last executing test programs:

24.92379346s ago: executing program 4 (id=89):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x18)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001"], 0x44}}, 0x0)

24.387066429s ago: executing program 4 (id=96):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x1c}}, 0x0)

24.363768081s ago: executing program 4 (id=97):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x10b8}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x20081e, &(0x7f00000020c0), 0x1, 0x4ef, &(0x7f0000000a00)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
close(r5)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r6, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000200)={@broadcast, @random="156307be2ebb", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "9d0080", 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast2, @ipv4}}}}}}, 0x0)
lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10)
r9 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000400)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x18})
io_uring_enter(r9, 0x47f6, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))

24.224041684s ago: executing program 4 (id=98):
socket$kcm(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b80)={0x3c, r2, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x42}}]}, 0x3c}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ptrace(0x10, 0x1)
inotify_init1(0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f00000002c0))
mknod(&(0x7f0000000000)='./file0\x00', 0x1000, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

11.744240875s ago: executing program 4 (id=183):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00', r1}, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="180800000000000000000000000000008510000003000000180000000000000000000000000000009500000000000000ddaa000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

11.711705558s ago: executing program 4 (id=205):
socket$kcm(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b80)={0x3c, r2, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x42}}]}, 0x3c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ptrace(0x10, 0x1)
inotify_init1(0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f00000002c0))
mknod(&(0x7f0000000000)='./file0\x00', 0x1000, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

7.685851017s ago: executing program 0 (id=249):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="180800000000000000000000000000008510000003000000180000000000000000000000000000009500000000000000ddaa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

7.65306327s ago: executing program 0 (id=250):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100001, 0x5, 0x5, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340), &(0x7f0000000240), 0x20000402, r0}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, &(0x7f0000000340), &(0x7f0000000000)=""/27}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000bc0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xc}}, {@mblk_io_submit}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
setxattr$trusted_overlay_upper(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240), &(0x7f0000000880)=ANY=[], 0xff34, 0x0)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r2 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

6.763819231s ago: executing program 0 (id=257):
r0 = syz_io_uring_setup(0x4174, 0x0, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0)

6.688478348s ago: executing program 0 (id=259):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="180800000000000000000000000000008510000003000000180000000000000000000000000000009500000000000000ddaa0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

6.687829288s ago: executing program 0 (id=261):
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[@ANYBLOB="0180c200000082341801d5e308060001080006040001aaaaaaaaaabbac0414bb0180c2000000ac1414bb"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00090004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x14, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000cdfcd9dc000000000000000000001801000020646c2500000000002004007b1af8ff00000000bfa100400000000007010000f8ffffffb7020000040000000000000000000085000000100000001811000000", @ANYRES64, @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000840)=ANY=[@ANYBLOB="3800000018000100000000000000000002000000000000090000000006001500060000001400168010000380080001800500020000000000fa415cc6f0ee7ec3a40416ddefd1f63be8759173389ec33185e1f1784399a16255535f9e97d571000ef62857dac71d8c15a0762c325cac50c9c2ca039c3b07f0be854d"], 0x38}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
listen(r3, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000680)={[{@mblk_io_submit}, {@nogrpid}, {@debug}, {@lazytime}, {@abort}, {@journal_ioprio}, {@delalloc}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@test_dummy_encryption}]}, 0x3, 0x447, &(0x7f0000000a40)="$eJzs28tvG0UYAPBv7SQlfZBQlUcfQKAgyitp3Ac9cAGBxAEkJDiUY0jSquA2qAkSrSoICJUjqsSJC+KIxB8BN+CExBXuqFKFcmnhZLT2buI4dhKnTpzGv5+0zszuODPf7o49u+MNoGeNpC9JxN6I+DMihmrZ5QVGan/uLFyb/Hfh2mQSlco7/yTVcrcXrk3mRfP37ckzfRGFL5M43KTe2StXP5wol6cvZ/mxuYsfjc1eufrihYsT56fPT18qnTlz8sT4S6dLpzoSZxrX7UOfzhw5+MZ7N96aPHvj/V9/TPL4G+LokJHVNj5dqXS4uu7aV5dO+rrYENpSrHXT6K/2/6EoxtLBG4rXv+hq44BNValUKg+13jxfAXawJLrdAqA78i/69Po3X7Zo6LEt3HqldgGUxn0nW2pb+qKQlelvuL7tpJGIODv/33fpEptzHwIAYJmf0vHPC83Gf4Wovy90fzaHMhwRD0TE/og4HREHIuLBiGrZhyPikTbrb5wkWTn+KdzcUGDrlI7/Xs7mtpaP//LRXwwXs9y+avz9ybkL5enj2T45Fv270vz4KnX8/NofX7faVj/+S5e0/nwsmLXjZt+u5e+ZmpibuJuY6w1ExKG+ZvEnizMBSUQcTMttsI4Lz/1wpNW2teNfRQfmmSrfRzxTO/7z0RB/Lmk1P5nuvNKpsfuiPH18LD8rVvrt9+tvr1w7WH29q/g74NbnEbubnv+L8Q8n9fO1s+3892+fTV+v//VVy2uajZ7/A8m7y9Z9MjE3d3k8YiB5s9bo+vWlhnKlpfJp/MeONu//+2NpTxyOiPQkfjQiHouIx7O2PxERT0bE0VX2wi+vPvXBxuPfXGn8U20d/6XEQDSuaZ4oDjZUOtxO/OnxP1lNHcvWrOfzbz3tavdsBgAAgHtVISL2RlIYXUwXCqOjtd/wH4jdhfLM7Nzz52Y+vjRVe0ZgOPoL+Z2uobr7oePZZX2eLzXkT2T3jb8pDlbzo5Mz5aluBw89bk+L/p/6u9jt1gGbzvNa0Lv0f+hd+j/0Lv0feleT/t/4kz1gh2r2/f9ZF9oBbL2G/m/aD3qI63/oXRvp/z4zYGdYtS8PbF07gC01OxhrPyQvIbEiEYVt0Yy1E0lEbINm3GuJbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMb/AQAA//9QcuHY")
mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file1\x00', 0x0, 0x1820888, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x80700a, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00')
open(&(0x7f0000000080)='./file1\x00', 0x10bb42, 0x0)
pipe2(&(0x7f0000000040), 0x0)
add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)="7f16cdf6cff7e60326414c7cb716d66439e7cc4710908a11e4b62dd1d8eecd0e27ac01d6f4249d65042923b1073eb0f3f08ccee122142fefd17a647102f5b363c23dc6ec02c71dec78b96bb8cbac7e305cfcb4026037d457d46a0ba03a352a10f96a2fa0853b3d431fb37e5954ec7c01e6bfc6a6bb8ccc804a2a27e48a31fe22121522a34a5cd608dffbb23f9a77614382215d5312b95b0830e4f8ae60faa5d48ad3e188ccbfd70f8b7b87e4d6932daaee8b15dc1749e3375b6fd995bb96961d939f1f76481a8ad6dbc6a1a7", 0xcc, 0xfffffffffffffffe)
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180), 0x20028, &(0x7f0000000a40)=ANY=[])

6.574415688s ago: executing program 0 (id=265):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
r3 = socket$nl_route(0x10, 0x3, 0x0)
bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r1, 0x0, {0x0, 0x0, 0x3}}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x1}, 0x18)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

2.920102653s ago: executing program 2 (id=326):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000002fd53c1c7cbc7e900"/27, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00', r2}, 0x9)
mknod(&(0x7f0000000040)='./file0\x00', 0x8000, 0x1a)
mount$9p_rdma(&(0x7f0000000380), &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=rdma'])
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x38, 0x1403, 0x1, 0x70bd27, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_team\x00'}}]}, 0x38}}, 0x0)

2.919707623s ago: executing program 2 (id=327):
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0)

2.860038968s ago: executing program 2 (id=328):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="0000000000000000000500000000000000000300", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f0000000280)=0x9)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r9=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r9, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90)
r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x111}}, 0x20)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4000}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x0)

1.74790421s ago: executing program 2 (id=333):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1b}, 0x60)
getsockopt$nfc_llcp(r0, 0x118, 0x4, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x18, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000200)='syzkaller\x00', 0x3cd, 0x32, &(0x7f0000000240)=""/50, 0x40f00, 0x60, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f00000004c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500), 0x10, 0x802000, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks}, {@minixdf}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvndhx0uwmu+wBEOwuuwsFVXUSdzda7QGWEwK0EmKPIHVD4kZR7DiKndKEHtIzVyQqcYIjfwDnnrhzQXDjUg5I/IhADRIHoxlPUje1m6hJ7Cj+fKTRvDdv6u97Tee9+pvEL4CR9XZE7EVEMSI+i4iZ7HouO+LjzpHc92T//vLB/v3lXLTbn/4zl7Yn16LrzySuZa9ZiogffifiJ7nn4zZ3dteXarXqVlafa9U355o7uzfX6kur1dXqRqWyuLA4/+GtDyrnNta36sWs9OXHf9j7xs+Sbk1nV7rHcZ46Qy8cxUmMR8T3LyLYEIxl4ykOuyO8lHxEvB4R76TP/0yMpV9NAOAqa7dnoj3TXQcArrp8mgPL5ctZLmA68vlyuZPDeyOm8rVGs3XjTmN7Y6WTK5uNQv7OWq06n+UKZ6OQS+oLaflpvXKsfisiXouIX0xMpvXycqO2Msz/+ADACLt2bP3/z0Rn/QcArrjSsDsAAAyc9R8ARo/1HwBGj/UfAEZPZ/2fHHY3AIAB8v4fAEaP9R8ARsoPPvkkOdoH2edfr9zd2V5v3L25Um2ul+vby+XlxtZmebXRWE0/s6d+0uvVGo3Nhfdj+97sNzebrbnmzu7temN7o3U7/Vzv29VCetfeAEYGAPTz2luP/pxLVuSPJtMjuvZyKAy1Z8BFyw+7A8DQjA27A8DQ2O0LRtcZ3uNLD8AV0WOL3meUev2CULvdbl9cl4ALdv0L8v8wqrry/34KGEaM/D+MLvl/GF3tdu60e/7HaW8EAC43OX6gz/f/X8/Ov82+OfDjleN3PLzIXgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDldrj/bznbC3w68vlyOeKViJiNQu7OWq06HxGvRsSfJgoTSX1hyH0GAM4q/7dctv/X9Zn3pp9pevPaUbEYET/91ae/vLfUam39MaKY+9fE4fXWw+x6ZfC9BwBOdrhOJ+dHXW/kn+zfXz48Btmfv387Ikqd+Af7xTg4ij8e4+m5FIWImPp3Lqt35LpyF2ex9yAiPt9r/LmYTnMgnZ1Pj8dPYr8y0Pj5Z+Ln07bOOfm7+Nw59AVGzaNk/vm41/OXj7fTc+/nv5TOUGeXzX/JSy0fpHPg0/iH899Yn/nv1DHe//13O6XJ59seRHxxPOIw9kHX/HMYP9cn/nunjP+XL735Tr+29q8jrkfv+N2x5lr1zbnmzu7NtfrSanW1ulGpLC4szn9464PKXJqjnuu/Gvzjoxuv9mtLxj/VJ37phPF/9ZTj/83/PvvRV14Q/+vv9oqfjzdeED9ZE792yvhLU78r9WtL4q/0Gf9JX/8bLw77vWJWePzX3ee2DQcAhqe5s7u+VKtVtxQULn8h+Sd7CbrRs/CtQcUqRu+mn7/beaaPNbXbLxWr34xxHlk34DI4eugj4r/D7gwAAAAAAAAAAAAAANDTIH5jadhjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Or6fwAAAP//sUPPoQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107242, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x147)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x8d6c3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
pwritev2(r7, &(0x7f0000000200)=[{&(0x7f0000001b40)="a7", 0x1}], 0x1, 0x8000, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000240)={0x3920e, r2})
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
fcntl$lock(r8, 0x24, &(0x7f0000000140)={0x300, 0x1, 0xffffffffffffff7f, 0xfffffffffffffffc, 0xffffffffffffffff})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000500000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800a00010071756f7461000000100002800c0001"], 0xe0}}, 0x0)

1.361768235s ago: executing program 1 (id=341):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
socket$inet6_udp(0x4, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000181100000000000000000000000031f6c29f67fcd70d609c7cbec3b999fe17577f606f0b6cb590a7ee46cea600dcb0d7259899c81c1fde9564cc3e8f61e61e9c9e269737ab6007d2118891f97bcb1204b76fb5b9e6724cd728af670a9dcecc75", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r6}, 0x10)
getrlimit(0x8, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r4}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r7, 0x400, 0x0)
fsetxattr$trusted_overlay_redirect(r7, &(0x7f0000000040), 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00'}, 0x10)
setitimer(0x2, 0x0, 0x0)

