last executing test programs:

6.986246773s ago: executing program 3 (id=767):
r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0xc}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180400000000000000000000004000008500000008", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
vmsplice(r2, 0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$incfs(0xffffffffffffff9c, &(0x7f00000002c0)='.pending_reads\x00', 0x40800, 0xc)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r6, 0xe, 0xfffffffffffffffe, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111}}, 0x20)
close_range(r7, 0xffffffffffffffff, 0x0)

6.880050221s ago: executing program 3 (id=770):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (fail_nth: 8)

6.632024201s ago: executing program 3 (id=771):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0xfffffffd, 0x8000, 0x0, 0x1}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r1 = gettid()
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r2, &(0x7f0000001340)=[{&(0x7f0000001280)=""/151, 0x97}], 0x1)
readv(r2, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002d40)=""/231, 0xe7}], 0x3)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000880)=0x12, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$packet(0x11, 0xa, 0x300)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x40000000000}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)

4.641291283s ago: executing program 1 (id=794):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000000000000000000000000000000000380005"], 0x78)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x50007a2)
close(r2)

3.720075368s ago: executing program 1 (id=804):
socket$inet6(0xa, 0x3, 0x8000000003c)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
socket(0x1e, 0x4, 0x0)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x236, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f00000001c0))
fcntl$dupfd(r2, 0x0, r3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc06da033, &(0x7f0000000040)={[{}, {@resgid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@noload}, {@inode_readahead_blks}, {@nombcache}]}, 0x1, 0x480, &(0x7f00000004c0)="$eJzs3MtvVNUfAPDvvX3Q8viVH+IDBEXRSHy0tDxk4UajiQuNJrrAuKptIchADa2JEKLoAqMuDIl74tLEv8CVboy6MnGre0NiDBvQ1TV37r3QDjO1U6ad4nw+yTDn3HuHc75z5sw995w7DaBn7cn/SSI2R8SvETFSZBcfsKd4un71/NRfV89PJZFlr/2Z1I+7dvX8VPlf3HjdpmJDlpX5DU3KvfhmxGStNnOmzI/Nn3pnbO7suadOnJo8PnN85vTEkSMHD+wePDxxqCNx5nFd2/n+7K4dL75x6eWpo5fe+vHrvL6by/1VHJ20p3h3m3q004V12ZYF6aS/ixWhLXm75c01UO//I9EXwzf2jcQLH3W1csCqyrIsa3Z+Ll3IgP+wJLpdA6A7qhN9fv1bPdZo6LEu/PFscQGUx329fBR7+iMtjxlouL7tpKGIrK9IXo5VmocAAFjo23z882Sz8V8a9yw47n/lGsrWiPh/RGyLiLsiYntE3B1RP/beiLivzfIbV0huHf+kV1YU2DLl479nyrWtxeO/avQXW/vK3JZ6/APJsRO1mf3le7IvBjbk+fFFL1nsu+d/+bxx22flNHse/9ELf1+uHnn5+fPNI9Mr/Q0TdNOT85MdCT6P/8OInf3N4k+iWsZJImJHROxcYRknHv9qV6t9/x7/EjqwzpR9GfFY0f4XoiH+StJyfXL86cMTh8aGojazf6z6VNzqp58vvtqq/NuKvwPy9t/Y9PNfxJ9fIyZDEXNnz52sr9fOtV/Gxd8+nkpa7Nu+ws//YPJ6PT1Ybntvcn7+zHjEYPJSnh1etH3i5murfHV8Hv++vc37/7b65VnxTtwfEfmHeHdEPBARD5Zt91BEPBwRe5eI/4fnHnm71b7W7b/ErHwH5fFPL9H++VdenrrZ/u0n+k5+/02r8rNltf/BempfFIuTy/n+W24Fb/PtAwAAgDtCWr8HPklHb6TTdHS0uId/e2xMa7Nz808cm3339HRxr/zWGEirma6RBfOh4+XccJWfaMgfKOeNv+gbrudHp2Zr090OHnrcphb9P/d7X7drB6w6v9eC3rVU//90DesBrD3nf+hd7ff/Fnc6Ancc53/oUYPNN3+w1vUAuqL98//QqtQDWHvG/9C79H/oXfo/9KSWv41Pb+sn/3dqon99VKNpYnh9VKNKRLouqtG5xCufFF1ivdSnSvQv+49ZrDCxoemubn8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMY/AQAA//8ux+PM")
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000001300e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=<r6=>0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001c80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r6], 0x1c}}, 0x0)
write$nci(r5, &(0x7f0000001cc0)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x1, @b={0x3, 0x6, 0x1, 0x1f, {0x1, 'g'}, 0x2}}, 0xa)
r9 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r9, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x12e, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r11 = dup(r10)
ioctl$TIOCL_SETSEL(r11, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0x0, 0x0, 0x403}})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)
sendmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000180)="e1", 0x1}, {0x0}], 0x2}}], 0x1, 0x0)

3.45010992s ago: executing program 3 (id=806):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f00000004c0)={[{@delalloc}, {@debug}, {@nojournal_checksum}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@dioread_nolock}, {@nodelalloc}, {@nodelalloc}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}]}, 0xfd, 0x574, &(0x7f0000000cc0)="$eJzs3U1rG0cfAPD/ylLenOexAyG0PZRADk0JkWO7LykUkh5LGxpo76mwFRMsR8GSQ+wGmhyaSy8lFEppoPQD9N5j6Bfopwi0gVCCaQ+l4LLyylFsyW+RIyX6/WDtGe1KM6PZ/2pmV2IDGFjH0z+5iFcj4pskYqRlXT6ylcdXt1t+fHMqXZJYWfn0zyTOrXutJPs/nGVeiYhfv4o4ldtYbm1xabZUqZTns/xYfe7aWG1x6fSVudJMeaZ8dWJy8uzbkxPvvftO19r65sW/v//k/odnvz6x/N3PD4/cTeJ8HM7Wpe3qQhG3WjPHS/9mqUKcX7fheBcK6ydJryvArgxlcV6I9BgwEkNZ1AMvvy8jYgUYUIn4hwHVHAc05/Zdmge/MB59sDoB2tj+/Oq5kTjQmBsdWk6emhml893RLpSflvHLH/fupktsfh7i4BZ5gB25dTsizuTzG49/SXb8270zjZPHm1tfxqB9/kAv3U/HP8mtiA3xn1sb/0Sb8c9wm9jdja3jP/ewC8V0lI7/3m87/l07dI0OZbn/NcZ8heTylUr5TET8PyJORmF/mt/ses7Z5Qcrnda1jv/SJS2/ORbM6vEwv//p50yX6qVnaXOrR7cjXms7/k3W+j9p0//p+3Fxm2UcK997vdO6rdu/t1Z+inijbf8/uaKVbH59cqyxP4w194qN/rpz7LdO5fe6/Wn/H9q8/aNJ6/Xa2s7L+PHAP+VO63a7/+9LPmuk92WP3SjV6/PjEfuSj/PD6x+fePLcZr65fdr+kyfax/9m+386+fp8m+2/c/ROx037of+nd9T/O088+OiLHzqVv73+f6uROpk9sp3j33Yr+CzvHQAAAAAAAPSbXEQcjiRXXEvncsXi6vc7jsahXKVaq5+6XF24Oh2N38qORiHXvNI90vJ9iPHs+7DN/MS6/GREHImIb4cONvLFqWpluteNBwAAAAAAAAAAAAAAAAAAgD4x3OH3/6nfh3pdO2DPNW5ssL/XtQB6Yctb/nfjTk9AX9oy/oGX1s7j35kBeFn4/IfBJf5hcIl/GFzbjf/CyB5XBHjufP7D4BL/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0FUXL1xIl5Xlxzen0vz09cWF2er109Pl2mxxbmGqOFWdv1acqVZnKuXiVHVuq9erVKvXxidi4cZYvVyrj9UWly7NVReu1i9dmSvNlC+VC8+lVQAAAAAAAAAAAAAAAAAAAPBiqS0uzZYqlfK8RMfEueiLauxlA1ft6un5fmmFRFcTPT4wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECL/wIAAP//AzIzTA==")
fallocate(0xffffffffffffffff, 0x20, 0x8000, 0x6)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file2\x00', 0x3000490, &(0x7f0000000380), 0x45, 0x7b0, &(0x7f00000007c0)="$eJzs3ctrW1caAPDvyvIzmbEHBmYyK8PATCBEHmc8yQwMjIcuSqGBQLtuYmTFpJatYMkhNqZNKIVuCm3prt1k3eemdNvHopv2/ygJaeuEpnRRXK4esRxLjpTYUtL8fnCtc+5D53z3XJ17pHstBfDEmkz/ZCKORMQbScR4fX4SEYPVVDZitrbenc2NfDolsbX13PdJdZ3bmxv5aNomdaie+XNEfPFqxLHM7nLLa+uLc8ViYaWen6osXZwqr60fv7A0t1BYKCyfnJ6ZOXHqX6dO7l+sP36zfvjGm0///cPZn1/500evf5nEbByuL2uOY79MxmR9nwymu3CHp/a7sL755KUOVmo6ArIHWRm6lDbMQL1VjsR4DOzVPqO9rBkAcFBejoitdgbaLgEAHmtJ7fz/v37XAwDolcbnALc3N/KNqb+fSPTWzf9HxEgt/sb1zdqSbP2a3Uj1OujY7WTHlZEkIib2ofzJiHj30xfeT6dodx0y2YeCAO5x5WpEnJuY3N3/J7vuWejWP1rPXmjOTN6z8Ek7/0A/fZaOf/7davyXuTv+iRbjn+EWr90Hcf/Xf+b6PhTTVjr++2/TvW13muKvmxio535XHfMNJucvFAtp3/b7iDgag8NpfnqPMo7e+uVWu2XN478f3nrxvbT89HF7jcz17PDObebnKnMPE3Ozm1cj/pJtFX/a/w9X2z9pM/4902EZz/zntXfaLUvjT+NtTLvjP1hb1yL+1rL9twfdyZ73J05VD4epxkHRwsezMdau/MnsdvunU1p+471AL6TtP7Z3/BNJ8/2a5Y6f+u7dYl9fG/+83UrNx3/r+Fsf/0PJ89X0UH3e5blKZWU6Yih5dvf8E9vbNvKN9dP4j/619eu/0f+1Ov7T94TnOtwR2RvffXDf+Eeib+0/31X7d52IkTuLA+3K76z9Z3Zs00n/12kFH3S/AQAAAAAAAAAAAAAAAAAAAAAAAEA3MhFxOJJM7m46k8nlar/h/ccYyxRL5cqx86XV5fmo/lb2RAxmGl91Od70fajT9e/Db+RP3JP/Z0T8ISLeHh6t5nP5UnG+38EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN2hNr//n/p2uN+1AwAOzMhAv2sAAPRYks32uwoAQK+NdLX26IHVAwDone7O/wDAb4HzPwA8ee5z/vdvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADysM6dPp9PWT5sb+TQ/f2ltdbF06fh8obyYW1rN5/KllYu5hVJpoVjI5UtLbZ/oSu2hWCpdnInl1ctTlUK5MlVeWz+7VFpdrpy9sDS3UDhbGOxZZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQufLa+uJcsVhYkehLYvGrWjs8KvWR6C4RV2rt96jUZ/8SMbTdS4z2p3MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAz8GgAA//8swiIW")
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00')
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90)
sched_setscheduler(0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x7)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @dev})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
getpid()
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x1217880, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
getgid()

3.424509122s ago: executing program 1 (id=807):
mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000200)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.u'}, 0x15)
r2 = epoll_create(0x5)
r3 = epoll_create(0x800)
epoll_pwait(r3, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x2, &(0x7f0000000000)={[0x6]}, 0x8)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000100)={0x10000011})
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
write$P9_RVERSION(r1, &(0x7f0000000140)={0x13, 0x65, 0xffff, 0x0, 0x6, '9P2000'}, 0x13)
socket(0x10, 0x3, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f00000003c0)={0x2002})
socket(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0xe, &(0x7f0000000580)={[{@dioread_lock}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug}]}, 0x3, 0x43b, &(0x7f0000000e00)="$eJzs3MtvG0UYAPBv10lKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWkUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0Xdlzq30/admZ3nJnPs2PP7mQTQM8azv5JIvZFxO8RMVjLri4wXPvv1tLC1N9LC1NJVCpv/ZVUy91cWpgqihav25tnRtKI9LMkjjSpd+7ylfOT5fLMpTw/Nn/h/bG5y1eePXdh8uzM2ZmLE6dOnTwx/sLzE8+1Jc6sTTcPfzR79NBr71x7Y+r0tXd//jYp4m+Io02G1zv4RKXS5uq6a39dOunrYkPYklJEZN3VXx3/g1GKlc4bjFc/7WrjgI6qVCqVva0PL1aAO1gS3W4B0B3FF312/VtsOzT1uC3ceKl2AZTFfSvfakf6Is3L9Ddc37bTcEScXvznq2yLztyHAABY5fts/vNMs/lfGvfXlbs7Xxsaioh7IuJARNwbEQcj4r6IatkHIuLBLdbfuEiydv6TXt9WYJuUzf9ezNe2Vs//itlfDJXy3P5q/P3JmXPlmeP5ezIS/buy/Pg6dfzwym9ftDpWP//Ltqz+Yi6Yt+N6367Vr5menJ/8LzHXu/FJxOG+ZvEnyysBSUQciojD26zj3FPfHG11rEX8uzb1g9uwzlT5OuLJWv8vRkP8hWT99cmxu6I8c3ysOCvW+uXXq2+2qn/j/u+srP/3ND3/l+MfSurXa+e2XsfVPz5veU2z3fN/IHm7mh7I9304OT9/aTxiIHm91uj6/RMrry3yRfks/pFjzcf/gVh5J45ERHYSPxQRD0fEI3nbH42IxyLi2Drx//Ty4+9tP/7OyuKf3lL/ryQGonFP80Tp/I/frap0aCvxZ/1/spoayfds5vNvM+3a3tkMAAAA/z9pROyLJB1dTqfp6Gjt9+UPxp60PDs3//SZ2Q8uTteeERiK/rS40zVYdz90PL+sL/ITDfkT+X3jL0u7q/nRqdnydLeDhx63t8X4z/xZ6nbrgI7zvBb0LuMfepfxD73L+Ife1WT87+5GO4Cd1+z7/+MutAPYeQ3j37If9JANr//9RUe4Yxnd0LuMf+hJc7tj44fkJSTWJCK9LZoh0aFEtz+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2uPfAAAA//8SV+Y8")
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x5c}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, r7, 0x1b343c610d980b89)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0}, 0x10)
r9 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES8=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r9}, &(0x7f0000001c00), &(0x7f0000001c40)=r10}, 0x20)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r11}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

3.215088009s ago: executing program 1 (id=808):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x3)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_START_REQ(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000003d3147"], 0x14}}, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000000000}, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x1000)
syz_genetlink_get_family_id$nfc(&(0x7f0000000280), r2)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000580), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0x14, r3, 0xf1f637d198ee7311}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1)
getresuid(&(0x7f0000000800), &(0x7f0000000840)=<r4=>0x0, &(0x7f0000000880))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000008c0)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@lazytime}, {@resuid={'resuid', 0x3d, r4}}, {@quota}]}, 0x3, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
openat$sndseq(0xffffffffffffff9c, 0x0, 0x1a0682)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000005c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noblock_validity}, {@noload}]}, 0x64, 0x517, &(0x7f0000000f80)="$eJzs3c9vI1cdAPDvOHbY7GabFDhAJUqhRdkVrJ00tI04lCIhOFUCyn0JiRNFceIodtomqiAr/gAkhACJE1y4IPEHIKFKXDgipEpwBgECIdjCgQN0KtvjbDY7dry73jgbfz7SeN78/L7naMbzZl7mBTC2nomIVyLivTRNr0fETDa/kA1x2Bla6717+62V1pBEmr72zySSbF53X0k2vpJtdikivvbliG8m98Zt7B9sLtdq1d1sutLc2qk09g9ubGwtr1fXq9uLiwsvLr209MLS/FDKeTUiXv7iX3/w3Z996eVffeaNP938+7VvtbI1nS0/Xo77VOy3sFP0Uvu7OL7B7gMGO4+K7RJmpvLWmLhnzq1HnCcAAPK1rvE/GBGfjIjrMRMT/S9nAQAAgMdQ+vnp+F8Skeab7DEfAAAAeIwU2m1gk0I5awswHYVCudxpw/vhuFyo1RvNT6/V97ZXO21lZ6NUWNuoVeeztsKzUUpa0wvt9J3p509ML0bEkxHx/Zmp9nR5pV5bHfXNDwAAABgTV07U//8z06n/AwAAABfM7KgzAAAAADxy6v8AAABw8fWv/+f03gUAAAA8Tr7y6qutIe32f736+v7eZv31G6vVxmZ5a2+lvFLf3Smv1+vr7Xf2bZ22v1q9vvPZ2N57s9KsNpqVxv7Bza363nbz5sZdXWADAAAAZ+jJj7/9hyQiDj831R5aJgfbdMDVgPOqeJTqNvPJOaz/+ERn/JczyhRwJiZGnQFgZIqjzgAwMqVRZwAYudP+yadn453fZuNPDDc/AADA8M19tPfz/0LfLQ/7LwbOPQcxjC/P/2F8tZ//D9qS18UCXCglVwAw9h76+f+p0vS+MgQAAAzddHtICuXs9t50FArlcsTVdrcApWRto1adj4gnIuL3M6UPtKYX2lsmOgYAAAAAAAAAAAAAAAAAAAAAAAAAgAGlaRIpAAAAcKFFFP6W/LrzLv+5meemT94fmEz+OxNZF6Fv/Pi1H7653GzuLrTm/+tofvNH2fznR3EHAwAAAMbCfXXg362nd+vxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBM795+a6U7nGXcf3whImbz4hfjUnt8KUoRcfnfSRSPbZdExMQQ4k+1Pj6SFz9pZesoZF78qSHEP7zVN37MZt9CXvwrQ4gP4+zt1vnnlbzjrxDPtMf5x18x4q7pB9X7/BdH57+JHsf/1QFjPPXOLyo949+KeKqYf/7pxk96xH92wPjf+PrBQa9l6U8i5nJ/f5K7YlWaWzuVxv7BjY2t5fXqenV7cXHhxaWXll5Ymoi1jVp1vtL+zI3xvY/98r1+5b/cI/7sKeV/bsDy//+dydsf6iRLefGvPZsT/zc/zda4N34h++37VJZuLZ/rpg876eOe/vnvnu5X/tUe5T/t739twPJf/+p3/jzgqgDAGWjsH2wu12rV3QubaNXSz0E2LkiidD6yMaTEt4e6wzRN09Yx9RD7SeI8fC3txKjPTAAAwLDduegfdU4AAAAAAAAAAAAAAAAAAABgfJ3F68ROxjw8SiXDeIU2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBQvB8AAP//XK3YEw==")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000140)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x6}, 0x48)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r9, &(0x7f00000002c0)="dc7712bcb4d3cfae6d408a1831ce5526042af802a72b24333652", 0x20000000}, 0x20)
recvmsg$unix(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)=""/246, 0xf6}], 0x1}, 0x10062)
futex(&(0x7f000000cffc), 0x5, 0x100000, 0x0, &(0x7f0000000000), 0x3000000)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x80000f8, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)

3.214890899s ago: executing program 0 (id=809):
socket(0x1, 0x803, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
io_submit(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
recvfrom$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(0xffffffffffffffff)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)

3.214508779s ago: executing program 3 (id=810):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c1fd67c"], 0x18}}], 0x1, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080), 0x101101, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0xa, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000ffffff80000000000000000000a8e8f2aac80eebaa52c5103f0f4dd1c9fef500"/50], &(0x7f00000005c0)='syzkaller\x00'}, 0x90)
perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xe3589, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1})
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x2}, 0x10}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
close(r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r2}, 0xfffffffffffffda7)
ioctl$SIOCSIFHWADDR(r1, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'})

3.162557063s ago: executing program 0 (id=811):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000051d00000000000000080009000d000000", 0x24)

3.116023657s ago: executing program 0 (id=812):
r0 = syz_socket_connect_nvme_tcp()
pread64(r0, &(0x7f0000000080)=""/148, 0x94, 0x43)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0xa}}, 0x20)

3.040115273s ago: executing program 0 (id=814):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000001280)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03b1d1ca4cb3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc391a65c674a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b450ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bcab12fcc661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc0284c5a5d51f0e115ab159e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6dde4ab67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b418528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03e0d3ab2b71d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac00000000000080014573789425c4c22da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767c0700783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c4d885723734a3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac809c227aa25842f75981bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x37, 0xffffffffffffffff, 0x6}, 0x90) (async)
r0 = socket(0x6, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000800)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@bridge_newvlan={0x30, 0x71, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r3}, [@BRIDGE_VLANDB_ENTRY={0x18, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x1}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x2f}}}]}, 0x30}}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x200000}]}, 0x10)
bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0)
ftruncate(r5, 0x8001) (async)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x4, 0x271a, 0x0, &(0x7f0000000000))
socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000500)="f74a2e6f627084ae7d164d86637d1ee04e52f88aa2db41cccc6a65124ed0cc1b7f55301b4da621d4f4682de551f6ebb52d0e26f712be3ac65685b3ca752afbaa7ea0e817aea2e8c681b9000000000000000f7d71ef5d4239e212f648f2599c861fb0a21d3f99f1b46edd30d2394698396189f8cc279a78ff992cd8559c8c9e9e7dab96d6fb63ac32df0a159bcc99f0bc2b0dd651d6f3b896c26755e073dd2d3af3a0d42d819e27eb85f4ea967a5754f83ac67bd933d1fe04aae9295e2c6094831fd7cafadb6a2406fad899792f000000000000", &(0x7f0000000340)=""/159}, 0x20) (async)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
setuid(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff})
ioctl$int_in(r9, 0x5452, &(0x7f0000b28000)=0xb) (async)
inotify_init1(0x0)

2.926255492s ago: executing program 0 (id=816):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='memory.swap.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
syz_read_part_table(0x5fd, &(0x7f0000000d00)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc")
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe5e, &(0x7f0000000340)='cgroup\x00'}, 0x30)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000340))
preadv(r2, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/21, 0x45}], 0x2, 0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f00000002c0))
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioprio_set$pid(0x1, 0x0, 0x0)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x16d27e, 0x0)
sendfile(r3, r3, 0x0, 0x400008800000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0xd4, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xbc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xb8, 0x3, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '){()*/\xa7%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '\xe1+\x00'}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, 'sys_exit\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '(<\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe5ba}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '*#]\xebf\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff8}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '-\\(\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x68}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_DEBUG_HEADER={0x4}]}, 0xd4}}, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(r6, 0x4010744d, 0x20000000)

2.671996323s ago: executing program 0 (id=817):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0xfffffffd, 0x8000, 0x0, 0x1}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r1 = gettid()
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r2, &(0x7f0000001340)=[{&(0x7f0000001280)=""/151, 0x97}], 0x1)
readv(r2, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002d40)=""/231, 0xe7}], 0x3)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000880)=0x12, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$packet(0x11, 0xa, 0x300)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x40000000000}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)

