last executing test programs:

16.215447448s ago: executing program 0 (id=238):
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000054850000000400000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
lsetxattr(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000080)=@known='trusted.overlay.nlink\x00', 0x0, 0x0, 0x2)

16.190848398s ago: executing program 0 (id=239):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000300)={'gre0\x00', &(0x7f00000006c0)={'syztnl0\x00', <r1=>0x0, 0x7, 0x7800, 0x1a8, 0x7, {{0x1c, 0x4, 0x0, 0x7, 0x70, 0x65, 0x0, 0x2, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0xf}, @empty, {[@cipso={0x86, 0x10, 0x2, [{0x1, 0x4, "a231"}, {0x2, 0x6, "a21fceb6"}]}, @timestamp_addr={0x44, 0x14, 0x52, 0x1, 0x3, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}]}, @timestamp_prespec={0x44, 0x24, 0x9, 0x3, 0x4, [{@empty}, {@local, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@private=0xa010100, 0xffffffff}]}, @rr={0x7, 0xb, 0x5c, [@private=0xa010101, @dev={0xac, 0x14, 0x14, 0x39}]}, @generic={0x7, 0x6, "f8305556"}]}}}}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r1, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xd8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0)
r11 = perf_event_open(&(0x7f0000000e00)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8a5d0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x5, 0x0, 0x1, 0x6, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3000003, 0x13, r11, 0x0)
epoll_create1(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r12 = socket(0x10, 0x3, 0x0)
connect$netlink(r12, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)

16.04198109s ago: executing program 0 (id=242):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain)
keyctl$restrict_keyring(0x1d, r2, 0x0, 0x0)

15.842573523s ago: executing program 0 (id=243):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000100), 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0xfffffd26)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
syz_open_dev$usbfs(&(0x7f0000000280), 0x5, 0x40200)
r2 = timerfd_create(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8031, 0xffffffffffffffff, 0x40ead000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x401}]}}}, {0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r4 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r4, 0x0, 0xfffffffffffffe40, 0x44001, &(0x7f0000000080)={0xa, 0x4e20, 0x800000, @empty, 0x9}, 0x1c)
semget$private(0x0, 0x3, 0x0)
syz_clone(0x900a000, 0x0, 0x0, 0x0, 0x0, 0x0)
timerfd_settime(r2, 0x3, &(0x7f0000000140), 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff})
ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000100)=0x1)
timerfd_settime(r2, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x8000, 0x0, 0x0, 0xfffffffd}, {}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x2, 0x1, 0x0, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0xffffffff}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x9}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {0xffffffff}, {}, {}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x80}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x6, 0x1, 0x8510}, {0xffff}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1, 0x400}, {}, {0x5}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x0, 0x0, 0x200}, {}, {}, {0x5}, {}, {}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {0x2}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {0x0, 0xfffffffe}, {0x0, 0xcc, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x40000000}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7fff800}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {}, {}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000500)={0x0, 0x52, 0x0, 0x0, 0x0, 0xfffffffc})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x100)

15.027211606s ago: executing program 0 (id=255):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x183081, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="8fedcb5d070811960000000186dd6372ce22667f2c"], 0x280)
r6 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x6004, 0x40000000, 0x5, 0x4, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r9=>r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r7}, &(0x7f0000000180), &(0x7f00000001c0)=r6}, 0x20)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r11}, 0x10)
r12 = socket(0x10, 0x3, 0x0)
r13 = socket(0x10, 0x803, 0x0)
r14 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000340)={'tunl0\x00', <r15=>0x0})
sendmsg$nl_route_sched(r14, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r15, {}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0xfffffff7}]}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001"], 0x64}}, 0x0)
sendmsg$kcm(r12, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4040095}, 0x8010)
sendmmsg(r12, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r16 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r16, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372"], 0xfc}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="c019fe8b321a76feff02adfb1e38072b95c69d208f90190268e4429c", @ANYRES16=r0, @ANYRESHEX=r6, @ANYRES16=r10, @ANYRESHEX=r9, @ANYRESOCT=r4, @ANYRES8=r2, @ANYRES64=r5, @ANYRESOCT=r8, @ANYRESDEC=r16, @ANYRESOCT, @ANYRESOCT=r5], 0x60}}, 0x20004000)

14.421485924s ago: executing program 0 (id=265):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain)
keyctl$restrict_keyring(0x1d, r1, 0x0, 0x0)

14.369938695s ago: executing program 32 (id=265):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain)
keyctl$restrict_keyring(0x1d, r1, 0x0, 0x0)

2.143250258s ago: executing program 5 (id=477):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
syz_io_uring_setup(0x2cdb, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r3=>0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x1a, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
mount$9p_unix(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000280), 0x808008, &(0x7f00000004c0)=ANY=[@ANYBLOB='trqyans=unix'])
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x18)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000680)=0x2)
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
clock_nanosleep(0xfffffff2, 0xca9a3b, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000200000020a00000100000009500007b00000000850000001300000095"], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x92, &(0x7f0000000240)=""/146}, 0x94)
r6 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
fcntl$setsig(r6, 0xa, 0x13)
fcntl$setlease(r6, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000500)='./file0\x00', 0x62000)

1.654746315s ago: executing program 4 (id=485):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x49, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket(0x10, 0x80003, 0x0)
syz_usb_connect$uac1(0x5, 0x71, &(0x7f0000000240)=ANY=[], 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040)

1.496587228s ago: executing program 3 (id=491):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000018001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1900000004000000080000000600000000000000", @ANYRES32, @ANYBLOB="08000000000000df1247684842d5581e00001b0000000000000000", @ANYRES32=0x0, @ANYRES32], 0x50)

1.456818788s ago: executing program 3 (id=493):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000580)={0x0, &(0x7f00000000c0)})
tkill(0x0, 0x7)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYRESDEC=r0, @ANYRESHEX=r1, @ANYRESHEX=r1, @ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x2}, 0x18)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=@newchain={0x44, 0x64, 0x2, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x3, 0xfff2}, {0xffe0, 0xe}, {0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MASK={0x8, 0x6, 0x40007}, @TCA_FLOW_MODE={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x34, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r8, {0x3, 0xfff3}, {}, {0xd, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}}, 0x200400d4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x4, &(0x7f0000000780)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x6f}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYRES64=r3, @ANYRES16=r1, @ANYRES8=r6], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r9}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
msgsnd(0x0, 0x0, 0x2000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000940)=ANY=[@ANYRES8=r2, @ANYRES32=r2, @ANYBLOB="0000000000000000b7082260d42db33ce9c24375b7d650dd00000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001608000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r11 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
fcntl$lock(r11, 0x26, &(0x7f0000000000)={0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000280)=ANY=[], 0x0, 0x77abd6b4}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r10}, &(0x7f00000003c0), &(0x7f00000001c0)}, 0x20)

1.444017908s ago: executing program 2 (id=494):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x6)
r3 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x3], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)

1.430971469s ago: executing program 2 (id=495):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x65, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c0000000000000c548dc7914cb11ad63bf3707164aac031971c4be105eb953f86fbc6b204e076aa7a493e796123bbbd8e3b7e62d8fd097cf21d6d431a069ebc0aefd5fce80cc99fb38c771fa46e2c32a95fe99", 0x0, 0x86, 0x0, 0x19, 0x0, &(0x7f00000001c0)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36e", 0x0}, 0x50)

1.37195609s ago: executing program 2 (id=496):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, 0x0, 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x181)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x100, 0x100, 0x8, [@type_tag={0x5, 0x0, 0x0, 0x12, 0x2}, @enum64={0x9, 0x8, 0x0, 0x13, 0x0, 0x0, [{0x3, 0x9, 0x3}, {0x6, 0x9, 0x100}, {0x6, 0x5, 0x80000001}, {0xf, 0x3, 0x7}, {0x6, 0x9, 0x6}, {0xa, 0x5}, {0x10, 0xe6e}, {0x6, 0x0, 0x9}]}, @enum64={0xe, 0x9, 0x0, 0x13, 0x0, 0x4, [{0xc, 0x2, 0x5}, {0x2, 0x9, 0x9}, {0xf, 0x1, 0x7fffffff}, {0xc, 0x80000000, 0x8000}, {0xe, 0x0, 0xe000}, {0x5, 0x0, 0x800}, {0x5, 0x9, 0x8000}, {0x5, 0x75f, 0x5d3}, {0x10, 0x80000001, 0x4}]}, @var={0x3, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x4f, 0x0, 0x2e, 0x0, 0x61, 0x30]}}, &(0x7f00000001c0)=""/68, 0x120, 0x44, 0x1, 0x4, 0x10000, @value=r0}, 0x28)
pwrite64(r2, &(0x7f0000000400)="a3ca370ff3aefb4757488f9e9da4daf9739f7e82ae39c0d8758e95ab383664c6866e4a0d4056aacff116d166475c4c6fe9d5d895393db0e73e55006f712419c6ef3f16b08c096d40ab22e46835c57e0d38f4164d4f56d9a658f3a212ba903e3adca4dd9fbdff64b2dd3b307d1f54d55ed406555a9f1aee61e927350e238046e4c6d39097f94e0ac756d415b173a229513f9422f552ab55420e58e62b33c2edd911ad54e9eeabe2a6e084ac56f480b09aa36ae6dcd38a43d00f59e18757e0f52a71d9d19dd820ffe439c9ed4f80e1536efe91bc9319da4eaee1c8b1ba36089e9666f1753221cf3bc058f6699cae87d41597", 0xf1, 0x5)

1.370639679s ago: executing program 2 (id=497):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000027c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x7}, {0x10}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40011)
ppoll(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})

1.231627332s ago: executing program 5 (id=500):
r0 = socket(0x2, 0x80805, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000000000008500000084"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
personality(0x619641b6fb4b8591)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000), 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000b00)={0x0, 0x1, "19"}, &(0x7f0000000b40)=0x9)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r3, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r5=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f00000001c0)={r5, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)

1.226614821s ago: executing program 5 (id=501):
socket$inet6(0xa, 0x1, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='mm_page_alloc\x00'}, 0x18)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ipvlan1\x00'})
socket(0x10, 0x803, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r1, 0x2007ffc)
sendfile(r1, r1, 0x0, 0x800000009)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000800000000000000a54000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000028000480240001800b0001006578"], 0x7c}}, 0x200000a4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r5=>0x0})
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r5, 0x0, {0x0, 0x0, 0x4}}, 0x18)
sendmsg$can_j1939(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}, 0x1, 0x0, 0x0, 0x20004044}, 0xee)
sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x101, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r5, {0xa, 0x8}, {0x5, 0xfff3}, {0xfff1, 0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40}, 0xc4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0xfffffffc, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r7}, 0x18)

1.084347344s ago: executing program 4 (id=505):
r0 = socket(0x2, 0x80805, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000000000008500000084"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='cachefiles_ref\x00', r3}, 0x18)
personality(0x619641b6fb4b8591)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000), 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x8)
pipe(&(0x7f0000000480)={<r4=>0xffffffffffffffff})
flock(r4, 0x1)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000b00)={<r5=>0x0, 0x1, "19"}, &(0x7f0000000b40)=0x9)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r6, 0x84, 0x23, &(0x7f0000000280)={r5, 0xa4}, 0x8)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000040))
sendmsg$nl_route(r3, &(0x7f00000003c0)={&(0x7f0000000180), 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000005a00000829bd70000080ffff0008006d8aee0658da96dab501000200000008001f87047654c0f57f3d37d9a9e0c46c0c77f7d8064cb5d2686701f382a9d973ed01a35b0c29c7b8e0c1ded7187dd57aa90f79f4217379b0703cc628c0968074b00e053b41eedec1d99dd777e25dfa13c747cdaf5f3185ef6b41e88b82f943c29933119fe1bbabf9d29403439c46de3ad08b826538849df5fd836b5fbb44d31cdd4a712a081613276665509b4407a378522fbd29a185", @ANYRES32=r4, @ANYBLOB="080001000300000008000300", @ANYRES32, @ANYBLOB="080001000200000008000300", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00'], 0x44}, 0x1, 0x0, 0x0, 0x48004}, 0x0)
setpriority(0x2, 0x0, 0x6)
setsockopt(r7, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x2c04c0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002a00)=@newtfilter={0x8dc, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r11, {0x9, 0x9}, {0x0, 0xe}, {0xc, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0x8b0, 0x2, [@TCA_U32_POLICE={0x848, 0x6, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7fffffff, 0x974, 0x1, 0x8, 0x2cca, 0x6, 0x8, 0x6, 0x9, 0xb61b, 0xc, 0x7, 0x9, 0x4010, 0x0, 0x90e, 0x2, 0x40a9, 0x2, 0x3, 0x81, 0x0, 0x5, 0x8, 0xff, 0xf, 0x7, 0x4, 0xfff, 0x8, 0xfffffffe, 0x9, 0x4, 0x54, 0x7ff, 0xb3b1, 0xfffffff4, 0x1, 0x2, 0x9, 0x8369, 0xffffe470, 0x4, 0x3, 0x4, 0x8, 0x7, 0xffff, 0x5b, 0xe, 0x800, 0xfffffff7, 0x1ff, 0x6, 0x1, 0x602, 0x7, 0x9, 0x1, 0x0, 0x8, 0x6, 0x80, 0x7, 0x1ff, 0x16, 0x4, 0x6, 0x3, 0x1, 0xfffffffa, 0x10001, 0x3, 0x2e5f, 0x9, 0x400, 0x1, 0x0, 0x40, 0x1, 0x40, 0x7ff, 0xda3, 0x3, 0x9, 0xff, 0x1, 0x9, 0x80, 0x8001, 0x7ff, 0x8, 0xfffffffe, 0x0, 0x9, 0x6, 0xfffffffc, 0xdc3e, 0x8, 0xe51c, 0x4, 0x663, 0x400, 0xc0000000, 0x1ff, 0xdb9, 0x7, 0xc000, 0xc1db, 0x3, 0x0, 0x9be4, 0x4, 0x757, 0x5, 0x9, 0x7, 0x9, 0x2, 0xe5, 0x9, 0x6, 0x200, 0x1080000, 0x0, 0x324e, 0x8, 0x3, 0x3, 0xfefff890, 0xb, 0x7f, 0xb75, 0x6, 0x5, 0x87, 0x5, 0xfffffff9, 0xfff, 0x0, 0x0, 0x2, 0x61ea, 0x6, 0x6, 0x53, 0xfffffff9, 0x401, 0x2, 0xfffffffc, 0x1, 0x0, 0x1, 0x9, 0x8000, 0x3ff, 0x8, 0x5, 0x29c, 0x0, 0x1, 0xc76b, 0x101, 0x7, 0x10001, 0x0, 0x80000, 0x6, 0x3, 0x200fff, 0xd2f0, 0x9, 0x1, 0x6661f5b2, 0x5, 0x2, 0xffffffff, 0x5, 0x5, 0x6, 0x8, 0x3, 0x8ef8, 0xe, 0x9, 0x7e7, 0x7ff, 0x0, 0x5a7, 0x7b7, 0x54c4, 0xff, 0x9a6a, 0x9, 0xfffff462, 0x2, 0x5, 0x200, 0x100, 0x7f, 0x2, 0x8000, 0x1, 0x0, 0xf, 0x6, 0x2, 0xc5, 0x5, 0x7, 0xd, 0x1, 0x5, 0x5, 0x8, 0x0, 0x80, 0x5, 0xed, 0xc7, 0x10000, 0x5, 0x0, 0x80, 0x7, 0x7, 0x81, 0x1, 0x9, 0x4, 0x3, 0x8, 0x10000, 0x0, 0x6, 0x7fff, 0xfffff801, 0x40000000, 0xfff, 0xac, 0x2ef3, 0x2, 0xe3, 0xcb, 0x9, 0x1, 0x7ff, 0x1d3d, 0x5, 0x4, 0x7, 0x6, 0x9, 0x6, 0x80, 0x9]}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x9, 0x3, 0x9, 0x1f, 0xc, 0x9, 0x6, 0x81, 0x6, 0x8, 0x8, 0xffff, 0x2, 0x3, 0x80, 0x5, 0x4, 0x3, 0x0, 0xd, 0x4e, 0xdee6, 0x2, 0x9, 0x9, 0x8, 0x675, 0xbfe, 0x1, 0x0, 0x8, 0x0, 0xffff1e9f, 0xffff0000, 0x1, 0x40, 0xa, 0x0, 0x0, 0x101, 0x0, 0x8000, 0x4, 0x17, 0x6, 0x7ff, 0xfffffffb, 0x1ff, 0x10000, 0x3b, 0x9, 0x2131, 0x0, 0x401, 0x9, 0x6, 0xd, 0xfff, 0xfffffffb, 0x8, 0x400, 0xfffffffd, 0x3adca696, 0x0, 0x1, 0xb3, 0xffffffff, 0x9, 0xf6, 0x1, 0x8, 0x2, 0x3, 0x8001, 0x3, 0x3, 0x7, 0x6, 0x0, 0x2, 0xfff, 0x9, 0x8, 0x9, 0x1, 0x10001, 0x2aa, 0x0, 0x8, 0x6, 0x2, 0x800, 0xd, 0x1, 0x6, 0x100000, 0x0, 0x9, 0x2733, 0xb, 0x0, 0x6, 0x9, 0x3, 0xc, 0x6, 0x4, 0x2, 0x9, 0x99, 0xffff9b83, 0x5, 0x4, 0x0, 0x5, 0x8, 0x100, 0x2, 0x4, 0x8, 0x400, 0x0, 0x8, 0x7f, 0x3, 0x2, 0xb, 0x3, 0x9, 0x0, 0x943, 0x2, 0x5, 0x9, 0x7f, 0x4, 0x2, 0xfff, 0x1, 0x3, 0xff, 0x3, 0x4, 0x8e, 0x8, 0x7ff, 0x8, 0x5, 0x3, 0x9, 0x8, 0x6, 0x2, 0x5, 0x7ff, 0x9, 0x7746, 0xffffffff, 0x8001, 0x5, 0x9, 0xff, 0x7, 0x2, 0x200000, 0x1, 0x100, 0x0, 0x4, 0xffffffc0, 0x7fff, 0x8, 0x9, 0x25, 0x571, 0x9, 0x7, 0x9, 0xffffff19, 0x8c0d, 0xf87, 0x5, 0xfffffffa, 0x1, 0x0, 0x7fff, 0x1ff, 0x2, 0x8000, 0x20d, 0x103c4199, 0x9, 0xffffff00, 0x5, 0x81, 0x80, 0x9, 0x9, 0x2, 0x462d, 0x1000, 0x200, 0x9, 0x0, 0x200, 0xf7, 0xfffeffff, 0x2ed, 0x0, 0x2, 0x2, 0x3, 0xc, 0xc88d, 0x7, 0xfffff5ec, 0x5, 0x759d5f22, 0x400004, 0xfa1a, 0x6, 0x5, 0x0, 0x5, 0x40, 0xf, 0x2, 0x18edaf59, 0x3, 0x8000, 0x3, 0x4eb3592a, 0x8, 0x40, 0x1000, 0x11c, 0xf99, 0x80, 0x6, 0x6, 0x401, 0xed, 0x6, 0x10001, 0x2, 0x7, 0x8000, 0x9, 0x9, 0x3, 0x1000, 0x7f, 0x6, 0xb, 0x5]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x8, 0x20000000, 0x4, 0x3, 0x7fff, {0x0, 0x82c614eb2c1442bd, 0x1, 0x445, 0x3, 0xfffffff7}, {0x5, 0x1, 0x6, 0xbb6c, 0x1, 0x3}, 0x3, 0x9, 0x3}}]}, @TCA_U32_SEL={0x64, 0x5, {0x0, 0xf7, 0x5, 0x0, 0x0, 0x0, 0x200, 0xc, [{0x9, 0x2, 0xf2f, 0x24}, {0x72f, 0x1, 0x3, 0x6}, {0x10000000, 0x3, 0x6, 0x4}, {0x8, 0x400000c8, 0x10000, 0x3}, {0x5, 0x3, 0x5, 0x1b}]}}]}}]}, 0x8dc}, 0x1, 0x0, 0x0, 0x80}, 0x20000880)
r12 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r12, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r13=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r7, 0x84, 0x5, &(0x7f00000001c0)={r13, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)

