid 14299) Use of int in max_burst socket option.
[  159.496101][T14299] Use struct sctp_assoc_value instead
[  159.578738][   T10] hid-generic 0000:3000000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  159.659103][T14316] loop8: detected capacity change from 0 to 512
[  159.678039][T14316] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843e028, mo2=0002]
[  159.727690][T14316] System zones: 1-12
[  159.743984][T14316] EXT4-fs error (device loop8): ext4_free_branches:1023: inode #11: comm syz.8.3656: invalid indirect mapped block 8 (level 2)
[  159.793547][T14316] EXT4-fs (loop8): Remounting filesystem read-only
[  159.808429][T14316] EXT4-fs (loop8): 1 truncate cleaned up
[  159.838656][T14316] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.897636][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.011647][T14331] rdma_op ffff888125365180 conn xmit_rdma 0000000000000000
[  160.084998][T14343] loop8: detected capacity change from 0 to 512
[  160.107025][T14343] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.117532][ T6065] hid-generic 0000:3000000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  160.160703][T14343] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #4: comm syz.8.3670: corrupted inode contents
[  160.197390][T14352] netlink: 4300 bytes leftover after parsing attributes in process `syz.2.3673'.
[  160.221611][T14343] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #4: comm syz.8.3670: mark_inode_dirty error
[  160.269497][T14343] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #4: comm syz.8.3670: corrupted inode contents
[  160.284271][T14343] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #4: comm syz.8.3670: mark_inode_dirty error
[  160.298691][T14343] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.3670: Failed to acquire dquot type 1
[  160.310809][T14353] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #4: comm syz.8.3670: corrupted inode contents
[  160.323653][T14353] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #4: comm syz.8.3670: mark_inode_dirty error
[  160.335483][T14353] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #4: comm syz.8.3670: corrupted inode contents
[  160.348268][T14353] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #4: comm syz.8.3670: mark_inode_dirty error
[  160.369752][T14353] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.3670: Failed to acquire dquot type 1
[  160.408997][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.463624][T14371] netlink: 'syz.8.3679': attribute type 1 has an invalid length.
[  160.471519][T14371] netlink: 224 bytes leftover after parsing attributes in process `syz.8.3679'.
[  160.484269][T14373] sg_write: data in/out 64623/116 bytes for SCSI command 0xfc-- guessing data in;
[  160.484269][T14373]    program syz.2.3681 not setting count and/or reply_len properly
[  160.660203][T14406] sg_write: data in/out 64623/116 bytes for SCSI command 0xfc-- guessing data in;
[  160.660203][T14406]    program syz.1.3697 not setting count and/or reply_len properly
[  160.931560][T14440] loop7: detected capacity change from 0 to 128
[  160.981922][T14445] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  161.163029][T14465] netlink: 'syz.1.3733': attribute type 1 has an invalid length.
[  161.269019][T14481] loop7: detected capacity change from 0 to 512
[  161.282925][T14481] EXT4-fs: Ignoring removed mblk_io_submit option
[  161.296135][T14481] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  161.310707][T14481] EXT4-fs (loop7): 1 truncate cleaned up
[  161.318217][T14481] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.417539][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.544379][T14501] bridge0: port 3(batadv0) entered blocking state
[  161.551031][T14501] bridge0: port 3(batadv0) entered disabled state
[  161.570678][T14501] batadv0: entered allmulticast mode
[  161.605357][T14501] batadv0: entered promiscuous mode
[  161.834283][T14525] netlink: 'syz.7.3749': attribute type 1 has an invalid length.
[  161.996566][T14545] netlink: 'syz.0.3758': attribute type 1 has an invalid length.