1.236843559s ago: executing program 3 (id=821):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@fwd={0x1, 0x0, 0x0, 0x13, 0x2}]}, {0x0, [0x5f, 0x2e, 0x2e]}}, 0x0, 0x29}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000000)=@newtaction={0x94, 0x30, 0x0, 0x0, 0x25dfdbfb, {}, [{0x80, 0x1, [@m_nat={0x7c, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @remote, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000006140100"], 0x40}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed000e, &(0x7f0000000200)={[{@i_version}, {@data_err_abort}, {@debug}, {@noload}, {@mblk_io_submit}, {@nouid32}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@grpquota}]}, 0xfe, 0x46b, &(0x7f00000004c0)="$eJzs3M9vFFUcAPDvTH/x01bAHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKoUaWhMhRKsHPBoS78a7f4DxpBeDnky86t2QEMMF9DRmdmZKKbt1tywsdD+fZHbfm3nd974z83bfzNttAF1rOH9IIrZExB8RMVhkby0wXDzduHZh8p9rFyaTyLJ3/k5q5a5fuzBZFa3+bnORybIyP1AVuLx96WUvvh8xMTs7fbbMjy6c/mh0/tz5l2ZOT5ycPjl9Zvzo0UMH9/QfGT/cljjzuK7v+nRu985j7116a/L4pQ9++S5v75Zy+/I4VrG3lTqHi71b17OtvNADYOuydNLbwYbQkp6IyA9XX63/D0ZPbFzaNhhvfNHRxgF3VZZl2UDjzYsZsI4l0ekWAJ1RfdDn17/Vco+GHveFq68WF0B53DfKpdjSG2mR2Nu34vq2nYYj4vjiv9/kSzR/HwIAYM1+zMc/L9Yb/6XxaJHozx8eKudQhiLi4YjYFhHbI2JHRDwSUSv7WEQ83mL9K2dIbh//pFfWHFwT8vHfK+Xc1q3jv7QqMtRT5rbW4u9LTszMTh8o98n+6Bs4MZNMj61Sx0+v//5Vo23Lx3/5ktdfjQXLdlzpXXGDbmpiYeJOYl7u6ucRu3rrxZ9ENY2TRMTOiNi1xjpmnm88IfT/8a+iDfNM2bcRzxXHfzFWxF9JGs5Pjr18ZPzw6IaYnT4wWp0Vt/v1t4tvN6r/juJvg/z4b6p7/i/FP5RsiJg/d/5Ubb52vvU6Lv75ZcNrmhbP/2Nby/O/P3m3tqK/3PDJxMLC2bGI/uTN29eP33y1Kl+Vz+Pfv69+/98WN/fEExGxOyL2RMST5URw3vanIuLpiNi3SvyXX3vmw9bjX+WufBvl8U+tPP4bbykylMd/8/i3nug59fMPjepv7vgfqqX2l2uaef9rtoFr33MAAADw4Ehr34FP0pGldJqOjBTf4d8Rm9LZufmFF07MfXxmqviu/FD0pdWdrsFl90PHynvDVX58Rf5ged/4656NtfzI5NzsVKeDhy63uUH/z/3V0+nWAXed32tB99L/oXvp/9CdEv0fupr+D92rXv//rGHpke/vamOAe8rnP3SvJvr/YvHUeFQAPJh8/kP30v+hKzX8bXx6Rz/5l1j3iUjvi2as70SWZVlv0//MooVENlj0/3zNQN0ynX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA///gquZ6")
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c00000023000100800000000000000000000000050021"], 0x1c}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r7, 0xc020660b, &(0x7f0000000000)={0x0, 0xffffffff004})
select(0x40, &(0x7f0000000000)={0x4}, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2})
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000ec0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000e80)={<r8=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f00000000c0)={0x13, 0x10, 0x8, {0x0, r8, 0x3f00}}, 0x18)
sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="08afccec1dd7b1bcb84b0026bd70190300c77934afa50008000300", @ANYRES32=r4, @ANYBLOB="0800a10008000000"], 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x4000000)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)

1.032103466s ago: executing program 4 (id=825):
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001b80)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00')
getdents64(r4, &(0x7f0000002f40)=""/4098, 0x1002) (async)
sched_setattr(0x0, &(0x7f0000000140)={0x82}, 0x0) (async)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x6, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) (async)
ioctl$AUTOFS_IOC_FAIL(r5, 0x4c80, 0xffffffffffffffb6) (async)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000180))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000040)={0x0, 0x3, 0x7ff}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='mm_page_alloc\x00', r0}, 0x10)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r9, &(0x7f00000001c0), 0x9) (async)
listen(r9, 0x0) (async)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r11 = socket$inet6(0xa, 0x3, 0xd)
setsockopt$sock_timeval(r11, 0x1, 0x42, &(0x7f0000000180)={0x0, 0x2710}, 0x10) (async)
recvmmsg(r11, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

1.031963426s ago: executing program 4 (id=826):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
recvmsg$qrtr(r1, &(0x7f00000025c0)={&(0x7f0000000100), 0xc, &(0x7f0000002500)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/89, 0x59}, {&(0x7f0000001200)=""/8, 0x8}, {&(0x7f0000001240)=""/148, 0x94}, {&(0x7f0000001300)=""/248, 0xf8}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/158, 0x9e}, {&(0x7f00000024c0)=""/53, 0x35}], 0x9, 0x0, 0x0, 0x40010002}, 0x38, 0x40)
fremovexattr(r0, &(0x7f0000000040)=@known='trusted.overlay.impure\x00')

1.031758036s ago: executing program 4 (id=827):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netlink\x00')
lseek(r0, 0x9, 0xf5ffffffffffffff)

1.018710807s ago: executing program 4 (id=828):
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10812, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chdir(&(0x7f0000000200)='./file0\x00')
open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000200))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000"], 0x1c}}, 0x0)

958.404292ms ago: executing program 4 (id=829):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000000000000000000000000000000000380005"], 0x78)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x50007a2)
close(r2)

759.781478ms ago: executing program 2 (id=830):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@mpls_getroute={0x1c, 0x1a, 0x400, 0x0, 0x0, {0x1c, 0x0, 0x0, 0xfe, 0xfc, 0x0, 0x0, 0x1, 0x1800}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000044}, 0x800)
r1 = syz_open_dev$vcsa(&(0x7f0000000380), 0x200000000000000f, 0x224c03)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r1, {r1}}, './file0\x00'})
ioctl$TCFLSH(r2, 0x540b, 0x2000000000000)

692.073774ms ago: executing program 2 (id=831):
r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0xc}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18040000000000000000000000400000850000000800000018", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
vmsplice(r2, 0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$incfs(0xffffffffffffff9c, &(0x7f00000002c0)='.pending_reads\x00', 0x40800, 0xc)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r6, 0xe, 0xfffffffffffffffe, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111}}, 0x20)
close_range(r7, 0xffffffffffffffff, 0x0)

684.689414ms ago: executing program 2 (id=832):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c1fd67c"], 0x18}}], 0x1, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080), 0x101101, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0xa, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000ffffff80000000000000000000a8e8f2aac80eebaa52c5103f0f4dd1c9fef500"/50], &(0x7f00000005c0)='syzkaller\x00'}, 0x90)
perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xe3589, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1})
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x2}, 0x10}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
close(r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r2}, 0xfffffffffffffda7)
ioctl$SIOCSIFHWADDR(r1, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'})

530.096287ms ago: executing program 2 (id=833):
socket$inet6(0xa, 0x3, 0x8000000003c)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
socket(0x1e, 0x4, 0x0)
r1 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_io_uring_setup(0x236, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f00000001c0))
fcntl$dupfd(r1, 0x0, r2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc06da033, &(0x7f0000000040)={[{}, {@resgid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@noload}, {@inode_readahead_blks}, {@nombcache}]}, 0x1, 0x480, &(0x7f00000004c0)="$eJzs3MtvVNUfAPDvvX3Q8viVH+IDBEXRSHy0tDxk4UajiQuNJrrAuKptIchADa2JEKLoAqMuDIl74tLEv8CVboy6MnGre0NiDBvQ1TV37r3QDjO1U6ad4nw+yTDn3HuHc75z5sw995w7DaBn7cn/SSI2R8SvETFSZBcfsKd4un71/NRfV89PJZFlr/2Z1I+7dvX8VPlf3HjdpmJDlpX5DU3KvfhmxGStNnOmzI/Nn3pnbO7suadOnJo8PnN85vTEkSMHD+wePDxxqCNx5nFd2/n+7K4dL75x6eWpo5fe+vHrvL6by/1VHJ20p3h3m3q004V12ZYF6aS/ixWhLXm75c01UO//I9EXwzf2jcQLH3W1csCqyrIsa3Z+Ll3IgP+wJLpdA6A7qhN9fv1bPdZo6LEu/PFscQGUx329fBR7+iMtjxlouL7tpKGIrK9IXo5VmocAAFjo23z882Sz8V8a9yw47n/lGsrWiPh/RGyLiLsiYntE3B1RP/beiLivzfIbV0huHf+kV1YU2DLl479nyrWtxeO/avQXW/vK3JZ6/APJsRO1mf3le7IvBjbk+fFFL1nsu+d/+bxx22flNHse/9ELf1+uHnn5+fPNI9Mr/Q0TdNOT85MdCT6P/8OInf3N4k+iWsZJImJHROxcYRknHv9qV6t9/x7/EjqwzpR9GfFY0f4XoiH+StJyfXL86cMTh8aGojazf6z6VNzqp58vvtqq/NuKvwPy9t/Y9PNfxJ9fIyZDEXNnz52sr9fOtV/Gxd8+nkpa7Nu+ws//YPJ6PT1Ybntvcn7+zHjEYPJSnh1etH3i5murfHV8Hv++vc37/7b65VnxTtwfEfmHeHdEPBARD5Zt91BEPBwRe5eI/4fnHnm71b7W7b/ErHwH5fFPL9H++VdenrrZ/u0n+k5+/02r8rNltf/BempfFIuTy/n+W24Fb/PtAwAAgDtCWr8HPklHb6TTdHS0uId/e2xMa7Nz808cm3339HRxr/zWGEirma6RBfOh4+XccJWfaMgfKOeNv+gbrudHp2Zr090OHnrcphb9P/d7X7drB6w6v9eC3rVU//90DesBrD3nf+hd7ff/Fnc6Ancc53/oUYPNN3+w1vUAuqL98//QqtQDWHvG/9C79H/oXfo/9KSWv41Pb+sn/3dqon99VKNpYnh9VKNKRLouqtG5xCufFF1ivdSnSvQv+49ZrDCxoemubn8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMY/AQAA//8ux+PM")
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)

502.228489ms ago: executing program 2 (id=834):
socket(0x1, 0x803, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
io_submit(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
recvfrom$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(0xffffffffffffffff)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)

392.037338ms ago: executing program 2 (id=835):
socket$inet6(0xa, 0x3, 0x8000000003c)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
socket(0x1e, 0x4, 0x0)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x236, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f00000001c0))
fcntl$dupfd(r2, 0x0, r3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc06da033, &(0x7f0000000040)={[{}, {@resgid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@noload}, {@inode_readahead_blks}, {@nombcache}]}, 0x1, 0x480, &(0x7f00000004c0)="$eJzs3MtvVNUfAPDvvX3Q8viVH+IDBEXRSHy0tDxk4UajiQuNJrrAuKptIchADa2JEKLoAqMuDIl74tLEv8CVboy6MnGre0NiDBvQ1TV37r3QDjO1U6ad4nw+yTDn3HuHc75z5sw995w7DaBn7cn/SSI2R8SvETFSZBcfsKd4un71/NRfV89PJZFlr/2Z1I+7dvX8VPlf3HjdpmJDlpX5DU3KvfhmxGStNnOmzI/Nn3pnbO7suadOnJo8PnN85vTEkSMHD+wePDxxqCNx5nFd2/n+7K4dL75x6eWpo5fe+vHrvL6by/1VHJ20p3h3m3q004V12ZYF6aS/ixWhLXm75c01UO//I9EXwzf2jcQLH3W1csCqyrIsa3Z+Ll3IgP+wJLpdA6A7qhN9fv1bPdZo6LEu/PFscQGUx329fBR7+iMtjxlouL7tpKGIrK9IXo5VmocAAFjo23z882Sz8V8a9yw47n/lGsrWiPh/RGyLiLsiYntE3B1RP/beiLivzfIbV0huHf+kV1YU2DLl479nyrWtxeO/avQXW/vK3JZ6/APJsRO1mf3le7IvBjbk+fFFL1nsu+d/+bxx22flNHse/9ELf1+uHnn5+fPNI9Mr/Q0TdNOT85MdCT6P/8OInf3N4k+iWsZJImJHROxcYRknHv9qV6t9/x7/EjqwzpR9GfFY0f4XoiH+StJyfXL86cMTh8aGojazf6z6VNzqp58vvtqq/NuKvwPy9t/Y9PNfxJ9fIyZDEXNnz52sr9fOtV/Gxd8+nkpa7Nu+ws//YPJ6PT1Ybntvcn7+zHjEYPJSnh1etH3i5murfHV8Hv++vc37/7b65VnxTtwfEfmHeHdEPBARD5Zt91BEPBwRe5eI/4fnHnm71b7W7b/ErHwH5fFPL9H++VdenrrZ/u0n+k5+/02r8rNltf/BempfFIuTy/n+W24Fb/PtAwAAgDtCWr8HPklHb6TTdHS0uId/e2xMa7Nz808cm3339HRxr/zWGEirma6RBfOh4+XccJWfaMgfKOeNv+gbrudHp2Zr090OHnrcphb9P/d7X7drB6w6v9eC3rVU//90DesBrD3nf+hd7ff/Fnc6Ancc53/oUYPNN3+w1vUAuqL98//QqtQDWHvG/9C79H/oXfo/9KSWv41Pb+sn/3dqon99VKNpYnh9VKNKRLouqtG5xCufFF1ivdSnSvQv+49ZrDCxoemubn8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMY/AQAA//8ux+PM")
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000001300e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=<r6=>0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001c80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r6], 0x1c}}, 0x0)
write$nci(r5, &(0x7f0000001cc0)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x1, @b={0x3, 0x6, 0x1, 0x1f, {0x1, 'g'}, 0x2}}, 0xa)
r9 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r9, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x12e, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r11 = dup(r10)
ioctl$TIOCL_SETSEL(r11, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0x0, 0x0, 0x403}})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)

236.899741ms ago: executing program 1 (id=836):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000018007b18e00212ba0d8105040a601100fe0f040b067c55a1bc0009001e0006990300000015001500fe800000000023000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xfb}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

215.523932ms ago: executing program 1 (id=837):
r0 = perf_event_open(&(0x7f0000001a00)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r2 = socket(0x29, 0x5, 0x10000000)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r6=>0x0})
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r7, &(0x7f0000000200)={&(0x7f0000000340)={0x1d, r6, 0x3f420f00}, 0x10, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)
sendmsg$can_bcm(r7, &(0x7f0000000080)={&(0x7f0000000340)={0x1d, r4, 0x3f420f00}, 0x10, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0xfffffffffffffe15)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={&(0x7f0000000180)="f2de457672807bff6616d262145aa18ca3848713db089c5aaec97907adb0b411", &(0x7f00000001c0)=""/49, &(0x7f0000000300)="56f13eb6b68cc230fc1218db77b6fe3d97a539945e79599c223edce864bacd34e8deda51e17f999de946e4d4883b8c18247bf0e2090433263503abc026a93577b2d333038fa2be90465199ceecf79522ea4f6edca668ec806db9941a2fa4ab3ad9c03880ab07eadcfbab3a4d1a", &(0x7f0000000440)="a8a1aaa0ca10a8a84e56918c060ac6938b471e482f3b015b75ec244a0941618edd5043d9b80eca0656cecffcd5c49b8da54559670ed14fbe603f6cff6d4e51286b62c6cf81c5167cd86f1e56158b5fb167923e95bc5e0cb437295af2e58c9d3f2ae4909c7c51d6fed910ca9d7605c70abef1309dff7f42be8601a73675792ea3c8d23c39b48caf321dcaf930e22d7a3426065346baa720e65a", 0x2, r1, 0x4}, 0x38)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r8, @ANYRESDEC=r1, @ANYRES32=r8, @ANYRESOCT=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r9)
syz_read_part_table(0x1055, &(0x7f0000001080)="$eJzsz8FtwlAQBNCxk/j7lhLSQSrJNWcqAdEBfSBaoC4kBFoEtlsADu/ddlaz0obX6nOuquqXeZjT3yX4Si41yWeqfaRq2nRJql0zdde1GdK33eG4epSS/GTb/bUxGeejd9+nMUv/f/+sNwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgnd0CAAD//6UIGbQ=")
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='wchan\x00')
preadv(r10, &(0x7f0000000c80)=[{&(0x7f0000000cc0)=""/102, 0x66}], 0x1, 0x0, 0x0)
getsockopt$inet_buf(r10, 0x0, 0x25, &(0x7f0000000240)=""/167, &(0x7f0000000080)=0xa7)
ioctl$BTRFS_IOC_DEFRAG(r9, 0x50009402, 0x0)

0s ago: executing program 4 (id=838):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10}, 0x48)
recvmmsg(0xffffffffffffffff, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x4, 0x4, 0x221, 0xc1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r0}, 0x38)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
gettid() (async)
r1 = gettid()
r2 = getpid()
rt_tgsigqueueinfo(r2, r1, 0x3a, &(0x7f0000000080)={0x0, 0x0, 0x2})
signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff8]}, 0x8) (async)
r3 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff8]}, 0x8)
read(r3, &(0x7f0000000740)=""/384, 0x200008c0)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r0, &(0x7f00000000c0), 0x20000000}, 0x20) (async)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r0, &(0x7f00000000c0), 0x20000000}, 0x20)
socket(0x28, 0x803, 0x10000000) (async)
r4 = socket(0x28, 0x803, 0x10000000)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) (async)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000003c0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000100000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000900b703000000000000850000001000000095"], &(0x7f0000000040)='syzkaller\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000100000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000900b703000000000000850000001000000095"], &(0x7f0000000040)='syzkaller\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x3a}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4d}}, &(0x7f0000000840)='syzkaller\x00'}, 0x90) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4d}}, &(0x7f0000000840)='syzkaller\x00'}, 0x90)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x19, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x0, &(0x7f0000000040), &(0x7f00000001c0)='syzkaller\x00', 0x1}, 0x90) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x0, &(0x7f0000000040), &(0x7f00000001c0)='syzkaller\x00', 0x1}, 0x90)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[], 0x0}, 0x90)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000400), 0x4)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) (async)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0)

kernel console output (not intermixed with test programs):

[ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.291861][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.301684][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.312109][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.316889][ T5214] FAULT_INJECTION: forcing a failure.
[   89.316889][ T5214] name failslab, interval 1, probability 0, space 0, times 0
[   89.321982][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.334537][ T5214] CPU: 1 UID: 0 PID: 5214 Comm: syz.3.352 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[   89.344900][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.355437][ T5214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   89.355468][ T5214] Call Trace:
[   89.355474][ T5214]  <TASK>
[   89.355481][ T5214]  dump_stack_lvl+0xf2/0x150
[   89.355508][ T5214]  dump_stack+0x15/0x20
[   89.365307][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.375316][ T5214]  should_fail_ex+0x229/0x230
[   89.378586][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.381495][ T5214]  ? __kvmalloc_node_noprof+0x72/0x170
[   89.387832][ T5040] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.390175][ T5214]  should_failslab+0x8f/0xb0
[   89.405248][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.415007][ T5214]  __kmalloc_node_noprof+0xa8/0x380
[   89.415035][ T5214]  __kvmalloc_node_noprof+0x72/0x170
[   89.415054][ T5214]  io_ring_ctx_alloc+0x207/0xe10
[   89.420555][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.427717][ T5214]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   89.432321][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.442783][ T5214]  io_uring_create+0x1cf/0x920
[   89.442808][ T5214]  __se_sys_io_uring_setup+0x1d2/0x1e0
[   89.448032][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.453225][ T5214]  __x64_sys_io_uring_setup+0x31/0x40
[   89.458155][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.467902][ T5214]  x64_sys_call+0x1f7e/0x2d60
[   89.473523][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.483889][ T5214]  do_syscall_64+0xc9/0x1c0
[   89.488642][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.494066][ T5214]  ? clear_bhb_loop+0x55/0xb0
[   89.494092][ T5214]  ? clear_bhb_loop+0x55/0xb0
[   89.503883][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.509213][ T5214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.519608][ T5040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.524237][ T5214] RIP: 0033:0x7f5817dc99f9
[   89.534021][ T5040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.538526][ T5214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.552245][ T5040] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.553564][ T5214] RSP: 002b:00007f5816a47038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[   89.553585][ T5214] RAX: ffffffffffffffda RBX: 00007f5817f65f80 RCX: 00007f5817dc99f9
[   89.559622][ T5040] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.568001][ T5214] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000003ffe
[   89.568016][ T5214] RBP: 00007f5816a47090 R08: 0000000000000000 R09: 0000000000000000
[   89.568028][ T5214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   89.573915][ T5040] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.584306][ T5214] R13: 0000000000000000 R14: 00007f5817f65f80 R15: 00007ffe29441328
[   89.584323][ T5214]  </TASK>
[   89.695372][ T5040] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.704086][ T5040] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.822110][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.832674][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.842520][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.853053][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.862896][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.868848][   T29] audit: type=1400 audit(1723654921.201:706): avc:  denied  { accept } for  pid=5228 comm="syz.0.356" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   89.873975][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.903711][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.914150][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.923991][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.934437][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.944324][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.954770][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.967506][ T5229] vlan2: entered promiscuous mode
[   90.065037][ T5235] loop0: detected capacity change from 0 to 512
[   90.086449][ T5235] EXT4-fs (loop0): Invalid log block size: 63
[   90.101654][ T5237] loop4: detected capacity change from 0 to 2048
[   90.118736][ T5237] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.136926][ T5237] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.238650][ T5247] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=68 sclass=netlink_route_socket pid=5247 comm=syz.2.361
[   90.252671][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.273107][   T29] audit: type=1400 audit(1723654921.601:707): avc:  denied  { setopt } for  pid=5246 comm="syz.2.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   90.332571][ T5245] loop0: detected capacity change from 0 to 512
[   90.343717][ T5245] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   90.360674][ T5245] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   90.377137][ T5245] EXT4-fs (loop0): 1 truncate cleaned up
[   90.390838][ T5245] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.450381][ T5245] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   90.713052][ T5274] netlink: 52 bytes leftover after parsing attributes in process `syz.2.369'.
[   90.721990][ T5274] netlink: 52 bytes leftover after parsing attributes in process `syz.2.369'.
[   90.758573][ T5274] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   90.792980][ T5279] loop2: detected capacity change from 0 to 128
[   90.799799][   T29] audit: type=1400 audit(1723654922.111:708): avc:  denied  { getopt } for  pid=5263 comm="syz.1.367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   90.821535][ T5279] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   90.836745][ T5279] ext4 filesystem being mounted at /39/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   90.850466][ T5279] Process accounting resumed
[   90.858518][   T29] audit: type=1400 audit(1723654922.201:709): avc:  denied  { mounton } for  pid=5278 comm="syz.2.370" path="/39/mnt/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   90.858802][ T5279] 9pnet: p9_errstr2errno: server reported unknown error õ’T‘]‹‘ŽéHº¬RF�Ùl
[   90.902489][ T4361] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   91.000054][ T5286] netlink: 32 bytes leftover after parsing attributes in process `syz.2.373'.
[   91.013907][ T5040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.147487][   T29] audit: type=1400 audit(1723654922.481:710): avc:  denied  { read } for  pid=5310 comm="syz.0.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   91.225228][ T5317] netlink: 8 bytes leftover after parsing attributes in process `syz.4.381'.
[   91.234137][ T5317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.381'.
[   91.245430][ T5315] loop2: detected capacity change from 0 to 2048
[   91.255923][   T29] audit: type=1400 audit(1723654922.531:711): avc:  denied  { getopt } for  pid=5310 comm="syz.0.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   91.275312][   T29] audit: type=1400 audit(1723654922.531:712): avc:  denied  { read } for  pid=5310 comm="syz.0.379" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   91.323394][   T29] audit: type=1400 audit(1723654922.641:713): avc:  denied  { bind } for  pid=5318 comm="syz.0.382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   91.391489][ T5315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.414770][ T5311] EXT4-fs error (device loop2): ext4_ext_precache:627: inode #2: comm syz.2.380: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[   91.435658][ T5311] EXT4-fs error (device loop2): ext4_find_extent:936: inode #2: comm syz.2.380: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   91.506144][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.691488][ T5328] loop4: detected capacity change from 0 to 512
[   91.763456][ T5328] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   91.792572][ T5328] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   91.834153][ T5328] EXT4-fs (loop4): 1 truncate cleaned up
[   91.841431][ T5328] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.862035][   T29] audit: type=1400 audit(1723654923.191:714): avc:  denied  { read write } for  pid=5337 comm="syz.2.387" name="uhid" dev="devtmpfs" ino=227 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   91.886238][   T29] audit: type=1400 audit(1723654923.221:715): avc:  denied  { open } for  pid=5337 comm="syz.2.387" path="/dev/uhid" dev="devtmpfs" ino=227 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   91.923205][ T5338] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.930395][ T5338] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.968360][ T5338] loop2: detected capacity change from 0 to 2048
[   91.986285][ T5328] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   92.005976][ T5338] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.018314][ T5338] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   92.045413][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.177323][ T5350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.390'.
[   92.196461][ T5350] loop0: detected capacity change from 0 to 1764
[   92.693932][ T5362] loop3: detected capacity change from 0 to 164
[   92.700965][ T5362] Unable to read rock-ridge attributes
[   93.097401][ T5368] FAULT_INJECTION: forcing a failure.
[   93.097401][ T5368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.110511][ T5368] CPU: 1 UID: 0 PID: 5368 Comm: syz.2.396 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[   93.121111][ T5368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   93.131238][ T5368] Call Trace:
[   93.134514][ T5368]  <TASK>
[   93.137479][ T5368]  dump_stack_lvl+0xf2/0x150
[   93.140496][ T5372] netlink: 16 bytes leftover after parsing attributes in process `syz.0.398'.
[   93.142072][ T5368]  dump_stack+0x15/0x20
[   93.154173][ T5372] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   93.155203][ T5368]  should_fail_ex+0x229/0x230
[   93.164104][ T5372] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   93.168651][ T5368]  should_fail+0xb/0x10
[   93.168698][ T5368]  should_fail_usercopy+0x1a/0x20
[   93.177594][ T5372] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   93.181558][ T5368]  copy_page_from_iter_atomic+0x22a/0xda0
[   93.181596][ T5368]  ? shmem_write_begin+0xa0/0x1c0
[   93.181650][ T5368]  ? shmem_write_begin+0x10c/0x1c0
[   93.181676][ T5368]  generic_perform_write+0x323/0x580
[   93.186729][ T5372] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   93.195430][ T5368]  shmem_file_write_iter+0xc8/0xf0
[   93.202495][ T5372] geneve2: entered allmulticast mode
[   93.206157][ T5368]  vfs_write+0x78f/0x900
[   93.206192][ T5368]  ? __pfx_shmem_file_write_iter+0x10/0x10
[   93.246004][ T5368]  ksys_write+0xeb/0x1b0
[   93.250316][ T5368]  __x64_sys_write+0x42/0x50
[   93.254971][ T5368]  x64_sys_call+0x27dd/0x2d60
[   93.259636][ T5368]  do_syscall_64+0xc9/0x1c0
[   93.264150][ T5368]  ? clear_bhb_loop+0x55/0xb0
[   93.268844][ T5368]  ? clear_bhb_loop+0x55/0xb0
[   93.273613][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.279503][ T5368] RIP: 0033:0x7fb1b54a84df
[   93.283899][ T5368] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[   93.303526][ T5368] RSP: 002b:00007fb1b4126df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   93.311945][ T5368] RAX: ffffffffffffffda RBX: 0000000000014800 RCX: 00007fb1b54a84df
[   93.319987][ T5368] RDX: 0000000000014800 RSI: 00007fb1abd07000 RDI: 0000000000000004
[   93.328116][ T5368] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000004ee
[   93.336082][ T5368] R10: 00000000000003e8 R11: 0000000000000293 R12: 0000000000000004
[   93.344132][ T5368] R13: 00007fb1b4126ef0 R14: 00007fb1b4126eb0 R15: 00007fb1abd07000
[   93.352101][ T5368]  </TASK>
[   93.357085][ T5368] loop2: detected capacity change from 0 to 164
[   93.386458][ T5380] loop2: detected capacity change from 0 to 2048
[   94.179633][ T5402] loop0: detected capacity change from 0 to 4096
[   94.188334][ T5402] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.262775][ T5413] capability: warning: `syz.0.409' uses 32-bit capabilities (legacy support in use)
[   94.273045][ T5413] program syz.0.409 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   94.311343][ T5422] loop2: detected capacity change from 0 to 512
[   94.336853][ T5418] loop1: detected capacity change from 0 to 8192
[   94.343899][ T5418] vfat: Unknown parameter 'ÿ'
[   94.356846][ T5422] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   94.369637][ T5422] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.400107][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   94.454743][ T5437] tipc: Started in network mode
[   94.459629][ T5437] tipc: Node identity ac1414aa, cluster identity 4711
[   94.473909][ T5437] tipc: Enabled bearer <udp:syz2>, priority 10
[   94.473958][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.530297][ T5446] vlan2: entered promiscuous mode
[   94.535493][ T5446] gretap0: entered promiscuous mode
[   94.540834][ T5446] vlan2: entered allmulticast mode
[   94.546026][ T5446] gretap0: entered allmulticast mode
[   94.642744][ T5461] FAULT_INJECTION: forcing a failure.
[   94.642744][ T5461] name failslab, interval 1, probability 0, space 0, times 0
[   94.655511][ T5461] CPU: 0 UID: 0 PID: 5461 Comm: syz.3.420 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[   94.666113][ T5461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   94.676174][ T5461] Call Trace:
[   94.679446][ T5461]  <TASK>
[   94.682371][ T5461]  dump_stack_lvl+0xf2/0x150
[   94.686976][ T5461]  dump_stack+0x15/0x20
[   94.691146][ T5461]  should_fail_ex+0x229/0x230
[   94.695907][ T5461]  ? hashtab_duplicate+0x10f/0x370
[   94.701031][ T5461]  should_failslab+0x8f/0xb0
[   94.705636][ T5461]  kmem_cache_alloc_noprof+0x4c/0x290
[   94.711018][ T5461]  hashtab_duplicate+0x10f/0x370
[   94.715958][ T5461]  ? __pfx_cond_bools_copy+0x10/0x10
[   94.721245][ T5461]  ? __pfx_cond_bools_destroy+0x10/0x10
[   94.726862][ T5461]  cond_policydb_dup+0xdb/0x710
[   94.731796][ T5461]  ? __kmalloc_node_track_caller_noprof+0x17e/0x380
[   94.738457][ T5461]  security_set_bools+0xa8/0x350
[   94.743433][ T5461]  sel_commit_bools_write+0x1e4/0x260
[   94.748804][ T5461]  ? __pfx_sel_commit_bools_write+0x10/0x10
[   94.754724][ T5461]  vfs_write+0x28b/0x900
[   94.759110][ T5461]  ? __fget_files+0x1da/0x210
[   94.763822][ T5461]  __x64_sys_pwrite64+0xf7/0x150
[   94.768788][ T5461]  x64_sys_call+0x9d5/0x2d60
[   94.773452][ T5461]  do_syscall_64+0xc9/0x1c0
[   94.778030][ T5461]  ? clear_bhb_loop+0x55/0xb0
[   94.782712][ T5461]  ? clear_bhb_loop+0x55/0xb0
[   94.787528][ T5461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.793491][ T5461] RIP: 0033:0x7f5817dc99f9
[   94.797899][ T5461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.817513][ T5461] RSP: 002b:00007f5816a47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   94.825967][ T5461] RAX: ffffffffffffffda RBX: 00007f5817f65f80 RCX: 00007f5817dc99f9
[   94.834040][ T5461] RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003
[   94.842024][ T5461] RBP: 00007f5816a47090 R08: 0000000000000000 R09: 0000000000000000
[   94.849984][ T5461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   94.858028][ T5461] R13: 0000000000000000 R14: 00007f5817f65f80 R15: 00007ffe29441328
[   94.866092][ T5461]  </TASK>
[   94.892617][   T29] kauditd_printk_skb: 6 callbacks suppressed
[   94.892674][   T29] audit: type=1400 audit(1723654926.221:722): avc:  denied  { unmount } for  pid=3780 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   94.961795][ T5474] bond0: (slave netdevsim0): Error: Device can not be enslaved while up
[   94.970693][ T5474] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[   95.005050][ T5040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.055148][ T5482] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20001
[   95.076682][   T29] audit: type=1400 audit(1723654926.391:723): avc:  denied  { connect } for  pid=5481 comm="syz.0.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   95.096409][   T29] audit: type=1400 audit(1723654926.391:724): avc:  denied  { create } for  pid=5481 comm="syz.0.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[   95.158466][ T5487] bridge0: port 3(veth0_to_bond) entered blocking state
[   95.167534][ T5487] bridge0: port 3(veth0_to_bond) entered disabled state
[   95.176787][ T5487] veth0_to_bond: entered allmulticast mode
[   95.190610][ T5487] veth0_to_bond: entered promiscuous mode
[   95.199346][ T5487] bridge0: port 3(veth0_to_bond) entered blocking state
[   95.207337][ T5487] bridge0: port 3(veth0_to_bond) entered forwarding state
[   95.250403][ T5486] loop3: detected capacity change from 0 to 512
[   95.282732][ T5486] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   95.328754][ T5486] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   95.381002][ T5486] EXT4-fs (loop3): 1 truncate cleaned up
[   95.411157][ T5486] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.586913][ T5493] loop0: detected capacity change from 0 to 512
[   95.593357][   T24] tipc: Node number set to 2886997162
[   95.627128][ T5486] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   95.664253][ T5496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=5496 comm=syz.0.430
[   95.676860][ T5496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=5496 comm=syz.0.430
[   95.689571][ T5496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=5496 comm=syz.0.430
[   95.703099][ T5496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.430'.
[   95.714623][ T5496] dummy0: entered promiscuous mode
[   95.861888][ T3775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.936232][ T5504] loop3: detected capacity change from 0 to 512
[   95.962928][   T29] audit: type=1400 audit(1723654927.291:725): avc:  denied  { connect } for  pid=5502 comm="syz.3.434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   95.982062][ T5506] loop4: detected capacity change from 0 to 2368
[   95.982619][   T29] audit: type=1400 audit(1723654927.291:726): avc:  denied  { write } for  pid=5502 comm="syz.3.434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   96.019226][ T5509] loop4: detected capacity change from 0 to 1024
[   96.026435][ T5509] EXT4-fs: Ignoring removed nobh option
[   96.034610][ T5509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.056624][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.070531][ T5513] loop3: detected capacity change from 0 to 512
[   96.086121][ T5513] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.098983][ T5513] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   96.103668][ T5519] loop4: detected capacity change from 0 to 256
[   96.115989][ T5519] vfat: Bad value for 'gid'
[   96.120509][ T5519] vfat: Bad value for 'gid'
[   96.125635][ T3775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.177891][ T5524] bridge0: port 3(veth0_to_bond) entered blocking state
[   96.185683][ T5524] bridge0: port 3(veth0_to_bond) entered disabled state
[   96.195377][ T5524] veth0_to_bond: entered allmulticast mode
[   96.201875][ T5524] FAULT_INJECTION: forcing a failure.
[   96.201875][ T5524] name failslab, interval 1, probability 0, space 0, times 0
[   96.215139][ T5524] CPU: 0 UID: 0 PID: 5524 Comm: syz.4.441 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[   96.225764][ T5524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   96.235855][ T5524] Call Trace:
[   96.239146][ T5524]  <TASK>
[   96.242080][ T5524]  dump_stack_lvl+0xf2/0x150
[   96.246766][ T5524]  dump_stack+0x15/0x20
[   96.250988][ T5524]  should_fail_ex+0x229/0x230
[   96.255701][ T5524]  ? __kernfs_new_node+0x6a/0x380
[   96.260817][ T5524]  should_failslab+0x8f/0xb0
[   96.265617][ T5524]  kmem_cache_alloc_noprof+0x4c/0x290
[   96.270998][ T5524]  __kernfs_new_node+0x6a/0x380
[   96.276006][ T5524]  ? rb_insert_color+0x6a/0x290
[   96.280993][ T5524]  ? up_write+0x30/0xf0
[   96.285263][ T5524]  ? kernfs_activate+0x256/0x270
[   96.290206][ T5524]  kernfs_new_node+0xc8/0x140
[   96.294942][ T5524]  __kernfs_create_file+0x49/0x180
[   96.300111][ T5524]  ? __pfx_brport_store+0x10/0x10
[   96.305140][ T5524]  sysfs_add_file_mode_ns+0x136/0x1c0
[   96.310527][ T5524]  sysfs_create_file_ns+0xd0/0x110
[   96.315778][ T5524]  br_sysfs_addif+0x7d/0x110
[   96.317018][ T5527] loop3: detected capacity change from 0 to 512
[   96.320443][ T5524]  br_add_if+0x2fb/0xa50
[   96.320469][ T5524]  ? security_capable+0x64/0x80
[   96.320489][ T5524]  br_ioctl_stub+0x218/0x5d0
[   96.320515][ T5524]  ? netdev_run_todo+0x770/0x7d0
[   96.329724][ T5527] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   96.330991][ T5524]  ? netdev_run_todo+0x775/0x7d0
[   96.340301][ T5527] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, 
[   96.340497][ T5524]  ? __pfx_br_ioctl_stub+0x10/0x10
[   96.340529][ T5524]  br_ioctl_call+0x93/0xc0
[   96.345564][ T5527] block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   96.355322][ T5524]  dev_ifsioc+0x904/0xa10
[   96.355347][ T5524]  dev_ioctl+0x7fa/0xab0
[   96.355363][ T5524]  sock_do_ioctl+0x11c/0x260
[   96.355392][ T5524]  sock_ioctl+0x470/0x640
[   96.355438][ T5524]  ? __pfx_sock_ioctl+0x10/0x10
[   96.355463][ T5524]  __se_sys_ioctl+0xd3/0x150
[   96.355492][ T5524]  __x64_sys_ioctl+0x43/0x50
[   96.362773][ T5527] EXT4-fs (loop3): 1 truncate cleaned up
[   96.368639][ T5524]  x64_sys_call+0x15cc/0x2d60
[   96.368735][ T5524]  do_syscall_64+0xc9/0x1c0
[   96.368763][ T5524]  ? clear_bhb_loop+0x55/0xb0
[   96.368789][ T5524]  ? clear_bhb_loop+0x55/0xb0
[   96.376577][ T5527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.378291][ T5524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.378322][ T5524] RIP: 0033:0x7f8b276a99f9
[   96.378355][ T5524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.485730][ T5524] RSP: 002b:00007f8b26327038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.494287][ T5524] RAX: ffffffffffffffda RBX: 00007f8b27845f80 RCX: 00007f8b276a99f9
[   96.502249][ T5524] RDX: 0000000020000080 RSI: 00000000000089a2 RDI: 000000000000000a
[   96.510202][ T5524] RBP: 00007f8b26327090 R08: 0000000000000000 R09: 0000000000000000
[   96.518270][ T5524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   96.526301][ T5524] R13: 0000000000000000 R14: 00007f8b27845f80 R15: 00007fffa274a5f8
[   96.534344][ T5524]  </TASK>
[   96.537573][ T5529] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   96.542077][ T5524] veth0_to_bond: left allmulticast mode
[   96.641470][   T29] audit: type=1400 audit(1723654927.971:727): avc:  denied  { relabelfrom } for  pid=5537 comm="syz.4.446" name="" dev="pipefs" ino=13607 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   96.779600][   T29] audit: type=1400 audit(1723654928.111:728): avc:  denied  { write } for  pid=5539 comm="syz.4.447" path="socket:[12773]" dev="sockfs" ino=12773 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   97.455268][ T5545] syzkaller0: entered promiscuous mode
[   97.460776][ T5545] syzkaller0: entered allmulticast mode
[   97.538640][ T5549] loop4: detected capacity change from 0 to 256
[   97.545697][ T5549] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   97.582884][ T5551] loop4: detected capacity change from 0 to 256
[   97.589896][ T5551] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   97.604990][ T5551] FAULT_INJECTION: forcing a failure.
[   97.604990][ T5551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.618206][ T5551] CPU: 1 UID: 0 PID: 5551 Comm: syz.4.451 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[   97.628793][ T5551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   97.638846][ T5551] Call Trace:
[   97.642113][ T5551]  <TASK>
[   97.645033][ T5551]  dump_stack_lvl+0xf2/0x150
[   97.649706][ T5551]  dump_stack+0x15/0x20
[   97.653867][ T5551]  should_fail_ex+0x229/0x230