1.061389214s ago: executing program 4 (id=506):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x6)
r3 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x3], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)

1.008109065s ago: executing program 4 (id=508):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x6, &(0x7f0000000000)=0xfffffff7)
mmap(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0xb635773f06ebbeef, 0x13, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r4 = shmget$private(0x0, 0x4000, 0x186, &(0x7f0000ffc000/0x4000)=nil)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r5, &(0x7f0000005d80), 0x0, 0x8008801)
sendmmsg$inet6(r5, &(0x7f0000019880)=[{{0x0, 0x0, &(0x7f0000019740)=[{&(0x7f0000019940)='i', 0x1}], 0x1}}], 0x1, 0x2604082c)
shmat(r4, &(0x7f0000001000/0x3000)=nil, 0x1000)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x14)
madvise(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0xa)
mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000040)=0x1, 0x2, 0x0)
madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0xb)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000ffffffffff"], 0xffaf}, 0x1, 0x0, 0x0, 0x4854}, 0x0)
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x14, &(0x7f0000000280)=ANY=[@ANYRES64=r5, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x53, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01030000000000a667001c00000018000180140002007665746830"], 0x2c}, 0x1, 0x0, 0x0, 0x20040005}, 0x40040)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="74726158733d66642c726603cf4122b910451d02b8e16e6f76", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',version=9p2000.u,\x00'])
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', &(0x7f0000000100), 0x2000)

911.773836ms ago: executing program 4 (id=509):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x103000, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006000200010000001ffe02000000000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010)
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f00000007c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x3c, r3, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xffffffff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xca2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xe}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4d844}, 0x4000040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018030000", @ANYRES32, @ANYBLOB="0000000000000d00b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r7, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r8 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r9}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r10}, 0x10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r11, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000640)={0x2c, r12, 0x1, 0x0, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x141}, 0x0)
getrlimit(0xe, &(0x7f0000000000))
ioctl$SIOCX25SSUBSCRIP(r1, 0x89e1, &(0x7f0000000400)={'pimreg0\x00', 0xe, 0x9f})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x37, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r13}, 0x18)
ioctl$KDSKBENT(r8, 0x4b47, &(0x7f0000000280)={0x4, 0x8, 0xde0})
io_setup(0x6, &(0x7f0000001000)=<r14=>0x0)
pipe(&(0x7f00000002c0))
io_getevents(r14, 0xffffffffffffffff, 0x3, &(0x7f0000000200)=[{}, {}, {}], &(0x7f0000001140)={0x0, 0x3938700})

659.04133ms ago: executing program 1 (id=512):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x200, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1d0, 0x2, {{0x0, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xc4, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x7, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb68, 0xf, 0x4}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x1, 0x8, 0x85bc, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x8000000, 0x5}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x5, 0x7, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x8, 0x50195274, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0xb8, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x5, 0x3, 0x1, 0xedff, 0x4}}, @NETEM_LOSS_GI={0x18, 0x1, {0x9, 0x9, 0x7, 0xfffff000, 0x3a2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x9, 0x4, 0x3, 0x9}}, @NETEM_LOSS_GI={0x18, 0x1, {0xffffff54, 0x3, 0x1, 0x3c9, 0xc}}, @NETEM_LOSS_GE={0x14, 0x2, {0x3, 0x5, 0x5, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x1, 0x9, 0x9, 0x2}}, @NETEM_LOSS_GI={0x18, 0x1, {0x1, 0x9da, 0x1, 0x141, 0xffff}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x40ae, 0x3, 0x3, 0x6}}]}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x200}}, 0x0)

641.299091ms ago: executing program 1 (id=513):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, 0x0, 0x0)
dup3(r1, r0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0], 0x20000600}, 0x1, 0x0, 0x0, 0x4048001}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1900000004000000080000000600000000000000", @ANYRES32, @ANYBLOB="08000000000000df1247684842d5581e00001b0000000000000000", @ANYRES32=0x0, @ANYRES32], 0x50)

576.264011ms ago: executing program 1 (id=514):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x181)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10c, 0x10c, 0x2, [@type_tag={0x5, 0x0, 0x0, 0x12, 0x2}, @enum64={0x9, 0x9, 0x0, 0x13, 0x0, 0x0, [{0x3, 0x9, 0x3}, {0x6, 0x9, 0x100}, {0x6, 0x5, 0x80000001}, {0xf, 0x3, 0x7}, {0x6, 0x9, 0x6}, {0xa, 0x5}, {0x10, 0xe6e}, {0x10, 0x81, 0xfffffff7}, {0x6, 0x0, 0x9}]}, @enum64={0xe, 0x9, 0x0, 0x13, 0x0, 0x4, [{0xc, 0x2, 0x5}, {0x2, 0x9, 0x9}, {0xf, 0x1, 0x7fffffff}, {0xc, 0x80000000, 0x8000}, {0xe, 0x0, 0xe000}, {0x5, 0x0, 0x800}, {0x5, 0x9, 0x8000}, {0x5, 0x75f, 0x5d3}, {0x10, 0x80000001, 0x4}]}, @var={0x3, 0x0, 0x0, 0xe, 0x2}]}}, &(0x7f00000001c0)=""/68, 0x126, 0x44, 0x1, 0x4, 0x10000, @value=r0}, 0x28)
pwrite64(r2, &(0x7f0000000400)="a3ca370ff3aefb4757488f9e9da4daf9739f7e82ae39c0d8758e95ab383664c6866e4a0d4056aacff116d166475c4c6fe9d5d895393db0e73e55006f712419c6ef3f16b08c096d40ab22e46835c57e0d38f4164d4f56d9a658f3a212ba903e3adca4dd9fbdff64b2dd3b307d1f54d55ed406555a9f1aee61e927350e238046e4c6d39097f94e0ac756d415b173a229513f9422f552ab55420e58e62b33c2edd911ad54e9eeabe2a6e084ac56f480b09aa36ae6dcd38a43d00f59e18757e0f52a71d9d19dd820ffe439c9ed4f80e1536efe91bc9319da4eaee1c8b1ba36089e9666f1753221cf3bc058f6699cae87d41597", 0xf1, 0x5)

499.848133ms ago: executing program 4 (id=515):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x6a14, 0x800, 0x2000007, 0x3a}, &(0x7f0000000340), &(0x7f0000000280))
r0 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x450302, 0x0, 0x10}, 0x18)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff15)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
read$rfkill(r2, 0x0, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r0, 0x4018f514, &(0x7f0000000080)={0x9, 0x0, 0x1})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000004c0)='mm_page_free\x00', r3, 0x0, 0x3}, 0x18)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x500040, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
sched_setscheduler(r5, 0x3, &(0x7f00000001c0)=0x800)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000140)=0x7ffd)
ioctl$PPPIOCSPASS(r6, 0x40107447, &(0x7f0000000180)={0x0, &(0x7f00000000c0)})
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000001a4c0)={0x11, 0x14, &(0x7f000001a400)=ANY=[@ANYRES16=0x0, @ANYBLOB="0000a78ae1520000d408000000", @ANYRES64=r1, @ANYRES8=r1], &(0x7f0000000100)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x15, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000006000000000000000700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7060000000000008500000083000000bf09000000000000550901000000000095000000000000008d93c0ff0400000085200000010000008500000038000000183200000400000000000000000000002b2bc0ffffffffffbf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x6, 0x62, &(0x7f0000000440)=""/98, 0x41100, 0x27, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000500)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000540)={0x2, 0xe, 0x7, 0x2c}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000580)=[r4, r4, r1], 0x0, 0x10, 0x7fffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000680)='devlink_health_reporter_state_update\x00', r8, 0x0, 0xfffffffffffffffd}, 0x18)
pipe(&(0x7f00000000c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="d4000000190019a9000000000000000002200000ff02ff000000000008000100ac14141218009400111a8200040090f7c10f4b31901b77481e35fd008a"], 0x1}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@gettaction={0x94, 0x32, 0x100, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x7}, @action_gd=@TCA_ACT_TAB={0x74, 0x1, [{0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0)
write$binfmt_misc(r10, &(0x7f0000000140), 0x4240a2ca)
splice(r9, 0x0, r11, 0x0, 0x84ffe0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')

499.463473ms ago: executing program 2 (id=516):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain)
keyctl$restrict_keyring(0x1d, r1, 0x0, 0x0)

498.723883ms ago: executing program 3 (id=517):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000001800181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1900000004000000080000000600000000000000", @ANYRES32, @ANYBLOB="08000000000000df1247684842d5581e00001b0000000000000000", @ANYRES32=0x0, @ANYRES32], 0x50)

478.997333ms ago: executing program 2 (id=518):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f0000000340)=""/217, 0x100000001})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
faccessat2(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x900)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x258, 0x268, 0x300, 0x0, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x230, 0x258, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x9}}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x10000000}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'dummy0\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@ipv6header={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4c0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000008c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYRES16=r2, @ANYRES32=r3], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x4}, 0x18)
munmap(&(0x7f0000001000/0x2000)=nil, 0x2000)
r6 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r6)
ptrace$peeksig(0x4209, r6, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0))
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
write(r3, &(0x7f0000000080)="1cb60570", 0x4)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000080)={r7}, &(0x7f00000000c0)={'enc=', 'raw', ' hash=', {'streebog512\x00'}}, 0x0, 0x0)
connect$can_bcm(r0, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)={0x0, 0x0, 0x0, {0x77359400}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x1, 0x0, 0x0, "3a322bb29c735580"}}, 0x48}, 0x2}, 0x0)

445.104723ms ago: executing program 3 (id=519):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x6)
r3 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x3], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)

388.294014ms ago: executing program 3 (id=520):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095", @ANYRES16=r0, @ANYRES64=r0, @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0xfffffffffffffdd8)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000000)=0x930d, 0x4)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000400)=@mangle={'mangle\x00', 0x44, 0x6, 0x390, 0x0, 0x260, 0x0, 0x98, 0x260, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00', {}, {}, 0x6, 0x0, 0x56}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x10}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'erspan0\x00', <r5=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYRES32=r6, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r7, 0x0, 0xffffffffffffffff}, 0x18)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x4}, {}, {0x0, 0xffffffff, 0x1}, {0x0, 0x0, 0x3800}, {}, {}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {0x0, 0x0, 0x1}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0xffffffff}, {0x0, 0x2}, {}, {}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x1}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0x0, 0x800000, 0x0, 0x0, 0x0, 0x2000000}, {}, {0x0, 0x0, 0x1ff}, {}, {0x0, 0x0, 0x2}, {0x4, 0x4000000}, {}, {0x0, 0x80000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x3, 0x0, 0x80000}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x2, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {0xfffffffd}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, {0xfeb, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0xfffffffe}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {0x0, 0x0, 0xfffffff8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x6}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x4}, {}, {0x0, 0x5}], [{0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {0x3}, {0x9f6acee820ff84a1}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x5, 0x9463d21cb8c2d83b}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
r9 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r9, &(0x7f0000000240)=[{}], 0x1, 0x7c00, 0x0, 0x3)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r10}, 0x18)
unshare(0x6a040000)
syz_open_dev$sg(0x0, 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

255.792646ms ago: executing program 3 (id=521):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400030000000900020073797a310000000018000780050003001f0000000c000180080001400000000005000500020000000500010006"], 0x64}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

255.343496ms ago: executing program 5 (id=522):
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x8008551c, 0x0)

204.327897ms ago: executing program 5 (id=523):
socket$kcm(0x21, 0x2, 0x2) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x200001, 0x0)
ioctl$TIOCMSET(r2, 0x5418, &(0x7f00000003c0)=0x8) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
socket$kcm(0x11, 0xa, 0x300) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb904}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) (async)
r4 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="10000000000000008400000008000000100000000000000084000000000000008a54d459404d798ec2bf1b512f8c04a96e3762b10863e76f7a2d839525c24a17a11205b799520757b96b960517ea5a7b49546f5b3efc9bb679d81caab8e65f7d192525a145662014f0b57ba4eea8fdacfd0fc661c1e024e9f52ca76827d61f6f4254"], 0x20}, 0x41) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x2d02) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]}) (async)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc000, 0x0) (async)
setsockopt(r5, 0x1, 0x100, &(0x7f0000000680)="3ef343858cece10b4dbae4a49e5486a035291d4f0f356bf2b177c43853c55ca830e6e1b9aacbee6dbd092bfa37404881c33badcabc0b24e3b213c9a136e008a344ebfeb64c6d4f2e798ab6ce95fbc404110aa3f90e2f252b96ae4ec39f430c8347b8", 0x62) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000700)={{{@in6=@private0, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f0000000800)=0xe8)
setuid(r8) (async)
mkdir(&(0x7f0000000040)='./bus\x00', 0x10b)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00') (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r7}, 0x10) (async)
r9 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r9, 0x6, 0x0, 0x0, 0x0)
fsmount(r9, 0x0, 0x0) (async)
syz_open_dev$mouse(&(0x7f0000000440), 0x400, 0x2800)

179.610587ms ago: executing program 1 (id=524):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000080)="da", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000600)="b8", 0x1}], 0x1}}], 0x2, 0x0)
close(r0)