[  162.008331][   T29] kauditd_printk_skb: 162 callbacks suppressed
[  162.008347][   T29] audit: type=1326 audit(161.993:4377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.2.3768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  162.039413][ T4301] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  162.048841][ T4301] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  162.058457][   T29] audit: type=1326 audit(162.033:4378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.2.3768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  162.081522][   T29] audit: type=1326 audit(162.033:4379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.2.3768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  162.104429][   T29] audit: type=1326 audit(162.033:4380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.2.3768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459c08ebe9 code=0x7ffc0000
[  162.127431][   T29] audit: type=1326 audit(162.033:4381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.2.3768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f459c08d84a code=0x7ffc0000
[  162.150182][   T29] audit: type=1326 audit(162.033:4382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.2.3768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f459c0c14a5 code=0x7ffc0000
[  162.173492][   T29] audit: type=1326 audit(162.133:4383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14548 comm="syz.0.3760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  162.196469][   T29] audit: type=1326 audit(162.133:4384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14548 comm="syz.0.3760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  162.219668][   T29] audit: type=1326 audit(162.133:4385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14548 comm="syz.0.3760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  162.242632][   T29] audit: type=1326 audit(162.133:4386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14548 comm="syz.0.3760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282980ebe9 code=0x7ffc0000
[  163.151946][T14621] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  163.627736][T14641] bridge0: port 3(batadv1) entered blocking state
[  163.634568][T14641] bridge0: port 3(batadv1) entered disabled state
[  163.642381][T14641] batadv1: entered allmulticast mode
[  163.648334][T14641] batadv1: entered promiscuous mode
[  163.654127][T14647] all: renamed from bridge_slave_0
[  163.813229][T14674] netlink: 'syz.7.3818': attribute type 2 has an invalid length.
[  163.821075][T14674] __nla_validate_parse: 7 callbacks suppressed
[  163.821088][T14674] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3818'.
[  163.864349][T14684] all: renamed from bridge_slave_0 (while UP)
[  163.885735][T14682] netlink: 'syz.0.3821': attribute type 298 has an invalid length.
[  163.903996][T14691] loop7: detected capacity change from 0 to 512
[  163.916687][T14691] EXT4-fs error (device loop7): ext4_iget_extra_inode:5104: inode #15: comm syz.7.3825: corrupted in-inode xattr: e_value size too large
[  163.932482][T14691] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.3825: couldn't read orphan inode 15 (err -117)
[  163.954514][T14691] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.979201][T14691] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #2: block 12: comm syz.7.3825: lblock 3 mapped to illegal pblock 12 (length 1)
[  164.040455][ T6752] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.131261][ T4301] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  164.140647][ T4301] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  164.338604][T14722] all: renamed from bridge_slave_0
[  164.798953][T14758] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3855'.
[  164.967769][T14777] loop8: detected capacity change from 0 to 512
[  164.979551][T14777] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  165.000511][T14777] EXT4-fs (loop8): 1 truncate cleaned up
[  165.012034][T14777] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.046689][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.132868][T14797] loop8: detected capacity change from 0 to 1024
[  165.140379][T14797] EXT4-fs: Ignoring removed orlov option
[  165.153623][T14797] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.297322][T14821] netlink: 'syz.7.3882': attribute type 298 has an invalid length.
[  165.358710][T12865] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.392132][T14835] loop1: detected capacity change from 0 to 512
[  165.400199][T14835] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.3896: corrupted in-inode xattr: e_value size too large
[  165.414753][T14835] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.3896: couldn't read orphan inode 15 (err -117)
[  165.427065][T14835] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.447430][T14835] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #2: block 12: comm syz.1.3896: lblock 3 mapped to illegal pblock 12 (length 1)
[  165.478135][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.600515][T14846] netlink: 'syz.8.3892': attribute type 39 has an invalid length.
[  165.781276][T14858] netlink: 'syz.1.3895': attribute type 2 has an invalid length.
[  165.789078][T14858] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3895'.
[  166.216656][T14881] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  166.294533][T14884] veth0_vlan: left promiscuous mode
[  166.300094][T14884] veth0_vlan: entered promiscuous mode
[  166.305634][T14884] veth0_vlan: entered allmulticast mode
[  166.421639][T14895] netlink: 2036 bytes leftover after parsing attributes in process `syz.7.3913'.
[  166.430890][T14895] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3913'.
[  166.650169][T14913] bond1: entered allmulticast mode
[  166.661702][T14913] 8021q: adding VLAN 0 to HW filter on device bond1
[  166.683342][T14918] netlink: 'syz.1.3924': attribute type 10 has an invalid length.
[  166.691257][T14918] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3924'.