1.361254675s ago: executing program 3 (id=342):
socket$packet(0x11, 0x2, 0x300)
r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180), 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000300)={[{0x2d, 'net_prio'}, {0x2b, 'net_prio'}, {0x2b, 'perf_event'}, {0x2b, 'memory'}, {0x2d, 'blkio'}, {0x2b, 'pids'}]}, 0x35)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
close(r3)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2010480, &(0x7f0000000040)={[{@noinit_itable}, {@data_err_abort}]}, 0x1, 0x783, &(0x7f00000016c0)="$eJzs3d9rW1UcAPDvTZt17SatIOh86pMOxtJ11k3Bh4kPIjgY6LNbSbMymzajSYctBVdE8EVQ8UHQlz37Y7756o9X/S98kI2p3XDig1RuctNmbVLbrk0H/XzgJufcc5Nzvjm5957kHpIADqzh9CYXcSwiPkoiBrP1SUTk66neiHON7e4vLxbTJYmVlTf+SOrb3FteLEbLY1JHssxTEfHj+xEnchvrrc4vTI2Xy6XZLD9Sm746Up1fOHllenyyNFmaOTM6Nnb67PNnz+xerH/9snD09sevPvvNuX/ee/Lmhz8lcS6OZmWtceyW4RjOXpN8+hI+4JXdrmyfJfvdAHYk3TV7Gnt5HIvB6KmnOujvZssAgL3ybkSsAAAHTOL8DwAHTPN7gHvLi8Xmsr/fSHTXnZcj4nAj/ub1zUZJb3bN7nD9OujAveSBKyNJRAztQv3DEfHFd299lS6xR9chAdq5vhQRl4aGNx7/kw1zFrbr1Ba2GV6Xd/yD7vk+Hf+80G78l1sd/0Sb8U9fm313J1afozHZrM3+n7u1C9V0lI7/XmqZ23a/Jf7MUE+We6w+5ssnl6+US6eWGoXHI9+X5kc3qeP43X/vdiprHf/9+cnbX6b1p/drW+Ru9fY9+JiJ8dr4jgNe585SxNO97eJPVvs/6TD+vbDFOl578YPPO5Wl8afxNpeN8e+tlRsRz7Tt/7UZbcmm8xNH6m+Hxm37Or799bOBTvW39n+6pPU3Pwusk3/4aDdK+39g8/iHktb5mtXt1/HzjcEfOpX9f/zt3/+Hkjfr6UPZunfGa7XZ0YhDyesb159ee2wz39z+ztJKNuV14/6/2fs/7YxLW4y/9/bvX+88/r2V9v/EJv2fz1Jr/b/9xM37Uz07jz/t/7F66ni2ZivHv6028CFfPgAAAAAAAAAAAAAAAAAAAAAAAADYklxEHI0kV1hN53KFQuM/vJ+IgVy5Uq2duFyZm5mI+n9lD0U+1/ypy8GW30MdzX4Pv5k/vS7/XEQ8HhGf9vXX84VipTyx38EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZIh///T/3Wt9+tAwD2zOH9bgAA0HWdzv+9XW4HANA92/v8379n7QAAusf3/wBw8Dj/A8DB4/wPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAHrtw/ny6rPy9vFhM8xPX5uemKtdOTpSqU4XpuWKhWJm9WpisVCbLpUKxMt3xia437sqVytWxmJmLqJWqtZHq/MLF6crcTO3ilenxydLFUr5rkQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA1lXnF6bGy+XSrMRBT/TFI9EMiUcj0XqU6N+/AxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+6/AAAA//9hYCiJ")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
fallocate(r4, 0x10, 0x0, 0x2c2)
fsetxattr(r2, &(0x7f0000000380)=@random={'trusted.', 'cpu'}, &(0x7f00000003c0)='[{(\xd4$m\'%\xac\x00', 0xa, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)

1.081621661s ago: executing program 1 (id=343):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='ext4_unlink_enter\x00', r0}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000001040)={'filter\x00', 0x4, 0x4, 0x3f8, 0x0, 0x110, 0x0, 0x310, 0x310, 0x310, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@broadcast, @multicast1, @multicast2, 0x2, 0x1}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x448)

1.054469883s ago: executing program 1 (id=344):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004e8100000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)

987.392069ms ago: executing program 1 (id=345):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
iopl(0x3)

874.43493ms ago: executing program 1 (id=346):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100001, 0x5, 0x5, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340), &(0x7f0000000240), 0x20000402, r0}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, &(0x7f0000000340), &(0x7f0000000000)=""/27}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000bc0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xc}}, {@mblk_io_submit}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
setxattr$trusted_overlay_upper(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240), &(0x7f0000000880)=ANY=[], 0xff34, 0x0)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r2 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

824.623964ms ago: executing program 3 (id=347):
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004e8100000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[], 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000040003"], 0xa8}}, 0x0)

368.400056ms ago: executing program 3 (id=348):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)

347.945788ms ago: executing program 3 (id=349):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
socket$inet6_udp(0x4, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000181100000000000000000000000031f6c29f67fcd70d609c7cbec3b999fe17577f606f0b6cb590a7ee46cea600dcb0d7259899c81c1fde9564cc3e8f61e61e9c9e269737ab6007d2118891f97bcb1204b76fb5b9e6724cd728af670a9dcecc75", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r5}, 0x10)
getrlimit(0x8, &(0x7f0000000000))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000040), 0x0, 0x0, 0x0)

249.671297ms ago: executing program 3 (id=350):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x34, &(0x7f00000006c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8b6}, {}, {}, [@map_idx, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x4, 0x0, 0x9, 0x9, 0xa, 0x1, 0x78b9e9c841ab1b2c}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_fd={0x18, 0x6, 0x1, 0x0, r1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @call={0x85, 0x0, 0x0, 0x13}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
unshare(0x2a020480)
socket$inet_dccp(0x2, 0x6, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000008100008000000eedff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@user_xattr}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD")
quotactl$Q_SETQUOTA(0xffffffff80000900, &(0x7f0000000c80)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

131.089328ms ago: executing program 1 (id=351):
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712e"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc0009001e0006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r5=>0x0})
socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

106.99756ms ago: executing program 2 (id=352):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0], 0x20)

49.139286ms ago: executing program 3 (id=353):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@multicast1, 0x0, 0x0, 0x8000, 0xffff, 0x2}, {0x0, 0x58c, 0x0, 0x3}, {0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x1, 0x20, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0xc6}]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='attr/keycreate\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x4174, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=354):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)='.', 0x1}], 0x1}}], 0x1, 0x4048841)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18030000fffffffb000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000d000000b7020000000080008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000001200)='signal_generate\x00', r2}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x44, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x7}, @IFLA_GENEVE_TTL_INHERIT={0x5}]}}}]}, 0x44}}, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
r7 = syz_io_uring_setup(0x1114, &(0x7f0000000300), &(0x7f0000000140)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0})
io_uring_enter(r7, 0x47fa, 0x9bbe, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1800000025000100000000000000000003"], 0x18}], 0x1}, 0x40)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="54010000", @ANYRES16=r11, @ANYBLOB="01002bbd7000fbdbdf250f000000e40001800f000100000001000000000063300000380004001400010002004e21ac1414bb0000000000000000200002000a004e2400000006fc0100000000000000000000000000000100000014000280080004000700000008000300060000002c0004001400010002004e20ac14143300000000000000001400020002004e24e000000100000000000000000d0001007564703a73797a30000000001c0400000000000000000080080001001e000000080002000200000008000300010000802400028008000300ff7f00000800187902000000080003000600000008000200ffffff7f2c000380080003008000000008000300e17f0000080001000008000008000200790f000008000100ff0000003000078008000100080000000c0004006e000000000000000c0003"], 0x154}}, 0x0)

kernel console output (not intermixed with test programs):