[   97.658553][ T5551]  should_fail+0xb/0x10
[   97.662704][ T5551]  should_fail_usercopy+0x1a/0x20
[   97.667737][ T5551]  _copy_from_iter+0xd3/0xb00
[   97.672445][ T5551]  ? alloc_pages_mpol_noprof+0xd5/0x1e0
[   97.678074][ T5551]  copy_page_from_iter+0x14f/0x280
[   97.683190][ T5551]  tun_get_user+0x689/0x24b0
[   97.687778][ T5551]  ? kstrtoull+0x110/0x140
[   97.692184][ T5551]  ? ref_tracker_alloc+0x1f5/0x2f0
[   97.697345][ T5551]  tun_chr_write_iter+0x18e/0x240
[   97.702433][ T5551]  vfs_write+0x78f/0x900
[   97.706713][ T5551]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   97.712310][ T5551]  ksys_write+0xeb/0x1b0
[   97.716560][ T5551]  __x64_sys_write+0x42/0x50
[   97.721185][ T5551]  x64_sys_call+0x27dd/0x2d60
[   97.725868][ T5551]  do_syscall_64+0xc9/0x1c0
[   97.730448][ T5551]  ? clear_bhb_loop+0x55/0xb0
[   97.735120][ T5551]  ? clear_bhb_loop+0x55/0xb0
[   97.739791][ T5551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.745679][ T5551] RIP: 0033:0x7f8b276a84df
[   97.750082][ T5551] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[   97.769760][ T5551] RSP: 002b:00007f8b26327000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   97.778175][ T5551] RAX: ffffffffffffffda RBX: 00007f8b27845f80 RCX: 00007f8b276a84df
[   97.786374][ T5551] RDX: 000000000000005e RSI: 0000000020000340 RDI: 00000000000000c8
[   97.794351][ T5551] RBP: 00007f8b26327090 R08: 0000000000000000 R09: 0000000000000000
[   97.802342][ T5551] R10: 000000000000005e R11: 0000000000000293 R12: 0000000000000001
[   97.810300][ T5551] R13: 0000000000000000 R14: 00007f8b27845f80 R15: 00007fffa274a5f8
[   97.818278][ T5551]  </TASK>
[   97.838976][ T5555] unsupported nlmsg_type 40
[   97.856698][ T5557] loop4: detected capacity change from 0 to 128
[   97.863783][ T5557] FAT-fs (loop4): bogus number of reserved sectors
[   97.870303][ T5557] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[   97.879705][ T5557] FAT-fs (loop4): Can't find a valid FAT filesystem
[   97.886404][   T29] audit: type=1400 audit(1723654929.221:729): avc:  denied  { ioctl } for  pid=5558 comm="syz.2.455" path="socket:[13646]" dev="sockfs" ino=13646 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   97.911080][   T29] audit: type=1400 audit(1723654929.221:730): avc:  denied  { ioctl } for  pid=5558 comm="syz.2.455" path="socket:[13648]" dev="sockfs" ino=13648 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   97.958559][   T29] audit: type=1400 audit(1723654929.291:731): avc:  denied  { write } for  pid=5563 comm="syz.1.457" path="socket:[13667]" dev="sockfs" ino=13667 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   98.463252][ T5583] loop1: detected capacity change from 0 to 512
[   98.469859][ T5583] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   98.481291][ T5583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.463'.
[   98.664841][ T5600] loop1: detected capacity change from 0 to 256
[   98.856387][ T5616] netlink: 'syz.1.476': attribute type 29 has an invalid length.
[   98.865445][ T5616] netlink: 'syz.1.476': attribute type 29 has an invalid length.
[   98.897645][ T5624] loop4: detected capacity change from 0 to 2048
[   98.933719][ T5624]  loop4: p2 < >
[   98.938816][ T5626] loop1: detected capacity change from 0 to 1164
[   99.186870][ T3775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.231378][ T5639] netlink: 'syz.1.486': attribute type 2 has an invalid length.
[   99.267392][ T5643] netlink: 20 bytes leftover after parsing attributes in process `syz.1.488'.
[   99.659281][ T5654] loop1: detected capacity change from 0 to 4096
[   99.715814][ T5658] loop1: detected capacity change from 0 to 128
[   99.737738][ T5660] loop4: detected capacity change from 0 to 128
[   99.746747][ T5660] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   99.758974][ T5660] ext4 filesystem being mounted at /43/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   99.800825][ T4933] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   99.935640][ T5670] loop4: detected capacity change from 0 to 512
[   99.943019][ T5670] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   99.955814][ T5670] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   99.970697][ T5670] EXT4-fs (loop4): 1 truncate cleaned up
[   99.977598][ T5670] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.002584][ T5670] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  100.276372][ T5691] FAULT_INJECTION: forcing a failure.
[  100.276372][ T5691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  100.289537][ T5691] CPU: 0 UID: 0 PID: 5691 Comm: syz.3.504 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  100.300138][ T5691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  100.310449][ T5691] Call Trace:
[  100.313750][ T5691]  <TASK>
[  100.316674][ T5691]  dump_stack_lvl+0xf2/0x150
[  100.321258][ T5691]  dump_stack+0x15/0x20
[  100.325400][ T5691]  should_fail_ex+0x229/0x230
[  100.330181][ T5691]  should_fail+0xb/0x10
[  100.334416][ T5691]  should_fail_usercopy+0x1a/0x20
[  100.339447][ T5691]  copy_page_from_iter_atomic+0x22a/0xda0
[  100.345222][ T5691]  ? shmem_write_begin+0xa0/0x1c0
[  100.350368][ T5691]  ? shmem_write_begin+0x10c/0x1c0
[  100.355477][ T5691]  generic_perform_write+0x323/0x580
[  100.360799][ T5691]  shmem_file_write_iter+0xc8/0xf0
[  100.365937][ T5691]  vfs_write+0x78f/0x900
[  100.370248][ T5691]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  100.376082][ T5691]  ksys_write+0xeb/0x1b0
[  100.380371][ T5691]  __x64_sys_write+0x42/0x50
[  100.384974][ T5691]  x64_sys_call+0x27dd/0x2d60
[  100.389633][ T5691]  do_syscall_64+0xc9/0x1c0
[  100.394190][ T5691]  ? clear_bhb_loop+0x55/0xb0
[  100.398945][ T5691]  ? clear_bhb_loop+0x55/0xb0
[  100.403638][ T5691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.409523][ T5691] RIP: 0033:0x7f5817dc84df
[  100.413958][ T5691] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[  100.433651][ T5691] RSP: 002b:00007f5816a46d40 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  100.442150][ T5691] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f5817dc84df
[  100.450154][ T5691] RDX: 0000000000100000 RSI: 00007f580e627000 RDI: 0000000000000004
[  100.458107][ T5691] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000005d0
[  100.466060][ T5691] R10: 0000000020000602 R11: 0000000000000293 R12: 0000000000000004
[  100.474034][ T5691] R13: 00007f5816a46dec R14: 00007f5816a46df0 R15: 00007f580e627000
[  100.482037][ T5691]  </TASK>
[  100.488438][ T5691] loop3: detected capacity change from 0 to 2048
[  100.525432][ T5691]  loop3: p1 p2 p3
[  101.222356][ T5711] loop2: detected capacity change from 0 to 512
[  101.229041][ T5711] ext4: Unknown parameter 'nouser_xattr'
[  101.290156][ T5716] netlink: 251 bytes leftover after parsing attributes in process `syz.3.512'.
[  101.300193][   T29] kauditd_printk_skb: 16 callbacks suppressed
[  101.300212][   T29] audit: type=1326 audit(1723654932.641:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5715 comm="syz.3.512" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5817dc99f9 code=0x0
[  101.339337][   T29] audit: type=1400 audit(1723654932.671:749): avc:  denied  { module_load } for  pid=5710 comm="syz.2.511" path=2F6D656D66643A1037202864656C6574656429 dev="tmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  101.339350][ T5717] Invalid ELF header type: 45549 != 1
[  101.465674][ T5721] loop1: detected capacity change from 0 to 512
[  101.472483][ T5721] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  101.485132][ T5721] EXT4-fs (loop1): 1 truncate cleaned up
[  101.491237][ T5721] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.525596][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.586244][ T5726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.516'.
[  101.595170][   T29] audit: type=1400 audit(1723654932.921:750): avc:  denied  { ioctl } for  pid=5725 comm="syz.1.516" path="socket:[13155]" dev="sockfs" ino=13155 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  101.651731][ T5735] loop0: detected capacity change from 0 to 2048
[  101.658771][ T5735] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  102.201537][ T5753] FAULT_INJECTION: forcing a failure.
[  102.201537][ T5753] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  102.214637][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.3.526 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  102.225313][ T5753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  102.235380][ T5753] Call Trace:
[  102.238658][ T5753]  <TASK>
[  102.241578][ T5753]  dump_stack_lvl+0xf2/0x150
[  102.246185][ T5753]  dump_stack+0x15/0x20
[  102.250361][ T5753]  should_fail_ex+0x229/0x230
[  102.255065][ T5753]  should_fail+0xb/0x10
[  102.259229][ T5753]  should_fail_usercopy+0x1a/0x20
[  102.264323][ T5753]  _copy_from_user+0x1e/0xd0
[  102.268999][ T5753]  copy_msghdr_from_user+0x54/0x2a0
[  102.274335][ T5753]  __sys_sendmsg+0x17d/0x280
[  102.279015][ T5753]  __x64_sys_sendmsg+0x46/0x50
[  102.283818][ T5753]  x64_sys_call+0x2689/0x2d60
[  102.288508][ T5753]  do_syscall_64+0xc9/0x1c0
[  102.293128][ T5753]  ? clear_bhb_loop+0x55/0xb0
[  102.297830][ T5753]  ? clear_bhb_loop+0x55/0xb0
[  102.302566][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.308539][ T5753] RIP: 0033:0x7f5817dc99f9
[  102.313022][ T5753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.332669][ T5753] RSP: 002b:00007f5816a47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.341092][ T5753] RAX: ffffffffffffffda RBX: 00007f5817f65f80 RCX: 00007f5817dc99f9
[  102.349109][ T5753] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  102.357154][ T5753] RBP: 00007f5816a47090 R08: 0000000000000000 R09: 0000000000000000
[  102.365124][ T5753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.373143][ T5753] R13: 0000000000000000 R14: 00007f5817f65f80 R15: 00007ffe29441328
[  102.381246][ T5753]  </TASK>
[  102.569591][   T29] audit: type=1400 audit(1723654933.901:751): avc:  denied  { setopt } for  pid=5756 comm="syz.1.527" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  102.761915][ T5767] netlink: 10 bytes leftover after parsing attributes in process `syz.1.530'.
[  102.787202][ T5769] netlink: 28 bytes leftover after parsing attributes in process `syz.1.531'.
[  102.799270][ T5769] netlink: 'syz.1.531': attribute type 3 has an invalid length.
[  102.886933][ T5777] netlink: 'syz.0.534': attribute type 21 has an invalid length.
[  102.887043][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.924981][ T5780] loop4: detected capacity change from 0 to 512
[  102.951384][ T5777] bridge0: entered promiscuous mode
[  102.968882][   T29] audit: type=1326 audit(1723654934.301:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee5fcc99f9 code=0x7ffc0000
[  102.970137][ T5777] bridge0: left promiscuous mode
[  102.992169][   T29] audit: type=1326 audit(1723654934.301:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee5fcc99f9 code=0x7ffc0000
[  102.996181][   T29] audit: type=1326 audit(1723654934.331:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fee5fcc99f9 code=0x7ffc0000
[  103.043709][   T29] audit: type=1326 audit(1723654934.331:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee5fcc99f9 code=0x7ffc0000
[  103.066970][   T29] audit: type=1326 audit(1723654934.331:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee5fcc99f9 code=0x7ffc0000
[  103.075669][ T5792] netlink: 16 bytes leftover after parsing attributes in process `syz.4.540'.
[  103.090363][   T29] audit: type=1326 audit(1723654934.331:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fee5fcc99f9 code=0x7ffc0000
[  103.099215][ T5792] netlink: 16 bytes leftover after parsing attributes in process `syz.4.540'.
[  103.100805][ T5792] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  103.156771][ T5792] bond1: entered allmulticast mode
[  103.160190][ T5800] FAULT_INJECTION: forcing a failure.
[  103.160190][ T5800] name failslab, interval 1, probability 0, space 0, times 0
[  103.163379][ T5792] 8021q: adding VLAN 0 to HW filter on device bond1
[  103.174509][ T5800] CPU: 1 UID: 0 PID: 5800 Comm: syz.2.541 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  103.191666][ T5800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  103.201723][ T5800] Call Trace:
[  103.204992][ T5800]  <TASK>
[  103.207953][ T5800]  dump_stack_lvl+0xf2/0x150
[  103.212622][ T5800]  dump_stack+0x15/0x20
[  103.216828][ T5800]  should_fail_ex+0x229/0x230
[  103.221499][ T5800]  ? audit_log_start+0x34c/0x6b0
[  103.226424][ T5800]  should_failslab+0x8f/0xb0
[  103.231032][ T5800]  kmem_cache_alloc_noprof+0x4c/0x290
[  103.236460][ T5800]  audit_log_start+0x34c/0x6b0
[  103.241220][ T5800]  ? __bpf_prog_run32+0x74/0xa0
[  103.246151][ T5800]  audit_seccomp+0x4b/0x130
[  103.250716][ T5800]  __seccomp_filter+0x6fa/0x1180
[  103.255726][ T5800]  ? proc_fail_nth_write+0x12d/0x160
[  103.261085][ T5800]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  103.266778][ T5800]  ? vfs_write+0x5a5/0x900
[  103.271418][ T5800]  ? __fget_files+0x1da/0x210
[  103.276090][ T5800]  __secure_computing+0x9f/0x1c0
[  103.281029][ T5800]  syscall_trace_enter+0xd1/0x1f0
[  103.286068][ T5800]  ? fpregs_assert_state_consistent+0x83/0xa0
[  103.292136][ T5800]  do_syscall_64+0xaa/0x1c0
[  103.296690][ T5800]  ? clear_bhb_loop+0x55/0xb0
[  103.301363][ T5800]  ? clear_bhb_loop+0x55/0xb0
[  103.306045][ T5800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.311938][ T5800] RIP: 0033:0x7fb1b54a99f9
[  103.316340][ T5800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.335980][ T5800] RSP: 002b:00007fb1b4127038 EFLAGS: 00000246 ORIG_RAX: 00000000000000cf
[  103.344385][ T5800] RAX: ffffffffffffffda RBX: 00007fb1b5645f80 RCX: 00007fb1b54a99f9
[  103.352453][ T5800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  103.360523][ T5800] RBP: 00007fb1b4127090 R08: 0000000000000000 R09: 0000000000000000
[  103.368498][ T5800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.376486][ T5800] R13: 0000000000000000 R14: 00007fb1b5645f80 R15: 00007fffb0762648
[  103.384535][ T5800]  </TASK>
[  103.420054][ T5809] loop3: detected capacity change from 0 to 512
[  103.429551][ T5809] loop3: detected capacity change from 0 to 512
[  103.438956][ T5809] loop3: detected capacity change from 0 to 512
[  103.448178][ T5809] loop3: detected capacity change from 0 to 512
[  103.457412][ T5809] loop3: detected capacity change from 0 to 512
[  103.466752][ T5809] loop3: detected capacity change from 0 to 512
[  103.476117][ T5809] loop3: detected capacity change from 0 to 512
[  103.485549][ T5809] loop3: detected capacity change from 0 to 512
[  103.494759][ T5809] loop3: detected capacity change from 0 to 512
[  103.504032][ T5809] loop3: detected capacity change from 0 to 512
[  103.513824][ T5809] loop3: detected capacity change from 0 to 512
[  103.523195][ T5809] loop3: detected capacity change from 0 to 512
[  103.532644][ T5809] loop3: detected capacity change from 0 to 512
[  103.542167][ T5809] loop3: detected capacity change from 0 to 512
[  103.551556][ T5809] loop3: detected capacity change from 0 to 512
[  103.561288][ T5809] loop3: detected capacity change from 0 to 512
[  103.597094][ T5811] loop0: detected capacity change from 0 to 512
[  103.606515][ T5811] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  103.700454][ T5811] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  103.718731][ T5811] EXT4-fs (loop0): 1 truncate cleaned up
[  103.730230][ T5811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.869180][ T5811] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  103.934106][ T5828] netlink: 8 bytes leftover after parsing attributes in process `syz.4.549'.
[  103.942914][ T5828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.549'.
[  104.144125][ T5833] loop2: detected capacity change from 0 to 8192
[  104.505407][ T5848] loop2: detected capacity change from 0 to 256
[  104.524401][ T5848] FAT-fs (loop2): Directory bread(block 64) failed
[  104.531332][ T5848] FAT-fs (loop2): Directory bread(block 65) failed
[  104.539109][ T5848] FAT-fs (loop2): Directory bread(block 66) failed
[  104.545849][ T5848] FAT-fs (loop2): Directory bread(block 67) failed
[  104.552492][ T5848] FAT-fs (loop2): Directory bread(block 68) failed
[  104.560316][ T5848] FAT-fs (loop2): Directory bread(block 69) failed
[  104.567040][ T5848] FAT-fs (loop2): Directory bread(block 70) failed
[  104.574929][ T5848] FAT-fs (loop2): Directory bread(block 71) failed
[  104.581671][ T5848] FAT-fs (loop2): Directory bread(block 72) failed
[  104.588354][ T5848] FAT-fs (loop2): Directory bread(block 73) failed
[  104.801515][ T5854] loop2: detected capacity change from 0 to 2048
[  105.017991][ T5860] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.076776][ T5860] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.129084][ T5860] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.180278][ T5860] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.229896][ T5860] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.240646][ T5860] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.251805][ T5860] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.263061][ T5860] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.288677][ T5863] loop4: detected capacity change from 0 to 1024
[  105.304807][ T5863] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.337047][ T5880] syzkaller1: entered promiscuous mode
[  106.342633][ T5880] syzkaller1: entered allmulticast mode
[  106.421312][ T5040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.439516][ T5882] loop0: detected capacity change from 0 to 512
[  106.456008][ T5884] loop1: detected capacity change from 0 to 256
[  106.468554][ T5884] FAT-fs (loop1): Directory bread(block 64) failed
[  106.476004][ T5884] FAT-fs (loop1): Directory bread(block 65) failed
[  106.482755][ T5884] FAT-fs (loop1): Directory bread(block 66) failed
[  106.485112][ T5882] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.490259][ T5884] FAT-fs (loop1): Directory bread(block 67) failed
[  106.506525][ T5882] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.511264][ T5884] FAT-fs (loop1): Directory bread(block 68) failed
[  106.522000][ T5888] netlink: 24 bytes leftover after parsing attributes in process `syz.2.568'.
[  106.535292][ T5888] netlink: 24 bytes leftover after parsing attributes in process `syz.2.568'.
[  106.544238][ T5884] FAT-fs (loop1): Directory bread(block 69) failed
[  106.553128][ T5884] FAT-fs (loop1): Directory bread(block 70) failed
[  106.560178][ T5884] FAT-fs (loop1): Directory bread(block 71) failed
[  106.583492][ T5884] FAT-fs (loop1): Directory bread(block 72) failed
[  106.591607][ T5884] FAT-fs (loop1): Directory bread(block 73) failed
[  106.620440][ T5884] FAULT_INJECTION: forcing a failure.
[  106.620440][ T5884] name failslab, interval 1, probability 0, space 0, times 0
[  106.633191][ T5884] CPU: 0 UID: 0 PID: 5884 Comm: syz.1.567 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  106.643776][ T5884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  106.653826][ T5884] Call Trace:
[  106.657165][ T5884]  <TASK>
[  106.660190][ T5884]  dump_stack_lvl+0xf2/0x150
[  106.664801][ T5884]  dump_stack+0x15/0x20
[  106.669054][ T5884]  should_fail_ex+0x229/0x230
[  106.673765][ T5884]  ? vfat_add_entry+0xd5/0x1b40
[  106.678668][ T5884]  should_failslab+0x8f/0xb0
[  106.683312][ T5884]  __kmalloc_cache_noprof+0x4b/0x2a0
[  106.688692][ T5884]  vfat_add_entry+0xd5/0x1b40
[  106.693409][ T5884]  ? _raw_spin_lock_irqsave+0x3c/0xb0
[  106.698970][ T5884]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  106.704809][ T5884]  ? __wake_up+0x88/0xb0
[  106.709052][ T5884]  ? _raw_spin_unlock+0x26/0x50
[  106.713981][ T5884]  ? ktime_get_coarse_real_ts64+0xf3/0x100
[  106.719835][ T5884]  ? current_time+0xfa/0x1a0
[  106.724444][ T5884]  vfat_create+0xa9/0x190
[  106.728840][ T5884]  ? __pfx_vfat_create+0x10/0x10
[  106.733866][ T5884]  path_openat+0xdbc/0x1f10
[  106.738410][ T5884]  do_filp_open+0xf7/0x200
[  106.742944][ T5884]  do_sys_openat2+0xab/0x120
[  106.747532][ T5884]  __x64_sys_openat+0xf3/0x120
[  106.752403][ T5884]  x64_sys_call+0x1025/0x2d60
[  106.757135][ T5884]  do_syscall_64+0xc9/0x1c0
[  106.761689][ T5884]  ? clear_bhb_loop+0x55/0xb0
[  106.766405][ T5884]  ? clear_bhb_loop+0x55/0xb0
[  106.771092][ T5884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.777068][ T5884] RIP: 0033:0x7fee5fcc99f9
[  106.781521][ T5884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.801335][ T5884] RSP: 002b:00007fee5e941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  106.809740][ T5884] RAX: ffffffffffffffda RBX: 00007fee5fe65f80 RCX: 00007fee5fcc99f9
[  106.817775][ T5884] RDX: 00000000000026e1 RSI: 0000000020000080 RDI: ffffffffffffff9c
[  106.825737][ T5884] RBP: 00007fee5e941090 R08: 0000000000000000 R09: 0000000000000000
[  106.833700][ T5884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.841728][ T5884] R13: 0000000000000000 R14: 00007fee5fe65f80 R15: 00007ffe3fc99ef8
[  106.849718][ T5884]  </TASK>
[  107.002237][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.050690][ T5907] netlink: 12 bytes leftover after parsing attributes in process `syz.0.566'.
[  107.060958][ T5906] netlink: 12 bytes leftover after parsing attributes in process `syz.0.566'.
[  107.217626][   T29] kauditd_printk_skb: 21 callbacks suppressed
[  107.217641][   T29] audit: type=1400 audit(1723654938.551:777): avc:  denied  { read } for  pid=5909 comm="syz.4.574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  107.314001][ T5040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.460423][ T5922] loop2: detected capacity change from 0 to 512
[  107.473697][ T5922] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  107.491469][ T5922] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  107.508426][ T5922] EXT4-fs (loop2): 1 truncate cleaned up
[  107.519327][ T5922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.772943][ T5933] netlink: 24 bytes leftover after parsing attributes in process `syz.0.581'.
[  107.788318][ T5922] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  107.808160][ T5933] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  107.817869][   T29] audit: type=1400 audit(1723654939.141:778): avc:  denied  { load_policy } for  pid=5931 comm="syz.0.581" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  107.838232][ T5933] SELinux: failed to load policy
[  107.878221][ T5940] loop3: detected capacity change from 0 to 256
[  107.891019][ T5940] FAT-fs (loop3): Directory bread(block 64) failed
[  107.897709][ T5940] FAT-fs (loop3): Directory bread(block 65) failed
[  107.904885][ T5941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.913487][ T5940] FAT-fs (loop3): Directory bread(block 66) failed
[  107.920193][ T5941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.928072][ T5940] FAT-fs (loop3): Directory bread(block 67) failed
[  107.934711][ T5940] FAT-fs (loop3): Directory bread(block 68) failed
[  107.941338][ T5940] FAT-fs (loop3): Directory bread(block 69) failed
[  107.947928][ T5940] FAT-fs (loop3): Directory bread(block 70) failed
[  107.954706][ T5940] FAT-fs (loop3): Directory bread(block 71) failed
[  107.961324][ T5940] FAT-fs (loop3): Directory bread(block 72) failed
[  107.967981][ T5940] FAT-fs (loop3): Directory bread(block 73) failed
[  108.101947][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.130346][   T29] audit: type=1400 audit(1723654939.461:779): avc:  denied  { shutdown } for  pid=5949 comm="syz.3.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  108.130565][ T5950] netlink: 36 bytes leftover after parsing attributes in process `syz.3.590'.
[  108.179627][ T5950] loop3: detected capacity change from 0 to 512
[  108.187326][ T5950] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.590: casefold flag without casefold feature
[  108.201233][ T5950] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.590: couldn't read orphan inode 15 (err -117)
[  108.220122][ T5950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.254389][ T3775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.326162][ T5972] loop1: detected capacity change from 0 to 256
[  108.340790][ T5972] FAT-fs (loop1): Directory bread(block 64) failed
[  108.347590][ T5972] FAT-fs (loop1): Directory bread(block 65) failed