[  166.703384][T14913] bridge0: port 3(bond1) entered blocking state
[  166.709821][T14913] bridge0: port 3(bond1) entered disabled state
[  166.717904][T14913] bond1: entered promiscuous mode
[  166.733780][T14913] bridge0: port 3(bond1) entered blocking state
[  166.740149][T14913] bridge0: port 3(bond1) entered forwarding state
[  166.757045][T14918] dummy0: entered promiscuous mode
[  166.763262][T14918] bond0: (slave dummy0): Releasing backup interface
[  166.789995][T14918] bridge0: port 3(dummy0) entered blocking state
[  166.796452][T14918] bridge0: port 3(dummy0) entered disabled state
[  166.806398][T14918] dummy0: entered allmulticast mode
[  166.892501][T14934] netlink: 'syz.0.3930': attribute type 10 has an invalid length.
[  166.909690][T14936] veth1_to_bond: entered promiscuous mode
[  166.918767][T14936] macsec1: entered promiscuous mode
[  166.924222][T14936] macsec1: entered allmulticast mode
[  166.929579][T14936] veth1_to_bond: entered allmulticast mode
[  166.938586][T14936] veth1_to_bond: left allmulticast mode
[  166.944285][T14936] veth1_to_bond: left promiscuous mode
[  166.969237][T14934] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  167.019789][   T29] kauditd_printk_skb: 159 callbacks suppressed
[  167.019808][   T29] audit: type=1400 audit(167.003:4546): avc:  denied  { create } for  pid=14939 comm="syz.1.3933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  167.048982][   T29] audit: type=1400 audit(167.003:4547): avc:  denied  { ioctl } for  pid=14939 comm="syz.1.3933" path="socket:[38189]" dev="sockfs" ino=38189 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  167.073577][   T29] audit: type=1400 audit(167.003:4548): avc:  denied  { ioctl } for  pid=14939 comm="syz.1.3933" path="socket:[38188]" dev="sockfs" ino=38188 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  167.099040][   T29] audit: type=1400 audit(167.033:4549): avc:  denied  { read write } for  pid=14943 comm="syz.0.3935" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  167.122587][   T29] audit: type=1400 audit(167.033:4550): avc:  denied  { open } for  pid=14943 comm="syz.0.3935" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  167.167917][   T29] audit: type=1400 audit(167.143:4551): avc:  denied  { create } for  pid=14945 comm="syz.0.3936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  167.216978][   T29] audit: type=1400 audit(167.173:4552): avc:  denied  { connect } for  pid=14945 comm="syz.0.3936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  167.236255][   T29] audit: type=1400 audit(167.183:4553): avc:  denied  { create } for  pid=14949 comm="syz.0.3938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  167.245274][T14954] loop7: detected capacity change from 0 to 512
[  167.256476][   T29] audit: type=1400 audit(167.183:4554): avc:  denied  { mounton } for  pid=14947 comm="syz.2.3937" path="/782/file0" dev="tmpfs" ino=4048 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  167.284781][   T29] audit: type=1400 audit(167.183:4555): avc:  denied  { mount } for  pid=14947 comm="syz.2.3937" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  167.319382][ T4301] bridge0: port 3(bond1) entered disabled state
[  167.328731][T14954] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.343483][T14956] netlink: 'syz.2.3941': attribute type 1 has an invalid length.
[  167.351324][T14956] netlink: 198116 bytes leftover after parsing attributes in process `syz.2.3941'.
[  167.399304][T14954] loop7: detected capacity change from 512 to 64
[  167.445401][ T6752] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /584/file0: bad entry in directory: inode out of bounds - offset=0, inode=201326592, rec_len=256, size=2048 fake=0
[  167.484065][T14975] netlink: 'syz.2.3950': attribute type 1 has an invalid length.
[  167.491860][T14975] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3950'.
[  167.506478][T14727] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.520922][T14977] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3951'.