mended to keep mac addresses unique to avoid problems!
[   30.713545][ T3415] syz.1.9[3415] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   30.724531][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   30.724552][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   30.728870][   T29] audit: type=1400 audit(1726844640.039:163): avc:  denied  { create } for  pid=3412 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   30.747795][ T3270] batman_adv: batadv0: Interface activated: batadv_slave_1
[   30.755897][   T29] audit: type=1400 audit(1726844640.039:164): avc:  denied  { setopt } for  pid=3412 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   30.756629][   T29] audit: type=1400 audit(1726844640.069:165): avc:  denied  { open } for  pid=3416 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   30.830053][   T29] audit: type=1400 audit(1726844640.069:166): avc:  denied  { kernel } for  pid=3416 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   30.851398][ T3419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   30.860857][   T29] audit: type=1400 audit(1726844640.179:167): avc:  denied  { ioctl } for  pid=3416 comm="syz.0.1" path="/dev/raw-gadget" dev="devtmpfs" ino=118 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   30.861825][ T3266] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   30.894216][ T3266] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   30.903023][ T3266] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   30.911866][ T3266] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   30.920674][ T3419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   30.933612][ T3270] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   30.942471][ T3270] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   30.944367][   T29] audit: type=1400 audit(1726844640.259:168): avc:  denied  { create } for  pid=3412 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   30.951528][ T3270] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   30.970424][   T29] audit: type=1400 audit(1726844640.259:169): avc:  denied  { write } for  pid=3412 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   30.970453][   T29] audit: type=1400 audit(1726844640.259:170): avc:  denied  { mounton } for  pid=3412 comm="syz.1.9" path="/4/file0" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   31.020645][ T3270] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.073194][ T3423] netlink: 'syz.2.10': attribute type 4 has an invalid length.
[   31.085631][ T3423] FAULT_INJECTION: forcing a failure.
[   31.085631][ T3423] name failslab, interval 1, probability 0, space 0, times 1
[   31.098383][ T3423] CPU: 0 UID: 0 PID: 3423 Comm: syz.2.10 Not tainted 6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   31.108576][ T3423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   31.118656][ T3423] Call Trace:
[   31.121951][ T3423]  <TASK>
[   31.124902][ T3423]  dump_stack_lvl+0xf2/0x150
[   31.129577][ T3423]  dump_stack+0x15/0x20
[   31.133768][ T3423]  should_fail_ex+0x229/0x230
[   31.138466][ T3423]  ? __alloc_skb+0x10b/0x310
[   31.143089][ T3423]  should_failslab+0x8f/0xb0
[   31.147712][ T3423]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[   31.153554][ T3423]  __alloc_skb+0x10b/0x310
[   31.154014][ T3427] loop1: detected capacity change from 0 to 512
[   31.158073][ T3423]  netlink_alloc_large_skb+0xad/0xe0
[   31.169701][ T3423]  netlink_sendmsg+0x3b4/0x6e0
[   31.174561][ T3423]  ? __pfx_netlink_sendmsg+0x10/0x10
[   31.179956][ T3423]  __sock_sendmsg+0x140/0x180
[   31.184703][ T3423]  sock_write_iter+0x15e/0x1a0
[   31.189536][ T3423]  do_iter_readv_writev+0x3a5/0x460
[   31.194810][ T3423]  vfs_writev+0x2d4/0x880
[   31.199240][ T3423]  do_writev+0xf8/0x220
[   31.203546][ T3423]  __x64_sys_writev+0x45/0x50
[   31.208331][ T3423]  x64_sys_call+0x1f18/0x2d60
[   31.213026][ T3423]  do_syscall_64+0xc9/0x1c0
[   31.217536][ T3423]  ? clear_bhb_loop+0x55/0xb0
[   31.222303][ T3423]  ? clear_bhb_loop+0x55/0xb0
[   31.226994][ T3423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   31.232900][ T3423] RIP: 0033:0x7fd08649def9
[   31.237366][ T3423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   31.257034][ T3423] RSP: 002b:00007fd085111038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   31.265542][ T3423] RAX: ffffffffffffffda RBX: 00007fd086655f80 RCX: 00007fd08649def9
[   31.273532][ T3423] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: 0000000000000004
[   31.281510][ T3423] RBP: 00007fd085111090 R08: 0000000000000000 R09: 0000000000000000
[   31.289488][ T3423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   31.297463][ T3423] R13: 0000000000000000 R14: 00007fd086655f80 R15: 00007ffc322227d8
[   31.305444][ T3423]  </TASK>
[   31.340960][ T3429] loop4: detected capacity change from 0 to 512
[   31.366530][ T3427] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.381059][ T3427] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   31.393718][ T3429] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.406508][ T3429] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   31.421400][ T3427] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm user_xattr: Failed to acquire dquot type 0
[   31.445253][ T3429] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.457139][ T3427] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.490910][ T3442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   31.506805][ T3442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   31.529178][ T3447] loop3: detected capacity change from 0 to 164
[   31.544280][ T3447] Unable to read rock-ridge attributes
[   31.551558][ T3448] loop4: detected capacity change from 0 to 512
[   31.565939][ T3448] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.579784][ T3448] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   31.591848][ T3452] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18'.
[   31.592867][ T3448] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm user_xattr: Failed to acquire dquot type 0
[   31.617123][ T3452] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   31.628743][ T3448] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.629696][ T3456] netlink: 'syz.3.19': attribute type 21 has an invalid length.
[   31.645629][ T3456] netlink: 132 bytes leftover after parsing attributes in process `syz.3.19'.
[   31.677254][ T3456] loop3: detected capacity change from 0 to 2048
[   31.696546][ T3456] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   31.865138][ T3468] loop0: detected capacity change from 0 to 164
[   31.876972][ T3468] Unable to read rock-ridge attributes
[   31.933762][ T3466] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   31.949428][ T3466] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   31.962034][ T3466] EXT4-fs (loop3): This should not happen!! Data will be lost
[   31.962034][ T3466] 
[   31.971813][ T3466] EXT4-fs (loop3): Total free blocks count 0
[   31.977884][ T3466] EXT4-fs (loop3): Free/Dirty block details
[   31.983794][ T3466] EXT4-fs (loop3): free_blocks=2415919104
[   31.989619][ T3466] EXT4-fs (loop3): dirty_blocks=8192
[   31.994938][ T3466] EXT4-fs (loop3): Block reservation details
[   32.000940][ T3466] EXT4-fs (loop3): i_reserved_data_blocks=512
[   32.025152][ T3466] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   32.062681][ T3466] syz.3.19 (3466) used greatest stack depth: 10680 bytes left
[   32.207735][ T3477] loop0: detected capacity change from 0 to 512
[   32.222192][ T3481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23'.
[   32.244320][ T3481] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   32.266619][ T3477] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.280005][ T3477] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.293453][ T3477] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm user_xattr: Failed to acquire dquot type 0
[   32.307836][ T3477] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.402655][ T3499] loop0: detected capacity change from 0 to 128
[   32.438078][ T3499] syz.0.33 uses obsolete (PF_INET,SOCK_PACKET)
[   32.828071][ T3507] FAULT_INJECTION: forcing a failure.
[   32.828071][ T3507] name failslab, interval 1, probability 0, space 0, times 0
[   32.841007][ T3507] CPU: 0 UID: 0 PID: 3507 Comm: syz.2.36 Not tainted 6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   32.851207][ T3507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   32.861262][ T3507] Call Trace:
[   32.864550][ T3507]  <TASK>
[   32.867489][ T3507]  dump_stack_lvl+0xf2/0x150
[   32.872108][ T3507]  dump_stack+0x15/0x20
[   32.876276][ T3507]  should_fail_ex+0x229/0x230
[   32.880962][ T3507]  ? getname_flags+0x81/0x3b0
[   32.885660][ T3507]  should_failslab+0x8f/0xb0
[   32.890302][ T3507]  kmem_cache_alloc_noprof+0x4c/0x290
[   32.895693][ T3507]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   32.901476][ T3507]  getname_flags+0x81/0x3b0
[   32.906028][ T3507]  user_path_at+0x26/0x110
[   32.910452][ T3507]  __se_sys_utimes+0xc6/0x210
[   32.915155][ T3507]  __x64_sys_utimes+0x31/0x40
[   32.919896][ T3507]  x64_sys_call+0x25c1/0x2d60
[   32.924581][ T3507]  do_syscall_64+0xc9/0x1c0
[   32.929151][ T3507]  ? clear_bhb_loop+0x55/0xb0
[   32.933867][ T3507]  ? clear_bhb_loop+0x55/0xb0
[   32.938578][ T3507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   32.944503][ T3507] RIP: 0033:0x7fd08649def9
[   32.949194][ T3507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   32.968928][ T3507] RSP: 002b:00007fd085111038 EFLAGS: 00000246 ORIG_RAX: 00000000000000eb
[   32.977446][ T3507] RAX: ffffffffffffffda RBX: 00007fd086655f80 RCX: 00007fd08649def9
[   32.985451][ T3507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[   32.993513][ T3507] RBP: 00007fd085111090 R08: 0000000000000000 R09: 0000000000000000
[   33.001486][ T3507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   33.009584][ T3507] R13: 0000000000000000 R14: 00007fd086655f80 R15: 00007ffc322227d8
[   33.017564][ T3507]  </TASK>
[   33.208234][ T3481] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.609608][ T3452] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.630375][ T3521] syz.4.41[3521] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   33.630509][ T3521] syz.4.41[3521] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   33.643475][ T3481] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.797784][ T3481] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.935682][ T3481] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   33.967941][ T3452] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   34.018116][ T3481] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.047838][ T3481] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.105749][ T3481] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.127293][ T3452] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   34.252980][ T3452] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.287575][ T3452] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.345765][ T3452] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.387610][ T3452] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   36.988181][   T29] kauditd_printk_skb: 402 callbacks suppressed
[   36.988205][   T29] audit: type=1400 audit(1726844646.319:567): avc:  denied  { cpu } for  pid=3529 comm="syz.2.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   37.016091][   T29] audit: type=1400 audit(1726844646.349:568): avc:  denied  { read } for  pid=3529 comm="syz.2.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   37.037302][ T3531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   37.045973][ T3531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   37.122288][   T29] audit: type=1400 audit(1726844646.449:569): avc:  denied  { read } for  pid=3536 comm="syz.2.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   37.142652][ T3527] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   37.187621][   T29] audit: type=1326 audit(1726844646.519:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.211522][   T29] audit: type=1326 audit(1726844646.519:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.234873][   T29] audit: type=1326 audit(1726844646.519:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.258184][   T29] audit: type=1326 audit(1726844646.519:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.281194][   T29] audit: type=1326 audit(1726844646.519:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.304446][   T29] audit: type=1326 audit(1726844646.519:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.327564][   T29] audit: type=1326 audit(1726844646.519:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3539 comm="syz.2.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08649def9 code=0x7ffc0000
[   37.602374][ T3546] netlink: 4 bytes leftover after parsing attributes in process `syz.4.52'.
[   37.615569][ T3546] loop4: detected capacity change from 0 to 512
[   37.622202][ T3546] EXT4-fs: Ignoring removed mblk_io_submit option
[   37.629194][ T3546] EXT4-fs: test_dummy_encryption option not supported
[   38.055389][ T3552] loop2: detected capacity change from 0 to 2048
[   38.077651][ T3552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.095933][ T3552] Zero length message leads to an empty skb
[   38.130942][ T3559] loop0: detected capacity change from 0 to 164
[   38.138748][ T3559] Unable to read rock-ridge attributes
[   38.146627][ T3559] Unable to read rock-ridge attributes
[   38.152492][ T3559] iso9660: Corrupted directory entry in block 4 of inode 1792
[   38.168026][ T3552] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   38.183564][ T3552] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   38.195921][ T3552] EXT4-fs (loop2): This should not happen!! Data will be lost
[   38.195921][ T3552] 
[   38.205611][ T3552] EXT4-fs (loop2): Total free blocks count 0
[   38.211745][ T3552] EXT4-fs (loop2): Free/Dirty block details
[   38.217709][ T3552] EXT4-fs (loop2): free_blocks=2415919104
[   38.223474][ T3552] EXT4-fs (loop2): dirty_blocks=32
[   38.228940][ T3552] EXT4-fs (loop2): Block reservation details
[   38.234987][ T3552] EXT4-fs (loop2): i_reserved_data_blocks=2
[   38.254949][ T3552] syz.2.55 (3552) used greatest stack depth: 10184 bytes left
[   38.264361][ T2382] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[   38.292822][ T3567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.60'.
[   38.304910][ T3567] loop2: detected capacity change from 0 to 512
[   38.311480][ T3567] EXT4-fs: Ignoring removed mblk_io_submit option
[   38.318410][ T3567] EXT4-fs: test_dummy_encryption option not supported
[   38.372687][ T3571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   38.381651][ T3571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   38.523008][ T3573] netlink: 'syz.4.63': attribute type 21 has an invalid length.
[   38.530774][ T3573] netlink: 132 bytes leftover after parsing attributes in process `syz.4.63'.
[   38.547684][ T3573] loop4: detected capacity change from 0 to 2048
[   38.566084][ T3573] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.741470][ T3578] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   38.756631][ T3578] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   38.769230][ T3578] EXT4-fs (loop4): This should not happen!! Data will be lost
[   38.769230][ T3578] 
[   38.778915][ T3578] EXT4-fs (loop4): Total free blocks count 0
[   38.784961][ T3578] EXT4-fs (loop4): Free/Dirty block details
[   38.790855][ T3578] EXT4-fs (loop4): free_blocks=2415919104
[   38.796665][ T3578] EXT4-fs (loop4): dirty_blocks=8192
[   38.801998][ T3578] EXT4-fs (loop4): Block reservation details
[   38.808142][ T3578] EXT4-fs (loop4): i_reserved_data_blocks=512
[   38.825714][ T3578] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   38.939676][ T3585] netlink: 'syz.2.66': attribute type 21 has an invalid length.
[   38.949651][ T3585] netlink: 132 bytes leftover after parsing attributes in process `syz.2.66'.
[   38.967376][ T3585] loop2: detected capacity change from 0 to 2048
[   38.985584][ T3585] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.084843][ T3590] loop0: detected capacity change from 0 to 2048
[   39.105812][ T3590] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.121084][ T3590] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   39.137153][ T3590] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28
[   39.149550][ T3590] EXT4-fs (loop0): This should not happen!! Data will be lost
[   39.149550][ T3590] 
[   39.159256][ T3590] EXT4-fs (loop0): Total free blocks count 0
[   39.165321][ T3590] EXT4-fs (loop0): Free/Dirty block details
[   39.171314][ T3590] EXT4-fs (loop0): free_blocks=2415919104
[   39.177069][ T3590] EXT4-fs (loop0): dirty_blocks=16
[   39.182192][ T3590] EXT4-fs (loop0): Block reservation details
[   39.188268][ T3590] EXT4-fs (loop0): i_reserved_data_blocks=1
[   39.201749][ T3590] syz.0.67 (3590) used greatest stack depth: 9768 bytes left
[   39.204196][ T3591] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   39.226676][ T3267] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.235785][ T3591] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   39.235814][ T3591] EXT4-fs (loop2): This should not happen!! Data will be lost
[   39.235814][ T3591] 
[   39.235827][ T3591] EXT4-fs (loop2): Total free blocks count 0
[   39.264052][ T3591] EXT4-fs (loop2): Free/Dirty block details
[   39.270103][ T3591] EXT4-fs (loop2): free_blocks=2415919104
[   39.275870][ T3591] EXT4-fs (loop2): dirty_blocks=8192
[   39.281202][ T3591] EXT4-fs (loop2): Block reservation details
[   39.287239][ T3591] EXT4-fs (loop2): i_reserved_data_blocks=512
[   39.290747][ T3597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'.
[   39.311143][ T3591] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   39.319305][ T3597] bond1: entered promiscuous mode
[   39.329033][ T3597] bond1: entered allmulticast mode
[   39.334546][ T3597] 8021q: adding VLAN 0 to HW filter on device bond1
[   39.460128][ T3602] loop2: detected capacity change from 0 to 164