[  108.354621][ T5972] FAT-fs (loop1): Directory bread(block 66) failed
[  108.361143][ T5972] FAT-fs (loop1): Directory bread(block 67) failed
[  108.367892][ T5972] FAT-fs (loop1): Directory bread(block 68) failed
[  108.374548][ T5972] FAT-fs (loop1): Directory bread(block 69) failed
[  108.381319][ T5972] FAT-fs (loop1): Directory bread(block 70) failed
[  108.387973][ T5972] FAT-fs (loop1): Directory bread(block 71) failed
[  108.394495][ T5972] FAT-fs (loop1): Directory bread(block 72) failed
[  108.401109][ T5972] FAT-fs (loop1): Directory bread(block 73) failed
[  108.444783][ T5981] FAULT_INJECTION: forcing a failure.
[  108.444783][ T5981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.458087][ T5981] CPU: 0 UID: 0 PID: 5981 Comm: syz.1.598 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  108.468675][ T5981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  108.478793][ T5981] Call Trace:
[  108.482080][ T5981]  <TASK>
[  108.485000][ T5981]  dump_stack_lvl+0xf2/0x150
[  108.489594][ T5981]  dump_stack+0x15/0x20
[  108.493738][ T5981]  should_fail_ex+0x229/0x230
[  108.498579][ T5981]  should_fail+0xb/0x10
[  108.502745][ T5981]  should_fail_usercopy+0x1a/0x20
[  108.507918][ T5981]  _copy_from_iter+0xd3/0xb00
[  108.512601][ T5981]  ? kmalloc_reserve+0x16e/0x190
[  108.517540][ T5981]  ? __build_skb_around+0x196/0x1f0
[  108.522767][ T5981]  ? __alloc_skb+0x21f/0x310
[  108.527359][ T5981]  ? __virt_addr_valid+0x1ed/0x250
[  108.532508][ T5981]  ? __check_object_size+0x35b/0x510
[  108.537982][ T5981]  netlink_sendmsg+0x460/0x6e0
[  108.542745][ T5981]  ? __pfx_netlink_sendmsg+0x10/0x10
[  108.548104][ T5981]  __sock_sendmsg+0x140/0x180
[  108.552834][ T5981]  ____sys_sendmsg+0x312/0x410
[  108.557608][ T5981]  __sys_sendmsg+0x1e9/0x280
[  108.562207][ T5981]  __x64_sys_sendmsg+0x46/0x50
[  108.567009][ T5981]  x64_sys_call+0x2689/0x2d60
[  108.571766][ T5981]  do_syscall_64+0xc9/0x1c0
[  108.576333][ T5981]  ? clear_bhb_loop+0x55/0xb0
[  108.581025][ T5981]  ? clear_bhb_loop+0x55/0xb0
[  108.583028][ T5984] loop2: detected capacity change from 0 to 512
[  108.585696][ T5981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.585802][ T5981] RIP: 0033:0x7fee5fcc99f9
[  108.585818][ T5981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.597451][ T5984] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  108.597931][ T5981] RSP: 002b:00007fee5e941038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.597952][ T5981] RAX: ffffffffffffffda RBX: 00007fee5fe65f80 RCX: 00007fee5fcc99f9
[  108.597963][ T5981] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  108.597973][ T5981] RBP: 00007fee5e941090 R08: 0000000000000000 R09: 0000000000000000
[  108.606080][ T5984] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, 
[  108.622002][ T5981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.622020][ T5981] R13: 0000000000000000 R14: 00007fee5fe65f80 R15: 00007ffe3fc99ef8
[  108.622036][ T5981]  </TASK>
[  108.692869][ T5984] block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  108.704469][ T5984] EXT4-fs (loop2): 1 truncate cleaned up
[  108.715635][ T5990] loop0: detected capacity change from 0 to 1764
[  108.723330][ T5984] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.814676][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'.
[  108.823534][ T5997] netlink: 12 bytes leftover after parsing attributes in process `syz.0.604'.
[  108.833182][ T5984] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  108.881323][   T29] audit: type=1400 audit(1723654940.211:780): avc:  denied  { tracepoint } for  pid=5998 comm="syz.0.605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  109.147014][   T29] audit: type=1400 audit(1723654940.481:781): avc:  denied  { setopt } for  pid=6004 comm="syz.0.606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  109.167885][ T6005] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6005 comm=syz.0.606
[  109.235006][ T6010] netlink: 'syz.0.608': attribute type 10 has an invalid length.
[  109.242802][ T6010] netlink: 40 bytes leftover after parsing attributes in process `syz.0.608'.
[  109.252669][ T6010] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  109.288439][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.307072][ T6014] loop2: detected capacity change from 0 to 1024
[  109.325083][ T6014] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.351674][ T6020] FAULT_INJECTION: forcing a failure.
[  109.351674][ T6020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.351699][ T6020] CPU: 1 UID: 0 PID: 6020 Comm: syz.0.611 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  109.351723][ T6020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  109.351733][ T6020] Call Trace:
[  109.351740][ T6020]  <TASK>
[  109.351747][ T6020]  dump_stack_lvl+0xf2/0x150
[  109.396249][ T6020]  dump_stack+0x15/0x20
[  109.396290][ T6020]  should_fail_ex+0x229/0x230
[  109.405110][ T6020]  should_fail+0xb/0x10
[  109.405199][ T6020]  should_fail_usercopy+0x1a/0x20
[  109.405225][ T6020]  _copy_to_iter+0x246/0xb00
[  109.418961][ T6020]  ? __virt_addr_valid+0x1ed/0x250
[  109.418992][ T6020]  ? __check_object_size+0x35b/0x510
[  109.419034][ T6020]  seq_read_iter+0x7a2/0x940
[  109.433981][ T6020]  seq_read+0x1eb/0x230
[  109.434007][ T6020]  ? __pfx_seq_read+0x10/0x10
[  109.434027][ T6020]  proc_reg_read+0x145/0x1e0
[  109.434055][ T6020]  vfs_readv+0x3f1/0x660
[  109.434146][ T6020]  ? __pfx_proc_reg_read+0x10/0x10
[  109.434174][ T6020]  __x64_sys_preadv+0x100/0x1c0
[  109.434194][ T6020]  x64_sys_call+0x1d5c/0x2d60
[  109.434230][ T6020]  do_syscall_64+0xc9/0x1c0
[  109.470829][ T6020]  ? clear_bhb_loop+0x55/0xb0
[  109.470858][ T6020]  ? clear_bhb_loop+0x55/0xb0
[  109.470882][ T6020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.470908][ T6020] RIP: 0033:0x7fb27cfa99f9
[  109.490510][ T6020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.490529][ T6020] RSP: 002b:00007fb27bc27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  109.518675][ T6020] RAX: ffffffffffffffda RBX: 00007fb27d145f80 RCX: 00007fb27cfa99f9
[  109.518704][ T6020] RDX: 0000000000000002 RSI: 0000000020000240 RDI: 0000000000000003
[  109.518717][ T6020] RBP: 00007fb27bc27090 R08: 0000000000000000 R09: 0000000000000000
[  109.518729][ T6020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.518741][ T6020] R13: 0000000000000000 R14: 00007fb27d145f80 R15: 00007ffd79e4be08
[  109.558607][ T6020]  </TASK>
[  109.597121][ T6021] netlink: 308 bytes leftover after parsing attributes in process `syz.2.610'.
[  109.619556][ T6024] loop1: detected capacity change from 0 to 128
[  109.627556][ T6024] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  109.641444][ T6024] ext4 filesystem being mounted at /131/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  109.732762][   T29] audit: type=1400 audit(1723654941.061:782): avc:  denied  { create } for  pid=6022 comm="syz.1.613" name=2E02 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  109.820074][ T1641] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  109.836428][ T1641] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  109.848936][ T1641] EXT4-fs (loop2): This should not happen!! Data will be lost
[  109.848936][ T1641] 
[  109.858592][ T1641] EXT4-fs (loop2): Total free blocks count 0
[  109.864603][ T1641] EXT4-fs (loop2): Free/Dirty block details
[  109.870577][ T1641] EXT4-fs (loop2): free_blocks=68451041280
[  109.876550][ T1641] EXT4-fs (loop2): dirty_blocks=16384
[  109.882021][ T1641] EXT4-fs (loop2): Block reservation details
[  109.888156][ T1641] EXT4-fs (loop2): i_reserved_data_blocks=1024
[  109.903037][   T40] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28
[  109.934161][ T6033] loop0: detected capacity change from 0 to 1024
[  109.940976][ T6033] /dev/loop0: Can't open blockdev
[  109.941778][   T29] audit: type=1400 audit(1723654941.271:783): avc:  denied  { mounton } for  pid=6032 comm="syz.0.616" path="/49/bus" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  109.986148][ T6035] loop0: detected capacity change from 0 to 128
[  110.070319][   T29] audit: type=1400 audit(1723654941.401:784): avc:  denied  { ioctl } for  pid=6034 comm="syz.0.617" path="/dev/input/event0" dev="devtmpfs" ino=218 ioctlcmd=0x4591 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  110.251938][ T6047] loop2: detected capacity change from 0 to 512
[  110.259321][ T6047] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  110.271793][ T6047] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  110.289270][ T6047] EXT4-fs (loop2): 1 truncate cleaned up
[  110.296721][ T6047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.348322][   T29] audit: type=1400 audit(1723654941.681:785): avc:  denied  { write } for  pid=6053 comm="syz.0.622" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  110.531042][ T6047] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  110.555875][ T3780] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  110.590207][   T29] audit: type=1326 audit(1723654941.921:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.1.624" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fee5fcc99f9 code=0x0
[  110.654667][ T6061] loop1: detected capacity change from 0 to 1024
[  110.737614][ T6061] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.932206][ T6069] loop0: detected capacity change from 0 to 1024
[  110.938920][ T6069] /dev/loop0: Can't open blockdev
[  110.959963][ T6072] loop0: detected capacity change from 0 to 512
[  110.967813][ T6071] netlink: 'syz.0.627': attribute type 9 has an invalid length.
[  110.975520][ T6071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.627'.
[  111.050340][ T6077] netlink: 3 bytes leftover after parsing attributes in process `syz.0.629'.
[  111.295940][ T6091] loop3: detected capacity change from 0 to 128
[  111.302996][ T6091] FAT-fs (loop3): bogus number of reserved sectors
[  111.309605][ T6091] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  111.319030][ T6091] FAT-fs (loop3): Can't find a valid FAT filesystem
[  111.366816][ T6097] netlink: 24 bytes leftover after parsing attributes in process `syz.3.638'.
[  111.433686][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.475542][ T6106] loop1: detected capacity change from 0 to 256
[  111.482279][ T6106] vfat: Bad value for 'fmask'
[  111.498548][ T6106] loop1: detected capacity change from 0 to 1024
[  111.524775][ T6106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.570346][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.055273][ T6137] FAULT_INJECTION: forcing a failure.
[  112.055273][ T6137] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  112.068504][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: syz.3.650 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  112.079108][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  112.089186][ T6137] Call Trace:
[  112.092466][ T6137]  <TASK>
[  112.095417][ T6137]  dump_stack_lvl+0xf2/0x150
[  112.100057][ T6137]  dump_stack+0x15/0x20
[  112.104226][ T6137]  should_fail_ex+0x229/0x230
[  112.108961][ T6137]  should_fail+0xb/0x10
[  112.113216][ T6137]  should_fail_usercopy+0x1a/0x20
[  112.118251][ T6137]  _copy_from_iter+0xd3/0xb00
[  112.122945][ T6137]  ? kmalloc_reserve+0x16e/0x190
[  112.127890][ T6137]  ? __build_skb_around+0x196/0x1f0
[  112.133096][ T6137]  ? __alloc_skb+0x21f/0x310
[  112.137687][ T6137]  ? __virt_addr_valid+0x1ed/0x250
[  112.142825][ T6137]  ? __check_object_size+0x35b/0x510
[  112.148238][ T6137]  netlink_sendmsg+0x460/0x6e0
[  112.153035][ T6137]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.158502][ T6137]  __sock_sendmsg+0x140/0x180
[  112.163192][ T6137]  ____sys_sendmsg+0x312/0x410
[  112.168035][ T6137]  __sys_sendmsg+0x1e9/0x280
[  112.172627][ T6137]  __x64_sys_sendmsg+0x46/0x50
[  112.177426][ T6137]  x64_sys_call+0x2689/0x2d60
[  112.182172][ T6137]  do_syscall_64+0xc9/0x1c0
[  112.186762][ T6137]  ? clear_bhb_loop+0x55/0xb0
[  112.191436][ T6137]  ? clear_bhb_loop+0x55/0xb0
[  112.196262][ T6137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.202178][ T6137] RIP: 0033:0x7f5817dc99f9
[  112.206588][ T6137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.226203][ T6137] RSP: 002b:00007f5816a47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  112.234620][ T6137] RAX: ffffffffffffffda RBX: 00007f5817f65f80 RCX: 00007f5817dc99f9
[  112.242599][ T6137] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  112.250610][ T6137] RBP: 00007f5816a47090 R08: 0000000000000000 R09: 0000000000000000
[  112.258573][ T6137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.266532][ T6137] R13: 0000000000000000 R14: 00007f5817f65f80 R15: 00007ffe29441328
[  112.274504][ T6137]  </TASK>
[  112.407914][ T6149] loop0: detected capacity change from 0 to 512
[  112.425810][ T6149] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  112.443074][ T6149] EXT4-fs (loop0): 1 truncate cleaned up
[  112.449440][ T6149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.512218][   T29] kauditd_printk_skb: 8 callbacks suppressed
[  112.512231][   T29] audit: type=1400 audit(1723654943.841:795): avc:  denied  { mount } for  pid=6158 comm="syz.3.658" name="/" dev="gadgetfs" ino=15715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  112.544081][   T29] audit: type=1400 audit(1723654943.881:796): avc:  denied  { unmount } for  pid=3775 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  112.901413][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  112.955042][ T6187] 9pnet_fd: Insufficient options for proto=fd
[  112.966712][ T6187] loop3: detected capacity change from 0 to 164
[  112.975005][ T6187] rock: corrupted directory entry. extent=41, offset=65536, size=8
[  112.984438][ T6186] batadv_slave_1: entered promiscuous mode
[  113.204721][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.244583][ T6149] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.450107][   T29] audit: type=1400 audit(1723654944.781:797): avc:  denied  { unmount } for  pid=6194 comm="syz.0.669" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  113.472515][   T29] audit: type=1400 audit(1723654944.811:798): avc:  denied  { accept } for  pid=6194 comm="syz.0.669" lport=35159 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  113.860716][   T29] audit: type=1400 audit(1723654945.191:799): avc:  denied  { lock } for  pid=6206 comm="syz.0.673" path="socket:[15201]" dev="sockfs" ino=15201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  114.009166][ T6211] syzkaller0: entered promiscuous mode
[  114.014752][ T6211] syzkaller0: entered allmulticast mode
[  114.026093][   T29] audit: type=1400 audit(1723654945.361:800): avc:  denied  { getopt } for  pid=6209 comm="syz.3.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  114.141522][ T6224] loop2: detected capacity change from 0 to 128
[  114.146814][ T6223] loop3: detected capacity change from 0 to 2048
[  114.149451][ T6224] vfat: Unknown parameter 'xœìÝMk[Àñ'i^šöö¦‹Ëår¹½p¹éÐܹ°Hb@iÁ
[  114.149451][ T6224] ÂÔN5dš”L(DÄf!¸uí¢—"ˆàÎ�ˆÛnü¾íºé΂Å#“™Äi2$i¥¯þ‹Îéœç9sÎœ™6'
[  114.154618][ T6223] EXT4-fs: Ignoring removed orlov option
[  114.188421][ T6223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.211188][ T6223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.680'.
[  114.238595][ T3775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.257727][ T6225] loop0: detected capacity change from 0 to 512
[  114.266869][ T6225] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  114.280440][ T6225] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  114.296270][ T6225] EXT4-fs (loop0): 1 truncate cleaned up
[  114.304779][ T6225] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.360333][ T6238] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  114.384924][ T6240] netlink: 'syz.2.685': attribute type 10 has an invalid length.
[  114.392685][ T6240] netlink: 40 bytes leftover after parsing attributes in process `syz.2.685'.
[  114.401883][ T6240] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.409011][ T6240] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  114.417284][ T6240] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.424712][ T6240] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.431781][ T6240] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.440698][ T6240] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  114.488489][ T6225] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  114.562988][ T6244] netlink: 52 bytes leftover after parsing attributes in process `syz.2.686'.
[  114.571955][ T6244] netlink: 52 bytes leftover after parsing attributes in process `syz.2.686'.
[  114.583570][ T6244] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  114.903540][ T6262] FAULT_INJECTION: forcing a failure.
[  114.903540][ T6262] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  114.916890][ T6262] CPU: 0 UID: 0 PID: 6262 Comm: syz.2.692 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  114.927476][ T6262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  114.937604][ T6262] Call Trace:
[  114.940956][ T6262]  <TASK>
[  114.943940][ T6262]  dump_stack_lvl+0xf2/0x150
[  114.948605][ T6262]  dump_stack+0x15/0x20
[  114.952854][ T6262]  should_fail_ex+0x229/0x230
[  114.957564][ T6262]  should_fail_alloc_page+0xfd/0x110
[  114.962915][ T6262]  __alloc_pages_noprof+0x109/0x360
[  114.968159][ T6262]  alloc_pages_mpol_noprof+0xb1/0x1e0
[  114.973584][ T6262]  folio_alloc_noprof+0xee/0x130
[  114.978545][ T6262]  filemap_alloc_folio_noprof+0x69/0x220
[  114.984162][ T6262]  __filemap_get_folio+0x298/0x5b0
[  114.989256][ T6262]  ? __kmalloc_noprof+0x26d/0x370
[  114.994269][ T6262]  aio_setup_ring+0x266/0x6b0
[  114.999402][ T6262]  ioctx_alloc+0x2b2/0x4c0
[  115.003839][ T6262]  __se_sys_io_setup+0x6b/0x1b0
[  115.008683][ T6262]  __x64_sys_io_setup+0x31/0x40
[  115.013641][ T6262]  x64_sys_call+0x2639/0x2d60
[  115.018350][ T6262]  do_syscall_64+0xc9/0x1c0
[  115.022837][ T6262]  ? clear_bhb_loop+0x55/0xb0
[  115.027504][ T6262]  ? clear_bhb_loop+0x55/0xb0
[  115.032453][ T6262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.038388][ T6262] RIP: 0033:0x7fb1b54a99f9
[  115.042787][ T6262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.062434][ T6262] RSP: 002b:00007fb1b4127038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  115.070903][ T6262] RAX: ffffffffffffffda RBX: 00007fb1b5645f80 RCX: 00007fb1b54a99f9
[  115.078970][ T6262] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000010000
[  115.086922][ T6262] RBP: 00007fb1b4127090 R08: 0000000000000000 R09: 0000000000000000
[  115.094925][ T6262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  115.102906][ T6262] R13: 0000000000000001 R14: 00007fb1b5645f80 R15: 00007fffb0762648
[  115.110941][ T6262]  </TASK>
[  115.202994][ T6267] syzkaller1: entered promiscuous mode
[  115.208646][ T6267] syzkaller1: entered allmulticast mode
[  115.227535][ T5040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.238364][ T6267] loop2: detected capacity change from 0 to 512
[  115.256109][ T6267] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.274437][ T6267] ext4 filesystem being mounted at /104/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  115.406976][ T6278] FAULT_INJECTION: forcing a failure.
[  115.406976][ T6278] name failslab, interval 1, probability 0, space 0, times 0
[  115.419721][ T6278] CPU: 1 UID: 0 PID: 6278 Comm: syz.0.696 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  115.430407][ T6278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  115.440453][ T6278] Call Trace:
[  115.443745][ T6278]  <TASK>
[  115.446661][ T6278]  dump_stack_lvl+0xf2/0x150
[  115.451247][ T6278]  dump_stack+0x15/0x20
[  115.455404][ T6278]  should_fail_ex+0x229/0x230
[  115.460156][ T6278]  ? __kvmalloc_node_noprof+0x72/0x170
[  115.465766][ T6278]  should_failslab+0x8f/0xb0
[  115.470388][ T6278]  __kmalloc_node_noprof+0xa8/0x380
[  115.475606][ T6278]  __kvmalloc_node_noprof+0x72/0x170
[  115.480872][ T6278]  map_get_next_key+0x205/0x350
[  115.485792][ T6278]  __sys_bpf+0x6cb/0x7a0
[  115.490027][ T6278]  __x64_sys_bpf+0x43/0x50
[  115.494458][ T6278]  x64_sys_call+0x2625/0x2d60
[  115.499124][ T6278]  do_syscall_64+0xc9/0x1c0
[  115.503732][ T6278]  ? clear_bhb_loop+0x55/0xb0
[  115.508448][ T6278]  ? clear_bhb_loop+0x55/0xb0
[  115.513181][ T6278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.519064][ T6278] RIP: 0033:0x7fb27cfa99f9
[  115.523462][ T6278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.543138][ T6278] RSP: 002b:00007fb27bc27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  115.551563][ T6278] RAX: ffffffffffffffda RBX: 00007fb27d145f80 RCX: 00007fb27cfa99f9
[  115.559526][ T6278] RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000004
[  115.567598][ T6278] RBP: 00007fb27bc27090 R08: 0000000000000000 R09: 0000000000000000
[  115.575628][ T6278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.583579][ T6278] R13: 0000000000000000 R14: 00007fb27d145f80 R15: 00007ffd79e4be08
[  115.591591][ T6278]  </TASK>
[  115.609536][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.703559][ T6288] netlink: 'syz.4.700': attribute type 10 has an invalid length.
[  115.711565][ T6288] netlink: 40 bytes leftover after parsing attributes in process `syz.4.700'.
[  115.722015][ T6288] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  115.770480][ T6293] loop3: detected capacity change from 0 to 512
[  115.810936][ T6306] loop4: detected capacity change from 0 to 512
[  115.827634][ T6306] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.842090][ T6306] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  115.884875][ T6320] loop1: detected capacity change from 0 to 512
[  115.890007][ T6314] netlink: 80 bytes leftover after parsing attributes in process `syz.3.707'.
[  115.914445][ T6320] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #4: comm syz.1.708: pblk 26 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  115.934601][ T6320] EXT4-fs error (device loop1): ext4_quota_enable:7025: comm syz.1.708: Bad quota inode: 4, type: 1
[  115.946906][ T6320] EXT4-fs warning (device loop1): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  115.962085][ T6320] EXT4-fs (loop1): mount failed
[  116.005673][ T6317] loop0: detected capacity change from 0 to 512
[  116.017375][ T6317] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  116.037713][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.050898][ T6317] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  116.069562][ T6317] EXT4-fs (loop0): 1 truncate cleaned up
[  116.078293][ T6317] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.093876][   T29] audit: type=1400 audit(1723654947.421:801): avc:  denied  { setattr } for  pid=6333 comm="syz.3.712" name="NETLINK" dev="sockfs" ino=16456 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  116.127445][ T6335] loop4: detected capacity change from 0 to 512
[  116.180881][ T6335] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.222468][ T6317] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  116.313407][ T6335] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.450840][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.466444][ T6342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.474988][ T6342] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.486259][ T6342] loop4: detected capacity change from 0 to 128
[  116.495202][ T6342] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  116.507593][ T6342] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  116.687413][ T5040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.076152][ T6364] FAULT_INJECTION: forcing a failure.
[  117.076152][ T6364] name failslab, interval 1, probability 0, space 0, times 0
[  117.089072][ T6364] CPU: 1 UID: 0 PID: 6364 Comm: syz.1.720 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  117.099751][ T6364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  117.109804][ T6364] Call Trace:
[  117.113093][ T6364]  <TASK>
[  117.116046][ T6364]  dump_stack_lvl+0xf2/0x150
[  117.120686][ T6364]  dump_stack+0x15/0x20
[  117.124839][ T6364]  should_fail_ex+0x229/0x230
[  117.129525][ T6364]  ? getname_flags+0x81/0x3b0
[  117.134195][ T6364]  should_failslab+0x8f/0xb0
[  117.138855][ T6364]  kmem_cache_alloc_noprof+0x4c/0x290
[  117.144301][ T6364]  getname_flags+0x81/0x3b0
[  117.148818][ T6364]  user_path_at+0x26/0x110