[  167.583205][ T4289] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.659660][T14994] vlan2: entered allmulticast mode
[  167.688155][ T4289] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.700557][T15000] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.751087][ T4289] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.773451][T15000] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.803009][ T4289] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.841132][T15000] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.866109][T14996] chnl_net:caif_netlink_parms(): no params data found
[  167.926802][T14996] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.934018][T14996] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.941625][T14996] bridge_slave_0: entered allmulticast mode
[  167.949458][T14996] bridge_slave_0: entered promiscuous mode
[  167.956645][T15000] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.974028][T14996] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.981164][T14996] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.988546][T14996] bridge_slave_1: entered allmulticast mode
[  167.995320][T14996] bridge_slave_1: entered promiscuous mode
[  168.013501][T15028] veth0_vlan: left promiscuous mode
[  168.018789][T15028] veth0_vlan: entered promiscuous mode
[  168.024304][T15028] veth0_vlan: entered allmulticast mode
[  168.050732][T14996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.063966][T14996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.073349][ T4289] batadv1: left allmulticast mode
[  168.078498][ T4289] batadv1: left promiscuous mode
[  168.083698][ T4289] bridge0: port 3(batadv1) entered disabled state
[  168.090902][ T4289] bridge_slave_1: left allmulticast mode
[  168.096549][ T4289] bridge_slave_1: left promiscuous mode
[  168.102353][ T4289] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.110320][ T4289] bridge_slave_0: left promiscuous mode
[  168.116059][ T4289] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.210649][ T4289] bond3 (unregistering): (slave bridge2): Releasing active interface
[  168.270678][ T4289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  168.281015][ T4289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  168.290187][ T4289] bond0 (unregistering): Released all slaves
[  168.298424][ T4289] bond1 (unregistering): Released all slaves
[  168.306504][ T4289] bond2 (unregistering): Released all slaves
[  168.315232][ T4289] bond3 (unregistering): Released all slaves
[  168.329201][T15032] bond3: entered allmulticast mode
[  168.336567][T15032] 8021q: adding VLAN 0 to HW filter on device bond3
[  168.356391][T15032] bridge0: port 4(bond3) entered blocking state
[  168.362929][T15032] bridge0: port 4(bond3) entered disabled state
[  168.383096][T15032] bond3: entered promiscuous mode
[  168.389252][T15032] bridge0: port 4(bond3) entered blocking state
[  168.395608][T15032] bridge0: port 4(bond3) entered forwarding state
[  168.416913][T14996] team0: Port device team_slave_0 added
[  168.431929][ T4301] bridge0: port 4(bond3) entered disabled state
[  168.445180][ T4289] hsr_slave_0: left promiscuous mode
[  168.456123][ T4289] batman_adv: batadv0: Removing interface: batadv_slave_0
[  168.473233][ T4289] batman_adv: batadv0: Removing interface: batadv_slave_1
[  168.524505][ T4289] team0 (unregistering): Port device team_slave_1 removed
[  168.536118][ T4289] team0 (unregistering): Port device team_slave_0 removed
[  168.568040][T14996] team0: Port device team_slave_1 added
[  168.585382][T15055] veth0_vlan: entered allmulticast mode
[  168.610646][ T4284] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  168.640966][T14996] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.648016][T14996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.674087][T14996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.709387][ T4284] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  168.717742][ T4284] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  168.727675][ T4284] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  168.736972][T14996] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.743965][T14996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.769895][T14996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.812489][T14996] hsr_slave_0: entered promiscuous mode
[  168.825060][T14996] hsr_slave_1: entered promiscuous mode
[  168.833007][T14996] debugfs: 'hsr0' already exists in 'hsr'
[  168.838755][T14996] Cannot create hsr debugfs directory
[  168.862220][T15072] vlan2: entered allmulticast mode
[  168.950181][T15083] veth0_vlan: entered allmulticast mode
[  168.988340][ T4289] ------------[ cut here ]------------
[  168.993945][ T4289] WARNING: CPU: 0 PID: 4289 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0
[  169.003747][ T4289] Modules linked in:
[  169.007653][ T4289] CPU: 0 UID: 0 PID: 4289 Comm: kworker/u8:61 Tainted: G        W           6.16.0-syzkaller-11743-g6bcdbd62bd56 #0 PREEMPT(voluntary) 
[  169.021749][ T4289] Tainted: [W]=WARN
[  169.025568][ T4289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  169.035657][ T4289] Workqueue: netns cleanup_net
[  169.040505][ T4289] RIP: 0010:xfrm_state_fini+0x17c/0x1f0
[  169.046079][ T4289] Code: 48 8d bb 30 0e 00 00 e8 a2 4f bd fc 48 8b bb 30 0e 00 00 e8 06 cf c9 fc 5b 41 5e 41 5f 5d e9 cb 92 b3 00 cc e8 25 92 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 17 92 a2 fc 90 0f 0b 90 4c 89 f7 e8 6b
[  169.065791][ T4289] RSP: 0018:ffffc9001020bc60 EFLAGS: 00010293
[  169.072021][ T4289] RAX: ffffffff84b5679b RBX: ffff88810c23df00 RCX: ffff88811aae5280
[  169.080081][ T4289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810c23ed00
[  169.088060][ T4289] RBP: ffffffff86c8a3e0 R08: 0001ffff86847f7f R09: 0000000000000000
[  169.096069][ T4289] R10: ffffc9001020bbe8 R11: 0001c9001020bbe8 R12: ffffffff86c8a400
[  169.104344][ T4289] R13: ffff88810c23df28 R14: ffff88810c23ed00 R15: ffff88810c23df00
[  169.112495][ T4289] FS:  0000000000000000(0000) GS:ffff8882aee47000(0000) knlGS:0000000000000000
[  169.121574][ T4289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  169.128174][ T4289] CR2: 00007ffde768cda8 CR3: 00000001034e2000 CR4: 00000000003506f0
[  169.136208][ T4289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  169.144219][ T4289] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  169.148170][T14996] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  169.152204][ T4289] Call Trace:
[  169.152212][ T4289]  <TASK>
[  169.152220][ T4289]  xfrm_net_exit+0x2d/0x60
[  169.169695][ T4289]  ops_undo_list+0x278/0x410
[  169.174279][ T4289]  cleanup_net+0x2de/0x4d0
[  169.178789][ T4289]  process_scheduled_works+0x4ce/0x9d0
[  169.184270][ T4289]  worker_thread+0x582/0x770
[  169.188856][ T4289]  kthread+0x486/0x510
[  169.192986][ T4289]  ? finish_task_switch+0xad/0x2b0
[  169.198198][ T4289]  ? __pfx_worker_thread+0x10/0x10
[  169.203419][ T4289]  ? __pfx_kthread+0x10/0x10
[  169.208013][ T4289]  ret_from_fork+0xda/0x150
[  169.212552][ T4289]  ? __pfx_kthread+0x10/0x10
[  169.217204][ T4289]  ret_from_fork_asm+0x1a/0x30
[  169.222149][ T4289]  </TASK>
[  169.225159][ T4289] ---[ end trace 0000000000000000 ]---
[  169.234659][T14996] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  169.244080][T15093] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  169.253919][T15093] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.266568][T14996] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  169.280656][T14996] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  169.294716][T15093] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  169.304585][T15093] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.351281][T15093] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  169.361162][T15093] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.414101][T14996] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.429334][T14996] 8021q: adding VLAN 0 to HW filter on device team0
[  169.438821][ T4256] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.445984][ T4256] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.457584][ T4262] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.464702][ T4262] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.481026][T15093] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  169.490880][T15093] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.508092][T14996] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  169.518483][T14996] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  169.591135][ T4262] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  169.599365][ T4262] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  169.684391][T14996] 8021q: adding VLAN 0 to HW filter on device batadv0
[  169.706381][ T4262] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  169.714632][ T4262] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.723220][ T4301] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  169.731499][ T4301] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.764783][ T4301] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  169.773223][ T4301] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.806872][T15128] vlan2: entered allmulticast mode
[  169.943088][T14996] veth0_vlan: entered promiscuous mode
[  169.961155][T15151] tipc: Started in network mode
[  169.966056][T15151] tipc: Node identity ac14140f, cluster identity 4711
[  169.975270][T15151] tipc: New replicast peer: 255.255.255.255
[  169.981571][T15151] tipc: Enabled bearer <udp:syz2>, priority 10
[  169.989334][T14996] veth1_vlan: entered promiscuous mode
[  170.020664][T15152] netlink: 340 bytes leftover after parsing attributes in process `syz.8.4007'.