[   39.468238][ T3602] Unable to read rock-ridge attributes
[   39.477854][ T3602] Unable to read rock-ridge attributes
[   39.483518][ T3602] iso9660: Corrupted directory entry in block 4 of inode 1792
[   39.570743][ T3612] netlink: 'syz.2.74': attribute type 21 has an invalid length.
[   39.578710][ T3612] netlink: 132 bytes leftover after parsing attributes in process `syz.2.74'.
[   39.595320][ T3612] loop2: detected capacity change from 0 to 2048
[   39.617062][ T3612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.800326][ T3616] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   39.817762][ T3616] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   39.830310][ T3616] EXT4-fs (loop2): This should not happen!! Data will be lost
[   39.830310][ T3616] 
[   39.840012][ T3616] EXT4-fs (loop2): Total free blocks count 0
[   39.846054][ T3616] EXT4-fs (loop2): Free/Dirty block details
[   39.851990][ T3616] EXT4-fs (loop2): free_blocks=2415919104
[   39.857850][ T3616] EXT4-fs (loop2): dirty_blocks=8192
[   39.863276][ T3616] EXT4-fs (loop2): Block reservation details
[   39.869437][ T3616] EXT4-fs (loop2): i_reserved_data_blocks=512
[   39.885187][ T3627] loop0: detected capacity change from 0 to 128
[   39.890038][ T3616] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   39.900641][ T3627] FAULT_INJECTION: forcing a failure.
[   39.900641][ T3627] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   39.917466][ T3627] CPU: 0 UID: 0 PID: 3627 Comm: syz.0.79 Not tainted 6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   39.927742][ T3627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   39.937801][ T3627] Call Trace:
[   39.941084][ T3627]  <TASK>
[   39.944035][ T3627]  dump_stack_lvl+0xf2/0x150
[   39.948659][ T3627]  dump_stack+0x15/0x20
[   39.952863][ T3627]  should_fail_ex+0x229/0x230
[   39.957591][ T3627]  should_fail_alloc_page+0xfd/0x110
[   39.963067][ T3627]  __alloc_pages_noprof+0x109/0x360
[   39.968289][ T3627]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   39.973667][ T3627]  folio_alloc_noprof+0xee/0x130
[   39.978636][ T3627]  filemap_alloc_folio_noprof+0x69/0x220
[   39.984326][ T3627]  __filemap_get_folio+0x298/0x5b0
[   39.989522][ T3627]  ? folio_memcg_unlock+0xa7/0xc0
[   39.994574][ T3627]  cont_write_begin+0x512/0x860
[   39.999503][ T3627]  fat_write_begin+0x51/0xe0
[   40.004159][ T3627]  ? __pfx_fat_get_block+0x10/0x10
[   40.009278][ T3627]  generic_perform_write+0x1a8/0x4a0
[   40.014652][ T3627]  __generic_file_write_iter+0xa1/0x120
[   40.020273][ T3627]  generic_file_write_iter+0x77/0x1c0
[   40.025657][ T3627]  vfs_write+0x76a/0x910
[   40.029900][ T3627]  ? __pfx_generic_file_write_iter+0x10/0x10
[   40.035928][ T3627]  ksys_write+0xeb/0x1b0
[   40.040213][ T3627]  __x64_sys_write+0x42/0x50
[   40.044805][ T3627]  x64_sys_call+0x27dd/0x2d60
[   40.049513][ T3627]  do_syscall_64+0xc9/0x1c0
[   40.054012][ T3627]  ? clear_bhb_loop+0x55/0xb0
[   40.058741][ T3627]  ? clear_bhb_loop+0x55/0xb0
[   40.063486][ T3627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.069388][ T3627] RIP: 0033:0x7fbefcdcdef9
[   40.073796][ T3627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.093432][ T3627] RSP: 002b:00007fbefba47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   40.101844][ T3627] RAX: ffffffffffffffda RBX: 00007fbefcf85f80 RCX: 00007fbefcdcdef9
[   40.109814][ T3627] RDX: 000000000208e24b RSI: 0000000020000000 RDI: 0000000000000005
[   40.117902][ T3627] RBP: 00007fbefba47090 R08: 0000000000000000 R09: 0000000000000000
[   40.125869][ T3627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.133837][ T3627] R13: 0000000000000000 R14: 00007fbefcf85f80 R15: 00007ffd1c1b2448
[   40.141852][ T3627]  </TASK>
[   40.832776][ T3651] netlink: 8 bytes leftover after parsing attributes in process `syz.4.89'.
[   40.847357][ T3651] bond1: entered promiscuous mode
[   40.852558][ T3651] bond1: entered allmulticast mode
[   40.858109][ T3651] 8021q: adding VLAN 0 to HW filter on device bond1
[   41.171137][ T3660] hub 9-0:1.0: USB hub found
[   41.176963][ T3660] hub 9-0:1.0: 8 ports detected
[   41.187475][ T3660] netlink: 16 bytes leftover after parsing attributes in process `syz.0.93'.
[   41.310304][ T3668] loop0: detected capacity change from 0 to 512
[   41.318107][ T3668] EXT4-fs: Ignoring removed mblk_io_submit option
[   41.330230][ T3668] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.95: corrupted in-inode xattr: invalid ea_ino
[   41.344953][ T3668] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.95: couldn't read orphan inode 15 (err -117)
[   41.358335][ T3668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.378620][ T3668] EXT4-fs error (device loop0): ext4_find_dest_de:2067: inode #2: block 13: comm syz.0.95: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[   41.428669][ T3673] loop4: detected capacity change from 0 to 512
[   41.446925][ T3673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.460352][ T3673] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.520548][ T3266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.554387][ T3678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.98'.
[   41.565994][ T3267] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.579956][ T3678] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.636932][ T3678] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.667148][ T3688] FAULT_INJECTION: forcing a failure.
[   41.667148][ T3688] name failslab, interval 1, probability 0, space 0, times 0
[   41.679897][ T3688] CPU: 0 UID: 0 PID: 3688 Comm: syz.0.101 Not tainted 6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   41.690382][ T3688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   41.700469][ T3688] Call Trace:
[   41.703764][ T3688]  <TASK>
[   41.706714][ T3688]  dump_stack_lvl+0xf2/0x150
[   41.711474][ T3688]  dump_stack+0x15/0x20
[   41.715744][ T3688]  should_fail_ex+0x229/0x230
[   41.720451][ T3688]  ? __alloc_skb+0x10b/0x310
[   41.725172][ T3688]  should_failslab+0x8f/0xb0
[   41.729796][ T3688]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[   41.735635][ T3688]  __alloc_skb+0x10b/0x310
[   41.740163][ T3688]  audit_log_start+0x368/0x6b0
[   41.744967][ T3688]  audit_seccomp+0x4b/0x130
[   41.749551][ T3688]  __seccomp_filter+0x6fa/0x1180
[   41.754563][ T3688]  ? proc_fail_nth_write+0x12a/0x150
[   41.759929][ T3688]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   41.765652][ T3688]  ? vfs_write+0x580/0x910
[   41.770198][ T3688]  __secure_computing+0x9f/0x1c0
[   41.775171][ T3688]  syscall_trace_enter+0xd1/0x1f0
[   41.780230][ T3688]  do_syscall_64+0xaa/0x1c0
[   41.784754][ T3688]  ? clear_bhb_loop+0x55/0xb0
[   41.789456][ T3688]  ? clear_bhb_loop+0x55/0xb0
[   41.792813][ T3681] chnl_net:caif_netlink_parms(): no params data found
[   41.794213][ T3688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.806899][ T3688] RIP: 0033:0x7fbefcdcdef9
[   41.811425][ T3688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.831102][ T3688] RSP: 002b:00007fbefba47038 EFLAGS: 00000246 ORIG_RAX: 000000000000014d
[   41.839707][ T3688] RAX: ffffffffffffffda RBX: 00007fbefcf85f80 RCX: 00007fbefcdcdef9
[   41.847701][ T3688] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000
[   41.855677][ T3688] RBP: 00007fbefba47090 R08: 0000000000000000 R09: 0000000000000000
[   41.863738][ T3688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.871730][ T3688] R13: 0000000000000000 R14: 00007fbefcf85f80 R15: 00007ffd1c1b2448
[   41.879741][ T3688]  </TASK>
[   41.898277][ T3678] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.924174][ T3681] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.931537][ T3681] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.939134][ T3681] bridge_slave_0: entered allmulticast mode
[   41.945619][ T3681] bridge_slave_0: entered promiscuous mode
[   41.955202][ T3678] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.966630][ T3681] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.973688][ T3681] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.980895][ T3681] bridge_slave_1: entered allmulticast mode
[   41.987480][ T3681] bridge_slave_1: entered promiscuous mode
[   41.995198][ T2382] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.999203][   T29] kauditd_printk_skb: 989 callbacks suppressed
[   41.999247][   T29] audit: type=1326 audit(1726844651.329:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbefcdc4ea7 code=0x7ffc0000
[   42.035151][   T29] audit: type=1326 audit(1726844651.339:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbefcd69879 code=0x7ffc0000
[   42.058625][   T29] audit: type=1326 audit(1726844651.339:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   42.082245][   T29] audit: type=1326 audit(1726844651.339:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbefcdc4ea7 code=0x7ffc0000
[   42.082310][   T29] audit: type=1326 audit(1726844651.339:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbefcd69879 code=0x7ffc0000
[   42.082344][   T29] audit: type=1326 audit(1726844651.339:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   42.082494][   T29] audit: type=1326 audit(1726844651.339:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbefcdc4ea7 code=0x7ffc0000
[   42.082528][   T29] audit: type=1326 audit(1726844651.339:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbefcd69879 code=0x7ffc0000
[   42.082560][   T29] audit: type=1326 audit(1726844651.339:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   42.082774][   T29] audit: type=1326 audit(1726844651.339:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.0.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbefcdc4ea7 code=0x7ffc0000
[   42.095520][ T3678] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.270734][ T2382] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.289604][ T3678] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   42.299831][ T3681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   42.319917][ T3713] loop2: detected capacity change from 0 to 164
[   42.327219][ T3713] Unable to read rock-ridge attributes
[   42.334086][ T3713] Unable to read rock-ridge attributes
[   42.340266][ T3713] iso9660: Corrupted directory entry in block 4 of inode 1792
[   42.350462][ T3678] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   42.362275][ T3681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   42.373627][ T2382] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.392738][ T3678] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   42.424412][ T3719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   42.425104][ T2382] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.444246][ T3719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   42.460172][ T3681] team0: Port device team_slave_0 added
[   42.467374][ T3681] team0: Port device team_slave_1 added
[   42.487338][ T3681] batman_adv: batadv0: Adding interface: batadv_slave_0
[   42.496489][ T3681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.523286][ T3681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   42.537363][ T3681] batman_adv: batadv0: Adding interface: batadv_slave_1
[   42.544430][ T3681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.570476][ T3681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   42.608554][ T3681] hsr_slave_0: entered promiscuous mode
[   42.615219][ T3681] hsr_slave_1: entered promiscuous mode
[   42.621164][ T3681] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   42.628833][ T3681] Cannot create hsr debugfs directory
[   42.667818][ T2382] bridge_slave_1: left allmulticast mode
[   42.673517][ T2382] bridge_slave_1: left promiscuous mode
[   42.679338][ T2382] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.687186][ T2382] bridge_slave_0: left allmulticast mode
[   42.692850][ T2382] bridge_slave_0: left promiscuous mode
[   42.698671][ T2382] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.788411][ T2382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   42.798683][ T2382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   42.809154][ T2382] bond0 (unregistering): Released all slaves
[   42.877968][ T2382] hsr_slave_0: left promiscuous mode
[   42.883773][ T2382] hsr_slave_1: left promiscuous mode
[   42.889610][ T2382] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   42.897110][ T2382] batman_adv: batadv0: Removing interface: batadv_slave_0
[   42.904779][ T2382] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   42.912235][ T2382] batman_adv: batadv0: Removing interface: batadv_slave_1
[   42.921154][ T2382] veth1_macvtap: left promiscuous mode
[   42.926776][ T2382] veth0_macvtap: left promiscuous mode
[   42.932437][ T2382] veth1_vlan: left promiscuous mode
[   42.937785][ T2382] veth0_vlan: left promiscuous mode
[   43.035883][ T2382] team0 (unregistering): Port device team_slave_1 removed
[   43.046508][ T2382] team0 (unregistering): Port device team_slave_0 removed
[   43.098133][ T3730] IPv6: Can't replace route, no match found
[   43.104108][ T3731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.111'.
[   43.113049][ T3731] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   43.120505][ T3731] batman_adv: batadv0: Removing interface: batadv_slave_0
[   43.128133][ T3731] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   43.136935][ T3731] batman_adv: batadv0: Removing interface: batadv_slave_1
[   43.180576][ T3707] chnl_net:caif_netlink_parms(): no params data found
[   43.245497][ T3746] loop2: detected capacity change from 0 to 128
[   43.287319][ T3707] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.294470][ T3707] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.302964][ T3707] bridge_slave_0: entered allmulticast mode
[   43.323394][ T3707] bridge_slave_0: entered promiscuous mode
[   43.334108][ T3707] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.341281][ T3707] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.349715][ T3707] bridge_slave_1: entered allmulticast mode
[   43.356764][ T3707] bridge_slave_1: entered promiscuous mode
[   43.367998][ T3756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.114'.
[   43.390336][ T3756] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.408541][ T3707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   43.423903][ T3707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   43.456723][ T3707] team0: Port device team_slave_0 added
[   43.471047][ T3756] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.483679][ T3707] team0: Port device team_slave_1 added
[   43.489677][ T3681] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   43.500810][ T3681] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   43.522391][ T3756] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.533869][ T3681] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   43.544512][ T3707] batman_adv: batadv0: Adding interface: batadv_slave_0
[   43.551473][ T3707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.577535][ T3707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   43.590574][ T3681] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   43.603314][ T3756] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.625873][ T2382] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.645626][ T3707] batman_adv: batadv0: Adding interface: batadv_slave_1
[   43.652599][ T3707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.676137][ T3775] loop0: detected capacity change from 0 to 164
[   43.678685][ T3707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   43.699222][ T3775] Unable to read rock-ridge attributes
[   43.712554][ T3775] Unable to read rock-ridge attributes
[   43.718613][ T3775] iso9660: Corrupted directory entry in block 4 of inode 1792
[   43.729194][ T3707] hsr_slave_0: entered promiscuous mode
[   43.735803][ T3707] hsr_slave_1: entered promiscuous mode
[   43.758785][ T3756] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.768822][ T2382] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.789337][ T3756] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.800808][ T3756] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.821489][ T3756] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.832210][ T2382] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.869508][ T2382] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.893808][ T3681] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.911746][ T3681] 8021q: adding VLAN 0 to HW filter on device team0
[   43.922424][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.929566][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.941588][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.948675][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.975157][ T2382] bridge_slave_1: left allmulticast mode
[   43.980928][ T2382] bridge_slave_1: left promiscuous mode
[   43.986640][ T2382] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.995335][ T2382] bridge_slave_0: left allmulticast mode
[   44.001049][ T2382] bridge_slave_0: left promiscuous mode
[   44.006981][ T2382] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.117578][ T2382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   44.128511][ T2382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   44.139178][ T2382] bond0 (unregistering): Released all slaves
[   44.168742][ T3681] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   44.179290][ T3681] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   44.203273][ T2382] hsr_slave_0: left promiscuous mode
[   44.210461][ T2382] hsr_slave_1: left promiscuous mode
[   44.216661][ T2382] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   44.224112][ T2382] batman_adv: batadv0: Removing interface: batadv_slave_0
[   44.232597][ T2382] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   44.240163][ T2382] batman_adv: batadv0: Removing interface: batadv_slave_1
[   44.249774][ T2382] veth1_macvtap: left promiscuous mode
[   44.255400][ T2382] veth0_macvtap: left promiscuous mode
[   44.260926][ T2382] veth1_vlan: left promiscuous mode