130.045138ms ago: executing program 5 (id=525):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x181)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10c, 0x10c, 0x7, [@type_tag={0x5, 0x0, 0x0, 0x12, 0x2}, @enum64={0x9, 0x9, 0x0, 0x13, 0x0, 0x0, [{0x3, 0x9, 0x3}, {0x6, 0x9, 0x100}, {0x6, 0x5, 0x80000001}, {0xf, 0x3, 0x7}, {0x6, 0x9, 0x6}, {0xa, 0x5}, {0x10, 0xe6e}, {0x10, 0x81, 0xfffffff7}, {0x6, 0x0, 0x9}]}, @enum64={0xe, 0x9, 0x0, 0x13, 0x0, 0x4, [{0xc, 0x2, 0x5}, {0x2, 0x9, 0x9}, {0xf, 0x1, 0x7fffffff}, {0xc, 0x80000000, 0x8000}, {0xe, 0x0, 0xe000}, {0x5, 0x0, 0x800}, {0x5, 0x9, 0x8000}, {0x5, 0x75f, 0x5d3}, {0x10, 0x80000001, 0x4}]}, @var={0x3, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x4f, 0x0, 0x2e, 0x0, 0x61]}}, &(0x7f00000001c0)=""/68, 0x12b, 0x44, 0x1, 0x4, 0x10000, @value=r0}, 0x28)
pwrite64(r2, &(0x7f0000000400)="a3ca370ff3aefb4757488f9e9da4daf9739f7e82ae39c0d8758e95ab383664c6866e4a0d4056aacff116d166475c4c6fe9d5d895393db0e73e55006f712419c6ef3f16b08c096d40ab22e46835c57e0d38f4164d4f56d9a658f3a212ba903e3adca4dd9fbdff64b2dd3b307d1f54d55ed406555a9f1aee61e927350e238046e4c6d39097f94e0ac756d415b173a229513f9422f552ab55420e58e62b33c2edd911ad54e9eeabe2a6e084ac56f480b09aa36ae6dcd38a43d00f59e18757e0f52a71d9d19dd820ffe439c9ed4f80e1536efe91bc9319da4eaee1c8b1ba36089e9666f1753221cf3bc058f6699cae87d41597", 0xf1, 0x5)

128.858468ms ago: executing program 1 (id=526):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000001a00010000000000040000001c140000fd1c000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
process_mrelease(0xffffffffffffffff, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r1, &(0x7f0000000680)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1a0000000000000000004000015800de0603210702000006"], 0x18}}], 0x1, 0x4044000)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000180)={[{@noblock_validity}, {@jqfmt_vfsold}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@data_journal}, {@usrjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@mblk_io_submit}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000e80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000140), &(0x7f0000000f80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xfc, 0x0)