[  170.039384][T14996] veth0_macvtap: entered promiscuous mode
[  170.065332][T14996] veth1_macvtap: entered promiscuous mode
[  170.087040][T14996] batman_adv: batadv0: Interface activated: batadv_slave_0
[  170.117941][T14996] batman_adv: batadv0: Interface activated: batadv_slave_1
[  170.131890][ T4301] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.141933][ T4301] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.168609][ T4301] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.187330][ T4301] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.414149][T15177] tipc: New replicast peer: 255.255.255.255
[  170.420472][T15177] tipc: Enabled bearer <udp:syz2>, priority 10
[  170.427661][T15177] netlink: 340 bytes leftover after parsing attributes in process `syz.0.4020'.
[  170.560905][T15188] netlink: 'syz.2.4026': attribute type 39 has an invalid length.
[  170.647304][ T4262] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  170.730962][ T4262] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  170.801843][ T4262] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  170.842911][T15193] chnl_net:caif_netlink_parms(): no params data found
[  170.863984][ T4262] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  170.908017][T15193] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.915254][T15193] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.925077][T15193] bridge_slave_0: entered allmulticast mode
[  170.932044][T15193] bridge_slave_0: entered promiscuous mode
[  170.939222][T15193] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.946364][T15193] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.953852][T15193] bridge_slave_1: entered allmulticast mode
[  170.962067][T15193] bridge_slave_1: entered promiscuous mode
[  170.979178][ T9241] tipc: Node number set to 2886997007
[  170.994459][T15193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.012416][T15193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.032578][T15222] loop1: detected capacity change from 0 to 1024
[  171.041251][T15222] EXT4-fs: Ignoring removed orlov option
[  171.057510][T15193] team0: Port device team_slave_0 added
[  171.064531][T15222] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.067532][T15193] team0: Port device team_slave_1 added
[  171.105276][T15193] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.112319][T15193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.138278][T15193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.150600][ T4262] bond3: left promiscuous mode
[  171.155525][ T4262] bridge0: port 4(bond3) entered disabled state
[  171.183832][ T4262] batadv0: left allmulticast mode
[  171.188893][ T4262] batadv0: left promiscuous mode
[  171.194064][ T4262] bridge0: port 3(batadv0) entered disabled state
[  171.201893][T15228] ==================================================================
[  171.209986][T15228] BUG: KCSAN: data-race in filemap_read / filemap_read
[  171.216828][T15228] 
[  171.219141][T15228] read to 0xffff8881048bb468 of 8 bytes by task 15222 on cpu 0:
[  171.226760][T15228]  filemap_read+0x6f/0xa00
[  171.231165][T15228]  generic_file_read_iter+0x79/0x330
[  171.236471][T15228]  ext4_file_read_iter+0x1cc/0x290
[  171.241598][T15228]  copy_splice_read+0x3c1/0x5f0
[  171.246449][T15228]  splice_direct_to_actor+0x290/0x680
[  171.251807][T15228]  do_splice_direct+0xda/0x150
[  171.256561][T15228]  do_sendfile+0x380/0x650
[  171.260976][T15228]  __x64_sys_sendfile64+0x105/0x150
[  171.266174][T15228]  x64_sys_call+0x2bb0/0x2ff0
[  171.270845][T15228]  do_syscall_64+0xd2/0x200
[  171.275343][T15228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.281231][T15228] 
[  171.283542][T15228] write to 0xffff8881048bb468 of 8 bytes by task 15228 on cpu 1:
[  171.291247][T15228]  filemap_read+0x974/0xa00
[  171.295740][T15228]  generic_file_read_iter+0x79/0x330
[  171.301018][T15228]  ext4_file_read_iter+0x1cc/0x290
[  171.306131][T15228]  copy_splice_read+0x3c1/0x5f0
[  171.310986][T15228]  splice_direct_to_actor+0x290/0x680
[  171.316349][T15228]  do_splice_direct+0xda/0x150
[  171.321127][T15228]  do_sendfile+0x380/0x650
[  171.325541][T15228]  __x64_sys_sendfile64+0x105/0x150
[  171.330821][T15228]  x64_sys_call+0x2bb0/0x2ff0
[  171.335509][T15228]  do_syscall_64+0xd2/0x200
[  171.340004][T15228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.345890][T15228] 
[  171.348200][T15228] value changed: 0x0000000000000170 -> 0x0000000000000171
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  171.355301][T15228] 