[  117.153305][ T6364]  __se_sys_mount+0x248/0x2d0
[  117.157997][ T6364]  ? fput+0x13b/0x180
[  117.161995][ T6364]  __x64_sys_mount+0x67/0x80
[  117.166663][ T6364]  x64_sys_call+0x203e/0x2d60
[  117.171466][ T6364]  do_syscall_64+0xc9/0x1c0
[  117.176208][ T6364]  ? clear_bhb_loop+0x55/0xb0
[  117.181005][ T6364]  ? clear_bhb_loop+0x55/0xb0
[  117.185753][ T6364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.191651][ T6364] RIP: 0033:0x7fee5fcc99f9
[  117.196061][ T6364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.215703][ T6364] RSP: 002b:00007fee5e941038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  117.224189][ T6364] RAX: ffffffffffffffda RBX: 00007fee5fe65f80 RCX: 00007fee5fcc99f9
[  117.232244][ T6364] RDX: 0000000020000240 RSI: 0000000020000100 RDI: 0000000000000000
[  117.240216][ T6364] RBP: 00007fee5e941090 R08: 0000000000000000 R09: 0000000000000000
[  117.248256][ T6364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.256221][ T6364] R13: 0000000000000000 R14: 00007fee5fe65f80 R15: 00007ffe3fc99ef8
[  117.264205][ T6364]  </TASK>
[  117.286916][ T4933] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  117.325718][ T6368] pim6reg1: entered promiscuous mode
[  117.331043][ T6368] pim6reg1: entered allmulticast mode
[  117.393589][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  117.447405][ T6383] netlink: 'syz.4.726': attribute type 29 has an invalid length.
[  117.455638][ T6383] netlink: 'syz.4.726': attribute type 29 has an invalid length.
[  117.463923][ T6383] netlink: 'syz.4.726': attribute type 29 has an invalid length.
[  117.501291][ T6386] loop3: detected capacity change from 0 to 1024
[  117.509621][ T6386] EXT4-fs: Ignoring removed oldalloc option
[  117.516764][ T6386] EXT4-fs (loop3): stripe (222) is not aligned with cluster size (16), stripe is disabled
[  117.593785][ T6386] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.607227][ T6386] netlink: 'syz.3.727': attribute type 1 has an invalid length.
[  117.631762][ T6381] loop1: detected capacity change from 0 to 512
[  117.647490][ T6386] 8021q: adding VLAN 0 to HW filter on device batadv1
[  117.656350][ T6381] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  117.667705][ T6386] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[  117.680822][ T6381] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  117.699902][ T6386] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  117.707764][ T6381] EXT4-fs (loop1): 1 truncate cleaned up
[  117.716219][ T6381] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.720094][ T6386] bond1 (unregistering): Released all slaves
[  117.779396][ T3775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.823811][ T6381] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  117.857643][ T6398] FAULT_INJECTION: forcing a failure.
[  117.857643][ T6398] name failslab, interval 1, probability 0, space 0, times 0
[  117.870338][ T6398] CPU: 0 UID: 0 PID: 6398 Comm: syz.3.730 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  117.881010][ T6398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  117.891118][ T6398] Call Trace:
[  117.894393][ T6398]  <TASK>
[  117.897313][ T6398]  dump_stack_lvl+0xf2/0x150
[  117.902013][ T6398]  dump_stack+0x15/0x20
[  117.906273][ T6398]  should_fail_ex+0x229/0x230
[  117.911033][ T6398]  ? skb_clone+0x154/0x1f0
[  117.915525][ T6398]  should_failslab+0x8f/0xb0
[  117.920168][ T6398]  kmem_cache_alloc_noprof+0x4c/0x290
[  117.925547][ T6398]  skb_clone+0x154/0x1f0
[  117.929856][ T6398]  __netlink_deliver_tap+0x2bd/0x4c0
[  117.935126][ T6398]  netlink_sendskb+0x123/0x140
[  117.939890][ T6398]  netlink_unicast+0x291/0x670
[  117.944684][ T6398]  netlink_ack+0x4c4/0x4f0
[  117.949089][ T6398]  netlink_rcv_skb+0x19c/0x230
[  117.953933][ T6398]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  117.959488][ T6398]  rtnetlink_rcv+0x1c/0x30
[  117.963896][ T6398]  netlink_unicast+0x593/0x670
[  117.968663][ T6398]  netlink_sendmsg+0x5cc/0x6e0
[  117.973419][ T6398]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.978750][ T6398]  __sock_sendmsg+0x140/0x180
[  117.983483][ T6398]  ____sys_sendmsg+0x312/0x410
[  117.988387][ T6398]  __sys_sendmsg+0x1e9/0x280
[  117.992969][ T6398]  __x64_sys_sendmsg+0x46/0x50
[  117.997716][ T6398]  x64_sys_call+0x2689/0x2d60
[  118.002376][ T6398]  do_syscall_64+0xc9/0x1c0
[  118.006863][ T6398]  ? clear_bhb_loop+0x55/0xb0
[  118.011535][ T6398]  ? clear_bhb_loop+0x55/0xb0
[  118.016253][ T6398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.022166][ T6398] RIP: 0033:0x7f5817dc99f9
[  118.026569][ T6398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.046164][ T6398] RSP: 002b:00007f5816a47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.054625][ T6398] RAX: ffffffffffffffda RBX: 00007f5817f65f80 RCX: 00007f5817dc99f9
[  118.062798][ T6398] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[  118.070752][ T6398] RBP: 00007f5816a47090 R08: 0000000000000000 R09: 0000000000000000
[  118.078790][ T6398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  118.086868][ T6398] R13: 0000000000000000 R14: 00007f5817f65f80 R15: 00007ffe29441328
[  118.094903][ T6398]  </TASK>
[  118.144829][   T29] audit: type=1326 audit(1723654949.481:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb27cfa99f9 code=0x7ffc0000
[  118.168246][   T29] audit: type=1326 audit(1723654949.481:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb27cfa99f9 code=0x7ffc0000
[  118.191574][   T29] audit: type=1326 audit(1723654949.481:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb27cfa8390 code=0x7ffc0000
[  118.202378][ T6408] tipc: Invalid UDP bearer configuration
[  118.214833][   T29] audit: type=1326 audit(1723654949.481:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb27cfab187 code=0x7ffc0000
[  118.220464][ T6408] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  118.243748][   T29] audit: type=1326 audit(1723654949.481:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb27cfa99f9 code=0x7ffc0000
[  118.275193][   T29] audit: type=1326 audit(1723654949.481:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb27cfab187 code=0x7ffc0000
[  118.298494][   T29] audit: type=1326 audit(1723654949.481:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb27cfa868a code=0x7ffc0000
[  118.321655][   T29] audit: type=1326 audit(1723654949.481:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb27cfa99f9 code=0x7ffc0000
[  118.344873][   T29] audit: type=1326 audit(1723654949.481:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb27cfa99f9 code=0x7ffc0000
[  118.368126][   T29] audit: type=1326 audit(1723654949.481:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6405 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb27cfa99f9 code=0x7ffc0000
[  118.414947][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.432307][ T6413] netlink: 20 bytes leftover after parsing attributes in process `syz.1.735'.
[  118.447845][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.460530][ T6413] bridge_slave_0 (unregistering): left allmulticast mode
[  118.467621][ T6413] bridge_slave_0 (unregistering): left promiscuous mode
[  118.474589][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.510891][ T6416] loop4: detected capacity change from 0 to 1024
[  118.518212][ T6416] EXT4-fs: Ignoring removed nobh option
[  118.525935][ T6416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.540340][ T6416] Non-string source
[  118.621649][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.995029][ T6430] loop3: detected capacity change from 0 to 2048
[  119.151059][ T6445] loop4: detected capacity change from 0 to 512
[  119.162131][ T6445] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  119.176943][ T6454] loop0: detected capacity change from 0 to 256
[  119.177209][ T6445] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  119.202881][ T6445] EXT4-fs (loop4): 1 truncate cleaned up
[  119.205555][ T6454] FAT-fs (loop0): Directory bread(block 64) failed
[  119.216869][ T6454] FAT-fs (loop0): Directory bread(block 65) failed
[  119.217243][ T6445] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.223435][ T6454] FAT-fs (loop0): Directory bread(block 66) failed
[  119.223454][ T6454] FAT-fs (loop0): Directory bread(block 67) failed
[  119.223477][ T6454] FAT-fs (loop0): Directory bread(block 68) failed
[  119.223494][ T6454] FAT-fs (loop0): Directory bread(block 69) failed
[  119.223521][ T6454] FAT-fs (loop0): Directory bread(block 70) failed
[  119.223538][ T6454] FAT-fs (loop0): Directory bread(block 71) failed
[  119.223571][ T6454] FAT-fs (loop0): Directory bread(block 72) failed
[  119.282019][ T6454] FAT-fs (loop0): Directory bread(block 73) failed
[  119.364701][ T6445] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  119.379677][ T6461] FAULT_INJECTION: forcing a failure.
[  119.379677][ T6461] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  119.392844][ T6461] CPU: 1 UID: 0 PID: 6461 Comm: syz.0.753 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  119.403526][ T6461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  119.413564][ T6461] Call Trace:
[  119.416825][ T6461]  <TASK>
[  119.419736][ T6461]  dump_stack_lvl+0xf2/0x150
[  119.424362][ T6461]  dump_stack+0x15/0x20
[  119.428528][ T6461]  should_fail_ex+0x229/0x230
[  119.433230][ T6461]  should_fail+0xb/0x10
[  119.437398][ T6461]  should_fail_usercopy+0x1a/0x20
[  119.442493][ T6461]  _copy_from_user+0x1e/0xd0
[  119.447105][ T6461]  do_arpt_set_ctl+0x42f/0xa20
[  119.451877][ T6461]  ? _raw_spin_unlock_bh+0x36/0x40
[  119.457032][ T6461]  nf_setsockopt+0x195/0x1b0
[  119.461660][ T6461]  ip_setsockopt+0xea/0x100
[  119.466186][ T6461]  udp_setsockopt+0x95/0xb0
[  119.470726][ T6461]  sock_common_setsockopt+0x64/0x80
[  119.475922][ T6461]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  119.481807][ T6461]  __sys_setsockopt+0x1d8/0x250
[  119.486709][ T6461]  __x64_sys_setsockopt+0x66/0x80
[  119.492217][ T6461]  x64_sys_call+0x278d/0x2d60
[  119.496907][ T6461]  do_syscall_64+0xc9/0x1c0
[  119.501437][ T6461]  ? clear_bhb_loop+0x55/0xb0
[  119.506137][ T6461]  ? clear_bhb_loop+0x55/0xb0
[  119.510794][ T6461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.516736][ T6461] RIP: 0033:0x7fb27cfa99f9
[  119.521133][ T6461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.540806][ T6461] RSP: 002b:00007fb27bc27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  119.549276][ T6461] RAX: ffffffffffffffda RBX: 00007fb27d145f80 RCX: 00007fb27cfa99f9
[  119.557344][ T6461] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000005
[  119.565301][ T6461] RBP: 00007fb27bc27090 R08: 0000000000000068 R09: 0000000000000000
[  119.573256][ T6461] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[  119.581214][ T6461] R13: 0000000000000000 R14: 00007fb27d145f80 R15: 00007ffd79e4be08
[  119.589172][ T6461]  </TASK>
[  119.802926][ T6473] FAULT_INJECTION: forcing a failure.
[  119.802926][ T6473] name failslab, interval 1, probability 0, space 0, times 0
[  119.815662][ T6473] CPU: 1 UID: 0 PID: 6473 Comm: syz.1.757 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  119.826253][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  119.836300][ T6473] Call Trace:
[  119.839565][ T6473]  <TASK>
[  119.842508][ T6473]  dump_stack_lvl+0xf2/0x150
[  119.847110][ T6473]  dump_stack+0x15/0x20
[  119.851353][ T6473]  should_fail_ex+0x229/0x230
[  119.856085][ T6473]  ? __vmalloc_node_range_noprof+0x44b/0xef0
[  119.862063][ T6473]  should_failslab+0x8f/0xb0
[  119.866667][ T6473]  __kmalloc_node_noprof+0xa8/0x380
[  119.871910][ T6473]  __vmalloc_node_range_noprof+0x44b/0xef0
[  119.877770][ T6473]  ? bpf_prog_alloc_no_stats+0x49/0x290
[  119.883519][ T6473]  __vmalloc_noprof+0x5e/0x70
[  119.888243][ T6473]  ? bpf_prog_alloc_no_stats+0x49/0x290
[  119.893848][ T6473]  bpf_prog_alloc_no_stats+0x49/0x290
[  119.899265][ T6473]  ? bpf_prog_alloc+0x28/0x150
[  119.904044][ T6473]  bpf_prog_alloc+0x3a/0x150
[  119.908648][ T6473]  bpf_prog_load+0x4d1/0x1060
[  119.913426][ T6473]  __sys_bpf+0x463/0x7a0
[  119.917746][ T6473]  __x64_sys_bpf+0x43/0x50
[  119.922163][ T6473]  x64_sys_call+0x2625/0x2d60
[  119.926847][ T6473]  do_syscall_64+0xc9/0x1c0
[  119.931401][ T6473]  ? clear_bhb_loop+0x55/0xb0
[  119.936091][ T6473]  ? clear_bhb_loop+0x55/0xb0
[  119.940770][ T6473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.946726][ T6473] RIP: 0033:0x7fee5fcc99f9
[  119.951127][ T6473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.970737][ T6473] RSP: 002b:00007fee5e941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  119.979336][ T6473] RAX: ffffffffffffffda RBX: 00007fee5fe65f80 RCX: 00007fee5fcc99f9
[  119.987302][ T6473] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[  119.995273][ T6473] RBP: 00007fee5e941090 R08: 0000000000000000 R09: 0000000000000000
[  120.003243][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.011210][ T6473] R13: 0000000000000001 R14: 00007fee5fe65f80 R15: 00007ffe3fc99ef8
[  120.019182][ T6473]  </TASK>
[  120.019252][ T6473] syz.1.757: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz1,mems_allowed=0
[  120.040056][ T6473] CPU: 1 UID: 0 PID: 6473 Comm: syz.1.757 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  120.050709][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  120.060824][ T6473] Call Trace:
[  120.064149][ T6473]  <TASK>
[  120.067059][ T6473]  dump_stack_lvl+0xf2/0x150
[  120.071664][ T6473]  dump_stack+0x15/0x20
[  120.075802][ T6473]  warn_alloc+0x145/0x1b0
[  120.080176][ T6473]  ? dump_stack+0x15/0x20
[  120.084628][ T6473]  ? should_fail_ex+0x198/0x230
[  120.089557][ T6473]  __vmalloc_node_range_noprof+0x4df/0xef0
[  120.095417][ T6473]  ? bpf_prog_alloc_no_stats+0x49/0x290
[  120.100946][ T6473]  __vmalloc_noprof+0x5e/0x70
[  120.105603][ T6473]  ? bpf_prog_alloc_no_stats+0x49/0x290
[  120.111155][ T6473]  bpf_prog_alloc_no_stats+0x49/0x290
[  120.116649][ T6473]  ? bpf_prog_alloc+0x28/0x150
[  120.121446][ T6473]  bpf_prog_alloc+0x3a/0x150
[  120.126124][ T6473]  bpf_prog_load+0x4d1/0x1060
[  120.130890][ T6473]  __sys_bpf+0x463/0x7a0
[  120.135176][ T6473]  __x64_sys_bpf+0x43/0x50
[  120.139571][ T6473]  x64_sys_call+0x2625/0x2d60
[  120.144235][ T6473]  do_syscall_64+0xc9/0x1c0
[  120.148782][ T6473]  ? clear_bhb_loop+0x55/0xb0
[  120.153465][ T6473]  ? clear_bhb_loop+0x55/0xb0
[  120.158179][ T6473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.164056][ T6473] RIP: 0033:0x7fee5fcc99f9
[  120.168548][ T6473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.188134][ T6473] RSP: 002b:00007fee5e941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  120.196534][ T6473] RAX: ffffffffffffffda RBX: 00007fee5fe65f80 RCX: 00007fee5fcc99f9
[  120.204575][ T6473] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[  120.212556][ T6473] RBP: 00007fee5e941090 R08: 0000000000000000 R09: 0000000000000000
[  120.220523][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.228569][ T6473] R13: 0000000000000001 R14: 00007fee5fe65f80 R15: 00007ffe3fc99ef8
[  120.236752][ T6473]  </TASK>
[  120.240047][ T6473] Mem-Info:
[  120.243151][ T6473] active_anon:23339 inactive_anon:0 isolated_anon:0
[  120.243151][ T6473]  active_file:8655 inactive_file:12176 isolated_file:0
[  120.243151][ T6473]  unevictable:1 dirty:309 writeback:0
[  120.243151][ T6473]  slab_reclaimable:3078 slab_unreclaimable:15503
[  120.243151][ T6473]  mapped:26515 shmem:20668 pagetables:665
[  120.243151][ T6473]  sec_pagetables:0 bounce:0
[  120.243151][ T6473]  kernel_misc_reclaimable:0
[  120.243151][ T6473]  free:1870750 free_pcp:20456 free_cma:0
[  120.288339][ T6473] Node 0 active_anon:93356kB inactive_anon:0kB active_file:34620kB inactive_file:48704kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:106060kB dirty:1236kB writeback:0kB shmem:82672kB writeback_tmp:0kB kernel_stack:2976kB pagetables:2660kB sec_pagetables:0kB all_unreclaimable? no
[  120.316224][ T6473] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  120.342991][ T6473] lowmem_reserve[]: 0 2866 7844 0
[  120.348026][ T6473] Node 0 DMA32 free:2950312kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953944kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB
[  120.376640][ T6473] lowmem_reserve[]: 0 0 4978 0
[  120.381421][ T6473] Node 0 Normal free:4517328kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:93356kB inactive_anon:0kB active_file:34620kB inactive_file:48704kB unevictable:4kB writepending:1236kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:78216kB local_pcp:46856kB free_cma:0kB
[  120.411783][ T6473] lowmem_reserve[]: 0 0 0 0
[  120.416344][ T6473] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  120.429071][ T6473] Node 0 DMA32: 2*4kB (M) 0*8kB 2*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 4*256kB (M) 3*512kB (M) 2*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950312kB
[  120.444879][ T6473] Node 0 Normal: 1674*4kB (UME) 1361*8kB (UME) 974*16kB (UME) 442*32kB (UME) 188*64kB (UME) 72*128kB (UME) 36*256kB (UME) 11*512kB (UE) 12*1024kB (UME) 9*2048kB (U) 1075*4096kB (UME) = 4517328kB
[  120.464129][ T6473] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  120.473525][ T6473] 41499 total pagecache pages
[  120.478186][ T6473] 0 pages in swap cache
[  120.482314][ T6473] Free swap  = 124732kB
[  120.486509][ T6473] Total swap = 124996kB
[  120.490645][ T6473] 2097051 pages RAM
[  120.494449][ T6473] 0 pages HighMem/MovableOnly
[  120.499115][ T6473] 80173 pages reserved
[  120.513097][ T4933] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.562321][ T6477] loop3: detected capacity change from 0 to 512
[  120.586318][ T6477] EXT4-fs warning (device loop3): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  120.602531][ T6477] EXT4-fs (loop3): mount failed
[  120.614350][ T6490] netlink: 76 bytes leftover after parsing attributes in process `syz.4.763'.
[  120.660560][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.760'.
[  120.676118][ T6492] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(17)
[  120.682797][ T6492] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  120.690557][ T6492] vhci_hcd vhci_hcd.0: Device attached
[  120.700024][ T6504] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(20)
[  120.706770][ T6504] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  120.714469][ T6504] vhci_hcd vhci_hcd.0: Device attached
[  120.720522][ T6506] vhci_hcd: connection closed
[  120.720669][ T6505] vhci_hcd: connection closed
[  120.720704][ T1349] vhci_hcd: stop threads
[  120.734347][ T1349] vhci_hcd: release socket
[  120.738742][ T1349] vhci_hcd: disconnect device
[  120.743785][ T1349] vhci_hcd: stop threads
[  120.748023][ T1349] vhci_hcd: release socket
[  120.752419][ T1349] vhci_hcd: disconnect device
[  120.766814][ T6511] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  120.779940][ T6515] FAULT_INJECTION: forcing a failure.
[  120.779940][ T6515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.793034][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz.3.770 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  120.803596][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  120.813630][ T6515] Call Trace:
[  120.816889][ T6515]  <TASK>
[  120.819799][ T6515]  dump_stack_lvl+0xf2/0x150
[  120.824390][ T6515]  dump_stack+0x15/0x20
[  120.828627][ T6515]  should_fail_ex+0x229/0x230
[  120.833348][ T6515]  should_fail+0xb/0x10
[  120.837549][ T6515]  should_fail_usercopy+0x1a/0x20
[  120.842579][ T6515]  _copy_to_user+0x1e/0xa0
[  120.847056][ T6515]  rng_dev_read+0x3aa/0x6c0
[  120.851564][ T6515]  vfs_readv+0x3f1/0x660
[  120.855805][ T6515]  ? __pfx_rng_dev_read+0x10/0x10
[  120.860831][ T6515]  __x64_sys_preadv+0x100/0x1c0
[  120.865700][ T6515]  x64_sys_call+0x1d5c/0x2d60
[  120.870512][ T6515]  do_syscall_64+0xc9/0x1c0
[  120.875035][ T6515]  ? clear_bhb_loop+0x55/0xb0
[  120.879731][ T6515]  ? clear_bhb_loop+0x55/0xb0
[  120.884447][ T6515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.890342][ T6515] RIP: 0033:0x7f5817dc99f9
[  120.894803][ T6515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.906589][ T6516] loop2: detected capacity change from 0 to 512
[  120.914426][ T6515] RSP: 002b:00007f5816a47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  120.914452][ T6515] RAX: ffffffffffffffda RBX: 00007f5817f65f80 RCX: 00007f5817dc99f9
[  120.914464][ T6515] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004
[  120.914477][ T6515] RBP: 00007f5816a47090 R08: 0000000000000000 R09: 0000000000000000
[  120.914488][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.914500][ T6515] R13: 0000000000000000 R14: 00007f5817f65f80 R15: 00007ffe29441328
[  120.914517][ T6515]  </TASK>
[  120.975701][ T6516] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  120.989279][ T6516] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  121.004230][ T6516] EXT4-fs (loop2): 1 truncate cleaned up
[  121.010469][ T6516] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.035799][ T6516] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  121.576883][ T6530] loop1: detected capacity change from 0 to 2048
[  121.594606][ T6530] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.610516][ T6530] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.774: bg 0: block 234: padding at end of block bitmap is not set
[  121.625020][ T6530] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 117
[  121.637477][ T6530] EXT4-fs (loop1): This should not happen!! Data will be lost
[  121.637477][ T6530] 
[  121.679638][ T6530] syz.1.774 (6530) used greatest stack depth: 9552 bytes left
[  121.687941][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.708030][ T6534] loop1: detected capacity change from 0 to 1024
[  121.715218][ T6534] EXT4-fs: Ignoring removed nomblk_io_submit option
[  121.723118][ T6534] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84cc09c, mo2=0003]
[  121.731317][ T6534] System zones: 0-1, 3-36
[  121.736324][ T6534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.761706][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.869783][ T6542] loop1: detected capacity change from 0 to 512
[  121.876819][ T6542] ext2: Unknown parameter 'uid<00000000000000000000'
[  121.886976][ T6542] loop1: detected capacity change from 0 to 512
[  121.893457][ T6542] EXT4-fs: Ignoring removed nomblk_io_submit option
[  121.901104][ T6542] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  121.909266][ T6542] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  121.917652][ T6542] EXT4-fs (loop1): 1 truncate cleaned up
[  121.924555][ T6542] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  121.939158][ T6542] EXT4-fs (loop1): Remounting filesystem read-only
[  122.144822][ T6551] netlink: 'syz.1.780': attribute type 21 has an invalid length.
[  122.152574][ T6551] netlink: 128 bytes leftover after parsing attributes in process `syz.1.780'.
[  122.162641][ T6551] netlink: 'syz.1.780': attribute type 4 has an invalid length.
[  122.170344][ T6551] netlink: 'syz.1.780': attribute type 5 has an invalid length.
[  122.177990][ T6551] netlink: 3 bytes leftover after parsing attributes in process `syz.1.780'.
[  122.715528][ T6573] atomic_op ffff888108861d28 conn xmit_atomic 0000000000000000
[  122.874607][ T6582] loop4: detected capacity change from 0 to 512
[  122.882686][ T6582] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.789: bg 0: block 5: invalid block bitmap
[  122.895054][ T6582] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  122.903915][ T6582] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.789: invalid indirect mapped block 3 (level 2)
[  122.917399][ T6582] EXT4-fs (loop4): 1 orphan inode deleted
[  122.923117][ T6582] EXT4-fs (loop4): 1 truncate cleaned up
[  122.971400][ T6589] netlink: 12 bytes leftover after parsing attributes in process `syz.4.791'.
[  123.173449][ T6603] loop0: detected capacity change from 0 to 1024
[  123.180012][ T6603] EXT4-fs: Ignoring removed orlov option
[  123.185748][ T6603] EXT4-fs: Ignoring removed nomblk_io_submit option
[  123.192344][ T6603] ext4: Unknown parameter 'appraise_type'
[  123.202796][ T6603] loop0: detected capacity change from 0 to 512
[  123.209586][ T6603] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  123.218351][ T6603] EXT4-fs (loop0): invalid journal inode
[  123.224071][ T6603] EXT4-fs (loop0): can't get journal size