[   44.266384][ T2382] veth0_vlan: left promiscuous mode
[   44.365312][ T2382] team0 (unregistering): Port device team_slave_1 removed
[   44.375759][ T2382] team0 (unregistering): Port device team_slave_0 removed
[   44.477989][ T3681] 8021q: adding VLAN 0 to HW filter on device batadv0
[   44.572949][ T3681] veth0_vlan: entered promiscuous mode
[   44.583681][ T3681] veth1_vlan: entered promiscuous mode
[   44.602126][ T3681] veth0_macvtap: entered promiscuous mode
[   44.610754][ T3681] veth1_macvtap: entered promiscuous mode
[   44.629339][ T3820] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   44.635371][ T3681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   44.651612][ T3681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   44.668742][ T3681] batman_adv: batadv0: Interface activated: batadv_slave_0
[   44.682687][ T3681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   44.693175][ T3681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   44.703030][ T3681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   44.713643][ T3681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   44.732932][ T3681] batman_adv: batadv0: Interface activated: batadv_slave_1
[   44.752844][ T3826] netlink: 'syz.0.119': attribute type 10 has an invalid length.
[   44.760780][ T3826] netlink: 40 bytes leftover after parsing attributes in process `syz.0.119'.
[   44.771830][ T3826] bridge0: port 3(ipvlan0) entered blocking state
[   44.778526][ T3826] bridge0: port 3(ipvlan0) entered disabled state
[   44.785706][ T3826] ipvlan0: entered allmulticast mode
[   44.791099][ T3826] veth0_vlan: entered allmulticast mode
[   44.797452][ T3826] ipvlan0: left allmulticast mode
[   44.802522][ T3826] veth0_vlan: left allmulticast mode
[   44.809068][ T3826] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check.
[   44.829066][ T3681] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   44.837877][ T3681] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   44.846614][ T3681] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   44.855358][ T3681] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   44.910653][ T3707] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   44.936647][ T3707] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   44.953822][ T3837] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[   44.965742][ T3707] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   44.975481][ T3707] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   45.015756][ T3707] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.029527][ T3707] 8021q: adding VLAN 0 to HW filter on device team0
[   45.039480][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.046601][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.062115][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.069232][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.093830][ T3707] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   45.154650][ T3707] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.222970][ T3707] veth0_vlan: entered promiscuous mode
[   45.233280][ T3707] veth1_vlan: entered promiscuous mode
[   45.249460][ T3707] veth0_macvtap: entered promiscuous mode
[   45.257245][ T3707] veth1_macvtap: entered promiscuous mode
[   45.272115][ T3707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   45.282708][ T3707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.292626][ T3707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   45.303098][ T3707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.316548][ T3707] batman_adv: batadv0: Interface activated: batadv_slave_0
[   45.317937][ T3881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.326020][ T3707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   45.342835][ T3707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.352940][ T3707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   45.363534][ T3707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.373410][ T3707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   45.383869][ T3707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.394031][ T3881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   45.396153][ T3707] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.415375][ T3707] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.424179][ T3707] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.432967][ T3707] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.441745][ T3707] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   45.543523][ T3894] netlink: 4 bytes leftover after parsing attributes in process `syz.3.127'.
[   45.550922][    C1] ------------[ cut here ]------------
[   45.557812][    C1] refcount_t: underflow; use-after-free.
[   45.563642][    C1] WARNING: CPU: 1 PID: 23 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230
[   45.572927][    C1] Modules linked in:
[   45.576843][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   45.587155][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   45.597241][    C1] RIP: 0010:refcount_warn_saturate+0x1c6/0x230
[   45.603471][    C1] Code: 72 ff ff ff e8 1b 65 72 ff 48 c7 c7 a9 fd b2 86 e8 bf cb 8a ff c6 05 11 2a f5 04 01 90 48 c7 c7 b8 34 1b 86 e8 eb 23 54 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 ec 64 72 ff 48 c7 c7 a6 fd b2 86 e8
[   45.623121][    C1] RSP: 0018:ffffc900000cf9e8 EFLAGS: 00010246
[   45.629228][    C1] RAX: 84797908aa8c8100 RBX: ffff8881040bf7e4 RCX: ffff888100f92100
[   45.637265][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   45.645275][    C1] RBP: 0000000000000003 R08: ffffffff8111f8f7 R09: 0000000000000000
[   45.653294][    C1] R10: 0001ffffffffffff R11: ffff888100f92100 R12: 0000000000000001
[   45.661309][    C1] R13: ffff88811536cc00 R14: ffff8881040bf7e4 R15: 0000000000000000
[   45.669403][    C1] FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[   45.678381][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.685005][    C1] CR2: 0000001b2fb13ff8 CR3: 00000001159d0000 CR4: 00000000003506f0
[   45.693064][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.701082][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.709089][    C1] Call Trace:
[   45.712481][    C1]  <TASK>
[   45.715451][    C1]  ? __warn+0x141/0x350
[   45.719657][    C1]  ? report_bug+0x315/0x420
[   45.724206][    C1]  ? refcount_warn_saturate+0x1c6/0x230
[   45.729809][    C1]  ? handle_bug+0x60/0x90
[   45.734191][    C1]  ? exc_invalid_op+0x1a/0x50
[   45.738941][    C1]  ? asm_exc_invalid_op+0x1a/0x20
[   45.744017][    C1]  ? __warn_printk+0x167/0x1b0
[   45.748904][    C1]  ? refcount_warn_saturate+0x1c6/0x230
[   45.754549][    C1]  ? refcount_warn_saturate+0x1c5/0x230
[   45.760136][    C1]  sk_skb_reason_drop+0xe9/0x290
[   45.765133][    C1]  j1939_xtp_rx_cts+0x3c4/0x6c0
[   45.770028][    C1]  j1939_tp_recv+0x699/0xa80
[   45.774677][    C1]  j1939_can_recv+0x45f/0x550
[   45.779387][    C1]  ? __pfx_j1939_can_recv+0x10/0x10
[   45.784680][    C1]  can_rcv_filter+0x225/0x4c0
[   45.789394][    C1]  can_receive+0x182/0x1f0
[   45.793819][    C1]  ? __pfx_ip_rcv+0x10/0x10
[   45.798375][    C1]  can_rcv+0xe7/0x180
[   45.802397][    C1]  ? __pfx_can_rcv+0x10/0x10
[   45.807075][    C1]  __netif_receive_skb+0x123/0x280
[   45.812226][    C1]  process_backlog+0x22e/0x440
[   45.817076][    C1]  __napi_poll+0x63/0x3c0
[   45.821458][    C1]  ? net_rx_action+0x376/0x7f0
[   45.826266][    C1]  net_rx_action+0x3a1/0x7f0
[   45.830895][    C1]  handle_softirqs+0xbf/0x280
[   45.836064][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[   45.841252][    C1]  run_ksoftirqd+0x1c/0x30
[   45.845706][    C1]  smpboot_thread_fn+0x31c/0x4c0
[   45.850678][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   45.856376][    C1]  kthread+0x1d1/0x210
[   45.860500][    C1]  ? __pfx_kthread+0x10/0x10
[   45.865140][    C1]  ret_from_fork+0x4b/0x60
[   45.869599][    C1]  ? __pfx_kthread+0x10/0x10
[   45.874191][    C1]  ret_from_fork_asm+0x1a/0x30
[   45.879004][    C1]  </TASK>
[   45.882032][    C1] ---[ end trace 0000000000000000 ]---
[   46.596416][ T3902] loop0: detected capacity change from 0 to 1024
[   46.603398][ T3902] EXT4-fs: Ignoring removed bh option
[   46.745053][ T3902] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.037895][ T3911] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[   47.049792][   T29] kauditd_printk_skb: 1087 callbacks suppressed
[   47.049808][   T29] audit: type=1400 audit(1726844656.379:2661): avc:  denied  { ioctl } for  pid=3910 comm="syz.1.132" path="socket:[6022]" dev="sockfs" ino=6022 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   47.130708][ T3916] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[   47.137295][ T3916] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   47.144744][ T3916] vhci_hcd vhci_hcd.0: Device attached
[   47.152600][ T3917] vhci_hcd: connection closed
[   47.152962][ T2382] vhci_hcd: stop threads
[   47.162046][ T2382] vhci_hcd: release socket
[   47.166532][ T2382] vhci_hcd: disconnect device
[   47.266627][ T3267] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.288057][   T29] audit: type=1326 audit(1726844656.619:2662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.311807][ T3920] loop0: detected capacity change from 0 to 164
[   47.313018][   T29] audit: type=1326 audit(1726844656.619:2663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.321229][ T3920] Unable to read rock-ridge attributes
[   47.341492][   T29] audit: type=1326 audit(1726844656.619:2664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.362859][ T3920] Unable to read rock-ridge attributes
[   47.370359][   T29] audit: type=1326 audit(1726844656.619:2665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.382484][ T3920] iso9660: Corrupted directory entry in block 4 of inode 1792
[   47.399206][   T29] audit: type=1326 audit(1726844656.619:2666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.430024][   T29] audit: type=1326 audit(1726844656.619:2667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.453475][   T29] audit: type=1326 audit(1726844656.619:2668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.476920][   T29] audit: type=1326 audit(1726844656.619:2669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.500415][   T29] audit: type=1326 audit(1726844656.619:2670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3919 comm="syz.0.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   47.556619][ T3924] loop0: detected capacity change from 0 to 128
[   47.623243][ T3931] loop0: detected capacity change from 0 to 512
[   47.629946][ T3931] EXT4-fs: Ignoring removed bh option
[   47.635913][ T3931] EXT4-fs: Ignoring removed orlov option
[   47.642332][ T3931] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   47.666454][ T3931] EXT4-fs (loop0): orphan cleanup on readonly fs
[   47.673574][ T3931] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.139: bg 0: block 248: padding at end of block bitmap is not set
[   47.688305][ T3931] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.139: Failed to acquire dquot type 1
[   47.700799][ T3931] EXT4-fs (loop0): 1 truncate cleaned up
[   47.707307][ T3931] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   47.950717][ T3938] ext4: Unknown parameter 'xœìÝßk[U'
[   48.455615][ T3931] syz.0.139 (3931) used greatest stack depth: 9408 bytes left
[   48.465435][ T3267] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.523426][ T3945] netlink: 24 bytes leftover after parsing attributes in process `syz.1.144'.
[   48.524893][ T3946] netlink: 44 bytes leftover after parsing attributes in process `syz.0.143'.
[   48.567449][ T3950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.146'.
[   48.579713][ T3952] netlink: 16 bytes leftover after parsing attributes in process `syz.1.147'.
[   48.582587][ T3950] loop0: detected capacity change from 0 to 512
[   48.598259][ T3950] EXT4-fs: Ignoring removed mblk_io_submit option
[   48.614393][ T3950] EXT4-fs: test_dummy_encryption option not supported
[   48.616700][ T3954] loop1: detected capacity change from 0 to 1024
[   48.677103][ T3961] netlink: 'syz.1.151': attribute type 21 has an invalid length.
[   48.685291][ T3961] netlink: 132 bytes leftover after parsing attributes in process `syz.1.151'.
[   48.702177][ T3961] loop1: detected capacity change from 0 to 2048
[   48.716507][ T3961] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.759782][ T3965] FAULT_INJECTION: forcing a failure.
[   48.759782][ T3965] name failslab, interval 1, probability 0, space 0, times 0
[   48.772506][ T3965] CPU: 0 UID: 0 PID: 3965 Comm: syz.0.150 Tainted: G        W          6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   48.784260][ T3965] Tainted: [W]=WARN
[   48.788079][ T3965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   48.798189][ T3965] Call Trace:
[   48.801475][ T3965]  <TASK>
[   48.804500][ T3965]  dump_stack_lvl+0xf2/0x150
[   48.809129][ T3965]  dump_stack+0x15/0x20
[   48.813313][ T3965]  should_fail_ex+0x229/0x230
[   48.818115][ T3965]  ? __alloc_skb+0x10b/0x310
[   48.822728][ T3965]  should_failslab+0x8f/0xb0
[   48.827354][ T3965]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[   48.833255][ T3965]  __alloc_skb+0x10b/0x310
[   48.837737][ T3965]  audit_log_start+0x368/0x6b0
[   48.842521][ T3965]  audit_seccomp+0x4b/0x130
[   48.847134][ T3965]  __seccomp_filter+0x6fa/0x1180
[   48.852103][ T3965]  ? proc_fail_nth_write+0x12a/0x150
[   48.857423][ T3965]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   48.863096][ T3965]  ? vfs_write+0x580/0x910
[   48.867572][ T3965]  ? kmem_cache_free+0xdd/0x2d0
[   48.872449][ T3965]  __secure_computing+0x9f/0x1c0
[   48.877424][ T3965]  syscall_trace_enter+0xd1/0x1f0
[   48.882538][ T3965]  do_syscall_64+0xaa/0x1c0
[   48.887059][ T3965]  ? clear_bhb_loop+0x55/0xb0
[   48.891768][ T3965]  ? clear_bhb_loop+0x55/0xb0
[   48.896598][ T3965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.902523][ T3965] RIP: 0033:0x7fbefcdcdef9
[   48.906952][ T3965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.926667][ T3965] RSP: 002b:00007fbefba26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[   48.933335][ T3967] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, 
[   48.935089][ T3965] RAX: ffffffffffffffda RBX: 00007fbefcf86058 RCX: 00007fbefcdcdef9
[   48.935109][ T3965] RDX: 0000000020000300 RSI: 00000000200002c0 RDI: ffffffffffffff9c
[   48.935126][ T3965] RBP: 00007fbefba26090 R08: 0000000000000000 R09: 0000000000000000
[   48.943359][ T3967] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   48.951304][ T3965] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[   48.951323][ T3965] R13: 0000000000000000 R14: 00007fbefcf86058 R15: 00007ffd1c1b2448
[   48.962146][ T3967] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   48.967251][ T3965]  </TASK>
[   49.007681][ T3967] EXT4-fs (loop1): This should not happen!! Data will be lost
[   49.007681][ T3967] 
[   49.017344][ T3967] EXT4-fs (loop1): Total free blocks count 0
[   49.023500][ T3967] EXT4-fs (loop1): Free/Dirty block details
[   49.029447][ T3967] EXT4-fs (loop1): free_blocks=2415919104
[   49.035200][ T3967] EXT4-fs (loop1): dirty_blocks=8192
[   49.040545][ T3967] EXT4-fs (loop1): Block reservation details
[   49.046562][ T3967] EXT4-fs (loop1): i_reserved_data_blocks=512
[   49.063822][ T3967] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   49.163283][ T3970] loop1: detected capacity change from 0 to 512
[   49.169827][ T3970] EXT4-fs: Ignoring removed bh option
[   49.175704][ T3970] EXT4-fs: Ignoring removed orlov option
[   49.181940][ T3970] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   49.191140][ T3970] EXT4-fs (loop1): orphan cleanup on readonly fs
[   49.198313][ T3970] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.152: bg 0: block 248: padding at end of block bitmap is not set
[   49.212807][ T3970] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.152: Failed to acquire dquot type 1
[   49.225009][ T3970] EXT4-fs (loop1): 1 truncate cleaned up
[   49.231326][ T3970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   49.582650][ T3980] netlink: 24 bytes leftover after parsing attributes in process `syz.0.155'.
[   49.620955][ T3982] loop0: detected capacity change from 0 to 1764
[   49.640557][ T3982] ISOFS: Unable to identify CD-ROM format.
[   49.789965][    C0] hrtimer: interrupt took 34925 ns
[   49.868240][ T3991] raw_sendmsg: syz.0.160 forgot to set AF_INET. Fix it!
[   49.897913][ T3996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.161'.
[   49.910548][ T3996] loop0: detected capacity change from 0 to 512
[   49.922591][ T3996] EXT4-fs: Ignoring removed mblk_io_submit option
[   49.929329][ T3996] EXT4-fs: test_dummy_encryption option not supported
[   49.981761][ T3998] netlink: 'syz.0.162': attribute type 21 has an invalid length.
[   49.989645][ T3998] netlink: 132 bytes leftover after parsing attributes in process `syz.0.162'.
[   50.004590][ T3681] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.009545][ T3998] loop0: detected capacity change from 0 to 2048
[   50.045400][ T3998] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.076784][   T80] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0
[   50.087383][ T4007] netlink: 68 bytes leftover after parsing attributes in process `syz.1.165'.
[   50.248402][ T4010] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   50.265901][ T4010] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   50.270589][ T4013] loop1: detected capacity change from 0 to 256
[   50.278500][ T4010] EXT4-fs (loop0): This should not happen!! Data will be lost
[   50.278500][ T4010] 
[   50.278520][ T4010] EXT4-fs (loop0): Total free blocks count 0
[   50.278535][ T4010] EXT4-fs (loop0): Free/Dirty block details
[   50.278549][ T4010] EXT4-fs (loop0): free_blocks=2415919104
[   50.278563][ T4010] EXT4-fs (loop0): dirty_blocks=8192
[   50.278577][ T4010] EXT4-fs (loop0): Block reservation details
[   50.278591][ T4010] EXT4-fs (loop0): i_reserved_data_blocks=512