[  171.357614][T15228] Reported by Kernel Concurrency Sanitizer on:
[  171.363751][T15228] CPU: 1 UID: 0 PID: 15228 Comm: syz.1.4037 Tainted: G        W           6.16.0-syzkaller-11743-g6bcdbd62bd56 #0 PREEMPT(voluntary) 
[  171.377460][T15228] Tainted: [W]=WARN
[  171.381252][T15228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  171.391293][T15228] ==================================================================
[  171.406138][ T4262] bridge_slave_1: left allmulticast mode
[  171.411899][ T4262] bridge_slave_1: left promiscuous mode
[  171.417560][ T4262] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.532431][ T4262] bridge_slave_0: left promiscuous mode
[  171.538248][ T4262] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.582130][ T4262] bond1 (unregistering): (slave gretap1): Releasing active interface
[  171.597182][ T4262] bridge0 (unregistering): left allmulticast mode
[  171.640902][ T4262] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  171.650590][ T4262] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  171.659655][ T4262] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  171.668323][ T4262] bond0 (unregistering): Released all slaves
[  171.676045][ T4262] bond1 (unregistering): Released all slaves
[  171.683825][ T4262] bond2 (unregistering): Released all slaves
[  171.692194][ T4262] bond3 (unregistering): Released all slaves
[  171.700493][T15193] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.707479][T15193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.733656][T15193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.793181][T15230] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.807115][ T4262] tipc: Disabling bearer <udp:syz0>
[  171.813144][ T4262] tipc: Disabling bearer <udp:syz2>
[  171.818337][ T4262] tipc: Left network mode
[  171.825209][ T4262] hsr_slave_0: left promiscuous mode
[  171.837297][ T4262] pim6reg (unregistering): left allmulticast mode
[  171.858965][ T4262] team0 (unregistering): Port device team_slave_1 removed
[  171.868696][ T4262] team0 (unregistering): Port device team_slave_0 removed
[  171.902364][T15230] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.991687][T15230] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.062287][T15230] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.145162][ T4256] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.156092][ T4256] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  172.167275][ T4256] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  172.178239][ T4301] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  172.262535][ T4262] IPVS: stop unused estimator thread 0...
[  172.274551][ T4262] ------------[ cut here ]------------
[  172.280046][ T4262] WARNING: CPU: 0 PID: 4262 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0
[  172.289724][ T4262] Modules linked in:
[  172.293614][ T4262] CPU: 0 UID: 0 PID: 4262 Comm: kworker/u8:34 Tainted: G        W           6.16.0-syzkaller-11743-g6bcdbd62bd56 #0 PREEMPT(voluntary) 
[  172.307516][ T4262] Tainted: [W]=WARN
[  172.311314][ T4262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  172.321377][ T4262] Workqueue: netns cleanup_net
[  172.326169][ T4262] RIP: 0010:xfrm_state_fini+0x17c/0x1f0
[  172.331763][ T4262] Code: 48 8d bb 30 0e 00 00 e8 a2 4f bd fc 48 8b bb 30 0e 00 00 e8 06 cf c9 fc 5b 41 5e 41 5f 5d e9 cb 92 b3 00 cc e8 25 92 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 17 92 a2 fc 90 0f 0b 90 4c 89 f7 e8 6b
[  172.351476][ T4262] RSP: 0018:ffffc9001013bc60 EFLAGS: 00010293
[  172.357536][ T4262] RAX: ffffffff84b5679b RBX: ffff8881091017c0 RCX: ffff888104321080
[  172.365511][ T4262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881091025c0
[  172.373552][ T4262] RBP: ffffffff86c8a3e0 R08: 0001ffff86847f7f R09: 0000000000000000
[  172.381520][ T4262] R10: ffffc9001013bbe8 R11: 0001c9001013bbe8 R12: ffffffff86c8a400
[  172.389538][ T4262] R13: ffff8881091017e8 R14: ffff8881091025c0 R15: ffff8881091017c0
[  172.397563][ T4262] FS:  0000000000000000(0000) GS:ffff8882aee47000(0000) knlGS:0000000000000000
[  172.406489][ T4262] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  172.413088][ T4262] CR2: 0000001b32719ff8 CR3: 0000000006834000 CR4: 00000000003506f0
[  172.421071][ T4262] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  172.429058][ T4262] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  172.437051][ T4262] Call Trace:
[  172.440439][ T4262]  <TASK>