[  123.230387][ T6603] EXT4-fs (loop0): 1 truncate cleaned up
[  123.508676][ T6614] netlink: 48 bytes leftover after parsing attributes in process `syz.4.799'.
[  123.653628][ T6616] loop4: detected capacity change from 0 to 1024
[  123.661178][ T6616] EXT4-fs: Ignoring removed nomblk_io_submit option
[  123.684550][ T6616] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84cc09c, mo2=0003]
[  123.692903][ T6616] System zones: 0-1, 3-36
[  123.853231][ T6626] netlink: 'syz.2.803': attribute type 4 has an invalid length.
[  123.991627][ T6632] loop1: detected capacity change from 0 to 512
[  124.254760][ T6642] loop3: detected capacity change from 0 to 1024
[  124.257816][ T6636] loop2: detected capacity change from 0 to 512
[  124.268996][ T6636] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  124.281823][ T6642] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a042c118, mo2=0003]
[  124.290796][ T6642] System zones: 0-1, 3-12
[  124.294576][ T6636] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  124.311142][ T6636] EXT4-fs (loop2): 1 truncate cleaned up
[  124.317073][ T6642] pim6reg1: entered allmulticast mode
[  124.326407][ T6644] netlink: 24 bytes leftover after parsing attributes in process `syz.1.807'.
[  124.339405][ T6633] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  124.355621][ T6644] loop1: detected capacity change from 0 to 512
[  124.362316][ T6644] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  124.373964][ T6644] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[  124.382024][ T6644] System zones: 1-12
[  124.386229][ T6644] EXT4-fs (loop1): 1 truncate cleaned up
[  124.424746][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.456201][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.501082][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.537268][ T6655] loop1: detected capacity change from 0 to 512
[  124.547068][ T6655] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  124.554773][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.568143][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  124.568157][   T29] audit: type=1400 audit(1723654955.901:838): avc:  denied  { setcurrent } for  pid=6658 comm="syz.0.812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  124.591991][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.606759][ T6655] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  124.636470][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.654409][   T29] audit: type=1400 audit(1723654955.971:839): avc:  denied  { create } for  pid=6661 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  124.692235][ T6655] EXT4-fs (loop1): 1 truncate cleaned up
[  124.705999][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.745928][ T6669] loop0: detected capacity change from 0 to 2048
[  124.784219][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.794300][ T6669]  loop0: p1 < > p4
[  124.806584][ T6669] loop0: p4 size 8388608 extends beyond EOD, truncated
[  124.832518][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.872033][ T3775] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  124.910091][ T6655] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  125.620921][ T6681] loop4: detected capacity change from 0 to 512
[  125.683770][ T1349] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  126.127495][ T6129] EXT4-fs unmount: 14 callbacks suppressed
[  126.127506][ T6129] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.409966][ T1349] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.448066][ T1349] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.497542][ T1349] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.536063][ T6687] chnl_net:caif_netlink_parms(): no params data found
[  126.550703][ T1349] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.561893][ T6702] netlink: 'syz.4.824': attribute type 4 has an invalid length.
[  126.598815][ T6687] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.606068][ T6687] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.614912][ T6687] bridge_slave_0: entered allmulticast mode
[  126.621378][ T6687] bridge_slave_0: entered promiscuous mode
[  126.628626][ T6687] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.635778][ T6687] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.644386][ T6687] bridge_slave_1: entered allmulticast mode
[  126.645992][   T29] audit: type=1400 audit(1723654957.981:840): avc:  denied  { mount } for  pid=6715 comm="syz.4.828" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  126.650864][ T6687] bridge_slave_1: entered promiscuous mode
[  126.673039][ T6716] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6716 comm=syz.4.828
[  126.698918][   T29] audit: type=1400 audit(1723654958.031:841): avc:  denied  { unmount } for  pid=4933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  126.721454][ T1349] bridge_slave_1: left allmulticast mode
[  126.727136][ T1349] bridge_slave_1: left promiscuous mode
[  126.732725][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.741575][ T1349] bridge_slave_0: left allmulticast mode
[  126.747339][ T1349] bridge_slave_0: left promiscuous mode
[  126.753095][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.878293][ T1349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  126.888941][ T1349] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  126.898228][ T4361] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.908729][ T1349] bond0 (unregistering): Released all slaves
[  126.918746][ T6687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.931037][ T6687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.950308][ T6687] team0: Port device team_slave_0 added
[  126.956879][ T6687] team0: Port device team_slave_1 added
[  126.975058][ T1349] tipc: Disabling bearer <udp:syz2>
[  126.980292][ T1349] tipc: Left network mode
[  126.980665][ T6687] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.991681][ T6687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.017852][ T6687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.030380][ T6687] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.037344][ T6687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.063351][ T6687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.088379][ T6687] hsr_slave_0: entered promiscuous mode
[  127.094753][ T6687] hsr_slave_1: entered promiscuous mode
[  127.100816][ T6687] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.108439][ T6687] Cannot create hsr debugfs directory
[  127.137519][ T6728] loop2: detected capacity change from 0 to 512
[  127.149337][ T1349] hsr_slave_0: left promiscuous mode
[  127.156511][ T1349] hsr_slave_1: left promiscuous mode
[  127.162149][ T1349] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  127.169645][ T1349] batman_adv: batadv0: Removing interface: batadv_slave_0
[  127.177282][ T1349] batman_adv: batadv0: Removing interface: batadv_slave_1
[  127.186037][ T1349] batadv0: left allmulticast mode
[  127.191086][ T1349] batadv0: left promiscuous mode
[  127.196302][ T1349] veth1_macvtap: left promiscuous mode
[  127.201770][ T1349] veth0_macvtap: left promiscuous mode
[  127.207317][ T1349] veth1_vlan: left promiscuous mode
[  127.212540][ T1349] veth0_vlan: left promiscuous mode
[  127.229930][ T6733] loop2: detected capacity change from 0 to 512
[  127.294825][ T1349] team0 (unregistering): Port device team_slave_1 removed
[  127.305225][ T1349] team0 (unregistering): Port device team_slave_0 removed
[  127.395408][ T1641] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  127.420322][ T3780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.572179][ T6742] loop1: detected capacity change from 0 to 8192
[  127.652921][ T6742]  loop1: p1 p2 p3 p4 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p219 p220 p221 p222 p223 p224
[  127.653078][ T6742] loop1: p1 size 108986237 extends beyond EOD, truncated
[  127.758378][    C1] ==================================================================
[  127.766450][    C1] BUG: KCSAN: data-race in can_send / can_send
[  127.772613][    C1] 
[  127.774929][    C1] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 0:
[  127.782990][    C1]  can_send+0x576/0x5d0
[  127.787147][    C1]  bcm_can_tx+0x314/0x420
[  127.791476][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  127.796765][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  127.801970][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  127.807000][    C1]  handle_softirqs+0xc3/0x280
[  127.811682][    C1]  do_softirq+0x5e/0x90
[  127.815848][    C1]  __local_bh_enable_ip+0x6e/0x70
[  127.820881][    C1]  _raw_spin_unlock_bh+0x36/0x40
[  127.825824][    C1]  batadv_dat_purge+0x1dd/0x260
[  127.830687][    C1]  process_scheduled_works+0x483/0x9a0
[  127.833977][   T29] audit: type=1400 audit(1723654959.151:842): avc:  denied  { write } for  pid=3245 comm="syz-executor" path="pipe:[712]" dev="pipefs" ino=712 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  127.836142][    C1]  worker_thread+0x526/0x700
[  127.863608][    C1]  kthread+0x1d1/0x210
[  127.867686][    C1]  ret_from_fork+0x4b/0x60
[  127.872110][    C1]  ret_from_fork_asm+0x1a/0x30
[  127.876882][    C1] 
[  127.879195][    C1] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 1:
[  127.887254][    C1]  can_send+0x576/0x5d0
[  127.891408][    C1]  bcm_can_tx+0x314/0x420
[  127.895746][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  127.901043][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  127.906246][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  127.911280][    C1]  handle_softirqs+0xc3/0x280
[  127.915964][    C1]  run_ksoftirqd+0x1c/0x30
[  127.920384][    C1]  smpboot_thread_fn+0x31c/0x4c0
[  127.925327][    C1]  kthread+0x1d1/0x210
[  127.929404][    C1]  ret_from_fork+0x4b/0x60
[  127.933822][    C1]  ret_from_fork_asm+0x1a/0x30
[  127.938590][    C1] 
[  127.940908][    C1] value changed: 0x0000000000001c5c -> 0x0000000000001c5d
[  127.948014][    C1] 
[  127.950325][    C1] Reported by Kernel Concurrency Sanitizer on:
[  127.956471][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  127.967145][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  127.977196][    C1] ==================================================================
[  128.022995][ T6733] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  128.034444][ T6742] loop1: p2 size 520093696 extends beyond EOD, truncated
[  128.144123][ T6742] loop1: p3 size 131072 extends beyond EOD, truncated
[  128.163378][    C0] ==================================================================
[  128.171468][    C0] BUG: KCSAN: data-race in can_send / can_send
[  128.177626][    C0] 
[  128.179942][    C0] read-write to 0xffff888117fe8b10 of 8 bytes by interrupt on cpu 1:
[  128.188002][    C0]  can_send+0x562/0x5d0
[  128.192160][    C0]  bcm_can_tx+0x314/0x420
[  128.196500][    C0]  bcm_tx_timeout_handler+0xdb/0x260
[  128.201801][    C0]  __hrtimer_run_queues+0x20d/0x5e0
[  128.207006][    C0]  hrtimer_run_softirq+0xe4/0x2c0
[  128.212052][    C0]  handle_softirqs+0xc3/0x280
[  128.216742][    C0]  do_softirq+0x5e/0x90
[  128.220914][    C0]  __local_bh_enable_ip+0x6e/0x70
[  128.225825][ T6742] loop1: p5 size 108986237 extends beyond EOD, 
[  128.225935][    C0]  _raw_spin_unlock_bh+0x36/0x40
[  128.225990][ T6742] truncated
[  128.226373][ T6742] loop1: p6 size 520093696 extends beyond EOD, 
[  128.232198][    C0]  batadv_nc_purge_paths+0x21d/0x270
[  128.237202][ T6742] truncated
[  128.240188][    C0]  batadv_nc_worker+0x3db/0xac0
[  128.240218][    C0]  process_scheduled_works+0x483/0x9a0
[  128.240248][    C0]  worker_thread+0x526/0x700
[  128.240276][    C0]  kthread+0x1d1/0x210
[  128.240305][    C0]  ret_from_fork+0x4b/0x60
[  128.240329][    C0]  ret_from_fork_asm+0x1a/0x30
[  128.240356][    C0] 
[  128.240361][    C0] read-write to 0xffff888117fe8b10 of 8 bytes by interrupt on cpu 0:
[  128.276451][ T6742] loop1: p7 size 108986237 extends beyond EOD, 
[  128.278163][    C0]  can_send+0x562/0x5d0
[  128.282897][ T6742] truncated
[  128.303579][ T6742] loop1: p8 size 520093696 extends beyond EOD, truncated
[  128.303984][ T6742] loop1: p9 size 108986237 extends beyond EOD, 
[  128.306678][    C0]  bcm_can_tx+0x314/0x420
[  128.313720][ T6742] truncated
[  128.319877][    C0]  bcm_tx_timeout_handler+0xdb/0x260
[  128.319908][    C0]  __hrtimer_run_queues+0x20d/0x5e0
[  128.319942][    C0]  hrtimer_run_softirq+0xe4/0x2c0
[  128.319971][    C0]  handle_softirqs+0xc3/0x280
[  128.320001][    C0]  do_softirq+0x5e/0x90
[  128.320031][    C0]  __local_bh_enable_ip+0x6e/0x70
[  128.320059][    C0]  _raw_spin_unlock_bh+0x36/0x40
[  128.361840][    C0]  addrconf_ifdown+0x3b7/0xf20
[  128.366605][    C0]  addrconf_notify+0x2ff/0x950
[  128.371385][    C0]  raw_notifier_call_chain+0x6f/0x1d0
[  128.376767][    C0]  call_netdevice_notifiers_info+0xae/0x100
[  128.382670][    C0]  unregister_netdevice_many_notify+0x834/0x1110
[  128.388998][    C0]  unregister_netdevice_queue+0x1f4/0x220
[  128.393925][ T6742] loop1: p10 size 520093696 extends beyond EOD, truncated
[  128.394704][    C0]  __tun_detach+0x798/0xaa0
[  128.394731][    C0]  tun_chr_close+0x5e/0xf0
[  128.394747][    C0]  __fput+0x192/0x6f0
[  128.394769][    C0]  ____fput+0x15/0x20
[  128.418665][    C0]  task_work_run+0x13a/0x1a0
[  128.423299][    C0]  do_exit+0x5dd/0x1720
[  128.423692][ T6742] loop1: p11 size 108986237 extends beyond EOD, 
[  128.427446][    C0]  do_group_exit+0x102/0x150
[  128.427470][    C0]  get_signal+0xf2f/0x1080
[  128.433823][ T6742] truncated
[  128.438329][    C0]  arch_do_signal_or_restart+0x95/0x4b0
[  128.438355][    C0]  syscall_exit_to_user_mode+0x59/0x130
[  128.438384][    C0]  do_syscall_64+0xd6/0x1c0
[  128.438414][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.438440][    C0] 
[  128.438444][    C0] value changed: 0x0000000000006d50 -> 0x0000000000006d51
[  128.438456][    C0] 
[  128.438460][    C0] Reported by Kernel Concurrency Sanitizer on:
[  128.438468][    C0] CPU: 0 UID: 0 PID: 6671 Comm: syz.0.817 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  128.475737][ T6742] loop1: p12 size 520093696 extends beyond EOD, 
[  128.476737][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  128.479044][ T6742] truncated
[  128.494206][ T6742] loop1: p13 size 108986237 extends beyond EOD, 
[  128.495737][    C0] ==================================================================
[  128.502034][ T6742] truncated
[  128.544660][ T6742] loop1: p14 size 520093696 extends beyond EOD, truncated
[  128.563525][ T6742] loop1: p15 size 108986237 extends beyond EOD, truncated
[  128.600110][ T6742] loop1: p16 size 520093696 extends beyond EOD, truncated
[  128.633632][ T6742] loop1: p17 size 108986237 extends beyond EOD, truncated
[  128.663480][ T6742] loop1: p18 size 520093696 extends beyond EOD, truncated
[  128.703454][ T6742] loop1: p19 size 108986237 extends beyond EOD, truncated
[  128.726035][ T6742] loop1: p20 size 520093696 extends beyond EOD, truncated
[  128.743596][ T6742] loop1: p21 size 108986237 extends beyond EOD, truncated
[  128.775847][ T6742] loop1: p22 size 520093696 extends beyond EOD, truncated
[  128.799986][ T6742] loop1: p23 size 108986237 extends beyond EOD, truncated
[  128.821978][ T6742] loop1: p24 size 520093696 extends beyond EOD, truncated
[  128.866383][ T6742] loop1: p25 size 108986237 extends beyond EOD, truncated
[  128.906419][ T6742] loop1: p26 size 520093696 extends beyond EOD, truncated
[  128.966959][ T6742] loop1: p27 size 108986237 extends beyond EOD, truncated
[  129.003390][ T6742] loop1: p28 size 520093696 extends beyond EOD, truncated
[  129.016937][ T6742] loop1: p29 size 108986237 extends beyond EOD, truncated
[  129.049358][ T6742] loop1: p30 size 520093696 extends beyond EOD, truncated
[  129.096778][ T6742] loop1: p31 size 108986237 extends beyond EOD, truncated
[  129.118368][ T6742] loop1: p32 size 520093696 extends beyond EOD, truncated
[  129.145126][ T6742] loop1: p33 size 108986237 extends beyond EOD, truncated
[  129.173566][ T6742] loop1: p34 size 520093696 extends beyond EOD, truncated
[  129.193383][ T6742] loop1: p35 size 108986237 extends beyond EOD, truncated
[  129.227106][ T6742] loop1: p36 size 520093696 extends beyond EOD, truncated
[  129.267195][ T6742] loop1: p37 size 108986237 extends beyond EOD, truncated
[  129.293755][ T6742] loop1: p38 size 520093696 extends beyond EOD, truncated
[  129.322658][ T6742] loop1: p39 size 108986237 extends beyond EOD, truncated
[  129.343939][ T6742] loop1: p40 size 520093696 extends beyond EOD, truncated
[  129.363583][ T6742] loop1: p41 size 108986237 extends beyond EOD, truncated
[  129.371263][ T6742] loop1: p42 size 520093696 extends beyond EOD, truncated
[  129.393781][ T6742] loop1: p43 size 108986237 extends beyond EOD, truncated
[  129.403486][ T6742] loop1: p44 size 520093696 extends beyond EOD, truncated
[  129.423373][ T6742] loop1: p45 size 108986237 extends beyond EOD, truncated
[  129.433408][ T6742] loop1: p46 size 520093696 extends beyond EOD, truncated
[  129.463560][ T6742] loop1: p47 size 108986237 extends beyond EOD, truncated
[  129.471112][ T6742] loop1: p48 size 520093696 extends beyond EOD, truncated
[  129.493764][ T6742] loop1: p49 size 108986237 extends beyond EOD, truncated
[  129.503368][ T6742] loop1: p50 size 520093696 extends beyond EOD, truncated
[  129.523983][ T6742] loop1: p51 size 108986237 extends beyond EOD, truncated
[  129.543455][ T6742] loop1: p52 size 520093696 extends beyond EOD, truncated
[  129.553474][ T6742] loop1: p53 size 108986237 extends beyond EOD, truncated
[  129.583392][ T6742] loop1: p54 size 520093696 extends beyond EOD, truncated
[  129.591091][ T6742] loop1: p55 size 108986237 extends beyond EOD, truncated
[  129.613743][ T6742] loop1: p56 size 520093696 extends beyond EOD, truncated
[  129.621256][ T6742] loop1: p57 size 108986237 extends beyond EOD, truncated
[  129.643955][ T6742] loop1: p58 size 520093696 extends beyond EOD, truncated
[  129.663637][ T6742] loop1: p59 size 108986237 extends beyond EOD, truncated
[  129.693417][ T6742] loop1: p60 size 520093696 extends beyond EOD, truncated
[  129.713406][ T6742] loop1: p61 size 108986237 extends beyond EOD, truncated
[  129.763946][ T6742] loop1: p62 size 520093696 extends beyond EOD, truncated
[  129.783479][ T6742] loop1: p63 size 108986237 extends beyond EOD, truncated
[  129.790992][ T6742] loop1: p64 size 520093696 extends beyond EOD, truncated
[  129.803739][ T6742] loop1: p65 size 108986237 extends beyond EOD, truncated
[  129.816415][ T6742] loop1: p66 size 520093696 extends beyond EOD, truncated
[  129.833812][ T6742] loop1: p67 size 108986237 extends beyond EOD, truncated
[  129.841335][ T6742] loop1: p68 size 520093696 extends beyond EOD, truncated
[  129.863771][ T6742] loop1: p69 size 108986237 extends beyond EOD, truncated
[  129.871531][ T6742] loop1: p70 size 520093696 extends beyond EOD, truncated
[  129.886836][ T6742] loop1: p71 size 108986237 extends beyond EOD, truncated
[  129.903757][ T6742] loop1: p72 size 520093696 extends beyond EOD, truncated
[  129.911397][ T6742] loop1: p73 size 108986237 extends beyond EOD, truncated
[  129.943952][ T6742] loop1: p74 size 520093696 extends beyond EOD, truncated
[  129.953012][ T6742] loop1: p75 size 108986237 extends beyond EOD, truncated
[  129.977244][ T6742] loop1: p76 size 520093696 extends beyond EOD, truncated
[  129.993679][ T6742] loop1: p77 size 108986237 extends beyond EOD, truncated
[  130.010142][ T6742] loop1: p78 size 520093696 extends beyond EOD, truncated
[  130.035870][ T6742] loop1: p79 size 108986237 extends beyond EOD, truncated
[  130.054114][ T6742] loop1: p80 size 520093696 extends beyond EOD, truncated
[  130.074055][ T6742] loop1: p81 size 108986237 extends beyond EOD, truncated
[  130.088064][ T6742] loop1: p82 size 520093696 extends beyond EOD, truncated
[  130.114746][ T6742] loop1: p83 size 108986237 extends beyond EOD, truncated
[  130.130428][ T6742] loop1: p84 size 520093696 extends beyond EOD, truncated
[  130.146379][ T6742] loop1: p85 size 108986237 extends beyond EOD, truncated
[  130.163683][ T6742] loop1: p86 size 520093696 extends beyond EOD, truncated
[  130.174212][ T6742] loop1: p87 size 108986237 extends beyond EOD, truncated
[  130.195262][ T6742] loop1: p88 size 520093696 extends beyond EOD, truncated
[  130.214166][ T6742] loop1: p89 size 108986237 extends beyond EOD, truncated
[  130.225215][ T6742] loop1: p90 size 520093696 extends beyond EOD, truncated
[  130.234011][ T6742] loop1: p91 size 108986237 extends beyond EOD, truncated
[  130.266590][ T6742] loop1: p92 size 520093696 extends beyond EOD, truncated
[  130.283724][ T6742] loop1: p93 size 108986237 extends beyond EOD, truncated
[  130.307365][ T6742] loop1: p94 size 520093696 extends beyond EOD, truncated
[  130.324779][ T1349] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.339419][ T6742] loop1: p95 size 108986237 extends beyond EOD, truncated
[  130.363970][ T6742] loop1: p96 size 520093696 extends beyond EOD, truncated
[  130.376253][ T6742] loop1: p97 size 108986237 extends beyond EOD, truncated
[  130.393704][ T6742] loop1: p98 size 520093696 extends beyond EOD, truncated
[  130.423456][ T6742] loop1: p99 size 108986237 extends beyond EOD, truncated
[  130.448081][ T6742] loop1: p100 size 520093696 extends beyond EOD, truncated
[  130.477539][ T6742] loop1: p101 size 108986237 extends beyond EOD, truncated
[  130.507303][ T6742] loop1: p102 size 520093696 extends beyond EOD, truncated
[  130.524387][ T6742] loop1: p103 size 108986237 extends beyond EOD, truncated
[  130.525128][ T1349] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.542215][ T6742] loop1: p104 size 520093696 extends beyond EOD, truncated
[  130.567513][ T6742] loop1: p105 size 108986237 extends beyond EOD, truncated
[  130.580368][ T6742] loop1: p106 size 520093696 extends beyond EOD, truncated
[  130.603976][ T6742] loop1: p107 size 108986237 extends beyond EOD, truncated
[  130.611698][ T6742] loop1: p108 size 520093696 extends beyond EOD, truncated
[  130.633745][ T6742] loop1: p109 size 108986237 extends beyond EOD, truncated
[  130.655470][ T6742] loop1: p110 size 520093696 extends beyond EOD, truncated
[  130.673775][ T6742] loop1: p111 size 108986237 extends beyond EOD, truncated
[  130.703560][ T6742] loop1: p112 size 520093696 extends beyond EOD, truncated
[  130.714475][ T1349] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.733753][ T6742] loop1: p113 size 108986237 extends beyond EOD, truncated
[  130.743664][ T6742] loop1: p114 size 520093696 extends beyond EOD, truncated
[  130.763375][ T6742] loop1: p115 size 108986237 extends beyond EOD, truncated
[  130.783357][ T6742] loop1: p116 size 520093696 extends beyond EOD, truncated
[  130.791047][ T6742] loop1: p117 size 108986237 extends beyond EOD, truncated
[  130.804088][    C0] ==================================================================
[  130.812166][    C0] BUG: KCSAN: data-race in can_send / can_send
[  130.818319][    C0] 
[  130.820640][    C0] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 1:
[  130.828696][    C0]  can_send+0x576/0x5d0
[  130.832852][    C0]  bcm_can_tx+0x314/0x420
[  130.837180][    C0]  bcm_tx_timeout_handler+0xdb/0x260
[  130.842473][    C0]  __hrtimer_run_queues+0x20d/0x5e0
[  130.847675][    C0]  hrtimer_run_softirq+0xe4/0x2c0
[  130.852701][    C0]  handle_softirqs+0xc3/0x280
[  130.857387][    C0]  do_softirq+0x5e/0x90
[  130.861549][    C0]  __local_bh_enable_ip+0x6e/0x70
[  130.866579][    C0]  _raw_spin_unlock_bh+0x36/0x40
[  130.871528][    C0]  batadv_nc_purge_paths+0x21d/0x270
[  130.876824][    C0]  batadv_nc_worker+0x402/0xac0
[  130.881675][    C0]  process_scheduled_works+0x483/0x9a0
[  130.887141][    C0]  worker_thread+0x526/0x700
[  130.891823][    C0]  kthread+0x1d1/0x210
[  130.895899][    C0]  ret_from_fork+0x4b/0x60
[  130.900315][    C0]  ret_from_fork_asm+0x1a/0x30
[  130.905082][    C0] 
[  130.907400][    C0] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 0:
[  130.915462][    C0]  can_send+0x576/0x5d0
[  130.919615][    C0]  bcm_can_tx+0x314/0x420
[  130.923948][    C0]  bcm_tx_timeout_handler+0xdb/0x260
[  130.929250][    C0]  __hrtimer_run_queues+0x20d/0x5e0
[  130.934451][    C0]  hrtimer_run_softirq+0xe4/0x2c0
[  130.939483][    C0]  handle_softirqs+0xc3/0x280
[  130.944166][    C0]  irq_exit_rcu+0x3e/0x90