[   50.291100][ T4010] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   50.323453][ T4013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.166'.
[   50.441498][ T4021] loop1: detected capacity change from 0 to 512
[   50.448947][ T4021] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   50.462107][ T4021] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   50.473380][ T4021] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   50.486589][ T4021] EXT4-fs (loop1): 1 truncate cleaned up
[   50.492592][ T4021] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.533005][ T3681] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.991553][ T4032] loop0: detected capacity change from 0 to 512
[   50.999229][ T4032] EXT4-fs: Ignoring removed mblk_io_submit option
[   51.006074][ T4032] EXT4-fs: test_dummy_encryption option not supported
[   51.105041][ T4042] netlink: 'syz.0.178': attribute type 21 has an invalid length.
[   51.122253][ T4042] loop0: detected capacity change from 0 to 2048
[   51.147778][ T4042] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.318092][ T4045] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   51.348405][   T57] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   51.361026][   T57] EXT4-fs (loop0): This should not happen!! Data will be lost
[   51.361026][   T57] 
[   51.370754][   T57] EXT4-fs (loop0): Total free blocks count 0
[   51.376917][   T57] EXT4-fs (loop0): Free/Dirty block details
[   51.382805][   T57] EXT4-fs (loop0): free_blocks=2415919104
[   51.388646][   T57] EXT4-fs (loop0): dirty_blocks=8192
[   51.393958][   T57] EXT4-fs (loop0): Block reservation details
[   51.399982][   T57] EXT4-fs (loop0): i_reserved_data_blocks=512
[   51.419262][   T57] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   51.559546][ T3341] kernel write not supported for file /174/attr/keycreate (pid: 3341 comm: kworker/1:3)
[   51.570106][ T4054] syz.0.179[4054] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.570162][ T4054] syz.0.179[4054] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.585576][ T4054] loop0: detected capacity change from 0 to 764
[   51.649137][ T4058] loop0: detected capacity change from 0 to 128
[   51.772460][ T4069] loop0: detected capacity change from 0 to 164
[   51.786672][ T4069] Unable to read rock-ridge attributes
[   51.794078][ T4069] Unable to read rock-ridge attributes
[   51.800611][ T4069] iso9660: Corrupted directory entry in block 4 of inode 1792
[   51.867719][ T4060] chnl_net:caif_netlink_parms(): no params data found
[   51.870593][ T4078] loop0: detected capacity change from 0 to 164
[   51.882672][ T4078] Unable to read rock-ridge attributes
[   51.891477][ T4078] Unable to read rock-ridge attributes
[   51.897389][ T4078] iso9660: Corrupted directory entry in block 4 of inode 1792
[   51.908254][ T2382] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.950370][ T4060] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.957628][ T4060] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.967100][ T4060] bridge_slave_0: entered allmulticast mode
[   51.974147][ T4060] bridge_slave_0: entered promiscuous mode
[   51.982614][ T2382] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.993825][ T4060] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.001167][ T4060] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.008682][ T4060] bridge_slave_1: entered allmulticast mode
[   52.015237][ T4060] bridge_slave_1: entered promiscuous mode
[   52.034284][ T4060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.045270][ T4060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.059415][   T29] kauditd_printk_skb: 374 callbacks suppressed
[   52.059432][   T29] audit: type=1326 audit(1726844661.389:3037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee2a534ea7 code=0x7ffc0000
[   52.089638][   T29] audit: type=1326 audit(1726844661.389:3038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee2a4d9879 code=0x7ffc0000
[   52.113153][   T29] audit: type=1326 audit(1726844661.389:3039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fee2a53def9 code=0x7ffc0000
[   52.136539][   T29] audit: type=1326 audit(1726844661.419:3040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee2a534ea7 code=0x7ffc0000
[   52.159869][   T29] audit: type=1326 audit(1726844661.419:3041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee2a4d9879 code=0x7ffc0000
[   52.183128][   T29] audit: type=1326 audit(1726844661.419:3042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fee2a53def9 code=0x7ffc0000
[   52.209620][   T29] audit: type=1400 audit(1726844661.429:3043): avc:  denied  { unmount } for  pid=3267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   52.230478][   T29] audit: type=1326 audit(1726844661.439:3044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee2a534ea7 code=0x7ffc0000
[   52.253724][   T29] audit: type=1326 audit(1726844661.439:3045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee2a4d9879 code=0x7ffc0000
[   52.277011][   T29] audit: type=1326 audit(1726844661.439:3046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4051 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fee2a53def9 code=0x7ffc0000
[   52.302019][ T2382] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.328367][ T4060] team0: Port device team_slave_0 added
[   52.339339][ T4060] team0: Port device team_slave_1 added
[   52.360630][ T4100] IPv6: Can't replace route, no match found
[   52.366928][ T4060] batman_adv: batadv0: Adding interface: batadv_slave_0
[   52.373901][ T4060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.399981][ T4060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   52.412163][ T2382] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.422851][ T4100] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   52.430334][ T4100] batman_adv: batadv0: Removing interface: batadv_slave_0
[   52.438278][ T4100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   52.445815][ T4100] batman_adv: batadv0: Removing interface: batadv_slave_1
[   52.458487][ T4060] batman_adv: batadv0: Adding interface: batadv_slave_1
[   52.465458][ T4060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.491365][ T4060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   52.519716][ T4060] hsr_slave_0: entered promiscuous mode
[   52.526300][ T4060] hsr_slave_1: entered promiscuous mode
[   52.532369][ T4060] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   52.540777][ T4060] Cannot create hsr debugfs directory
[   52.593435][ T4105] loop1: detected capacity change from 0 to 164
[   52.600001][ T2382] bridge_slave_1: left allmulticast mode
[   52.605779][ T2382] bridge_slave_1: left promiscuous mode
[   52.611480][ T2382] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.620614][ T4105] Unable to read rock-ridge attributes
[   52.624208][ T2382] bridge_slave_0: left allmulticast mode
[   52.628910][ T4105] Unable to read rock-ridge attributes
[   52.631917][ T2382] bridge_slave_0: left promiscuous mode
[   52.639845][ T4105] iso9660: Corrupted directory entry in block 4 of inode 1792
[   52.643042][ T2382] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.701915][ T4109] loop1: detected capacity change from 0 to 128
[   52.767439][ T2382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   52.778096][ T2382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   52.788503][ T2382] bond0 (unregistering): Released all slaves
[   52.797488][ T2382] bond1 (unregistering): Released all slaves
[   52.844549][ T2382] hsr_slave_0: left promiscuous mode
[   52.850306][ T2382] hsr_slave_1: left promiscuous mode
[   52.856204][ T2382] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   52.863649][ T2382] batman_adv: batadv0: Removing interface: batadv_slave_0
[   52.871544][ T2382] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   52.878976][ T2382] batman_adv: batadv0: Removing interface: batadv_slave_1
[   52.888458][ T2382] veth1_macvtap: left promiscuous mode
[   52.893991][ T2382] veth0_macvtap: left promiscuous mode
[   52.899674][ T2382] veth1_vlan: left promiscuous mode
[   52.905000][ T2382] veth0_vlan: left promiscuous mode
[   52.999579][ T2382] team0 (unregistering): Port device team_slave_1 removed
[   53.010126][ T2382] team0 (unregistering): Port device team_slave_0 removed
[   53.333405][ T4060] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   53.343212][ T4060] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   53.352523][ T4060] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   53.361454][ T4060] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   53.404623][ T4060] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.420411][ T4060] 8021q: adding VLAN 0 to HW filter on device team0
[   53.430870][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.438018][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.450262][ T2382] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.457400][ T2382] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.561694][ T4060] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.755794][ T4060] veth0_vlan: entered promiscuous mode
[   53.766355][ T4060] veth1_vlan: entered promiscuous mode
[   53.786985][ T4060] veth0_macvtap: entered promiscuous mode
[   53.795791][ T4060] veth1_macvtap: entered promiscuous mode
[   53.817689][ T4060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   53.828364][ T4060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   53.839235][ T4060] batman_adv: batadv0: Interface activated: batadv_slave_0
[   53.858669][ T4060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   53.869211][ T4060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   53.879234][ T4060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   53.889788][ T4060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   53.900439][ T4060] batman_adv: batadv0: Interface activated: batadv_slave_1
[   53.915666][ T4060] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   53.924426][ T4060] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   53.933132][ T4060] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   53.941892][ T4060] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   53.967792][   T57] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.007814][ T4198] chnl_net:caif_netlink_parms(): no params data found
[   54.020113][   T57] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.079836][ T4223] __nla_validate_parse: 3 callbacks suppressed
[   54.079852][ T4223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.205'.
[   54.097018][   T57] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.110587][ T4223] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.127669][ T4198] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.134882][ T4198] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.142143][ T4198] bridge_slave_0: entered allmulticast mode
[   54.148610][ T4198] bridge_slave_0: entered promiscuous mode
[   54.157502][   T57] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.168121][ T4198] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.175481][ T4198] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.183064][ T4198] bridge_slave_1: entered allmulticast mode
[   54.189688][ T4198] bridge_slave_1: entered promiscuous mode
[   54.210387][ T4223] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.223343][ T4198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.234713][ T4198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.256822][ T4198] team0: Port device team_slave_0 added
[   54.266667][ T4223] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.279550][ T4198] team0: Port device team_slave_1 added
[   54.308506][ T4198] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.315520][ T4198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.341578][ T4198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.355072][ T4223] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.372829][ T4198] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.379857][ T4198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.405941][ T4198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.428944][   T57] bridge_slave_1: left allmulticast mode
[   54.434694][   T57] bridge_slave_1: left promiscuous mode
[   54.440424][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.448684][   T57] bridge_slave_0: left allmulticast mode
[   54.454404][   T57] bridge_slave_0: left promiscuous mode
[   54.460064][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.548518][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   54.559093][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   54.569413][   T57] bond0 (unregistering): Released all slaves
[   54.589917][ T4198] hsr_slave_0: entered promiscuous mode
[   54.596855][ T4198] hsr_slave_1: entered promiscuous mode
[   54.603017][ T4198] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.612308][ T4198] Cannot create hsr debugfs directory
[   54.633684][   T57] hsr_slave_0: left promiscuous mode
[   54.647799][   T57] hsr_slave_1: left promiscuous mode
[   54.658787][   T57] veth1_macvtap: left promiscuous mode
[   54.664528][   T57] veth0_macvtap: left promiscuous mode
[   54.670226][   T57] veth1_vlan: left promiscuous mode
[   54.675515][   T57] veth0_vlan: left promiscuous mode
[   54.717233][ T4242] loop0: detected capacity change from 0 to 164
[   54.749966][ T4242] Unable to read rock-ridge attributes
[   54.757145][ T4242] Unable to read rock-ridge attributes
[   54.762819][ T4242] iso9660: Corrupted directory entry in block 4 of inode 1792
[   54.842000][   T57] team0 (unregistering): Port device team_slave_1 removed
[   54.860992][   T57] team0 (unregistering): Port device team_slave_0 removed
[   55.055690][ T4260] loop0: detected capacity change from 0 to 512
[   55.058883][ T4265] loop1: detected capacity change from 0 to 512
[   55.083279][ T4260] EXT4-fs: Ignoring removed mblk_io_submit option
[   55.137472][ T4260] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.214: corrupted in-inode xattr: invalid ea_ino
[   55.162056][ T4265] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.178843][ T4265] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.194242][ T4265] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.215: Failed to acquire dquot type 0
[   55.206511][ T4260] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.214: couldn't read orphan inode 15 (err -117)
[   55.243636][ T4260] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.276082][ T4259] EXT4-fs error (device loop0): ext4_find_dest_de:2067: inode #2: block 13: comm syz.0.214: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[   55.279256][ T4265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.334175][ T3267] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.390604][ T4288] loop0: detected capacity change from 0 to 164
[   55.409668][ T4288] Unable to read rock-ridge attributes
[   55.418515][ T4288] Unable to read rock-ridge attributes
[   55.424783][ T4288] iso9660: Corrupted directory entry in block 4 of inode 1792
[   55.511030][ T4198] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.519234][ T4303] FAULT_INJECTION: forcing a failure.
[   55.519234][ T4303] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   55.533904][ T4303] CPU: 1 UID: 0 PID: 4303 Comm: syz.1.222 Tainted: G        W          6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   55.545705][ T4303] Tainted: [W]=WARN
[   55.549521][ T4303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   55.559688][ T4303] Call Trace:
[   55.562978][ T4303]  <TASK>
[   55.565935][ T4303]  dump_stack_lvl+0xf2/0x150
[   55.570619][ T4303]  dump_stack+0x15/0x20
[   55.574805][ T4303]  should_fail_ex+0x229/0x230
[   55.579569][ T4303]  should_fail+0xb/0x10
[   55.583821][ T4303]  should_fail_usercopy+0x1a/0x20
[   55.588931][ T4303]  _copy_from_user+0x1e/0xd0
[   55.593547][ T4303]  kstrtouint_from_user+0x76/0xe0
[   55.598618][ T4303]  ? 0xffffffff81000000
[   55.602822][ T4303]  proc_fail_nth_write+0x4f/0x150
[   55.607873][ T4303]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   55.613527][ T4303]  vfs_write+0x26c/0x910
[   55.617929][ T4303]  ? ktime_get+0x1e5/0x210
[   55.622375][ T4303]  ? __fget_files+0x1d4/0x210
[   55.627137][ T4303]  ksys_write+0xeb/0x1b0
[   55.631391][ T4303]  __x64_sys_write+0x42/0x50
[   55.636004][ T4303]  x64_sys_call+0x27dd/0x2d60
[   55.640699][ T4303]  do_syscall_64+0xc9/0x1c0
[   55.645213][ T4303]  ? clear_bhb_loop+0x55/0xb0
[   55.649981][ T4303]  ? clear_bhb_loop+0x55/0xb0
[   55.654676][ T4303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.660746][ T4303] RIP: 0033:0x7fee2a53c9df
[   55.665167][ T4303] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   55.684829][ T4303] RSP: 002b:00007fee291b1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   55.693258][ T4303] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fee2a53c9df
[   55.701288][ T4303] RDX: 0000000000000001 RSI: 00007fee291b10a0 RDI: 0000000000000006
[   55.709395][ T4303] RBP: 00007fee291b1090 R08: 0000000000000000 R09: 0000000000000000
[   55.717376][ T4303] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   55.725405][ T4303] R13: 0000000000000000 R14: 00007fee2a6f5f80 R15: 00007ffe6abefab8
[   55.733389][ T4303]  </TASK>
[   55.777844][ T4320] netlink: 'syz.0.226': attribute type 21 has an invalid length.
[   55.785833][ T4320] netlink: 132 bytes leftover after parsing attributes in process `syz.0.226'.
[   55.815237][ T4198] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.836335][ T4320] loop0: detected capacity change from 0 to 2048
[   55.849918][ T4198] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.867705][ T4320] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.889102][ T4198] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.996845][ T4198] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.024234][ T4198] 8021q: adding VLAN 0 to HW filter on device team0
[   56.038733][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.045840][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.066384][ T4353] loop1: detected capacity change from 0 to 164