0s ago: executing program 1 (id=527):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000027c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x7}, {0x10}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40011)
ppoll(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts.
[   22.136922][   T29] audit: type=1400 audit(1752095042.413:62): avc:  denied  { mounton } for  pid=3290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.137775][ T3290] cgroup: Unknown subsys name 'net'
[   22.159886][   T29] audit: type=1400 audit(1752095042.413:63): avc:  denied  { mount } for  pid=3290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.187138][   T29] audit: type=1400 audit(1752095042.443:64): avc:  denied  { unmount } for  pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.320981][ T3290] cgroup: Unknown subsys name 'cpuset'
[   22.327061][ T3290] cgroup: Unknown subsys name 'rlimit'
[   22.476426][   T29] audit: type=1400 audit(1752095042.753:65): avc:  denied  { setattr } for  pid=3290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.499725][   T29] audit: type=1400 audit(1752095042.753:66): avc:  denied  { create } for  pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.506110][ T3298] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   22.520181][   T29] audit: type=1400 audit(1752095042.753:67): avc:  denied  { write } for  pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.549201][   T29] audit: type=1400 audit(1752095042.753:68): avc:  denied  { read } for  pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.569458][   T29] audit: type=1400 audit(1752095042.753:69): avc:  denied  { mounton } for  pid=3290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   22.594145][ T3290] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.594843][   T29] audit: type=1400 audit(1752095042.753:70): avc:  denied  { mount } for  pid=3290 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.627218][   T29] audit: type=1400 audit(1752095042.803:71): avc:  denied  { relabelto } for  pid=3298 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.453433][ T3304] chnl_net:caif_netlink_parms(): no params data found
[   24.490237][ T3305] chnl_net:caif_netlink_parms(): no params data found
[   24.527529][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.534657][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.541881][ T3304] bridge_slave_0: entered allmulticast mode
[   24.548267][ T3304] bridge_slave_0: entered promiscuous mode
[   24.570762][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.577832][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.585047][ T3304] bridge_slave_1: entered allmulticast mode
[   24.591382][ T3304] bridge_slave_1: entered promiscuous mode
[   24.601635][ T3312] chnl_net:caif_netlink_parms(): no params data found
[   24.640867][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.650378][ T3310] chnl_net:caif_netlink_parms(): no params data found
[   24.660035][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.673414][ T3314] chnl_net:caif_netlink_parms(): no params data found
[   24.718598][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.725692][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.732976][ T3305] bridge_slave_0: entered allmulticast mode
[   24.739344][ T3305] bridge_slave_0: entered promiscuous mode
[   24.748709][ T3304] team0: Port device team_slave_0 added
[   24.763568][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.770774][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.777932][ T3305] bridge_slave_1: entered allmulticast mode
[   24.784345][ T3305] bridge_slave_1: entered promiscuous mode
[   24.798949][ T3304] team0: Port device team_slave_1 added
[   24.816509][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.835265][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.842367][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.849521][ T3312] bridge_slave_0: entered allmulticast mode
[   24.856003][ T3312] bridge_slave_0: entered promiscuous mode
[   24.864645][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.871803][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.878912][ T3312] bridge_slave_1: entered allmulticast mode
[   24.885157][ T3312] bridge_slave_1: entered promiscuous mode
[   24.892232][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.909856][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.916850][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.942800][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.964680][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.971755][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.978975][ T3310] bridge_slave_0: entered allmulticast mode
[   24.985415][ T3310] bridge_slave_0: entered promiscuous mode
[   24.992104][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.999048][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.024980][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.047672][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   25.057930][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   25.071498][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.078575][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.085846][ T3310] bridge_slave_1: entered allmulticast mode
[   25.092174][ T3310] bridge_slave_1: entered promiscuous mode
[   25.116365][ T3305] team0: Port device team_slave_0 added
[   25.127227][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.134372][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.141569][ T3314] bridge_slave_0: entered allmulticast mode
[   25.147854][ T3314] bridge_slave_0: entered promiscuous mode
[   25.155072][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   25.164226][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.171286][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.178441][ T3314] bridge_slave_1: entered allmulticast mode
[   25.184694][ T3314] bridge_slave_1: entered promiscuous mode
[   25.196049][ T3305] team0: Port device team_slave_1 added
[   25.207933][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   25.223351][ T3312] team0: Port device team_slave_0 added
[   25.235336][ T3304] hsr_slave_0: entered promiscuous mode
[   25.241271][ T3304] hsr_slave_1: entered promiscuous mode
[   25.253109][ T3312] team0: Port device team_slave_1 added
[   25.268085][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.275133][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.301250][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.316911][ T3310] team0: Port device team_slave_0 added
[   25.331664][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   25.340936][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.347884][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.373866][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.390253][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.397210][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.423140][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.434457][ T3310] team0: Port device team_slave_1 added
[   25.446021][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   25.459598][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.466573][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.492492][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.526961][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.533958][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.559892][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.587617][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.594587][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.620583][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.631939][ T3314] team0: Port device team_slave_0 added
[   25.651261][ T3314] team0: Port device team_slave_1 added
[   25.658702][ T3312] hsr_slave_0: entered promiscuous mode
[   25.664805][ T3312] hsr_slave_1: entered promiscuous mode
[   25.670637][ T3312] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.678237][ T3312] Cannot create hsr debugfs directory
[   25.685747][ T3305] hsr_slave_0: entered promiscuous mode
[   25.691711][ T3305] hsr_slave_1: entered promiscuous mode
[   25.697549][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.705138][ T3305] Cannot create hsr debugfs directory
[   25.726619][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.733632][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.759537][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.792249][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.799199][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.825189][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.837813][ T3310] hsr_slave_0: entered promiscuous mode
[   25.844964][ T3310] hsr_slave_1: entered promiscuous mode
[   25.850771][ T3310] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.858307][ T3310] Cannot create hsr debugfs directory
[   25.937286][ T3314] hsr_slave_0: entered promiscuous mode
[   25.943403][ T3314] hsr_slave_1: entered promiscuous mode
[   25.949084][ T3314] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.956714][ T3314] Cannot create hsr debugfs directory
[   26.037577][ T3304] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   26.046466][ T3304] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   26.057065][ T3304] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   26.067492][ T3304] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   26.105810][ T3305] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   26.114343][ T3305] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   26.122955][ T3305] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   26.133738][ T3305] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   26.191064][ T3312] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   26.199708][ T3312] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   26.216706][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.226884][ T3312] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   26.235527][ T3310] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   26.244139][ T3310] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   26.261551][ T3312] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   26.274349][ T3310] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   26.284202][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   26.294682][ T3310] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   26.314437][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.321563][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.332333][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.339531][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.354203][ T3314] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   26.365320][ T3314] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   26.375178][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.387686][ T3314] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   26.398120][ T3314] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   26.421434][ T3304] 8021q: adding VLAN 0 to HW filter on device team0
[   26.458946][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.466056][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.475655][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.482837][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.533824][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.543682][ T3304] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.571159][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.579835][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.590697][ T3310] 8021q: adding VLAN 0 to HW filter on device team0
[   26.601551][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.608600][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.620006][ T3312] 8021q: adding VLAN 0 to HW filter on device team0
[   26.632016][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.647291][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.663051][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.670185][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.681769][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.688802][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.700529][  T384] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.707598][  T384] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.720339][ T3314] 8021q: adding VLAN 0 to HW filter on device team0
[   26.741214][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.748299][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.774963][ T2661] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.782075][ T2661] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.797642][ T3310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   26.808145][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.839719][ T3305] veth0_vlan: entered promiscuous mode
[   26.856215][ T3314] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   26.866673][ T3314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.891649][ T3305] veth1_vlan: entered promiscuous mode
[   26.908863][ T3304] veth0_vlan: entered promiscuous mode
[   26.945509][ T3305] veth0_macvtap: entered promiscuous mode
[   26.952042][ T3304] veth1_vlan: entered promiscuous mode
[   26.958773][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.974501][ T3305] veth1_macvtap: entered promiscuous mode
[   26.982343][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.996554][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.016684][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.031562][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.064197][ T3305] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.073084][ T3305] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.081915][ T3305] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.090655][ T3305] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.103946][ T3304] veth0_macvtap: entered promiscuous mode
[   27.111287][ T3304] veth1_macvtap: entered promiscuous mode
[   27.146117][ T3312] veth0_vlan: entered promiscuous mode
[   27.165983][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.177405][ T3312] veth1_vlan: entered promiscuous mode
[   27.187822][   T29] kauditd_printk_skb: 9 callbacks suppressed
[   27.187835][   T29] audit: type=1400 audit(1752095047.463:81): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/root/syzkaller.RQOaUi/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   27.203287][ T3310] veth0_vlan: entered promiscuous mode
[   27.225818][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.230140][   T29] audit: type=1400 audit(1752095047.503:82): avc:  denied  { mount } for  pid=3305 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   27.242114][ T3304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.255186][   T29] audit: type=1400 audit(1752095047.503:83): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/root/syzkaller.RQOaUi/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   27.263868][ T3304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.263901][ T3304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.263991][ T3304] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.289094][   T29] audit: type=1400 audit(1752095047.503:84): avc:  denied  { mount } for  pid=3305 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   27.336914][   T29] audit: type=1400 audit(1752095047.503:85): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/root/syzkaller.RQOaUi/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   27.363461][   T29] audit: type=1400 audit(1752095047.503:86): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/root/syzkaller.RQOaUi/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   27.390791][   T29] audit: type=1400 audit(1752095047.503:87): avc:  denied  { unmount } for  pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   27.413692][   T29] audit: type=1400 audit(1752095047.693:88): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   27.426448][ T3312] veth0_macvtap: entered promiscuous mode
[   27.436446][   T29] audit: type=1400 audit(1752095047.693:89): avc:  denied  { mount } for  pid=3305 comm="syz-executor" name="/" dev="gadgetfs" ino=3773 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   27.443959][ T3312] veth1_macvtap: entered promiscuous mode
[   27.474846][ T3305] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   27.476646][ T3310] veth1_vlan: entered promiscuous mode
[   27.505697][   T29] audit: type=1400 audit(1752095047.783:90): avc:  denied  { read write } for  pid=3305 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   27.515898][ T3314] veth0_vlan: entered promiscuous mode
[   27.555538][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.565052][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.584763][ T3314] veth1_vlan: entered promiscuous mode
[   27.605381][ T3314] veth0_macvtap: entered promiscuous mode
[   27.621354][ T3312] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.630117][ T3312] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.638859][ T3312] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.647584][ T3312] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.670795][ T3314] veth1_macvtap: entered promiscuous mode
[   27.686051][ T3310] veth0_macvtap: entered promiscuous mode
[   27.699620][ T3479] ALSA: seq fatal error: cannot create timer (-19)
[   27.699626][ T3310] veth1_macvtap: entered promiscuous mode
[   27.720512][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.731677][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.741707][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.763154][ T3314] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.772037][ T3314] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.780772][ T3314] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.789585][ T3314] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.804442][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.836459][ T3310] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.845311][ T3310] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.854198][ T3310] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.863083][ T3310] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.872009][ T3494] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   27.971072][ T3499] ALSA: seq fatal error: cannot create timer (-19)
[   27.986296][ T3506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   28.031843][ T3506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   28.160457][ T3517] loop0: detected capacity change from 0 to 1024
[   28.167178][ T3517] EXT4-fs: Ignoring removed orlov option
[   28.188762][ T3517] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.351288][ T3526] loop2: detected capacity change from 0 to 1024
[   28.373268][ T3526] EXT4-fs: Ignoring removed orlov option
[   28.385766][ T3528] loop3: detected capacity change from 0 to 1024
[   28.466333][ T3526] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.481852][ T3528] EXT4-fs: Ignoring removed orlov option
[   28.595297][ T3528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.701373][ T3539] loop4: detected capacity change from 0 to 1024
[   28.708131][ T3539] EXT4-fs: Ignoring removed orlov option
[   28.722202][ T3539] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.926721][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.068786][ T3548] ALSA: seq fatal error: cannot create timer (-19)
[   29.085507][ T3546] ALSA: seq fatal error: cannot create timer (-19)
[   29.099422][ T3536] syz.3.19 (3536) used greatest stack depth: 10784 bytes left
[   29.108420][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.118102][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.237728][ T3564] ALSA: seq fatal error: cannot create timer (-19)
[   29.247712][ T3572] loop0: detected capacity change from 0 to 1024
[   29.270521][ T3572] EXT4-fs: Ignoring removed orlov option
[   29.286791][ T3572] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.361616][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.370790][ T3579] ALSA: seq fatal error: cannot create timer (-19)
[   29.497003][ T3587] loop3: detected capacity change from 0 to 1024
[   29.561185][ T3587] EXT4-fs: Ignoring removed orlov option
[   29.567169][ T3593] loop4: detected capacity change from 0 to 1024
[   29.576007][ T3593] EXT4-fs: Ignoring removed orlov option
[   29.594931][ T3593] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.600591][ T3595] netlink: 20 bytes leftover after parsing attributes in process `syz.2.51'.
[   29.616290][ T3595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'.
[   29.620778][ T3589] loop1: detected capacity change from 0 to 2048
[   29.656130][ T3587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.733017][ T3297]  loop1: p3 p4 < >
[   29.743967][ T3589]  loop1: p3 p4 < >
[   29.878292][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.021701][ T3613] syz.2.45 uses obsolete (PF_INET,SOCK_PACKET)
[   30.066713][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.095657][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.129234][ T3624] loop3: detected capacity change from 0 to 1024