[  172.443456][ T4262]  xfrm_net_exit+0x2d/0x60
[  172.447855][ T4262]  ops_undo_list+0x278/0x410
[  172.452668][ T4262]  cleanup_net+0x2de/0x4d0
[  172.457075][ T4262]  process_scheduled_works+0x4ce/0x9d0
[  172.462695][ T4262]  worker_thread+0x582/0x770
[  172.467295][ T4262]  kthread+0x486/0x510
[  172.471405][ T4262]  ? finish_task_switch+0xad/0x2b0
[  172.476541][ T4262]  ? __pfx_worker_thread+0x10/0x10
[  172.481680][ T4262]  ? __pfx_kthread+0x10/0x10
[  172.486461][ T4262]  ret_from_fork+0xda/0x150
[  172.491002][ T4262]  ? __pfx_kthread+0x10/0x10
[  172.495579][ T4262]  ret_from_fork_asm+0x1a/0x30
[  172.500349][ T4262]  </TASK>
[  172.503347][ T4262] ---[ end trace 0000000000000000 ]---
[  172.722242][ T4262] bridge_slave_1: left allmulticast mode
[  172.727972][ T4262] bridge_slave_1: left promiscuous mode
[  172.733686][ T4262] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.741391][ T4262] bridge_slave_0: left allmulticast mode
[  172.747016][ T4262] bridge_slave_0: left promiscuous mode
[  172.752743][ T4262] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.760730][ T4262] bridge_slave_1: left allmulticast mode
[  172.766358][ T4262] bridge_slave_1: left promiscuous mode
[  172.772170][ T4262] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.780987][ T4262] bridge_slave_0: left allmulticast mode
[  172.786642][ T4262] bridge_slave_0: left promiscuous mode
[  172.792574][ T4262] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.817203][ T4262] bond1 (unregistering): (slave gretap1): Releasing active interface
[  172.890820][ T4262] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.900067][ T4262] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.908965][ T4262] bond0 (unregistering): Released all slaves
[  172.917374][ T4262] bond1 (unregistering): Released all slaves
[  172.980985][ T4262] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.990506][ T4262] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.000316][ T4262] bond0 (unregistering): Released all slaves
[  173.062037][ T4262] tipc: Disabling bearer <udp:syz0>
[  173.067279][ T4262] tipc: Left network mode
[  173.074131][ T4262] hsr_slave_0: left promiscuous mode
[  173.080208][ T4262] hsr_slave_1: left promiscuous mode
[  173.085783][ T4262] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.093283][ T4262] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.100846][ T4262] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.108327][ T4262] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.136868][ T4262] team0 (unregistering): Port device team_slave_1 removed
[  173.146126][ T4262] team0 (unregistering): Port device team_slave_0 removed
[  173.175087][ T4262] team0 (unregistering): Port device team_slave_1 removed
[  173.184594][ T4262] team0 (unregistering): Port device team_slave_0 removed
[  173.521956][T15221] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.621840][ T4262] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.701460][ T4262] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.751399][ T4262] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.821950][ T4262] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.891458][ T4262] bridge_slave_1: left allmulticast mode
[  173.897133][ T4262] bridge_slave_1: left promiscuous mode
[  173.902797][ T4262] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.910719][ T4262] bridge_slave_0: left allmulticast mode
[  173.916448][ T4262] bridge_slave_0: left promiscuous mode
[  173.922148][ T4262] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.001154][ T4262] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.010800][ T4262] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.020189][ T4262] bond0 (unregistering): Released all slaves
[  174.062449][ T4262] hsr_slave_0: left promiscuous mode
[  174.068118][ T4262] hsr_slave_1: left promiscuous mode
[  174.073867][ T4262] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.081326][ T4262] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.088805][ T4262] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.096233][ T4262] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.106307][ T4262] veth1_macvtap: left promiscuous mode
[  174.111851][ T4262] veth0_macvtap: left promiscuous mode
[  174.117416][ T4262] veth1_vlan: left promiscuous mode
[  174.122822][ T4262] veth0_vlan: left promiscuous mode
[  174.174243][ T4262] team0 (unregistering): Port device team_slave_1 removed
[  174.185144][ T4262] team0 (unregistering): Port device team_slave_0 removed