[   56.074949][ T4353] Unable to read rock-ridge attributes
[   56.081662][ T4353] Unable to read rock-ridge attributes
[   56.101459][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.105090][ T4353] iso9660: Corrupted directory entry in block 4 of inode 1792
[   56.108564][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.171044][ T4223] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.198830][ T4223] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.230869][ T4198] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   56.241365][ T4198] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.280391][ T4223] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.296550][ T4223] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.307950][ T4381] loop1: detected capacity change from 0 to 512
[   56.405766][ T4381] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.425538][ T4198] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.433716][ T4381] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   56.434626][ T4350] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   56.466503][ T4323] chnl_net:caif_netlink_parms(): no params data found
[   56.510990][   T36] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   56.523569][   T36] EXT4-fs (loop0): This should not happen!! Data will be lost
[   56.523569][   T36] 
[   56.533278][   T36] EXT4-fs (loop0): Total free blocks count 0
[   56.538227][ T4381] EXT4-fs error (device loop1): ext4_do_update_inode:5151: inode #19: comm syz.1.233: corrupted inode contents
[   56.539321][   T36] EXT4-fs (loop0): Free/Dirty block details
[   56.539336][   T36] EXT4-fs (loop0): free_blocks=2415919104
[   56.539350][   T36] EXT4-fs (loop0): dirty_blocks=8192
[   56.539362][   T36] EXT4-fs (loop0): Block reservation details
[   56.552460][ T4381] EXT4-fs error (device loop1): ext4_dirty_inode:6011: inode #19: comm syz.1.233: mark_inode_dirty error
[   56.556988][   T36] EXT4-fs (loop0): i_reserved_data_blocks=512
[   56.563389][ T4381] EXT4-fs error (device loop1): ext4_do_update_inode:5151: inode #19: comm syz.1.233: corrupted inode contents
[   56.583422][   T36] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   56.596251][ T4381] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3007: inode #19: comm syz.1.233: mark_inode_dirty error
[   56.629496][ T4381] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3010: inode #19: comm syz.1.233: mark inode dirty (error -117)
[   56.642996][ T4381] EXT4-fs warning (device loop1): ext4_evict_inode:271: xattr delete (err -117)
[   56.654662][ T4323] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.661744][ T4323] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.682298][ T4323] bridge_slave_0: entered allmulticast mode
[   56.689325][ T4323] bridge_slave_0: entered promiscuous mode
[   56.698272][ T4323] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.705503][ T4323] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.712664][ T4323] bridge_slave_1: entered allmulticast mode
[   56.721824][ T4323] bridge_slave_1: entered promiscuous mode
[   56.733880][ T3681] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.739920][ T4198] veth0_vlan: entered promiscuous mode
[   56.779860][ T4323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.792706][ T4198] veth1_vlan: entered promiscuous mode
[   56.800996][ T4323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.831315][ T4323] team0: Port device team_slave_0 added
[   56.838343][ T4323] team0: Port device team_slave_1 added
[   56.859190][ T4323] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.866291][ T4323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.892278][ T4323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.911924][ T4323] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.919058][ T4323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.945045][ T4323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.968919][ T4198] veth0_macvtap: entered promiscuous mode
[   56.995599][ T4198] veth1_macvtap: entered promiscuous mode
[   57.014855][ T4198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.025486][ T4198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.035408][ T4198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.045864][ T4198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.056891][ T4198] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.067275][ T4323] hsr_slave_0: entered promiscuous mode
[   57.073617][ T4323] hsr_slave_1: entered promiscuous mode
[   57.079748][ T4323] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.087645][ T4323] Cannot create hsr debugfs directory
[   57.098181][ T4198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.108781][ T4198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.118614][ T4198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.129078][ T4198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.138965][ T4198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.149399][ T4198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.161005][ T4198] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.176461][   T29] kauditd_printk_skb: 764 callbacks suppressed
[   57.176485][   T29] audit: type=1400 audit(1726844666.509:3809): avc:  denied  { ioctl } for  pid=4424 comm="syz.0.241" path="socket:[9266]" dev="sockfs" ino=9266 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   57.177995][ T4198] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.216991][ T4198] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.226021][ T4198] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.234765][ T4198] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.245766][ T4428] 9pnet_fd: Insufficient options for proto=fd
[   57.251056][ T4425] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   57.260971][   T29] audit: type=1326 audit(1726844666.589:3810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   57.273395][ T4425] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   57.287933][   T29] audit: type=1326 audit(1726844666.619:3811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   57.315245][   T29] audit: type=1326 audit(1726844666.619:3812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   57.339220][   T29] audit: type=1326 audit(1726844666.619:3813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   57.362687][   T29] audit: type=1326 audit(1726844666.619:3814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   57.386170][   T29] audit: type=1326 audit(1726844666.619:3815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefcdcdef9 code=0x7ffc0000
[   57.442473][ T4433] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[   57.449117][ T4433] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   57.456825][ T4433] vhci_hcd vhci_hcd.0: Device attached
[   57.471575][ T4434] vhci_hcd: connection closed
[   57.471861][   T36] vhci_hcd: stop threads
[   57.480931][   T36] vhci_hcd: release socket
[   57.485426][   T36] vhci_hcd: disconnect device
[   57.505709][ T4438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.513480][   T29] audit: type=1400 audit(1726844666.839:3816): avc:  denied  { read write } for  pid=4437 comm="syz.2.202" name="raw-gadget" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.537709][   T29] audit: type=1400 audit(1726844666.839:3817): avc:  denied  { open } for  pid=4437 comm="syz.2.202" path="/dev/raw-gadget" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.561256][   T29] audit: type=1400 audit(1726844666.839:3818): avc:  denied  { ioctl } for  pid=4437 comm="syz.2.202" path="/dev/raw-gadget" dev="devtmpfs" ino=118 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.586591][ T4438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.595946][ T4323] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.668408][ T4323] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.708234][ T4323] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.758568][ T4323] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.841138][ T4323] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   57.850892][ T4323] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   57.866312][ T4323] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   57.877624][ T4323] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   57.906047][ T4442] loop0: detected capacity change from 0 to 512
[   57.928199][ T4323] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.937468][ T4442] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.941916][ T4323] 8021q: adding VLAN 0 to HW filter on device team0
[   57.954724][ T4442] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.969854][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.976974][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.977673][ T4442] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.245: Failed to acquire dquot type 0
[   57.987215][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.002435][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.011718][ T4442] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.028684][ T4323] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   58.039101][ T4323] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   58.080152][ T4448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.247'.
[   58.109564][ T4448] loop1: detected capacity change from 0 to 512
[   58.117209][ T4323] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.135671][ T4448] EXT4-fs: Ignoring removed mblk_io_submit option
[   58.142242][ T4448] EXT4-fs: test_dummy_encryption option not supported
[   58.188682][ T4463] loop2: detected capacity change from 0 to 4096
[   58.292442][ T4323] veth0_vlan: entered promiscuous mode
[   58.303690][ T4469] loop0: detected capacity change from 0 to 512
[   58.310826][ T4467] netlink: 24 bytes leftover after parsing attributes in process `syz.1.252'.
[   58.322105][ T4463] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   58.336607][ T4469] EXT4-fs: Ignoring removed mblk_io_submit option
[   58.352658][ T4323] veth1_vlan: entered promiscuous mode
[   58.396055][ T4323] veth0_macvtap: entered promiscuous mode
[   58.402795][ T4469] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.250: corrupted in-inode xattr: invalid ea_ino
[   58.417335][ T4469] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.250: couldn't read orphan inode 15 (err -117)
[   58.419836][ T4323] veth1_macvtap: entered promiscuous mode
[   58.430092][ T4469] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   58.447481][ T4463] FAULT_INJECTION: forcing a failure.
[   58.447481][ T4463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.460746][ T4463] CPU: 0 UID: 0 PID: 4463 Comm: syz.2.251 Tainted: G        W          6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   58.472495][ T4463] Tainted: [W]=WARN
[   58.476318][ T4463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   58.477962][ T4469] EXT4-fs error (device loop0): ext4_find_dest_de:2067: inode #2: block 13: comm syz.0.250: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[   58.486390][ T4463] Call Trace:
[   58.486401][ T4463]  <TASK>
[   58.486410][ T4463]  dump_stack_lvl+0xf2/0x150
[   58.509622][ T4475] siw: device registration error -23
[   58.512001][ T4463]  dump_stack+0x15/0x20
[   58.526255][ T4463]  should_fail_ex+0x229/0x230
[   58.530962][ T4463]  should_fail+0xb/0x10
[   58.531176][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.535131][ T4463]  should_fail_usercopy+0x1a/0x20
[   58.535163][ T4463]  _copy_to_user+0x1e/0xa0
[   58.535195][ T4463]  simple_read_from_buffer+0xa0/0x110
[   58.545629][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.550619][ T4463]  proc_fail_nth_read+0xf9/0x140
[   58.555064][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.560395][ T4463]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   58.570217][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.575129][ T4463]  vfs_read+0x195/0x720
[   58.575158][ T4463]  ? __rcu_read_unlock+0x4e/0x70
[   58.575244][ T4463]  ? __fget_files+0x1d4/0x210
[   58.585697][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.591210][ T4463]  ksys_read+0xeb/0x1b0
[   58.601087][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.605218][ T4463]  __x64_sys_read+0x42/0x50
[   58.643976][ T4463]  x64_sys_call+0x27d3/0x2d60
[   58.648702][ T4463]  do_syscall_64+0xc9/0x1c0
[   58.649277][ T4477] loop1: detected capacity change from 0 to 512
[   58.653223][ T4463]  ? clear_bhb_loop+0x55/0xb0
[   58.664166][ T4463]  ? clear_bhb_loop+0x55/0xb0
[   58.668917][ T4463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.674853][ T4463] RIP: 0033:0x7f38aae9c93c
[   58.679345][ T4463] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   58.687687][ T4477] EXT4-fs: Ignoring removed nobh option
[   58.698960][ T4463] RSP: 002b:00007f38a9b11030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   58.698989][ T4463] RAX: ffffffffffffffda RBX: 00007f38ab055f80 RCX: 00007f38aae9c93c
[   58.699053][ T4463] RDX: 000000000000000f RSI: 00007f38a9b110a0 RDI: 0000000000000008
[   58.699066][ T4463] RBP: 00007f38a9b11090 R08: 0000000000000000 R09: 0000000000000000
[   58.699081][ T4463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.704671][ T4477] EXT4-fs: Ignoring removed nobh option
[   58.713079][ T4463] R13: 0000000000000000 R14: 00007f38ab055f80 R15: 00007fff4743f468
[   58.758812][ T4463]  </TASK>
[   58.763496][ T4323] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.808371][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.818948][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.828897][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.839369][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.846039][ T4198] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.849255][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.858909][ T4477] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   58.868768][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.879252][ T4477] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.255: invalid indirect mapped block 2683928664 (level 1)
[   58.886854][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.886874][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.903454][ T4477] EXT4-fs (loop1): 1 truncate cleaned up
[   58.912057][ T4323] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.927631][ T4477] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   58.935584][ T4323] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.955853][ T4323] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.964634][ T4323] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.973463][ T4323] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.003514][ T3267] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.039201][ T3681] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.108147][ T4485] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[   59.111411][ T4494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'.
[   59.114685][ T4485] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   59.114822][ T4485] vhci_hcd vhci_hcd.0: Device attached
[   59.127552][ T4494] loop0: detected capacity change from 0 to 512
[   59.153452][ T4490] vhci_hcd: connection closed
[   59.157819][ T4494] EXT4-fs: Ignoring removed mblk_io_submit option
[   59.159150][   T11] vhci_hcd: stop threads
[   59.166265][ T4494] EXT4-fs: test_dummy_encryption option not supported
[   59.168989][   T11] vhci_hcd: release socket
[   59.184554][   T11] vhci_hcd: disconnect device
[   59.223456][ T4504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.265'.
[   59.236301][ T4502] IPv6: Can't replace route, no match found
[   59.245289][ T4502] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   59.253771][ T4502] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   59.261626][ T4502] batman_adv: batadv0: Removing interface: batadv_slave_0
[   59.269887][ T4502] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   59.277465][ T4502] batman_adv: batadv0: Removing interface: batadv_slave_1
[   59.385559][ T4510] loop1: detected capacity change from 0 to 512
[   59.397143][ T4510] EXT4-fs: Ignoring removed mblk_io_submit option
[   59.420199][ T4510] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.267: corrupted in-inode xattr: invalid ea_ino
[   59.435581][ T4510] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.267: couldn't read orphan inode 15 (err -117)
[   59.448503][ T4510] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.469155][ T4510] EXT4-fs error (device loop1): ext4_find_dest_de:2067: inode #2: block 13: comm syz.1.267: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[   59.596014][ T3681] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.631633][ T4515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.640449][ T4515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.755358][ T4523] loop2: detected capacity change from 0 to 512
[   59.763599][ T4523] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.273: corrupted in-inode xattr: invalid ea_ino
[   59.778338][ T4523] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.273: couldn't read orphan inode 15 (err -117)
[   59.791033][ T4523] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.822003][ T4198] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.892615][ T3341] kernel write not supported for file /17/attr/keycreate (pid: 3341 comm: kworker/1:3)
[   59.903109][ T4526] syz.2.274[4526] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   59.903227][ T4526] syz.2.274[4526] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   59.935868][ T4529] netlink: 'syz.2.275': attribute type 21 has an invalid length.
[   59.955055][ T4529] netlink: 132 bytes leftover after parsing attributes in process `syz.2.275'.
[   59.972747][ T4529] loop2: detected capacity change from 0 to 2048
[   59.995983][ T4529] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.198567][ T4534] netlink: 4 bytes leftover after parsing attributes in process `syz.1.276'.