[   30.146894][ T3624] EXT4-fs: Ignoring removed orlov option
[   30.168033][ T3624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   30.278984][ T3631] ALSA: seq fatal error: cannot create timer (-19)
[   30.361426][ T3646] netlink: 24 bytes leftover after parsing attributes in process `syz.4.58'.
[   30.462375][ T3657] loop1: detected capacity change from 0 to 1024
[   30.469244][ T3657] EXT4-fs: Ignoring removed orlov option
[   30.478385][ T3657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   30.502487][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.587965][ T3662] loop3: detected capacity change from 0 to 2048
[   30.603322][ T3662] EXT4-fs (loop3): failed to initialize system zone (-117)
[   30.610971][ T3662] EXT4-fs (loop3): mount failed
[   30.675742][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.846522][ T3683] ALSA: seq fatal error: cannot create timer (-19)
[   30.940850][ T3682] syz.4.72 (3682) used greatest stack depth: 10192 bytes left
[   31.199134][ T3696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.75'.
[   31.229218][ T3696] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   31.236729][ T3696] batman_adv: batadv0: Removing interface: batadv_slave_0
[   31.245775][ T3696] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   31.253253][ T3696] batman_adv: batadv0: Removing interface: batadv_slave_1
[   31.289439][ T3700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'.
[   31.340310][ T3708] loop0: detected capacity change from 0 to 1024
[   31.354853][ T3708] EXT4-fs: Ignoring removed orlov option
[   31.368134][ T3708] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.390610][ T3715] loop4: detected capacity change from 0 to 1024
[   31.397382][ T3715] EXT4-fs: Ignoring removed orlov option
[   31.405716][ T3715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.487878][ T3722] loop3: detected capacity change from 0 to 128
[   31.546223][ T3722] =======================================================
[   31.546223][ T3722] WARNING: The mand mount option has been deprecated and
[   31.546223][ T3722]          and is ignored by this kernel. Remove the mand
[   31.546223][ T3722]          option from the mount to silence this warning.
[   31.546223][ T3722] =======================================================
[   31.630041][ T3722] ext4: Unknown parameter 'appraise'
[   31.666887][ T3726] blktrace: Concurrent blktraces are not allowed on loop2
[   31.686805][ T3726] loop1: detected capacity change from 0 to 2048
[   31.738563][ T3297]  loop1: p3 p4 < >
[   31.753958][ T3726]  loop1: p3 p4 < >
[   31.809401][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.946820][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.93'.
[   31.955949][ T3745] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   31.963524][ T3745] batman_adv: batadv0: Removing interface: batadv_slave_0
[   31.981617][ T3745] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   31.989167][ T3745] batman_adv: batadv0: Removing interface: batadv_slave_1
[   32.006518][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.031683][ T3742] Zero length message leads to an empty skb
[   32.076640][ T3751] netlink: 12 bytes leftover after parsing attributes in process `syz.4.95'.
[   32.168564][ T3757] FAULT_INJECTION: forcing a failure.
[   32.168564][ T3757] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   32.182008][ T3757] CPU: 0 UID: 0 PID: 3757 Comm: syz.0.97 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   32.182057][ T3757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   32.182074][ T3757] Call Trace:
[   32.182080][ T3757]  <TASK>
[   32.182088][ T3757]  __dump_stack+0x1d/0x30
[   32.182110][ T3757]  dump_stack_lvl+0xe8/0x140
[   32.182126][ T3757]  dump_stack+0x15/0x1b
[   32.182140][ T3757]  should_fail_ex+0x265/0x280
[   32.182236][ T3757]  should_fail+0xb/0x20
[   32.182277][ T3757]  should_fail_usercopy+0x1a/0x20
[   32.182306][ T3757]  copy_fpstate_to_sigframe+0x628/0x7d0
[   32.182367][ T3757]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[   32.182396][ T3757]  ? x86_task_fpu+0x36/0x60
[   32.182492][ T3757]  get_sigframe+0x34d/0x490
[   32.182511][ T3757]  ? get_signal+0xdc8/0xf70
[   32.182545][ T3757]  x64_setup_rt_frame+0xa8/0x580
[   32.182636][ T3757]  arch_do_signal_or_restart+0x27c/0x480
[   32.182667][ T3757]  exit_to_user_mode_loop+0x7a/0x100
[   32.182693][ T3757]  do_syscall_64+0x1d6/0x200
[   32.182733][ T3757]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   32.182826][ T3757]  ? clear_bhb_loop+0x40/0x90
[   32.182850][ T3757]  ? clear_bhb_loop+0x40/0x90
[   32.182948][ T3757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   32.182971][ T3757] RIP: 0033:0x7f082341e927
[   32.183004][ T3757] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   32.183018][ T3757] RSP: 002b:00007f0821a87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   32.183039][ T3757] RAX: 0000000000000000 RBX: 00007f0823645fa0 RCX: 00007f082341e929
[   32.183049][ T3757] RDX: 0000000000001000 RSI: 00002000000003c0 RDI: 0000000000000003
[   32.183059][ T3757] RBP: 00007f0821a87090 R08: 0000000000000000 R09: 0000000000000000
[   32.183144][ T3757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   32.183157][ T3757] R13: 0000000000000000 R14: 00007f0823645fa0 R15: 00007fffc9def3f8
[   32.183172][ T3757]  </TASK>
[   32.418617][ T3763] loop4: detected capacity change from 0 to 1024
[   32.430239][ T3763] EXT4-fs: Ignoring removed orlov option
[   32.438033][ T3763] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.465757][ T3761] SELinux: failed to load policy
[   32.473547][   T29] kauditd_printk_skb: 233 callbacks suppressed
[   32.473560][   T29] audit: type=1400 audit(1752095052.743:324): avc:  denied  { write } for  pid=3760 comm="syz.0.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   32.473582][   T29] audit: type=1400 audit(1752095052.743:325): avc:  denied  { load_policy } for  pid=3760 comm="syz.0.99" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   32.473651][   T29] audit: type=1400 audit(1752095052.743:326): avc:  denied  { write } for  pid=3765 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   32.505428][ T3744] udevd[3744]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   32.525252][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   32.626233][   T29] audit: type=1400 audit(1752095052.903:327): avc:  denied  { create } for  pid=3779 comm="syz.1.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   32.626737][ T3780] lo speed is unknown, defaulting to 1000
[   32.647327][   T29] audit: type=1400 audit(1752095052.903:328): avc:  denied  { write } for  pid=3779 comm="syz.1.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   32.674125][ T3780] lo speed is unknown, defaulting to 1000
[   32.683094][ T3780] lo speed is unknown, defaulting to 1000
[   32.689252][ T3780] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   32.704873][ T3780] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   32.714298][   T29] audit: type=1400 audit(1752095052.983:329): avc:  denied  { block_suspend } for  pid=3781 comm="wg1" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   32.757584][ T3783] bond1: entered promiscuous mode
[   32.762724][ T3783] bond1: entered allmulticast mode
[   32.818926][   T29] audit: type=1400 audit(1752095053.023:330): avc:  denied  { create } for  pid=3779 comm="syz.1.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   32.848049][ T3783] 8021q: adding VLAN 0 to HW filter on device bond1
[   32.865192][ T3783] bond1 (unregistering): Released all slaves
[   32.866921][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.881191][ T3791] loop4: detected capacity change from 0 to 512
[   32.881460][ T3791] journal_path: Lookup failure for './file2'
[   32.881475][ T3791] EXT4-fs: error: could not find journal device path
[   32.883003][ T3791] netlink: 24 bytes leftover after parsing attributes in process `syz.4.109'.
[   32.884660][ T3791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3791 comm=syz.4.109
[   32.909088][ T3780] lo speed is unknown, defaulting to 1000
[   32.909390][ T3780] lo speed is unknown, defaulting to 1000
[   32.910211][ T3780] lo speed is unknown, defaulting to 1000
[   32.910543][ T3780] lo speed is unknown, defaulting to 1000
[   32.913087][ T3780] lo speed is unknown, defaulting to 1000
[   33.076112][ T3797] loop4: detected capacity change from 0 to 1024
[   33.252169][   T29] audit: type=1400 audit(1752095053.453:331): avc:  denied  { setopt } for  pid=3796 comm="syz.4.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   33.272063][   T29] audit: type=1400 audit(1752095053.453:332): avc:  denied  { bind } for  pid=3796 comm="syz.4.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   33.291961][   T29] audit: type=1400 audit(1752095053.453:333): avc:  denied  { write } for  pid=3796 comm="syz.4.111" path="socket:[4851]" dev="sockfs" ino=4851 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   33.510290][ T3797] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.603546][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.787789][ T3825] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 1, id = 0
[   33.809660][ T3805] IPVS: stopping master sync thread 3825 ...
[   33.848478][ T3830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.122'.
[   33.849678][ T3821] lo speed is unknown, defaulting to 1000
[   33.868279][ T3830] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   33.868312][ T3830] batman_adv: batadv0: Removing interface: batadv_slave_0
[   33.868804][ T3830] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   33.868833][ T3830] batman_adv: batadv0: Removing interface: batadv_slave_1
[   34.065484][ T3844] loop3: detected capacity change from 0 to 1024
[   34.074749][ T3844] EXT4-fs: Ignoring removed orlov option
[   34.088289][ T3844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.109395][ T3842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.136'.
[   34.380496][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.520569][ T3865] FAULT_INJECTION: forcing a failure.
[   34.520569][ T3865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   34.533665][ T3865] CPU: 0 UID: 0 PID: 3865 Comm: syz.3.129 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   34.533775][ T3865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   34.533788][ T3865] Call Trace:
[   34.533796][ T3865]  <TASK>
[   34.533804][ T3865]  __dump_stack+0x1d/0x30
[   34.533863][ T3865]  dump_stack_lvl+0xe8/0x140
[   34.533961][ T3865]  dump_stack+0x15/0x1b
[   34.533979][ T3865]  should_fail_ex+0x265/0x280
[   34.534010][ T3865]  should_fail+0xb/0x20
[   34.534056][ T3865]  should_fail_usercopy+0x1a/0x20
[   34.534083][ T3865]  _copy_to_user+0x20/0xa0
[   34.534101][ T3865]  rng_dev_read+0x3ef/0x740
[   34.534194][ T3865]  ? __pfx_rng_dev_read+0x10/0x10
[   34.534290][ T3865]  vfs_readv+0x3fb/0x690
[   34.534323][ T3865]  __x64_sys_preadv+0xfd/0x1c0
[   34.534393][ T3865]  x64_sys_call+0x1503/0x2fb0
[   34.534415][ T3865]  do_syscall_64+0xd2/0x200
[   34.534496][ T3865]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   34.534524][ T3865]  ? clear_bhb_loop+0x40/0x90
[   34.534552][ T3865]  ? clear_bhb_loop+0x40/0x90
[   34.534575][ T3865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.534672][ T3865] RIP: 0033:0x7f6d4e7be929
[   34.534688][ T3865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.534706][ T3865] RSP: 002b:00007f6d4ce27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   34.534727][ T3865] RAX: ffffffffffffffda RBX: 00007f6d4e9e5fa0 RCX: 00007f6d4e7be929
[   34.534790][ T3865] RDX: 0000000000000001 RSI: 0000200000000a00 RDI: 0000000000000004
[   34.534804][ T3865] RBP: 00007f6d4ce27090 R08: 00000000ffffffff R09: 0000000000000000
[   34.534817][ T3865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.534829][ T3865] R13: 0000000000000000 R14: 00007f6d4e9e5fa0 R15: 00007ffcbe299848
[   34.534848][ T3865]  </TASK>
[   34.822415][ T3873] loop0: detected capacity change from 0 to 2048
[   34.892389][ T3873]  loop0: p3 p4 < >
[   34.911871][ T3887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.141'.
[   35.182167][ T3895] loop2: detected capacity change from 0 to 2048
[   35.230721][ T3768]  loop2: p3 p4 < >
[   35.241475][ T3895]  loop2: p3 p4 < >
[   35.412150][ T3905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.146'.
[   35.421390][ T3905] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   35.428892][ T3905] batman_adv: batadv0: Removing interface: batadv_slave_0
[   35.436727][ T3905] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   35.444266][ T3905] batman_adv: batadv0: Removing interface: batadv_slave_1
[   35.756156][ T3922] FAULT_INJECTION: forcing a failure.
[   35.756156][ T3922] name failslab, interval 1, probability 0, space 0, times 0
[   35.768841][ T3922] CPU: 1 UID: 0 PID: 3922 Comm: syz.1.154 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   35.768871][ T3922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   35.768905][ T3922] Call Trace:
[   35.768912][ T3922]  <TASK>
[   35.768920][ T3922]  __dump_stack+0x1d/0x30
[   35.768942][ T3922]  dump_stack_lvl+0xe8/0x140
[   35.768963][ T3922]  dump_stack+0x15/0x1b
[   35.768985][ T3922]  should_fail_ex+0x265/0x280
[   35.769082][ T3922]  should_failslab+0x8c/0xb0
[   35.769105][ T3922]  kmem_cache_alloc_noprof+0x50/0x310
[   35.769210][ T3922]  ? audit_log_start+0x365/0x6c0
[   35.769242][ T3922]  audit_log_start+0x365/0x6c0
[   35.769302][ T3922]  audit_seccomp+0x48/0x100
[   35.769339][ T3922]  ? __seccomp_filter+0x68c/0x10d0
[   35.769370][ T3922]  __seccomp_filter+0x69d/0x10d0
[   35.769392][ T3922]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   35.769458][ T3922]  ? vfs_write+0x75e/0x8e0
[   35.769518][ T3922]  ? __rcu_read_unlock+0x4f/0x70
[   35.769537][ T3922]  ? __fget_files+0x184/0x1c0
[   35.769605][ T3922]  __secure_computing+0x82/0x150
[   35.769623][ T3922]  syscall_trace_enter+0xcf/0x1e0
[   35.769675][ T3922]  do_syscall_64+0xac/0x200
[   35.769732][ T3922]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   35.769753][ T3922]  ? clear_bhb_loop+0x40/0x90
[   35.769846][ T3922]  ? clear_bhb_loop+0x40/0x90
[   35.769864][ T3922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   35.769881][ T3922] RIP: 0033:0x7f42081ce929
[   35.769894][ T3922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   35.769908][ T3922] RSP: 002b:00007f4206837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   35.769967][ T3922] RAX: ffffffffffffffda RBX: 00007f42083f5fa0 RCX: 00007f42081ce929
[   35.769977][ T3922] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   35.769988][ T3922] RBP: 00007f4206837090 R08: 0000000000000000 R09: 0000000000000000
[   35.769998][ T3922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   35.770007][ T3922] R13: 0000000000000000 R14: 00007f42083f5fa0 R15: 00007fff479d3568
[   35.770022][ T3922]  </TASK>
[   36.020409][ T3932] loop1: detected capacity change from 0 to 512
[   36.066755][ T3940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.161'.
[   36.081984][ T3932] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.095040][ T3932] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.134184][ T3945] loop2: detected capacity change from 0 to 512
[   36.141242][ T3945] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   36.154411][ T3945] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   36.169775][ T3940] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   36.199034][ T3932] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.158: iget: bad i_size value: 2533274857506816
[   36.202628][ T3940] lo speed is unknown, defaulting to 1000
[   36.223000][ T3945] EXT4-fs (loop2): 1 truncate cleaned up
[   36.232465][ T3945] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.241796][ T3953] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   36.255332][ T3932] EXT4-fs (loop1): Remounting filesystem read-only
[   36.340234][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.385736][ T3959] loop3: detected capacity change from 0 to 1024
[   36.397239][ T3959] EXT4-fs: Ignoring removed orlov option
[   36.409617][ T3959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.453631][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.572140][ T3976] loop4: detected capacity change from 0 to 512
[   36.588798][ T3976] EXT4-fs: Ignoring removed mblk_io_submit option
[   36.595388][ T3976] EXT4-fs: Ignoring removed orlov option
[   36.613039][ T3980] tipc: Started in network mode
[   36.617948][ T3980] tipc: Node identity ac14140f, cluster identity 4711
[   36.625221][ T3976] /dev/loop4: Can't open blockdev
[   36.651383][ T3980] tipc: New replicast peer: 255.255.255.83
[   36.657350][ T3980] tipc: Enabled bearer <udp:£>, priority 10
[   36.692689][ T3976] loop4: detected capacity change from 512 to 64
[   36.724742][ T3983] blktrace: Concurrent blktraces are not allowed on loop4
[   36.739552][ T3983] loop2: detected capacity change from 0 to 2048
[   36.783225][ T3768]  loop2: p3 p4 < >
[   36.788308][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.822311][ T3983]  loop2: p3 p4 < >
[   36.979733][ T4007] syz.3.183 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   37.459139][ T4025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.191'.
[   37.476474][ T4028] lo speed is unknown, defaulting to 1000
[   37.497660][ T4032] xt_bpf: check failed: parse error
[   37.519068][   T29] kauditd_printk_skb: 106 callbacks suppressed
[   37.519081][   T29] audit: type=1400 audit(1752095057.793:438): avc:  denied  { execmem } for  pid=4033 comm="syz.2.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   37.589966][   T29] audit: type=1400 audit(1752095057.863:439): avc:  denied  { create } for  pid=4036 comm="syz.1.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   37.600410][    C1] hrtimer: interrupt took 50296 ns
[   37.679471][   T29] audit: type=1400 audit(1752095057.953:440): avc:  denied  { getopt } for  pid=4036 comm="syz.1.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   37.769995][   T36] tipc: Node number set to 2886997007
[   37.823690][ T4047] blktrace: Concurrent blktraces are not allowed on loop0
[   37.839319][ T4047] loop0: detected capacity change from 0 to 2048
[   37.980388][ T3768]  loop0: p3 p4 < >
[   37.992935][ T4047]  loop0: p3 p4 < >
[   38.259903][   T29] audit: type=1400 audit(1752095058.533:441): avc:  denied  { setopt } for  pid=4061 comm="syz.2.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   38.299057][   T29] audit: type=1400 audit(1752095058.573:442): avc:  denied  { read write } for  pid=4061 comm="syz.2.202" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   38.322188][   T29] audit: type=1400 audit(1752095058.573:443): avc:  denied  { open } for  pid=4061 comm="syz.2.202" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   38.345241][   T29] audit: type=1400 audit(1752095058.573:444): avc:  denied  { ioctl } for  pid=4061 comm="syz.2.202" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   38.369773][   T29] audit: type=1400 audit(1752095058.573:445): avc:  denied  { create } for  pid=4061 comm="syz.2.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   38.389041][   T29] audit: type=1400 audit(1752095058.573:446): avc:  denied  { bind } for  pid=4061 comm="syz.2.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   38.408138][   T29] audit: type=1400 audit(1752095058.573:447): avc:  denied  { create } for  pid=4061 comm="syz.2.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   38.556600][ T4068] mmap: syz.2.205 (4068) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   38.680874][ T4076] netlink: 4 bytes leftover after parsing attributes in process `syz.1.210'.
[   38.692927][ T4086] loop0: detected capacity change from 0 to 1024
[   38.713451][ T4086] EXT4-fs: Ignoring removed orlov option
[   38.744370][ T4093] FAULT_INJECTION: forcing a failure.
[   38.744370][ T4093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   38.757470][ T4093] CPU: 1 UID: 0 PID: 4093 Comm: syz.1.216 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   38.757497][ T4093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   38.757522][ T4093] Call Trace:
[   38.757528][ T4093]  <TASK>
[   38.757535][ T4093]  __dump_stack+0x1d/0x30
[   38.757553][ T4093]  dump_stack_lvl+0xe8/0x140
[   38.757568][ T4093]  dump_stack+0x15/0x1b
[   38.757583][ T4093]  should_fail_ex+0x265/0x280
[   38.757670][ T4093]  should_fail+0xb/0x20
[   38.757698][ T4093]  should_fail_usercopy+0x1a/0x20
[   38.757872][ T4093]  _copy_from_user+0x1c/0xb0
[   38.757889][ T4093]  __sys_connect+0xd0/0x2b0
[   38.757922][ T4093]  __x64_sys_connect+0x3f/0x50
[   38.757945][ T4093]  x64_sys_call+0x1daa/0x2fb0
[   38.757989][ T4093]  do_syscall_64+0xd2/0x200
[   38.758075][ T4093]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   38.758103][ T4093]  ? clear_bhb_loop+0x40/0x90
[   38.758193][ T4093]  ? clear_bhb_loop+0x40/0x90
[   38.758211][ T4093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   38.758230][ T4093] RIP: 0033:0x7f42081ce929
[   38.758246][ T4093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.758309][ T4093] RSP: 002b:00007f4206837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   38.758329][ T4093] RAX: ffffffffffffffda RBX: 00007f42083f5fa0 RCX: 00007f42081ce929