[  130.948506][    C0]  sysvec_apic_timer_interrupt+0x73/0x80
[  130.954143][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  130.960216][    C0]  __sanitizer_cov_trace_pc+0x37/0x70
[  130.965589][    C0]  get_random_bytes+0x12/0x30
[  130.970264][    C0]  nsim_dev_trap_report_work+0x411/0x5b0
[  130.975908][    C0]  process_scheduled_works+0x483/0x9a0
[  130.981371][    C0]  worker_thread+0x526/0x700
[  130.985969][    C0]  kthread+0x1d1/0x210
[  130.990046][    C0]  ret_from_fork+0x4b/0x60
[  130.994465][    C0]  ret_from_fork_asm+0x1a/0x30
[  130.999231][    C0] 
[  131.001549][    C0] value changed: 0x000000000000418a -> 0x000000000000418b
[  131.008644][    C0] 
[  131.010954][    C0] Reported by Kernel Concurrency Sanitizer on:
[  131.017099][    C0] CPU: 0 UID: 0 PID: 3335 Comm: kworker/0:4 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  131.027868][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  131.037933][    C0] Workqueue: events nsim_dev_trap_report_work
[  131.044021][    C0] ==================================================================
[  131.056056][ T6742] loop1: p118 size 520093696 extends beyond EOD, truncated
[  131.083775][ T6742] loop1: p119 size 108986237 extends beyond EOD, truncated
[  131.126116][ T6742] loop1: p120 size 520093696 extends beyond EOD, truncated
[  131.157132][ T6742] loop1: p121 size 108986237 extends beyond EOD, truncated
[  131.188449][ T6742] loop1: p122 size 520093696 extends beyond EOD, truncated
[  131.226275][ T6742] loop1: p123 size 108986237 extends beyond EOD, truncated
[  131.244553][ T1349] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.266450][ T6742] loop1: p124 size 520093696 extends beyond EOD, truncated
[  131.297536][ T6742] loop1: p125 size 108986237 extends beyond EOD, truncated
[  131.336122][ T6742] loop1: p126 size 520093696 extends beyond EOD, truncated
[  131.349454][ T6742] loop1: p127 size 108986237 extends beyond EOD, truncated
[  131.383709][ T6742] loop1: p128 size 520093696 extends beyond EOD, truncated
[  131.413860][ T6742] loop1: p129 size 108986237 extends beyond EOD, truncated
[  131.424745][ T1349] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.435189][ T6742] loop1: p130 size 520093696 extends beyond EOD, truncated
[  131.453363][ T6742] loop1: p131 size 108986237 extends beyond EOD, truncated
[  131.463588][ T6742] loop1: p132 size 520093696 extends beyond EOD, truncated
[  131.483780][ T6742] loop1: p133 size 108986237 extends beyond EOD, truncated
[  131.496612][    C0] ==================================================================
[  131.504693][    C0] BUG: KCSAN: data-race in can_send / can_send
[  131.510853][    C0] 
[  131.513167][    C0] read-write to 0xffff888117fe8b10 of 8 bytes by interrupt on cpu 1:
[  131.521228][    C0]  can_send+0x562/0x5d0
[  131.525382][    C0]  bcm_can_tx+0x314/0x420
[  131.529718][    C0]  bcm_tx_timeout_handler+0xdb/0x260
[  131.535019][    C0]  __hrtimer_run_queues+0x20d/0x5e0
[  131.540223][    C0]  hrtimer_run_softirq+0xe4/0x2c0
[  131.545257][    C0]  handle_softirqs+0xc3/0x280
[  131.549953][    C0]  do_softirq+0x5e/0x90
[  131.554118][    C0]  __local_bh_enable_ip+0x6e/0x70
[  131.559244][    C0]  nf_ct_delete+0x271/0x420
[  131.563773][    C0]  nf_ct_gc_expired+0x167/0x200
[  131.568635][    C0]  gc_worker+0x42f/0xa00
[  131.572874][    C0]  process_scheduled_works+0x483/0x9a0
[  131.578341][    C0]  worker_thread+0x526/0x700
[  131.582950][    C0]  kthread+0x1d1/0x210
[  131.587028][    C0]  ret_from_fork+0x4b/0x60
[  131.591455][    C0]  ret_from_fork_asm+0x1a/0x30
[  131.596224][    C0] 
[  131.598540][    C0] read-write to 0xffff888117fe8b10 of 8 bytes by interrupt on cpu 0:
[  131.606602][    C0]  can_send+0x562/0x5d0
[  131.610755][    C0]  bcm_can_tx+0x314/0x420
[  131.615180][    C0]  bcm_tx_timeout_handler+0xdb/0x260
[  131.620475][    C0]  __hrtimer_run_queues+0x20d/0x5e0
[  131.625678][    C0]  hrtimer_run_softirq+0xe4/0x2c0
[  131.630797][    C0]  handle_softirqs+0xc3/0x280
[  131.635486][    C0]  run_ksoftirqd+0x1c/0x30
[  131.639905][    C0]  smpboot_thread_fn+0x31c/0x4c0
[  131.644853][    C0]  kthread+0x1d1/0x210
[  131.648960][    C0]  ret_from_fork+0x4b/0x60
[  131.653379][    C0]  ret_from_fork_asm+0x1a/0x30
[  131.658157][    C0] 
[  131.660474][    C0] value changed: 0x0000000000030796 -> 0x0000000000030797
[  131.667569][    C0] 
[  131.669886][    C0] Reported by Kernel Concurrency Sanitizer on:
[  131.676026][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  131.686611][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  131.696663][    C0] ==================================================================
[  131.705438][ T6742] loop1: p134 size 520093696 extends beyond EOD, truncated
[  131.719492][ T6742] loop1: p135 size 108986237 extends beyond EOD, truncated
[  131.727457][ T6742] loop1: p136 size 520093696 extends beyond EOD, truncated
[  131.735938][ T6742] loop1: p137 size 108986237 extends beyond EOD, truncated
[  131.743853][ T6742] loop1: p138 size 520093696 extends beyond EOD, truncated
[  131.751586][ T6742] loop1: p139 size 108986237 extends beyond EOD, truncated
[  131.759870][ T6742] loop1: p140 size 520093696 extends beyond EOD, truncated
[  131.767637][ T6742] loop1: p141 size 108986237 extends beyond EOD, truncated
[  131.797070][ T6742] loop1: p142 size 520093696 extends beyond EOD, truncated
[  131.804700][ T1349] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.814197][ T6742] loop1: p143 size 108986237 extends beyond EOD, truncated
[  131.833355][ T6742] loop1: p144 size 520093696 extends beyond EOD, truncated
[  131.847348][ T6742] loop1: p145 size 108986237 extends beyond EOD, truncated
[  131.863765][ T6742] loop1: p146 size 520093696 extends beyond EOD, truncated
[  131.883365][ T6742] loop1: p147 size 108986237 extends beyond EOD, truncated
[  131.906125][ T6742] loop1: p148 size 520093696 extends beyond EOD, truncated
[  131.925019][ T1349] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.935338][ T6742] loop1: p149 size 108986237 extends beyond EOD, truncated
[  131.953362][ T6742] loop1: p150 size 520093696 extends beyond EOD, truncated
[  131.987230][ T6742] loop1: p151 size 108986237 extends beyond EOD, truncated
[  132.026209][ T6742] loop1: p152 size 520093696 extends beyond EOD, truncated
[  132.043652][ T6742] loop1: p153 size 108986237 extends beyond EOD, truncated
[  132.051644][ T6742] loop1: p154 size 520093696 extends beyond EOD, truncated
[  132.058548][ T1349] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.086395][ T6742] loop1: p155 size 108986237 extends beyond EOD, truncated
[  132.119295][ T6742] loop1: p156 size 520093696 extends beyond EOD, truncated
[  132.133884][ T6742] loop1: p157 size 108986237 extends beyond EOD, truncated
[  132.163374][ T6742] loop1: p158 size 520093696 extends beyond EOD, truncated
[  132.171074][ T6742] loop1: p159 size 108986237 extends beyond EOD, truncated
[  132.193678][ T6742] loop1: p160 size 520093696 extends beyond EOD, truncated
[  132.201281][ T6742] loop1: p161 size 108986237 extends beyond EOD, truncated
[  132.223864][ T6742] loop1: p162 size 520093696 extends beyond EOD, truncated
[  132.232289][ T6742] loop1: p163 size 108986237 extends beyond EOD, truncated
[  132.253795][ T6742] loop1: p164 size 520093696 extends beyond EOD, truncated
[  132.263429][ T6742] loop1: p165 size 108986237 extends beyond EOD, truncated
[  132.282954][ T6742] loop1: p166 size 520093696 extends beyond EOD, truncated
[  132.293671][ T6742] loop1: p167 size 108986237 extends beyond EOD, truncated
[  132.323440][ T6742] loop1: p168 size 520093696 extends beyond EOD, truncated
[  132.343357][ T6742] loop1: p169 size 108986237 extends beyond EOD, truncated
[  132.350986][ T6742] loop1: p170 size 520093696 extends beyond EOD, truncated
[  132.368348][ T6742] loop1: p171 size 108986237 extends beyond EOD, truncated
[  132.404184][ T6742] loop1: p172 size 520093696 extends beyond EOD, truncated
[  132.411742][ T6742] loop1: p173 size 108986237 extends beyond EOD, truncated
[  132.434905][ T6742] loop1: p174 size 520093696 extends beyond EOD, truncated
[  132.442565][ T6742] loop1: p175 size 108986237 extends beyond EOD, truncated
[  132.465967][ T6742] loop1: p176 size 520093696 extends beyond EOD, truncated
[  132.484139][ T6742] loop1: p177 size 108986237 extends beyond EOD, truncated
[  132.503646][ T6742] loop1: p178 size 520093696 extends beyond EOD, truncated
[  132.511268][ T6742] loop1: p179 size 108986237 extends beyond EOD, truncated
[  132.534574][ T6742] loop1: p180 size 520093696 extends beyond EOD, truncated
[  132.542268][ T6742] loop1: p181 size 108986237 extends beyond EOD, truncated
[  132.558937][ T6742] loop1: p182 size 520093696 extends beyond EOD, truncated
[  132.583843][ T6742] loop1: p183 size 108986237 extends beyond EOD, truncated
[  132.605798][ T6742] loop1: p184 size 520093696 extends beyond EOD, truncated
[  132.633607][ T6742] loop1: p185 size 108986237 extends beyond EOD, truncated
[  132.663437][ T6742] loop1: p186 size 520093696 extends beyond EOD, truncated
[  132.672280][ T1349] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.682776][ T1349] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  132.713366][ T6742] loop1: p187 size 108986237 extends beyond EOD, truncated
[  132.743684][ T6742] loop1: p188 size 520093696 extends beyond EOD, truncated
[  132.754381][ T6742] loop1: p189 size 108986237 extends beyond EOD, truncated
[  132.796413][ T6742] loop1: p190 size 520093696 extends beyond EOD, truncated
[  132.813981][ T6742] loop1: p191 size 108986237 extends beyond EOD, truncated
[  132.823862][ T6742] loop1: p192 size 520093696 extends beyond EOD, truncated
[  132.845565][ T6742] loop1: p193 size 108986237 extends beyond EOD, truncated
[  132.876994][ T6742] loop1: p194 size 520093696 extends beyond EOD, truncated
[  132.893821][ T6742] loop1: p195 size 108986237 extends beyond EOD, truncated
[  132.908139][ T1349] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.918453][ T1349] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  132.933729][ T6742] loop1: p196 size 520093696 extends beyond EOD, truncated
[  132.953423][ T6742] loop1: p197 size 108986237 extends beyond EOD, truncated
[  132.963670][ T6742] loop1: p198 size 520093696 extends beyond EOD, truncated
[  132.983595][ T6742] loop1: p199 size 108986237 extends beyond EOD, truncated
[  133.003713][ T6742] loop1: p200 size 520093696 extends beyond EOD, truncated
[  133.011458][ T6742] loop1: p201 size 108986237 extends beyond EOD, truncated
[  133.028218][ T6742] loop1: p202 size 520093696 extends beyond EOD, truncated
[  133.046377][ T6742] loop1: p203 size 108986237 extends beyond EOD, truncated
[  133.064057][ T6742] loop1: p204 size 520093696 extends beyond EOD, truncated
[  133.083574][ T6742] loop1: p205 size 108986237 extends beyond EOD, truncated
[  133.084847][ T1349] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.093497][ T6742] loop1: p206 size 520093696 extends beyond EOD, truncated
[  133.101347][ T1349] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  133.133361][ T6742] loop1: p207 size 108986237 extends beyond EOD, truncated
[  133.141271][ T6742] loop1: p208 size 520093696 extends beyond EOD, truncated
[  133.164216][ T6742] loop1: p209 size 108986237 extends beyond EOD, truncated
[  133.183362][ T6742] loop1: p210 size 520093696 extends beyond EOD, truncated
[  133.192295][ T6742] loop1: p211 size 108986237 extends beyond EOD, truncated
[  133.213841][ T6742] loop1: p212 size 520093696 extends beyond EOD, truncated
[  133.223378][ T6742] loop1: p213 size 108986237 extends beyond EOD, truncated
[  133.242830][ T6742] loop1: p214 size 520093696 extends beyond EOD, truncated
[  133.266627][ T6742] loop1: p215 size 108986237 extends beyond EOD, truncated
[  133.294166][ T6742] loop1: p216 size 520093696 extends beyond EOD, truncated
[  133.313476][ T6742] loop1: p217 size 108986237 extends beyond EOD, truncated
[  133.343539][ T6742] loop1: p218 size 520093696 extends beyond EOD, truncated
[  133.367864][ T1349] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.378363][ T1349] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  133.403531][ T6742] loop1: p219 size 108986237 extends beyond EOD, truncated
[  133.443676][ T6742] loop1: p220 size 520093696 extends beyond EOD, truncated
[  133.451512][ T6742] loop1: p221 size 108986237 extends beyond EOD, truncated
[  133.459157][ T6742] loop1: p222 size 520093696 extends beyond EOD, truncated
[  133.477361][ T6742] loop1: p223 size 108986237 extends beyond EOD, truncated
[  133.514086][ T6742] loop1: p224 size 520093696 extends beyond EOD, truncated
[  133.527350][ T1349] bridge_slave_1: left allmulticast mode
[  133.533177][ T1349] bridge_slave_1: left promiscuous mode
[  133.538982][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.553780][ T6742] loop1: p225 size 108986237 extends beyond EOD, truncated
[  133.573360][ T6742] loop1: p226 size 520093696 extends beyond EOD, truncated
[  133.581118][ T6742] loop1: p227 size 108986237 extends beyond EOD, truncated
[  133.602643][ T1349] bridge_slave_0: left allmulticast mode
[  133.608422][ T1349] bridge_slave_0: left promiscuous mode
[  133.615084][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.622581][ T6742] loop1: p228 size 520093696 extends beyond EOD, truncated
[  133.644091][ T6742] loop1: p229 size 108986237 extends beyond EOD, truncated
[  133.651802][ T6742] loop1: p230 size 520093696 extends beyond EOD, truncated
[  133.667415][ T6742] loop1: p231 size 108986237 extends beyond EOD, truncated
[  133.684736][ T1349] bridge_slave_1: left allmulticast mode
[  133.690534][ T1349] bridge_slave_1: left promiscuous mode
[  133.697295][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.708292][ T6742] loop1: p232 size 520093696 extends beyond EOD, truncated
[  133.723750][ T6742] loop1: p233 size 108986237 extends beyond EOD, truncated
[  133.743454][ T6742] loop1: p234 size 520093696 extends beyond EOD, truncated
[  133.753252][ T6742] loop1: p235 size 108986237 extends beyond EOD, truncated
[  133.768528][ T1349] bridge_slave_0: left allmulticast mode
[  133.774273][ T1349] bridge_slave_0: left promiscuous mode
[  133.781352][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.793852][ T6742] loop1: p236 size 520093696 extends beyond EOD, truncated
[  133.813427][ T6742] loop1: p237 size 108986237 extends beyond EOD, truncated
[  133.827210][ T6742] loop1: p238 size 520093696 extends beyond EOD, truncated
[  133.843755][ T6742] loop1: p239 size 108986237 extends beyond EOD, truncated
[  133.863946][ T6742] loop1: p240 size 520093696 extends beyond EOD, truncated
[  133.864323][ T1349] bridge_slave_1: left allmulticast mode
[  133.873339][ T6742] loop1: p241 size 108986237 extends beyond EOD, truncated
[  133.876941][ T1349] bridge_slave_1: left promiscuous mode
[  133.891019][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.903779][    C1] ==================================================================
[  133.911860][    C1] BUG: KCSAN: data-race in can_send / can_send
[  133.918038][    C1] 
[  133.920352][    C1] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 0:
[  133.923829][ T6742] loop1: p242 size 520093696 extends beyond EOD, truncated
[  133.928409][    C1]  can_send+0x576/0x5d0
[  133.928435][    C1]  bcm_can_tx+0x314/0x420
[  133.928456][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  133.949345][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  133.954551][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  133.959588][    C1]  handle_softirqs+0xc3/0x280
[  133.963803][ T6742] loop1: p243 size 108986237 extends beyond EOD, truncated
[  133.964264][    C1]  do_softirq+0x5e/0x90
[  133.975591][    C1]  __local_bh_enable_ip+0x6e/0x70
[  133.980630][    C1]  _raw_spin_unlock_bh+0x36/0x40
[  133.985577][    C1]  batadv_nc_purge_paths+0x21d/0x270
[  133.990874][    C1]  batadv_nc_worker+0x3db/0xac0
[  133.995734][    C1]  process_scheduled_works+0x483/0x9a0
[  133.995909][ T6742] loop1: p244 size 520093696 extends beyond EOD, truncated
[  134.001185][    C1]  worker_thread+0x526/0x700
[  134.012949][    C1]  kthread+0x1d1/0x210
[  134.017026][    C1]  ret_from_fork+0x4b/0x60
[  134.021443][    C1]  ret_from_fork_asm+0x1a/0x30
[  134.026213][    C1] 
[  134.028530][    C1] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 1:
[  134.036600][    C1]  can_send+0x576/0x5d0
[  134.036817][ T6742] loop1: p245 size 108986237 extends beyond EOD, truncated
[  134.040752][    C1]  bcm_can_tx+0x314/0x420
[  134.047943][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  134.047976][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  134.048002][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  134.048032][    C1]  handle_softirqs+0xc3/0x280
[  134.048061][    C1]  run_ksoftirqd+0x1c/0x30
[  134.048081][    C1]  smpboot_thread_fn+0x31c/0x4c0
[  134.048111][    C1]  kthread+0x1d1/0x210
[  134.048142][    C1]  ret_from_fork+0x4b/0x60
[  134.048165][    C1]  ret_from_fork_asm+0x1a/0x30
[  134.048193][    C1] 
[  134.048197][    C1] value changed: 0x000000000000497a -> 0x000000000000497b
[  134.048208][    C1] 
[  134.048211][    C1] Reported by Kernel Concurrency Sanitizer on:
[  134.048218][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  134.077424][ T6742] loop1: p246 size 520093696 extends beyond EOD, 
[  134.081934][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  134.086037][ T6742] truncated
[  134.090381][    C1] ==================================================================
[  134.156477][ T1349] bridge_slave_0: left allmulticast mode
[  134.162302][ T1349] bridge_slave_0: left promiscuous mode
[  134.168107][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.203228][ T1349] veth0_to_bond: left allmulticast mode
[  134.208894][ T1349] veth0_to_bond: left promiscuous mode
[  134.214585][ T1349] bridge0: port 3(veth0_to_bond) entered disabled state
[  134.223987][ T6742] loop1: p247 size 108986237 extends beyond EOD, truncated
[  134.243355][ T6742] loop1: p248 size 520093696 extends beyond EOD, truncated
[  134.258830][ T1349] bridge_slave_1: left allmulticast mode
[  134.263363][ T6742] loop1: p249 size 108986237 extends beyond EOD, truncated
[  134.264529][ T1349] bridge_slave_1: left promiscuous mode
[  134.272267][ T6742] loop1: p250 size 520093696 extends beyond EOD, 
[  134.277495][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.292266][ T6742] truncated
[  134.323708][ T1349] bridge_slave_0: left allmulticast mode
[  134.329542][ T1349] bridge_slave_0: left promiscuous mode
[  134.335466][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.354130][ T6742] loop1: p251 size 108986237 extends beyond EOD, truncated
[  134.383483][ T6742] loop1: p252 size 520093696 extends beyond EOD, truncated
[  134.391183][ T6742] loop1: p253 size 108986237 extends beyond EOD, truncated
[  134.413719][ T6742] loop1: p254 size 520093696 extends beyond EOD, truncated
[  134.433909][ T6742] loop1: p255 size 108986237 extends beyond EOD, truncated
[  134.588603][    C1] ==================================================================
[  134.596703][    C1] BUG: KCSAN: data-race in can_send / can_send
[  134.602861][    C1] 
[  134.605173][    C1] read-write to 0xffff888117fe8b10 of 8 bytes by interrupt on cpu 0:
[  134.613228][    C1]  can_send+0x562/0x5d0
[  134.617381][    C1]  bcm_can_tx+0x314/0x420
[  134.621704][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  134.626997][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  134.632215][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  134.637244][    C1]  handle_softirqs+0xc3/0x280
[  134.641927][    C1]  do_softirq+0x5e/0x90
[  134.646087][    C1]  __local_bh_enable_ip+0x6e/0x70
[  134.651126][    C1]  _raw_spin_unlock_bh+0x36/0x40
[  134.656072][    C1]  batadv_nc_purge_paths+0x21d/0x270
[  134.661360][    C1]  batadv_nc_worker+0x3db/0xac0
[  134.666216][    C1]  process_scheduled_works+0x483/0x9a0
[  134.671678][    C1]  worker_thread+0x526/0x700
[  134.676274][    C1]  kthread+0x1d1/0x210
[  134.680347][    C1]  ret_from_fork+0x4b/0x60
[  134.684766][    C1]  ret_from_fork_asm+0x1a/0x30
[  134.689535][    C1] 
[  134.691849][    C1] read-write to 0xffff888117fe8b10 of 8 bytes by interrupt on cpu 1:
[  134.699999][    C1]  can_send+0x562/0x5d0
[  134.704157][    C1]  bcm_can_tx+0x314/0x420
[  134.708492][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  134.713791][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  134.719001][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  134.724033][    C1]  handle_softirqs+0xc3/0x280
[  134.728718][    C1]  do_softirq+0x5e/0x90
[  134.732880][    C1]  __local_bh_enable_ip+0x6e/0x70
[  134.737912][    C1]  _raw_spin_unlock_bh+0x36/0x40
[  134.742858][    C1]  addrconf_ifdown+0x3b7/0xf20
[  134.747616][    C1]  addrconf_notify+0x2ff/0x950
[  134.752377][    C1]  raw_notifier_call_chain+0x6f/0x1d0
[  134.757758][    C1]  call_netdevice_notifiers_info+0xae/0x100
[  134.763663][    C1]  dev_close_many+0x174/0x240
[  134.768336][    C1]  unregister_netdevice_many_notify+0x259/0x1110
[  134.774664][    C1]  unregister_netdevice_many+0x19/0x20
[  134.780120][    C1]  cleanup_net+0x417/0x830
[  134.784531][    C1]  process_scheduled_works+0x483/0x9a0
[  134.790001][    C1]  worker_thread+0x526/0x700
[  134.794598][    C1]  kthread+0x1d1/0x210
[  134.798677][    C1]  ret_from_fork+0x4b/0x60
[  134.803097][    C1]  ret_from_fork_asm+0x1a/0x30
[  134.807867][    C1] 
[  134.810178][    C1] value changed: 0x0000000000056f81 -> 0x0000000000056f82
[  134.817272][    C1] 
[  134.819585][    C1] Reported by Kernel Concurrency Sanitizer on:
[  134.825724][    C1] CPU: 1 UID: 0 PID: 1349 Comm: kworker/u8:4 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  134.836572][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  134.846626][    C1] Workqueue: netns cleanup_net
[  134.851388][    C1] ==================================================================
[  135.653995][ T1349] gretap0: left allmulticast mode
[  135.659191][ T1349] gretap0: left promiscuous mode
[  137.089595][    C1] ==================================================================
[  137.097697][    C1] BUG: KCSAN: data-race in can_send / can_send
[  137.103855][    C1] 
[  137.106167][    C1] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 0:
[  137.114227][    C1]  can_send+0x576/0x5d0
[  137.118387][    C1]  bcm_can_tx+0x314/0x420
[  137.122716][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  137.128010][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  137.133217][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  137.138253][    C1]  handle_softirqs+0xc3/0x280
[  137.142939][    C1]  run_ksoftirqd+0x1c/0x30
[  137.147349][    C1]  smpboot_thread_fn+0x31c/0x4c0
[  137.152294][    C1]  kthread+0x1d1/0x210
[  137.156372][    C1]  ret_from_fork+0x4b/0x60
[  137.160786][    C1]  ret_from_fork_asm+0x1a/0x30
[  137.165555][    C1] 
[  137.167868][    C1] read-write to 0xffff888117fe8b70 of 8 bytes by interrupt on cpu 1:
[  137.176024][    C1]  can_send+0x576/0x5d0
[  137.180185][    C1]  bcm_can_tx+0x314/0x420
[  137.184522][    C1]  bcm_tx_timeout_handler+0xdb/0x260
[  137.190166][    C1]  __hrtimer_run_queues+0x20d/0x5e0
[  137.195372][    C1]  hrtimer_run_softirq+0xe4/0x2c0
[  137.200404][    C1]  handle_softirqs+0xc3/0x280
[  137.205091][    C1]  do_softirq+0x5e/0x90
[  137.209252][    C1]  __local_bh_enable_ip+0x6e/0x70
[  137.214287][    C1]  _raw_spin_unlock_bh+0x36/0x40
[  137.219238][    C1]  batadv_nc_purge_paths+0x21d/0x270
[  137.224549][    C1]  batadv_nc_worker+0x3db/0xac0
[  137.229399][    C1]  process_scheduled_works+0x483/0x9a0
[  137.234874][    C1]  worker_thread+0x526/0x700
[  137.239480][    C1]  kthread+0x1d1/0x210
[  137.243574][    C1]  ret_from_fork+0x4b/0x60
[  137.247996][    C1]  ret_from_fork_asm+0x1a/0x30
[  137.252763][    C1] 
[  137.255076][    C1] value changed: 0x000000000000a2a2 -> 0x000000000000a2a3
[  137.262175][    C1] 
[  137.264493][    C1] Reported by Kernel Concurrency Sanitizer on:
[  137.270647][    C1] CPU: 1 UID: 0 PID: 3370 Comm: kworker/u8:7 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0
[  137.281497][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  137.291549][    C1] Workqueue: bat_events batadv_nc_worker
[  137.297190][    C1] ==================================================================