[   38.758343][ T4093] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[   38.758356][ T4093] RBP: 00007f4206837090 R08: 0000000000000000 R09: 0000000000000000
[   38.758368][ T4093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   38.758381][ T4093] R13: 0000000000000000 R14: 00007f42083f5fa0 R15: 00007fff479d3568
[   38.758401][ T4093]  </TASK>
[   38.977486][ T4086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.265699][ T4098] lo speed is unknown, defaulting to 1000
[   39.619496][ T4107] loop4: detected capacity change from 0 to 2048
[   39.765560][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.784299][ T4107]  loop4: p3 p4 < >
[   39.905084][ T4111] x_tables: unsorted entry at hook 1
[   39.931749][ T3768] udevd[3768]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[   39.944225][ T3831] udevd[3831]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   39.957341][ T4111] loop4: detected capacity change from 0 to 512
[   39.991325][ T4111] journal_path: Lookup failure for './file0/../file0'
[   39.998164][ T4111] EXT4-fs: error: could not find journal device path
[   40.223963][ T4118] lo speed is unknown, defaulting to 1000
[   40.308706][ T4121] lo speed is unknown, defaulting to 1000
[   40.639823][ T4140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.228'.
[   40.736933][ T4154] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   40.757570][ T4157] FAULT_INJECTION: forcing a failure.
[   40.757570][ T4157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   40.770031][ T4154] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   40.770705][ T4157] CPU: 0 UID: 0 PID: 4157 Comm: syz.0.235 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   40.770795][ T4157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   40.770808][ T4157] Call Trace:
[   40.770815][ T4157]  <TASK>
[   40.770874][ T4157]  __dump_stack+0x1d/0x30
[   40.770896][ T4157]  dump_stack_lvl+0xe8/0x140
[   40.770918][ T4157]  dump_stack+0x15/0x1b
[   40.770934][ T4157]  should_fail_ex+0x265/0x280
[   40.770964][ T4157]  should_fail+0xb/0x20
[   40.771014][ T4157]  should_fail_usercopy+0x1a/0x20
[   40.771108][ T4157]  _copy_from_user+0x1c/0xb0
[   40.771126][ T4157]  ___sys_sendmsg+0xc1/0x1d0
[   40.771175][ T4157]  __x64_sys_sendmsg+0xd4/0x160
[   40.771209][ T4157]  x64_sys_call+0x2999/0x2fb0
[   40.771229][ T4157]  do_syscall_64+0xd2/0x200
[   40.771261][ T4157]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   40.771346][ T4157]  ? clear_bhb_loop+0x40/0x90
[   40.771366][ T4157]  ? clear_bhb_loop+0x40/0x90
[   40.771388][ T4157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.771441][ T4157] RIP: 0033:0x7f082341e929
[   40.771456][ T4157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.771528][ T4157] RSP: 002b:00007f0821a87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   40.771546][ T4157] RAX: ffffffffffffffda RBX: 00007f0823645fa0 RCX: 00007f082341e929
[   40.771559][ T4157] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[   40.771570][ T4157] RBP: 00007f0821a87090 R08: 0000000000000000 R09: 0000000000000000
[   40.771582][ T4157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.771594][ T4157] R13: 0000000000000000 R14: 00007f0823645fa0 R15: 00007fffc9def3f8
[   40.771624][ T4157]  </TASK>
[   41.014749][ T4150] IPVS: stopping master sync thread 4163 ...
[   41.127911][ T4169] Illegal XDP return value 4294967274 on prog  (id 159) dev syz_tun, expect packet loss!
[   41.211608][ T4174] FAULT_INJECTION: forcing a failure.
[   41.211608][ T4174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.224890][ T4174] CPU: 0 UID: 0 PID: 4174 Comm: syz.1.241 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   41.224919][ T4174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   41.224932][ T4174] Call Trace:
[   41.224938][ T4174]  <TASK>
[   41.224946][ T4174]  __dump_stack+0x1d/0x30
[   41.224968][ T4174]  dump_stack_lvl+0xe8/0x140
[   41.225005][ T4174]  dump_stack+0x15/0x1b
[   41.225040][ T4174]  should_fail_ex+0x265/0x280
[   41.225070][ T4174]  should_fail+0xb/0x20
[   41.225096][ T4174]  should_fail_usercopy+0x1a/0x20
[   41.225128][ T4174]  strncpy_from_user+0x25/0x230
[   41.225186][ T4174]  path_setxattrat+0xeb/0x310
[   41.225222][ T4174]  __x64_sys_lsetxattr+0x71/0x90
[   41.225243][ T4174]  x64_sys_call+0x1e36/0x2fb0
[   41.225343][ T4174]  do_syscall_64+0xd2/0x200
[   41.225376][ T4174]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.225448][ T4174]  ? clear_bhb_loop+0x40/0x90
[   41.225489][ T4174]  ? clear_bhb_loop+0x40/0x90
[   41.225518][ T4174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.225538][ T4174] RIP: 0033:0x7f42081ce929
[   41.225553][ T4174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.225571][ T4174] RSP: 002b:00007f4206837038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   41.225643][ T4174] RAX: ffffffffffffffda RBX: 00007f42083f5fa0 RCX: 00007f42081ce929
[   41.225656][ T4174] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[   41.225668][ T4174] RBP: 00007f4206837090 R08: 0000000000000002 R09: 0000000000000000
[   41.225678][ T4174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.225749][ T4174] R13: 0000000000000000 R14: 00007f42083f5fa0 R15: 00007fff479d3568
[   41.225801][ T4174]  </TASK>
[   41.443339][ T4180] loop0: detected capacity change from 0 to 1024
[   41.567842][ T4187] loop4: detected capacity change from 0 to 8192
[   41.576443][ T4180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.613774][ T4187] FAULT_INJECTION: forcing a failure.
[   41.613774][ T4187] name failslab, interval 1, probability 0, space 0, times 0
[   41.626435][ T4187] CPU: 0 UID: 0 PID: 4187 Comm: syz.4.248 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   41.626461][ T4187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   41.626543][ T4187] Call Trace:
[   41.626549][ T4187]  <TASK>
[   41.626556][ T4187]  __dump_stack+0x1d/0x30
[   41.626573][ T4187]  dump_stack_lvl+0xe8/0x140
[   41.626693][ T4187]  dump_stack+0x15/0x1b
[   41.626708][ T4187]  should_fail_ex+0x265/0x280
[   41.626818][ T4187]  ? audit_log_d_path+0x8d/0x150
[   41.626844][ T4187]  should_failslab+0x8c/0xb0
[   41.626990][ T4187]  __kmalloc_cache_noprof+0x4c/0x320
[   41.627201][ T4187]  audit_log_d_path+0x8d/0x150
[   41.627236][ T4187]  audit_log_d_path_exe+0x42/0x70
[   41.627262][ T4187]  audit_log_task+0x1e9/0x250
[   41.627306][ T4187]  audit_seccomp+0x61/0x100
[   41.627378][ T4187]  ? __seccomp_filter+0x68c/0x10d0
[   41.627475][ T4187]  __seccomp_filter+0x69d/0x10d0
[   41.627497][ T4187]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   41.627528][ T4187]  ? vfs_write+0x75e/0x8e0
[   41.627554][ T4187]  ? __rcu_read_unlock+0x4f/0x70
[   41.627603][ T4187]  ? __fget_files+0x184/0x1c0
[   41.627621][ T4187]  __secure_computing+0x82/0x150
[   41.627641][ T4187]  syscall_trace_enter+0xcf/0x1e0
[   41.627665][ T4187]  do_syscall_64+0xac/0x200
[   41.627757][ T4187]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.627783][ T4187]  ? clear_bhb_loop+0x40/0x90
[   41.627842][ T4187]  ? clear_bhb_loop+0x40/0x90
[   41.627862][ T4187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.627971][ T4187] RIP: 0033:0x7f46f107e929
[   41.627984][ T4187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.627998][ T4187] RSP: 002b:00007f46ef6e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[   41.628080][ T4187] RAX: ffffffffffffffda RBX: 00007f46f12a5fa0 RCX: 00007f46f107e929
[   41.628090][ T4187] RDX: 0000000000000006 RSI: 0000200000000380 RDI: 0000000000000006
[   41.628100][ T4187] RBP: 00007f46ef6e7090 R08: 0000000000000000 R09: 0000000000000000
[   41.628110][ T4187] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[   41.628121][ T4187] R13: 0000000000000000 R14: 00007f46f12a5fa0 R15: 00007ffee07de5f8
[   41.628170][ T4187]  </TASK>
[   41.854586][ T4180] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.878078][ T4194] loop1: detected capacity change from 0 to 8192
[   41.931943][ T4196] netlink: 'syz.3.251': attribute type 3 has an invalid length.
[   42.029195][ T4206] loop3: detected capacity change from 0 to 1024
[   42.051266][ T4206] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.083753][ T4206] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   42.116389][ T4206] EXT4-fs (loop3): Remounting filesystem read-only
[   42.133491][ T4207] capability: warning: `syz.0.243' uses deprecated v2 capabilities in a way that may be insecure
[   42.200454][ T3314] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 16: comm syz-executor: path /54/file1: bad entry in directory: rec_len is smaller than minimal - offset=876, inode=0, rec_len=0, size=1024 fake=0
[   42.243906][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.253706][ T3314] EXT4-fs error (device loop0): ext4_readdir:264: inode #11: block 37: comm syz-executor: path /54/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0
[   42.275063][ T3314] EXT4-fs error (device loop0): ext4_empty_dir:3116: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0
[   42.302376][ T3314] EXT4-fs error (device loop0): ext4_readdir:264: inode #11: block 37: comm syz-executor: path /54/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0
[   42.348512][ T3314] EXT4-fs error (device loop0): ext4_empty_dir:3116: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0
[   42.375452][ T4219] syzkaller1: entered promiscuous mode
[   42.381555][ T4219] syzkaller1: entered allmulticast mode
[   42.394933][ T3314] EXT4-fs error (device loop0): ext4_readdir:264: inode #11: block 37: comm syz-executor: path /54/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0
[   42.418589][ T3314] EXT4-fs error (device loop0): ext4_empty_dir:3116: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0
[   42.439506][ T3314] EXT4-fs error (device loop0): ext4_readdir:264: inode #11: block 37: comm syz-executor: path /54/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0
[   42.461402][ T3314] EXT4-fs error (device loop0): ext4_empty_dir:3116: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0
[   42.480677][ T3314] EXT4-fs error (device loop0): ext4_readdir:264: inode #11: block 37: comm syz-executor: path /54/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0
[   42.504344][ T4226] netlink: 8 bytes leftover after parsing attributes in process `syz.2.262'.
[   42.809334][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.837220][ T3463] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.894476][ T3463] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.914157][   T29] kauditd_printk_skb: 107 callbacks suppressed
[   42.914170][   T29] audit: type=1400 audit(1752095064.187:555): avc:  denied  { mounton } for  pid=4237 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   42.953932][ T3463] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.003579][ T3463] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.030389][ T4237] lo speed is unknown, defaulting to 1000
[   43.097496][ T3463] bridge_slave_1: left allmulticast mode
[   43.099221][   T29] audit: type=1400 audit(1752095064.367:556): avc:  denied  { search } for  pid=3035 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   43.103490][ T3463] bridge_slave_1: left promiscuous mode
[   43.124534][   T29] audit: type=1400 audit(1752095064.367:557): avc:  denied  { search } for  pid=3035 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   43.130295][ T3463] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.151584][   T29] audit: type=1400 audit(1752095064.367:558): avc:  denied  { search } for  pid=3035 comm="dhcpcd" name="data" dev="tmpfs" ino=13 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   43.180084][   T29] audit: type=1400 audit(1752095064.367:559): avc:  denied  { read } for  pid=3035 comm="dhcpcd" name="n26" dev="tmpfs" ino=2180 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   43.201804][   T29] audit: type=1400 audit(1752095064.367:560): avc:  denied  { open } for  pid=3035 comm="dhcpcd" path="/run/udev/data/n26" dev="tmpfs" ino=2180 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   43.224797][   T29] audit: type=1400 audit(1752095064.367:561): avc:  denied  { getattr } for  pid=3035 comm="dhcpcd" path="/run/udev/data/n26" dev="tmpfs" ino=2180 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   43.248836][   T29] audit: type=1326 audit(1752095064.467:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4218 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d4e7be929 code=0x7ffc0000
[   43.272112][   T29] audit: type=1326 audit(1752095064.467:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4218 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d4e7be929 code=0x7ffc0000
[   43.295752][ T3463] bridge_slave_0: left allmulticast mode
[   43.301446][ T3463] bridge_slave_0: left promiscuous mode
[   43.307112][ T3463] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.465249][ T4264] loop4: detected capacity change from 0 to 1024
[   43.472772][ T4264] EXT4-fs: Ignoring removed orlov option
[   43.481748][ T4264] /dev/loop4: Can't open blockdev
[   43.502451][ T3463] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   43.522848][ T3463] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   43.542199][ T3463] bond0 (unregistering): Released all slaves
[   43.617125][ T4237] chnl_net:caif_netlink_parms(): no params data found
[   43.624087][   T29] audit: type=1400 audit(1752095064.887:564): avc:  denied  { append } for  pid=4268 comm="syz.4.276" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   43.664218][ T3463] tipc: Disabling bearer <udp:£>
[   43.669310][ T3463] tipc: Left network mode
[   43.693003][ T4270] blktrace: Concurrent blktraces are not allowed on loop4
[   43.769678][ T3463] hsr_slave_0: left promiscuous mode
[   43.783653][ T3463] hsr_slave_1: left promiscuous mode
[   43.799223][ T4270] loop2: detected capacity change from 0 to 2048
[   43.805818][ T3463] veth1_macvtap: left promiscuous mode
[   43.841287][ T3463] veth0_macvtap: left promiscuous mode
[   43.846810][ T3463] veth1_vlan: left promiscuous mode
[   43.876406][ T4283] blktrace: Concurrent blktraces are not allowed on loop8
[   43.886326][ T3463] veth0_vlan: left promiscuous mode
[   43.913170][ T4293] FAULT_INJECTION: forcing a failure.
[   43.913170][ T4293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   43.926433][ T4293] CPU: 1 UID: 0 PID: 4293 Comm: syz.1.280 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   43.926460][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.926473][ T4293] Call Trace:
[   43.926546][ T4293]  <TASK>
[   43.926552][ T4293]  __dump_stack+0x1d/0x30
[   43.926633][ T4293]  dump_stack_lvl+0xe8/0x140
[   43.926654][ T4293]  dump_stack+0x15/0x1b
[   43.926672][ T4293]  should_fail_ex+0x265/0x280
[   43.926777][ T4293]  should_fail+0xb/0x20
[   43.926842][ T4293]  should_fail_usercopy+0x1a/0x20
[   43.926874][ T4293]  _copy_from_user+0x1c/0xb0
[   43.926939][ T4293]  __sys_sendto+0x19e/0x330
[   43.927041][ T4293]  __x64_sys_sendto+0x76/0x90
[   43.927065][ T4293]  x64_sys_call+0x2eb6/0x2fb0
[   43.927084][ T4293]  do_syscall_64+0xd2/0x200
[   43.927112][ T4293]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   43.927180][ T4293]  ? clear_bhb_loop+0x40/0x90
[   43.927284][ T4293]  ? clear_bhb_loop+0x40/0x90
[   43.927307][ T4293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.927329][ T4293] RIP: 0033:0x7f42081ce929
[   43.927345][ T4293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.927363][ T4293] RSP: 002b:00007f4206837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   43.927408][ T4293] RAX: ffffffffffffffda RBX: 00007f42083f5fa0 RCX: 00007f42081ce929
[   43.927421][ T4293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   43.927433][ T4293] RBP: 00007f4206837090 R08: 0000200000b63fe4 R09: 000000000000001c
[   43.927446][ T4293] R10: 0000000020000004 R11: 0000000000000246 R12: 0000000000000001
[   43.927459][ T4293] R13: 0000000000000000 R14: 00007f42083f5fa0 R15: 00007fff479d3568
[   43.927494][ T4293]  </TASK>
[   43.929752][ T3768]  loop2: p3 p4 < >
[   44.140109][ T4270]  loop2: p3 p4 < >
[   44.207544][ T3463] team0 (unregistering): Port device team_slave_1 removed
[   44.233088][ T3463] team0 (unregistering): Port device team_slave_0 removed
[   44.370934][ T4237] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.378048][ T4237] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.382298][ T3768] udevd[3768]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   44.387375][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   44.430175][ T4237] bridge_slave_0: entered allmulticast mode
[   44.439116][ T4237] bridge_slave_0: entered promiscuous mode
[   44.450906][ T4237] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.458065][ T4237] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.474373][ T4237] bridge_slave_1: entered allmulticast mode
[   44.483881][ T4237] bridge_slave_1: entered promiscuous mode
[   44.543093][ T4237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   44.565455][ T4237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   44.567881][ T4349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.294'.
[   44.585962][ T4346] netlink: 'syz.4.293': attribute type 6 has an invalid length.
[   44.595550][ T4237] team0: Port device team_slave_0 added
[   44.613058][ T4237] team0: Port device team_slave_1 added
[   44.637831][ T4237] batman_adv: batadv0: Adding interface: batadv_slave_0
[   44.640280][ T4352] netlink: 16 bytes leftover after parsing attributes in process `syz.2.295'.
[   44.644835][ T4237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   44.679658][ T4237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   44.690935][ T4237] batman_adv: batadv0: Adding interface: batadv_slave_1
[   44.697895][ T4237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   44.723926][ T4237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   44.735163][ T4349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'.
[   44.771258][ T4237] hsr_slave_0: entered promiscuous mode
[   44.777546][ T4237] hsr_slave_1: entered promiscuous mode
[   44.783715][ T4237] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   44.791804][ T4237] Cannot create hsr debugfs directory
[   44.825430][ T4356] loop2: detected capacity change from 0 to 1024
[   44.872352][ T4356] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.884787][ T4374] FAULT_INJECTION: forcing a failure.
[   44.884787][ T4374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   44.897898][ T4374] CPU: 1 UID: 0 PID: 4374 Comm: syz.3.299 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   44.897925][ T4374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.897938][ T4374] Call Trace:
[   44.897995][ T4374]  <TASK>
[   44.898003][ T4374]  __dump_stack+0x1d/0x30
[   44.898025][ T4374]  dump_stack_lvl+0xe8/0x140
[   44.898045][ T4374]  dump_stack+0x15/0x1b
[   44.898061][ T4374]  should_fail_ex+0x265/0x280
[   44.898086][ T4374]  should_fail+0xb/0x20
[   44.898174][ T4374]  should_fail_usercopy+0x1a/0x20
[   44.898205][ T4374]  _copy_from_user+0x1c/0xb0
[   44.898225][ T4374]  ___sys_sendmsg+0xc1/0x1d0
[   44.898314][ T4374]  __x64_sys_sendmsg+0xd4/0x160
[   44.898490][ T4374]  x64_sys_call+0x2999/0x2fb0
[   44.898551][ T4374]  do_syscall_64+0xd2/0x200
[   44.898608][ T4374]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   44.898707][ T4374]  ? clear_bhb_loop+0x40/0x90
[   44.898728][ T4374]  ? clear_bhb_loop+0x40/0x90
[   44.898748][ T4374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.898771][ T4374] RIP: 0033:0x7f6d4e7be929
[   44.898784][ T4374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   44.898799][ T4374] RSP: 002b:00007f6d4ce27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   44.898816][ T4374] RAX: ffffffffffffffda RBX: 00007f6d4e9e5fa0 RCX: 00007f6d4e7be929
[   44.898829][ T4374] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[   44.898840][ T4374] RBP: 00007f6d4ce27090 R08: 0000000000000000 R09: 0000000000000000
[   44.898854][ T4374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.898864][ T4374] R13: 0000000000000000 R14: 00007f6d4e9e5fa0 R15: 00007ffcbe299848
[   44.898913][ T4374]  </TASK>
[   44.916333][ T4356] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, 
[   44.950997][ T4237] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   44.955485][ T4356] inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   44.983151][ T4377] netlink: 'syz.3.300': attribute type 6 has an invalid length.
[   44.985954][ T4356] EXT4-fs (loop2): Remounting filesystem read-only
[   45.121319][ T4237] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   45.142267][ T4237] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   45.157140][ T4237] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   45.176338][ T4384] pim6reg1: entered promiscuous mode
[   45.181721][ T4384] pim6reg1: entered allmulticast mode
[   45.231657][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.244013][ T4237] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.253612][ T4322] syz.1.288 (4322) used greatest stack depth: 9968 bytes left
[   45.270653][ T4237] 8021q: adding VLAN 0 to HW filter on device team0
[   45.290957][ T3463] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.298035][ T3463] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.328738][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.335906][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.344413][ T4408] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26194 sclass=netlink_route_socket pid=4408 comm=GPL
[   45.366902][ T4237] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   45.377367][ T4237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   45.433536][ T4419] blktrace: Concurrent blktraces are not allowed on loop2
[   45.448656][ T4419] loop1: detected capacity change from 0 to 2048
[   45.467221][ T4237] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.474813][ T3768]  loop1: p3 p4 < >
[   45.481333][ T4419]  loop1: p3 p4 < >
[   45.497833][ T4426] loop4: detected capacity change from 0 to 1024
[   45.537301][ T4426] EXT4-fs: Ignoring removed orlov option
[   45.559754][ T4426] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.693631][ T4237] veth0_vlan: entered promiscuous mode
[   45.702637][ T4237] veth1_vlan: entered promiscuous mode
[   45.746782][ T4237] veth0_macvtap: entered promiscuous mode
[   45.756701][ T4237] veth1_macvtap: entered promiscuous mode
[   45.776632][ T4460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.308'.
[   45.788657][ T4237] batman_adv: batadv0: Interface activated: batadv_slave_0
[   45.817462][ T4237] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.827901][ T4237] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.836741][ T4237] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.845663][ T4237] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.854386][ T4237] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   45.944680][ T4481] FAULT_INJECTION: forcing a failure.
[   45.944680][ T4481] name failslab, interval 1, probability 0, space 0, times 0
[   45.957486][ T4481] CPU: 1 UID: 0 PID: 4481 Comm: syz.5.310 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   45.957557][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.957571][ T4481] Call Trace:
[   45.957577][ T4481]  <TASK>
[   45.957586][ T4481]  __dump_stack+0x1d/0x30
[   45.957708][ T4481]  dump_stack_lvl+0xe8/0x140
[   45.957724][ T4481]  dump_stack+0x15/0x1b
[   45.957738][ T4481]  should_fail_ex+0x265/0x280
[   45.957794][ T4481]  ? tunnel_key_init+0xa25/0xe20
[   45.957826][ T4481]  should_failslab+0x8c/0xb0
[   45.957849][ T4481]  __kmalloc_cache_noprof+0x4c/0x320
[   45.957876][ T4481]  tunnel_key_init+0xa25/0xe20
[   45.957985][ T4481]  tcf_action_init_1+0x36a/0x4a0
[   45.958090][ T4481]  tcf_action_init+0x267/0x6d0
[   45.958137][ T4481]  tc_ctl_action+0x291/0x830
[   45.958177][ T4481]  ? __pfx_tc_ctl_action+0x10/0x10
[   45.958202][ T4481]  rtnetlink_rcv_msg+0x65a/0x6d0
[   45.958292][ T4481]  netlink_rcv_skb+0x120/0x220
[   45.958398][ T4481]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   45.958503][ T4481]  rtnetlink_rcv+0x1c/0x30
[   45.958525][ T4481]  netlink_unicast+0x59e/0x670
[   45.958556][ T4481]  netlink_sendmsg+0x58b/0x6b0
[   45.958591][ T4481]  ? __pfx_netlink_sendmsg+0x10/0x10
[   45.958632][ T4481]  __sock_sendmsg+0x142/0x180
[   45.958656][ T4481]  ____sys_sendmsg+0x31e/0x4e0
[   45.958762][ T4481]  ___sys_sendmsg+0x17b/0x1d0
[   45.958801][ T4481]  __x64_sys_sendmsg+0xd4/0x160
[   45.958901][ T4481]  x64_sys_call+0x2999/0x2fb0
[   45.958919][ T4481]  do_syscall_64+0xd2/0x200
[   45.958945][ T4481]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.958969][ T4481]  ? clear_bhb_loop+0x40/0x90
[   45.959063][ T4481]  ? clear_bhb_loop+0x40/0x90
[   45.959086][ T4481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.959109][ T4481] RIP: 0033:0x7fc80897e929
[   45.959125][ T4481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.959143][ T4481] RSP: 002b:00007fc806fe7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.959176][ T4481] RAX: ffffffffffffffda RBX: 00007fc808ba5fa0 RCX: 00007fc80897e929
[   45.959186][ T4481] RDX: 0000000004001000 RSI: 0000200000000300 RDI: 0000000000000004
[   45.959200][ T4481] RBP: 00007fc806fe7090 R08: 0000000000000000 R09: 0000000000000000
[   45.959235][ T4481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   45.959248][ T4481] R13: 0000000000000000 R14: 00007fc808ba5fa0 R15: 00007ffc02e6eee8
[   45.959266][ T4481]  </TASK>
[   46.012251][ T4481] syz.5.310 (4481) used greatest stack depth: 9912 bytes left
[   46.151206][ T4494] loop2: detected capacity change from 0 to 1024
[   46.249075][ T4494] EXT4-fs: Ignoring removed orlov option
[   46.266422][ T4494] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.311829][ T4505] FAULT_INJECTION: forcing a failure.
[   46.311829][ T4505] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   46.324946][ T4505] CPU: 0 UID: 0 PID: 4505 Comm: syz.5.314 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   46.324972][ T4505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   46.325052][ T4505] Call Trace:
[   46.325057][ T4505]  <TASK>
[   46.325064][ T4505]  __dump_stack+0x1d/0x30
[   46.325082][ T4505]  dump_stack_lvl+0xe8/0x140
[   46.325100][ T4505]  dump_stack+0x15/0x1b
[   46.325113][ T4505]  should_fail_ex+0x265/0x280
[   46.325138][ T4505]  should_fail+0xb/0x20
[   46.325198][ T4505]  should_fail_usercopy+0x1a/0x20
[   46.325272][ T4505]  _copy_to_user+0x20/0xa0
[   46.325290][ T4505]  simple_read_from_buffer+0xb5/0x130
[   46.325323][ T4505]  proc_fail_nth_read+0x100/0x140
[   46.325357][ T4505]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   46.325474][ T4505]  vfs_read+0x1a0/0x6f0
[   46.325559][ T4505]  ? __rcu_read_unlock+0x4f/0x70
[   46.325582][ T4505]  ? __fget_files+0x184/0x1c0
[   46.325604][ T4505]  ksys_read+0xda/0x1a0
[   46.325634][ T4505]  __x64_sys_read+0x40/0x50
[   46.325681][ T4505]  x64_sys_call+0x2d77/0x2fb0
[   46.325699][ T4505]  do_syscall_64+0xd2/0x200
[   46.325730][ T4505]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.325792][ T4505]  ? clear_bhb_loop+0x40/0x90
[   46.325815][ T4505]  ? clear_bhb_loop+0x40/0x90
[   46.325833][ T4505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.325851][ T4505] RIP: 0033:0x7fc80897d33c
[   46.325864][ T4505] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   46.325879][ T4505] RSP: 002b:00007fc806fe7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   46.325947][ T4505] RAX: ffffffffffffffda RBX: 00007fc808ba5fa0 RCX: 00007fc80897d33c
[   46.325961][ T4505] RDX: 000000000000000f RSI: 00007fc806fe70a0 RDI: 0000000000000003
[   46.325974][ T4505] RBP: 00007fc806fe7090 R08: 0000000000000000 R09: 0000000000000000
[   46.326016][ T4505] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[   46.326029][ T4505] R13: 0000000000000001 R14: 00007fc808ba5fa0 R15: 00007ffc02e6eee8
[   46.326047][ T4505]  </TASK>
[   46.549784][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.560310][ T4508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.313'.
[   46.637396][ T4503] syzkaller0: entered promiscuous mode
[   46.642954][ T4503] syzkaller0: entered allmulticast mode
[   46.671499][ T4508] loop1: detected capacity change from 0 to 256
[   46.735804][ T4531] loop5: detected capacity change from 0 to 1024
[   46.745264][ T4508] FAT-fs (loop1): Directory bread(block 64) failed
[   46.753156][ T4508] FAT-fs (loop1): Directory bread(block 65) failed
[   46.761332][ T4531] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[   46.767063][ T4508] FAT-fs (loop1): Directory bread(block 66) failed
[   46.793644][ T4508] FAT-fs (loop1): Directory bread(block 67) failed
[   46.800732][ T4508] FAT-fs (loop1): Directory bread(block 68) failed
[   46.807254][ T4508] FAT-fs (loop1): Directory bread(block 69) failed
[   46.855812][ T4508] FAT-fs (loop1): Directory bread(block 70) failed
[   46.871775][ T4508] FAT-fs (loop1): Directory bread(block 71) failed
[   46.878479][ T4508] FAT-fs (loop1): Directory bread(block 72) failed
[   46.885218][ T4508] FAT-fs (loop1): Directory bread(block 73) failed
[   46.925845][ T4541] netlink: 'syz.5.320': attribute type 30 has an invalid length.
[   46.937915][ T4541] loop5: detected capacity change from 0 to 512
[   46.979357][ T4541] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.010216][ T4541] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.040138][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.050875][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.159721][ T4551] loop5: detected capacity change from 0 to 1024
[   47.174931][ T4551] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   47.337411][ T4571] netlink: 8 bytes leftover after parsing attributes in process `syz.5.329'.
[   47.342809][ T4574] netlink: 'syz.1.332': attribute type 30 has an invalid length.
[   47.375193][ T4571] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4571 comm=syz.5.329
[   47.409330][ T4567] loop3: detected capacity change from 0 to 2048
[   47.432032][ T4580] netlink: 4 bytes leftover after parsing attributes in process `syz.5.333'.
[   47.448762][ T4580] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   47.456323][ T4580] batman_adv: batadv0: Removing interface: batadv_slave_0
[   47.464449][ T4583] FAULT_INJECTION: forcing a failure.
[   47.464449][ T4583] name failslab, interval 1, probability 0, space 0, times 0
[   47.477215][ T4583] CPU: 0 UID: 0 PID: 4583 Comm: +}[@ Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   47.477277][ T4583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   47.477290][ T4583] Call Trace:
[   47.477296][ T4583]  <TASK>
[   47.477304][ T4583]  __dump_stack+0x1d/0x30
[   47.477326][ T4583]  dump_stack_lvl+0xe8/0x140
[   47.477344][ T4583]  dump_stack+0x15/0x1b
[   47.477358][ T4583]  should_fail_ex+0x265/0x280
[   47.477432][ T4583]  ? p9_client_create+0x59/0xbc0
[   47.477457][ T4583]  should_failslab+0x8c/0xb0
[   47.477480][ T4583]  __kmalloc_cache_noprof+0x4c/0x320
[   47.477601][ T4583]  p9_client_create+0x59/0xbc0
[   47.477627][ T4583]  ? should_failslab+0x8c/0xb0
[   47.477645][ T4583]  ? __kmalloc_node_track_caller_noprof+0x1e5/0x410
[   47.477668][ T4583]  ? v9fs_session_init+0x78/0xde0
[   47.477764][ T4583]  v9fs_session_init+0xf7/0xde0
[   47.477784][ T4583]  ? obj_cgroup_charge_account+0x122/0x1a0
[   47.477814][ T4583]  ? __rcu_read_unlock+0x4f/0x70
[   47.477837][ T4583]  ? should_fail_ex+0xdb/0x280
[   47.477901][ T4583]  ? v9fs_mount+0x51/0x590
[   47.477926][ T4583]  ? should_failslab+0x8c/0xb0
[   47.477947][ T4583]  ? __kmalloc_cache_noprof+0x189/0x320
[   47.477970][ T4583]  v9fs_mount+0x67/0x590
[   47.478048][ T4583]  ? __pfx_v9fs_mount+0x10/0x10
[   47.478074][ T4583]  legacy_get_tree+0x78/0xd0
[   47.478157][ T4583]  vfs_get_tree+0x57/0x1d0
[   47.478185][ T4583]  do_new_mount+0x207/0x680
[   47.478219][ T4583]  path_mount+0x4a4/0xb20
[   47.478247][ T4583]  ? user_path_at+0x109/0x130
[   47.478269][ T4583]  __se_sys_mount+0x28f/0x2e0
[   47.478295][ T4583]  ? fput+0x8f/0xc0
[   47.478365][ T4583]  __x64_sys_mount+0x67/0x80
[   47.478397][ T4583]  x64_sys_call+0xd36/0x2fb0
[   47.478481][ T4583]  do_syscall_64+0xd2/0x200
[   47.478513][ T4583]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   47.478540][ T4583]  ? clear_bhb_loop+0x40/0x90
[   47.478570][ T4583]  ? clear_bhb_loop+0x40/0x90
[   47.478590][ T4583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.478613][ T4583] RIP: 0033:0x7f46f107e929
[   47.478629][ T4583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.478643][ T4583] RSP: 002b:00007f46ef6e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   47.478687][ T4583] RAX: ffffffffffffffda RBX: 00007f46f12a5fa0 RCX: 00007f46f107e929
[   47.478708][ T4583] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[   47.478720][ T4583] RBP: 00007f46ef6e7090 R08: 0000200000000280 R09: 0000000000000000
[   47.478738][ T4583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   47.478751][ T4583] R13: 0000000000000000 R14: 00007f46f12a5fa0 R15: 00007ffee07de5f8
[   47.478770][ T4583]  </TASK>
[   47.794582][ T4580] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   47.802177][ T4580] batman_adv: batadv0: Removing interface: batadv_slave_1
[   47.810856][ T3297]  loop3: p3 p4 < >
[   47.820583][ T4567]  loop3: p3 p4 < >
[   47.824061][ T4588] loop1: detected capacity change from 0 to 512
[   47.841111][ T2996]  loop3: p3 p4 < >
[   47.933011][ T4588] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.336: corrupted in-inode xattr: invalid ea_ino
[   48.000792][ T4588] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.336: couldn't read orphan inode 15 (err -117)
[   48.030171][ T4588] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.087694][ T4603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.341'.
[   48.096562][ T4603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.341'.
[   48.146171][   T29] kauditd_printk_skb: 36 callbacks suppressed
[   48.146184][   T29] audit: type=1400 audit(1752095069.417:601): avc:  denied  { bind } for  pid=4606 comm="syz.3.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   48.181806][   T29] audit: type=1400 audit(1752095069.447:602): avc:  denied  { connect } for  pid=4606 comm="syz.3.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   48.325238][   T29] audit: type=1400 audit(1752095069.597:603): avc:  denied  { write } for  pid=4605 comm="syz.4.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   48.347625][ T4609] vlan2: entered allmulticast mode
[   48.355820][ T4624] netlink: 4 bytes leftover after parsing attributes in process `syz.3.346'.
[   48.395117][   T29] audit: type=1400 audit(1752095069.667:604): avc:  denied  { create } for  pid=4630 comm="syz.3.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   48.431383][   T29] audit: type=1400 audit(1752095069.667:605): avc:  denied  { ioctl } for  pid=4630 comm="syz.3.347" path="socket:[8401]" dev="sockfs" ino=8401 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   48.440838][ T4636] loop3: detected capacity change from 0 to 512
[   48.455702][   T29] audit: type=1400 audit(1752095069.687:606): avc:  denied  { bind } for  pid=4630 comm="syz.3.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   48.464628][ T4636] journal_path: Non-blockdev passed as './bus'
[   48.487414][ T4636] EXT4-fs: error: could not find journal device path
[   48.530222][   T29] audit: type=1400 audit(1752095069.807:607): avc:  denied  { read write } for  pid=4637 comm="syz.4.349" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   48.530639][ T4638] netlink: 'syz.4.349': attribute type 6 has an invalid length.
[   48.588330][   T29] audit: type=1400 audit(1752095069.807:608): avc:  denied  { open } for  pid=4637 comm="syz.4.349" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   48.611800][   T29] audit: type=1400 audit(1752095069.807:609): avc:  denied  { ioctl } for  pid=4637 comm="syz.4.349" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   48.645261][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.666979][ T4650] loop1: detected capacity change from 0 to 1024
[   48.673937][ T4650] EXT4-fs: Ignoring removed orlov option
[   48.683719][ T4650] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.776284][ T4653] blktrace: Concurrent blktraces are not allowed on loop4
[   48.879424][ T4653] loop2: detected capacity change from 0 to 2048
[   48.911244][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.913458][ T3768]  loop2: p3 p4 < >
[   48.926879][ T4653]  loop2: p3 p4 < >
[   48.990929][ T4663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.357'.
[   49.057650][ T4671] loop1: detected capacity change from 0 to 1024
[   49.064455][ T4671] EXT4-fs: Ignoring removed orlov option
[   49.075225][ T4671] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.095801][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.133067][ T4677] FAULT_INJECTION: forcing a failure.
[   49.133067][ T4677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.146193][ T4677] CPU: 1 UID: 0 PID: 4677 Comm: syz.1.362 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   49.146221][ T4677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.146296][ T4677] Call Trace:
[   49.146301][ T4677]  <TASK>
[   49.146307][ T4677]  __dump_stack+0x1d/0x30
[   49.146345][ T4677]  dump_stack_lvl+0xe8/0x140
[   49.146364][ T4677]  dump_stack+0x15/0x1b
[   49.146381][ T4677]  should_fail_ex+0x265/0x280
[   49.146412][ T4677]  should_fail+0xb/0x20
[   49.146491][ T4677]  should_fail_usercopy+0x1a/0x20
[   49.146596][ T4677]  _copy_from_user+0x1c/0xb0
[   49.146616][ T4677]  __sys_bind+0x106/0x2a0
[   49.146643][ T4677]  __x64_sys_bind+0x3f/0x50
[   49.146717][ T4677]  x64_sys_call+0x2086/0x2fb0
[   49.146779][ T4677]  do_syscall_64+0xd2/0x200
[   49.146812][ T4677]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.146839][ T4677]  ? clear_bhb_loop+0x40/0x90
[   49.146862][ T4677]  ? clear_bhb_loop+0x40/0x90
[   49.146948][ T4677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.146971][ T4677] RIP: 0033:0x7f42081ce929
[   49.147023][ T4677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.147037][ T4677] RSP: 002b:00007f4206837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[   49.147055][ T4677] RAX: ffffffffffffffda RBX: 00007f42083f5fa0 RCX: 00007f42081ce929
[   49.147068][ T4677] RDX: 0000000000000010 RSI: 0000200000000240 RDI: 0000000000000004
[   49.147081][ T4677] RBP: 00007f4206837090 R08: 0000000000000000 R09: 0000000000000000
[   49.147094][ T4677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.147134][ T4677] R13: 0000000000000000 R14: 00007f42083f5fa0 R15: 00007fff479d3568
[   49.147152][ T4677]  </TASK>
[   49.413569][   T29] audit: type=1400 audit(1752095070.687:610): avc:  denied  { read } for  pid=4688 comm="syz.4.367" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   49.452962][ T4691] loop2: detected capacity change from 0 to 1024
[   49.464450][ T4689] netlink: 5 bytes leftover after parsing attributes in process `syz.4.367'.
[   49.475400][ T4689] 0ªX¹¦D: renamed from gretap0 (while UP)
[   49.486634][ T4691] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.512661][ T4689] 0ªX¹¦D: entered allmulticast mode
[   49.522284][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.524551][ T4689] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[   49.551851][ T4693] netlink: 4 bytes leftover after parsing attributes in process `syz.3.369'.
[   49.606141][ T4703] loop2: detected capacity change from 0 to 1024
[   49.616730][ T4706] 8021q: VLANs not supported on vxcan0
[   49.632016][ T4703] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.651951][ T4703] FAULT_INJECTION: forcing a failure.
[   49.651951][ T4703] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.659310][ T4706] loop4: detected capacity change from 0 to 1024
[   49.665102][ T4703] CPU: 1 UID: 0 PID: 4703 Comm: syz.2.370 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   49.665130][ T4703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.665143][ T4703] Call Trace:
[   49.665149][ T4703]  <TASK>
[   49.665158][ T4703]  __dump_stack+0x1d/0x30
[   49.665179][ T4703]  dump_stack_lvl+0xe8/0x140
[   49.665197][ T4703]  dump_stack+0x15/0x1b
[   49.665213][ T4703]  should_fail_ex+0x265/0x280
[   49.665254][ T4703]  should_fail+0xb/0x20
[   49.665319][ T4703]  should_fail_usercopy+0x1a/0x20
[   49.665349][ T4703]  strncpy_from_user+0x25/0x230
[   49.665374][ T4703]  path_setxattrat+0xeb/0x310
[   49.665410][ T4703]  __x64_sys_setxattr+0x6e/0x90
[   49.665455][ T4703]  x64_sys_call+0x28a7/0x2fb0
[   49.665476][ T4703]  do_syscall_64+0xd2/0x200
[   49.665525][ T4703]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.665551][ T4703]  ? clear_bhb_loop+0x40/0x90
[   49.665627][ T4703]  ? clear_bhb_loop+0x40/0x90
[   49.665647][ T4703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.665667][ T4703] RIP: 0033:0x7f1eb3c8e929
[   49.665682][ T4703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.665699][ T4703] RSP: 002b:00007f1eb22f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   49.665780][ T4703] RAX: ffffffffffffffda RBX: 00007f1eb3eb5fa0 RCX: 00007f1eb3c8e929
[   49.665793][ T4703] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000000
[   49.665804][ T4703] RBP: 00007f1eb22f7090 R08: 0000000000000001 R09: 0000000000000000
[   49.665816][ T4703] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000001
[   49.665828][ T4703] R13: 0000000000000000 R14: 00007f1eb3eb5fa0 R15: 00007ffde0e58158
[   49.665846][ T4703]  </TASK>
[   49.851834][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.867831][ T4706] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.872413][ T4715] bond1: entered promiscuous mode
[   49.884996][ T4715] bond1: entered allmulticast mode
[   49.900154][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.910779][ T4715] 8021q: adding VLAN 0 to HW filter on device bond1
[   49.938697][ T4715] bond1 (unregistering): Released all slaves
[   50.019646][ T4732] IPVS: set_ctl: invalid protocol: 43 100.1.1.2:21
[   50.349397][ T4748] team1: entered promiscuous mode
[   50.355149][ T4748] team1: entered allmulticast mode
[   50.379327][ T4758] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   50.403234][ T4756] loop5: detected capacity change from 0 to 8192
[   50.411786][ T4756] vfat: Unknown parameter '€'
[   50.515352][ T4770] FAULT_INJECTION: forcing a failure.
[   50.515352][ T4770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.528537][ T4770] CPU: 1 UID: 0 PID: 4770 Comm: syz.5.396 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   50.528567][ T4770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   50.528579][ T4770] Call Trace:
[   50.528585][ T4770]  <TASK>
[   50.528592][ T4770]  __dump_stack+0x1d/0x30
[   50.528610][ T4770]  dump_stack_lvl+0xe8/0x140
[   50.528666][ T4770]  dump_stack+0x15/0x1b
[   50.528731][ T4770]  should_fail_ex+0x265/0x280
[   50.528759][ T4770]  should_fail+0xb/0x20
[   50.528818][ T4770]  should_fail_usercopy+0x1a/0x20
[   50.528859][ T4770]  _copy_from_user+0x1c/0xb0
[   50.528876][ T4770]  ___sys_sendmsg+0xc1/0x1d0
[   50.528980][ T4770]  __x64_sys_sendmsg+0xd4/0x160
[   50.529039][ T4770]  x64_sys_call+0x2999/0x2fb0
[   50.529090][ T4770]  do_syscall_64+0xd2/0x200
[   50.529161][ T4770]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.529184][ T4770]  ? clear_bhb_loop+0x40/0x90
[   50.529202][ T4770]  ? clear_bhb_loop+0x40/0x90
[   50.529222][ T4770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.529280][ T4770] RIP: 0033:0x7fc80897e929
[   50.529296][ T4770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.529314][ T4770] RSP: 002b:00007fc806fe7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.529331][ T4770] RAX: ffffffffffffffda RBX: 00007fc808ba5fa0 RCX: 00007fc80897e929
[   50.529394][ T4770] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000005
[   50.529404][ T4770] RBP: 00007fc806fe7090 R08: 0000000000000000 R09: 0000000000000000
[   50.529415][ T4770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.529425][ T4770] R13: 0000000000000000 R14: 00007fc808ba5fa0 R15: 00007ffc02e6eee8
[   50.529490][ T4770]  </TASK>
[   50.855480][ T4775] FAULT_INJECTION: forcing a failure.
[   50.855480][ T4775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.868654][ T4775] CPU: 1 UID: 0 PID: 4775 Comm: +}[@ Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   50.868729][ T4775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   50.868750][ T4775] Call Trace:
[   50.868754][ T4775]  <TASK>
[   50.868762][ T4775]  __dump_stack+0x1d/0x30
[   50.868784][ T4775]  dump_stack_lvl+0xe8/0x140
[   50.868804][ T4775]  dump_stack+0x15/0x1b
[   50.868900][ T4775]  should_fail_ex+0x265/0x280
[   50.868930][ T4775]  should_fail+0xb/0x20
[   50.868957][ T4775]  should_fail_usercopy+0x1a/0x20
[   50.869031][ T4775]  _copy_from_user+0x1c/0xb0
[   50.869050][ T4775]  ___sys_sendmsg+0xc1/0x1d0
[   50.869164][ T4775]  __x64_sys_sendmsg+0xd4/0x160
[   50.869198][ T4775]  x64_sys_call+0x2999/0x2fb0
[   50.869273][ T4775]  do_syscall_64+0xd2/0x200
[   50.869300][ T4775]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.869390][ T4775]  ? clear_bhb_loop+0x40/0x90
[   50.869412][ T4775]  ? clear_bhb_loop+0x40/0x90
[   50.869471][ T4775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.869489][ T4775] RIP: 0033:0x7f1eb3c8e929
[   50.869502][ T4775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.869517][ T4775] RSP: 002b:00007f1eb22f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.869537][ T4775] RAX: ffffffffffffffda RBX: 00007f1eb3eb5fa0 RCX: 00007f1eb3c8e929
[   50.869625][ T4775] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[   50.869638][ T4775] RBP: 00007f1eb22f7090 R08: 0000000000000000 R09: 0000000000000000
[   50.869651][ T4775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.869663][ T4775] R13: 0000000000000000 R14: 00007f1eb3eb5fa0 R15: 00007ffde0e58158
[   50.869683][ T4775]  </TASK>
[   51.075833][ T4778] __nla_validate_parse: 2 callbacks suppressed
[   51.075847][ T4778] netlink: 8 bytes leftover after parsing attributes in process `syz.5.398'.
[   51.121024][ T4778] netlink: 8 bytes leftover after parsing attributes in process `syz.5.398'.
[   51.137412][ T4778] netlink: 8 bytes leftover after parsing attributes in process `syz.5.398'.
[   51.227370][ T4782] loop2: detected capacity change from 0 to 4096
[   51.262621][ T4782] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.277938][ T4789] netlink: 'syz.5.404': attribute type 6 has an invalid length.
[   51.295700][ T4795] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4795 comm=syz.3.405
[   51.467002][ T4801] netlink: 36 bytes leftover after parsing attributes in process `syz.2.400'.
[   51.515387][ T4814] loop3: detected capacity change from 0 to 128
[   51.525548][ T4814] FAT-fs (loop3): Directory bread(block 32) failed
[   51.542388][ T4814] FAT-fs (loop3): Directory bread(block 33) failed
[   51.559300][ T4814] FAT-fs (loop3): Directory bread(block 34) failed
[   51.579318][ T4814] FAT-fs (loop3): Directory bread(block 35) failed
[   51.596238][ T4814] FAT-fs (loop3): Directory bread(block 36) failed
[   51.630980][ T4814] FAT-fs (loop3): Directory bread(block 37) failed
[   51.643781][ T4814] FAT-fs (loop3): Directory bread(block 38) failed
[   51.661179][ T4814] FAT-fs (loop3): Directory bread(block 39) failed
[   51.667663][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.667738][ T4814] FAT-fs (loop3): Directory bread(block 40) failed
[   51.761670][ T4814] FAT-fs (loop3): Directory bread(block 41) failed
[   51.828994][ T4814] syz.3.411: attempt to access beyond end of device
[   51.828994][ T4814] loop3: rw=0, sector=4108, nr_sectors = 4 limit=128
[   51.854735][ T4814] FAT-fs (loop3): Filesystem has been set read-only
[   51.861762][ T4814] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   51.875976][ T4823] loop5: detected capacity change from 0 to 1024
[   51.888409][ T4823] EXT4-fs: Ignoring removed oldalloc option
[   51.922495][ T4823] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   51.960824][ T4823] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   51.990342][ T4823] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.415: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[   52.065956][ T4834] loop3: detected capacity change from 0 to 8192
[   52.146150][ T4834]  loop3: p2 p3 p4
[   52.151286][ T4834] loop3: p2 size 327551 extends beyond EOD, truncated
[   52.172872][ T4834] loop3: p3 size 16776960 extends beyond EOD, truncated
[   52.180876][ T4834] loop3: p4 size 3599499392 extends beyond EOD, truncated
[   52.197324][ T4844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.422'.
[   52.234643][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.312317][ T3744] udevd[3744]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   52.319771][ T3831] udevd[3831]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   52.324021][ T3768] udevd[3768]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   52.427003][ T4867] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[   52.454285][ T4875] loop3: detected capacity change from 0 to 1024
[   52.488596][ T4877] loop1: detected capacity change from 0 to 1024
[   52.506686][ T4875] EXT4-fs: Ignoring removed orlov option
[   52.520296][ T4877] EXT4-fs: Ignoring removed orlov option
[   52.522321][ T4875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.541782][ T4877] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.574424][ T4883] loop5: detected capacity change from 0 to 512
[   52.628816][ T4883] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.674375][ T4883] EXT4-fs (loop5): orphan cleanup on readonly fs
[   52.681338][ T4883] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.436: bg 0: block 248: padding at end of block bitmap is not set
[   52.696562][ T4883] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.436: Failed to acquire dquot type 1
[   52.709325][ T4883] EXT4-fs (loop5): 1 truncate cleaned up
[   52.730725][ T4883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   52.904901][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.953818][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.030614][ T4922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   53.082170][ T4922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   53.127435][ T4928] netlink: 4 bytes leftover after parsing attributes in process `syz.4.449'.
[   53.159965][ T4928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.167453][ T4928] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.205124][ T4928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.212640][ T4928] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.307015][ T4883] syz.5.436 (4883) used greatest stack depth: 9304 bytes left
[   53.322577][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.345671][ T4933] loop5: detected capacity change from 0 to 512
[   53.363851][ T4933] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.383562][ T4933] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.402845][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.421505][ T4939] loop5: detected capacity change from 0 to 512
[   53.429144][ T4939] EXT4-fs: Ignoring removed mblk_io_submit option
[   53.440029][ T4939] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[   53.446687][ T4941] loop4: detected capacity change from 0 to 512
[   53.450731][ T4939] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002]
[   53.459486][ T4941] /dev/loop4: Can't open blockdev
[   53.468062][ T4939] System zones: 1-12
[   53.478510][ T4939] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.452: corrupted in-inode xattr: e_value size too large
[   53.501897][ T4939] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.452: couldn't read orphan inode 15 (err -117)
[   53.533809][ T4939] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.565051][   T29] kauditd_printk_skb: 102 callbacks suppressed
[   53.565096][   T29] audit: type=1400 audit(1752095074.837:709): avc:  denied  { create } for  pid=4938 comm="syz.5.452" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   53.594416][   T29] audit: type=1400 audit(1752095074.837:710): avc:  denied  { connect } for  pid=4938 comm="syz.5.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   53.615717][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.682844][ T4952] netlink: 24 bytes leftover after parsing attributes in process `syz.1.457'.
[   53.683439][   T29] audit: type=1400 audit(1752095074.957:711): avc:  denied  { create } for  pid=4948 comm="syz.2.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   53.758064][ T4960] loop2: detected capacity change from 0 to 1024
[   53.765612][ T4960] EXT4-fs: Ignoring removed orlov option
[   53.773663][ T4960] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.859383][ T4970] loop1: detected capacity change from 0 to 512
[   53.924299][ T4970] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   53.992195][ T4976] netlink: 24 bytes leftover after parsing attributes in process `syz.5.465'.
[   54.047826][ T4970] EXT4-fs (loop1): 1 truncate cleaned up
[   54.075369][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.147798][ T4970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.292466][ T4970] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.1.462: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[   54.292895][   T29] audit: type=1326 audit(1752095075.567:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4969 comm="syz.1.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42081ce929 code=0x7ffc0000
[   54.336071][   T29] audit: type=1326 audit(1752095075.567:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4969 comm="syz.1.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f42081ce929 code=0x7ffc0000
[   54.359429][   T29] audit: type=1326 audit(1752095075.567:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4969 comm="syz.1.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42081ce929 code=0x7ffc0000
[   54.366897][ T4970] EXT4-fs (loop1): Remounting filesystem read-only
[   54.382698][   T29] audit: type=1326 audit(1752095075.567:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4969 comm="syz.1.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f42081ce929 code=0x7ffc0000
[   54.389165][ T4970] EXT4-fs warning (device loop1): ext4_rename_delete:3726: inode #2: comm syz.1.462: Deleting old file: nlink 5, error=-117
[   54.412465][   T29] audit: type=1326 audit(1752095075.567:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4969 comm="syz.1.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42081ce929 code=0x7ffc0000
[   54.448546][   T29] audit: type=1326 audit(1752095075.567:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4969 comm="syz.1.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f42081ce929 code=0x7ffc0000
[   54.471958][   T29] audit: type=1400 audit(1752095075.567:718): avc:  denied  { rename } for  pid=4969 comm="syz.1.462" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   54.533403][ T4992] loop4: detected capacity change from 0 to 1024
[   54.540269][ T4992] EXT4-fs: Ignoring removed mblk_io_submit option
[   54.546742][ T4992] EXT4-fs: Ignoring removed bh option
[   54.560050][ T4993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.471'.
[   54.568941][ T4993] netlink: 28 bytes leftover after parsing attributes in process `syz.2.471'.
[   54.591050][ T4992] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.716339][ T4998] loop2: detected capacity change from 0 to 256
[   54.754399][ T4998] vfat: Bad value for 'dmask'
[   55.062814][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.186221][ T5014] loop1: detected capacity change from 0 to 8192
[   55.395147][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.432046][ T5021] pim6reg1: entered promiscuous mode
[   55.437519][ T5021] pim6reg1: entered allmulticast mode
[   55.601052][ T5034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.609602][ T5034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   55.666042][ T5040] loop3: detected capacity change from 0 to 2048
[   55.691427][ T5040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.703824][ T5040] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.723648][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.836951][ T5060] loop2: detected capacity change from 0 to 1024
[   55.843742][ T5060] EXT4-fs: Ignoring removed orlov option
[   55.852405][ T5060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.877549][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.029496][ T5075] loop5: detected capacity change from 0 to 1024
[   56.052708][ T5075] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.078411][ T5075] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.501: Allocating blocks 449-513 which overlap fs metadata
[   56.097362][ T5075] __nla_validate_parse: 4 callbacks suppressed
[   56.097446][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.112551][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.137070][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.146020][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.148691][ T5092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.210225][ T5104] loop1: detected capacity change from 0 to 1024
[   56.229233][ T5104] EXT4-fs: Ignoring removed orlov option
[   56.250160][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.259148][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.501'.
[   56.270283][ T5104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.301194][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.312657][ T5115] netlink: 8 bytes leftover after parsing attributes in process `syz.4.509'.
[   56.325053][ T5115] bridge0: port 3(macvlan2) entered blocking state
[   56.331692][ T5115] bridge0: port 3(macvlan2) entered disabled state
[   56.338820][ T5115] macvlan2: entered allmulticast mode
[   56.344322][ T5115] bridge0: entered allmulticast mode
[   56.351858][ T5115] macvlan2: left allmulticast mode
[   56.356992][ T5115] bridge0: left allmulticast mode
[   56.369648][ T5122] FAULT_INJECTION: forcing a failure.
[   56.369648][ T5122] name failslab, interval 1, probability 0, space 0, times 0
[   56.382373][ T5122] CPU: 1 UID: 0 PID: 5122 Comm: syz.1.510 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   56.382456][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   56.382470][ T5122] Call Trace:
[   56.382476][ T5122]  <TASK>
[   56.382583][ T5122]  __dump_stack+0x1d/0x30
[   56.382606][ T5122]  dump_stack_lvl+0xe8/0x140
[   56.382623][ T5122]  dump_stack+0x15/0x1b
[   56.382639][ T5122]  should_fail_ex+0x265/0x280
[   56.382699][ T5122]  should_failslab+0x8c/0xb0
[   56.382722][ T5122]  kmem_cache_alloc_noprof+0x50/0x310
[   56.382748][ T5122]  ? skb_clone+0x151/0x1f0
[   56.382780][ T5122]  skb_clone+0x151/0x1f0
[   56.382822][ T5122]  __netlink_deliver_tap+0x2c9/0x500
[   56.382925][ T5122]  netlink_unicast+0x64c/0x670
[   56.382963][ T5122]  netlink_sendmsg+0x58b/0x6b0
[   56.382997][ T5122]  ? __pfx_netlink_sendmsg+0x10/0x10
[   56.383030][ T5122]  __sock_sendmsg+0x142/0x180
[   56.383107][ T5122]  ____sys_sendmsg+0x31e/0x4e0
[   56.383141][ T5122]  ___sys_sendmsg+0x17b/0x1d0
[   56.383280][ T5122]  __x64_sys_sendmsg+0xd4/0x160
[   56.383315][ T5122]  x64_sys_call+0x2999/0x2fb0
[   56.383381][ T5122]  do_syscall_64+0xd2/0x200
[   56.383457][ T5122]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   56.383493][ T5122]  ? clear_bhb_loop+0x40/0x90
[   56.383515][ T5122]  ? clear_bhb_loop+0x40/0x90
[   56.383535][ T5122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.383555][ T5122] RIP: 0033:0x7f42081ce929
[   56.383571][ T5122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.383643][ T5122] RSP: 002b:00007f4206837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.383663][ T5122] RAX: ffffffffffffffda RBX: 00007f42083f5fa0 RCX: 00007f42081ce929
[   56.383676][ T5122] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[   56.383689][ T5122] RBP: 00007f4206837090 R08: 0000000000000000 R09: 0000000000000000
[   56.383739][ T5122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.383751][ T5122] R13: 0000000000000000 R14: 00007f42083f5fa0 R15: 00007fff479d3568
[   56.383769][ T5122]  </TASK>
[   56.680374][ T5140] loop1: detected capacity change from 0 to 1024
[   56.687070][ T5140] EXT4-fs: Ignoring removed orlov option
[   56.704030][ T5140] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.814792][ T5158] xt_time: invalid argument - start or stop time greater than 23:59:59
[   56.862611][ T5074] EXT4-fs (loop5): pa ffff8881067780e0: logic 48, phys. 177, len 21
[   56.870691][ T5074] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   56.872302][ T5167] ipt_ECN: cannot use operation on non-tcp rule
[   56.903142][ T5167] lo speed is unknown, defaulting to 1000
[   56.955449][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.070906][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.122172][ T5187] loop5: detected capacity change from 0 to 1024
[   57.133446][ T5187] EXT4-fs: Ignoring removed orlov option
[   57.144865][ T5189] loop1: detected capacity change from 0 to 512
[   57.153562][ T5189] EXT4-fs: Ignoring removed mblk_io_submit option
[   57.162517][ T5187] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.176147][ T5189] EXT4-fs: Ignoring removed mblk_io_submit option
[   57.185701][ T5189] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal
[   57.327799][ T2661] ==================================================================
[   57.335920][ T2661] BUG: KCSAN: data-race in n_tty_receive_char_flow_ctrl / tty_set_termios
[   57.344439][ T2661] 
[   57.346763][ T2661] write to 0xffff888104a7cd08 of 44 bytes by task 5202 on cpu 0:
[   57.354487][ T2661]  tty_set_termios+0xc0/0x8c0
[   57.359176][ T2661]  set_termios+0x496/0x4e0
[   57.363597][ T2661]  tty_mode_ioctl+0x379/0x5c0
[   57.368278][ T2661]  n_tty_ioctl_helper+0x91/0x210
[   57.373230][ T2661]  n_tty_ioctl+0x101/0x200
[   57.377643][ T2661]  tty_ioctl+0x845/0xb80
[   57.381900][ T2661]  __se_sys_ioctl+0xce/0x140
[   57.386504][ T2661]  __x64_sys_ioctl+0x43/0x50
[   57.391098][ T2661]  x64_sys_call+0x19a8/0x2fb0
[   57.395775][ T2661]  do_syscall_64+0xd2/0x200
[   57.400293][ T2661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.406197][ T2661] 
[   57.408521][ T2661] read to 0xffff888104a7cd21 of 1 bytes by task 2661 on cpu 1:
[   57.416068][ T2661]  n_tty_receive_char_flow_ctrl+0x23/0x1a0
[   57.421885][ T2661]  n_tty_lookahead_flow_ctrl+0xed/0x130
[   57.427430][ T2661]  tty_port_default_lookahead_buf+0x8e/0xc0
[   57.433330][ T2661]  flush_to_ldisc+0x281/0x360
[   57.438009][ T2661]  process_scheduled_works+0x4cb/0x9d0
[   57.443465][ T2661]  worker_thread+0x582/0x770
[   57.448054][ T2661]  kthread+0x489/0x510
[   57.452114][ T2661]  ret_from_fork+0xda/0x150
[   57.456609][ T2661]  ret_from_fork_asm+0x1a/0x30
[   57.461369][ T2661] 
[   57.463680][ T2661] value changed: 0x11 -> 0xd2
[   57.468340][ T2661] 
[   57.470653][ T2661] Reported by Kernel Concurrency Sanitizer on:
[   57.476788][ T2661] CPU: 1 UID: 0 PID: 2661 Comm: kworker/u8:6 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(voluntary) 
[   57.489365][ T2661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.499416][ T2661] Workqueue: events_unbound flush_to_ldisc
[   57.505235][ T2661] ==================================================================
[   57.636350][ T4237] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.