[   60.200257][   T11] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   60.210835][ T4534] loop1: detected capacity change from 0 to 512
[   60.222312][   T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   60.229529][ T4534] EXT4-fs: Ignoring removed mblk_io_submit option
[   60.241090][   T11] EXT4-fs (loop2): This should not happen!! Data will be lost
[   60.241090][   T11] 
[   60.253016][ T4534] EXT4-fs: test_dummy_encryption option not supported
[   60.257186][   T11] EXT4-fs (loop2): Total free blocks count 0
[   60.257204][   T11] EXT4-fs (loop2): Free/Dirty block details
[   60.257216][   T11] EXT4-fs (loop2): free_blocks=2415919104
[   60.257231][   T11] EXT4-fs (loop2): dirty_blocks=8192
[   60.287310][   T11] EXT4-fs (loop2): Block reservation details
[   60.293395][   T11] EXT4-fs (loop2): i_reserved_data_blocks=512
[   60.313708][  T361] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   60.560957][  T983] kernel write not supported for file /37/attr/keycreate (pid: 983 comm: kworker/0:2)
[   60.571204][ T4552] syz.2.285[4552] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   60.571263][ T4552] syz.2.285[4552] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   60.620163][ T4557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.640339][ T4557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.180454][ T4559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.288'.
[   61.192496][ T4559] loop1: detected capacity change from 0 to 512
[   61.200042][ T4559] EXT4-fs: Ignoring removed mblk_io_submit option
[   61.207173][ T4559] EXT4-fs: test_dummy_encryption option not supported
[   61.224086][ T4561] loop2: detected capacity change from 0 to 164
[   61.236832][ T4561] Unable to read rock-ridge attributes
[   61.252328][ T4561] Unable to read rock-ridge attributes
[   61.260051][ T4561] iso9660: Corrupted directory entry in block 4 of inode 1792
[   61.303837][ T4571] IPv6: Can't replace route, no match found
[   61.360370][ T4571] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   61.384322][ T4583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.392923][ T4583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.405836][   T24] kernel write not supported for file /52/attr/keycreate (pid: 24 comm: kworker/1:0)
[   61.418630][ T4580] syz.2.298[4580] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.418753][ T4580] syz.2.298[4580] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.466947][ T4593] loop3: detected capacity change from 0 to 512
[   61.500929][ T4593] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.303: corrupted in-inode xattr: invalid ea_ino
[   61.515702][ T4593] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.303: couldn't read orphan inode 15 (err -117)
[   61.528123][ T4593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.566331][ T4323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.569292][ T4606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'.
[   61.606812][ T4609] FAULT_INJECTION: forcing a failure.
[   61.606812][ T4609] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   61.620093][ T4609] CPU: 0 UID: 0 PID: 4609 Comm: syz.3.310 Tainted: G        W          6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   61.631966][ T4609] Tainted: [W]=WARN
[   61.635787][ T4609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   61.645853][ T4609] Call Trace:
[   61.649140][ T4609]  <TASK>
[   61.652077][ T4609]  dump_stack_lvl+0xf2/0x150
[   61.656745][ T4609]  dump_stack+0x15/0x20
[   61.661021][ T4609]  should_fail_ex+0x229/0x230
[   61.665773][ T4609]  should_fail+0xb/0x10
[   61.670037][ T4609]  should_fail_usercopy+0x1a/0x20
[   61.675154][ T4609]  _copy_to_user+0x1e/0xa0
[   61.679643][ T4609]  simple_read_from_buffer+0xa0/0x110
[   61.685078][ T4609]  proc_fail_nth_read+0xf9/0x140
[   61.690119][ T4609]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   61.695699][ T4609]  vfs_read+0x195/0x720
[   61.699927][ T4609]  ? __rcu_read_unlock+0x4e/0x70
[   61.705002][ T4609]  ? __fget_files+0x1d4/0x210
[   61.709790][ T4609]  ksys_read+0xeb/0x1b0
[   61.713963][ T4609]  __x64_sys_read+0x42/0x50
[   61.718478][ T4609]  x64_sys_call+0x27d3/0x2d60
[   61.723169][ T4609]  do_syscall_64+0xc9/0x1c0
[   61.727774][ T4609]  ? clear_bhb_loop+0x55/0xb0
[   61.732551][ T4609]  ? clear_bhb_loop+0x55/0xb0
[   61.737248][ T4609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.743232][ T4609] RIP: 0033:0x7f3a9e58c93c
[   61.747656][ T4609] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   61.767461][ T4609] RSP: 002b:00007f3a9d201030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   61.775883][ T4609] RAX: ffffffffffffffda RBX: 00007f3a9e745f80 RCX: 00007f3a9e58c93c
[   61.783948][ T4609] RDX: 000000000000000f RSI: 00007f3a9d2010a0 RDI: 0000000000000006
[   61.791927][ T4609] RBP: 00007f3a9d201090 R08: 0000000000000000 R09: 0000000000000000
[   61.799910][ T4609] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[   61.807888][ T4609] R13: 0000000000000000 R14: 00007f3a9e745f80 R15: 00007ffe59124098
[   61.815872][ T4609]  </TASK>
[   61.945185][ T4636] loop2: detected capacity change from 0 to 512
[   61.955965][ T4636] EXT4-fs: Ignoring removed nobh option
[   61.961680][ T4636] EXT4-fs: Ignoring removed nobh option
[   61.985161][ T4636] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[   61.993592][ T4636] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.318: invalid indirect mapped block 2683928664 (level 1)
[   62.009327][ T4636] EXT4-fs (loop2): 1 truncate cleaned up
[   62.015561][ T4636] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   62.046343][ T4198] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.160658][ T4672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.321'.
[   62.190879][   T29] kauditd_printk_skb: 352 callbacks suppressed
[   62.190897][   T29] audit: type=1400 audit(1726844671.519:4169): avc:  denied  { block_suspend } for  pid=4675 comm="syz.1.322" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   62.246635][   T29] audit: type=1400 audit(1726844671.579:4170): avc:  denied  { module_load } for  pid=4675 comm="syz.1.322" path="/sys/power/wakeup_count" dev="sysfs" ino=193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[   62.842495][ T4783] siw: device registration error -23
[   63.955891][   T35] kernel write not supported for file /179/attr/keycreate (pid: 35 comm: kworker/1:1)
[   64.029869][ T4810] netlink: 8 bytes leftover after parsing attributes in process `syz.1.332'.
[   64.042609][ T4808] loop3: detected capacity change from 0 to 512
[   64.055058][   T29] audit: type=1400 audit(1726844673.379:4171): avc:  denied  { create } for  pid=4811 comm="syz.2.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   64.074527][   T29] audit: type=1400 audit(1726844673.379:4172): avc:  denied  { bind } for  pid=4811 comm="syz.2.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   64.093697][   T29] audit: type=1400 audit(1726844673.379:4173): avc:  denied  { getopt } for  pid=4811 comm="syz.2.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   64.093947][ T4812] loop2: detected capacity change from 0 to 512
[   64.125578][ T4808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.138175][ T4808] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.164919][ T4808] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[   64.175561][ T4808] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[   64.185103][ T4808] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.331: Failed to acquire dquot type 0
[   64.201643][ T4812] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.205767][ T4808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.214186][ T4812] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   64.234322][ T4823] netlink: 'syz.1.336': attribute type 21 has an invalid length.
[   64.242113][ T4823] netlink: 132 bytes leftover after parsing attributes in process `syz.1.336'.
[   64.357165][ T4838] IPv6: Can't replace route, no match found
[   64.391143][ T4838] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   64.433564][ T4766] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.445650][ T4847] netlink: 'syz.3.342': attribute type 21 has an invalid length.
[   64.453433][ T4847] netlink: 132 bytes leftover after parsing attributes in process `syz.3.342'.
[   64.485349][   T29] audit: type=1400 audit(1726844673.809:4174): avc:  denied  { ioctl } for  pid=4811 comm="syz.2.333" path="/43/bus/file2" dev="loop2" ino=16 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   64.509799][   T29] audit: type=1326 audit(1726844673.809:4175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4845 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee2a53def9 code=0x7ffc0000
[   64.533449][   T29] audit: type=1326 audit(1726844673.809:4176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4845 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee2a53def9 code=0x7ffc0000
[   64.565495][ T4766] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.587406][ T4847] loop3: detected capacity change from 0 to 2048
[   64.610644][ T4846] syz.1.341 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   64.623210][ T4847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   64.646979][ T4766] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.666530][ T4822] chnl_net:caif_netlink_parms(): no params data found
[   64.748941][ T4822] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.756149][ T4822] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.766694][ T4822] bridge_slave_0: entered allmulticast mode
[   64.773188][ T4822] bridge_slave_0: entered promiscuous mode
[   64.821469][ T4766] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.840240][ T4822] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.847409][ T4822] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.866929][ T4822] bridge_slave_1: entered allmulticast mode
[   64.874427][ T4855] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   64.890609][ T4822] bridge_slave_1: entered promiscuous mode
[   65.071431][ T4868] loop1: detected capacity change from 0 to 512
[   65.099034][ T4868] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.128602][ T4868] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.346: corrupted in-inode xattr: invalid ea_ino
[   65.134471][   T28] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   65.142706][ T4868] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.346: couldn't read orphan inode 15 (err -117)
[   65.154348][   T28] EXT4-fs (loop3): This should not happen!! Data will be lost
[   65.154348][   T28] 
[   65.175762][   T28] EXT4-fs (loop3): Total free blocks count 0
[   65.181755][   T28] EXT4-fs (loop3): Free/Dirty block details
[   65.187697][   T28] EXT4-fs (loop3): free_blocks=2415919104
[   65.193430][   T28] EXT4-fs (loop3): dirty_blocks=8192
[   65.198756][   T28] EXT4-fs (loop3): Block reservation details
[   65.204768][   T28] EXT4-fs (loop3): i_reserved_data_blocks=512
[   65.213060][ T4822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.224472][   T28] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   65.256558][ T4822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.278836][ T4766] bridge_slave_1: left allmulticast mode
[   65.284584][ T4766] bridge_slave_1: left promiscuous mode
[   65.290364][ T4766] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.314879][ T4868] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   65.345998][ T4766] bridge_slave_0: left allmulticast mode
[   65.351681][ T4766] bridge_slave_0: left promiscuous mode
[   65.357404][ T4766] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.485551][ T4868] EXT4-fs error (device loop1): ext4_find_dest_de:2067: inode #2: block 13: comm syz.1.346: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[   65.559666][ T4889] loop3: detected capacity change from 0 to 512
[   65.619513][ T4889] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   65.634108][ T4889] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.646309][ T4889] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.350: Failed to acquire dquot type 0
[   65.650062][ T3681] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.689450][ T4198] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.690194][ T4889] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.717238][ T4766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   65.739796][ T4766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   65.754854][ T3779] ==================================================================
[   65.762990][ T3779] BUG: KCSAN: data-race in generic_fillattr / shmem_unlink
[   65.770246][ T3779] 
[   65.772589][ T3779] write to 0xffff888100e87260 of 4 bytes by task 3449 on cpu 0:
[   65.780240][ T3779]  shmem_unlink+0x130/0x180
[   65.784760][ T3779]  shmem_rename2+0x1d4/0x2c0
[   65.789372][ T3779]  vfs_rename+0x875/0x9c0
[   65.793712][ T3779]  do_renameat2+0x732/0xa60
[   65.798226][ T3779]  __x64_sys_rename+0x58/0x70
[   65.802914][ T3779]  x64_sys_call+0x1a84/0x2d60
[   65.807624][ T3779]  do_syscall_64+0xc9/0x1c0
[   65.812151][ T3779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.818058][ T3779] 
[   65.820398][ T3779] read to 0xffff888100e87260 of 4 bytes by task 3779 on cpu 1:
[   65.827943][ T3779]  generic_fillattr+0x1dd/0x2f0
[   65.832812][ T3779]  shmem_getattr+0x17b/0x200
[   65.837416][ T3779]  vfs_getattr+0x19b/0x1e0
[   65.841843][ T3779]  vfs_statx+0x134/0x2f0
[   65.846113][ T3779]  vfs_fstatat+0xec/0x110
[   65.850455][ T3779]  __se_sys_newfstatat+0x58/0x260
[   65.855504][ T3779]  __x64_sys_newfstatat+0x55/0x70
[   65.860564][ T3779]  x64_sys_call+0x141f/0x2d60
[   65.865255][ T3779]  do_syscall_64+0xc9/0x1c0
[   65.869760][ T3779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.875666][ T3779] 
[   65.877989][ T3779] value changed: 0x04be1cfd -> 0x0556b37d
[   65.883705][ T3779] 
[   65.886025][ T3779] Reported by Kernel Concurrency Sanitizer on:
[   65.892177][ T3779] CPU: 1 UID: 0 PID: 3779 Comm: udevd Tainted: G        W          6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
[   65.903557][ T3779] Tainted: [W]=WARN
[   65.907357][ T3779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   65.917417][ T3779] ==================================================================
[   65.929123][ T4766] bond0 (unregistering): Released all slaves
[   65.930246][ T4900] syz.3.353[4900] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   65.938318][ T4900] syz.3.353[4900] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   65.962462][ T4896] IPv6: Can't replace route, no match found
[   66.006704][ T4902] geneve2: entered promiscuous mode
[   66.011983][ T4902] geneve2: entered allmulticast mode
[   66.035814][ T4903] netlink: 4 bytes leftover after parsing attributes in process `syz.1.351'.
[   66.045617][ T4822] team0: Port device team_slave_0 added
[   66.052950][ T4822] team0: Port device team_slave_1 added
[   66.077010][ T4766] hsr_slave_0: left promiscuous mode
[   66.098172][ T4766] hsr_slave_1: left promiscuous mode
[   66.100118][ T4902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.354'.
[   66.118094][ T4766] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.125616][ T4766] batman_adv: batadv0: Removing interface: batadv_slave_0
[   66.133582][ T4766] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   66.141137][ T4766] batman_adv: batadv0: Removing interface: batadv_slave_1
[   66.152053][ T4766] veth1_macvtap: left promiscuous mode
[   66.157626][ T4766] veth0_macvtap: left promiscuous mode
[   66.163257][ T4766] veth1_vlan: left promiscuous mode
[   66.168524][ T4766] veth0_vlan: left promiscuous mode
[   66.262104][ T4766] team0 (unregistering): Port device team_slave_1 removed
[   66.272655][ T4766] team0 (unregistering): Port device team_slave_0 removed
Connection to 10.128.0.175 closed by remote host.
[   66.769305][ T4766] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.818467][ T4766] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.858477][ T4766] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.937364][ T4766] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.999296][ T4766] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.059785][ T4766] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.117469][ T4766] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.177462][ T4766] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.259386][ T4766] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.297515][ T4766] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.357884][ T4766] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.407783][ T4766] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.457441][ T4766] bridge_slave_1: left allmulticast mode
[   67.463100][ T4766] bridge_slave_1: left promiscuous mode
[   67.468785][ T4766] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.476734][ T4766] bridge_slave_0: left allmulticast mode
[   67.482375][ T4766] bridge_slave_0: left promiscuous mode
[   67.488031][ T4766] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.496056][ T4766] bridge_slave_1: left allmulticast mode
[   67.501761][ T4766] bridge_slave_1: left promiscuous mode
[   67.507559][ T4766] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.515233][ T4766] bridge_slave_0: left allmulticast mode
[   67.521038][ T4766] bridge_slave_0: left promiscuous mode
[   67.526779][ T4766] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.535084][ T4766] bridge_slave_1: left allmulticast mode
[   67.540752][ T4766] bridge_slave_1: left promiscuous mode
[   67.546429][ T4766] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.554074][ T4766] bridge_slave_0: left allmulticast mode
[   67.559765][ T4766] bridge_slave_0: left promiscuous mode
[   67.565371][ T4766] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.573310][ T4766] bridge_slave_1: left allmulticast mode
[   67.579002][ T4766] bridge_slave_1: left promiscuous mode
[   67.584757][ T4766] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.592896][ T4766] bridge_slave_0: left allmulticast mode
[   67.598660][ T4766] bridge_slave_0: left promiscuous mode
[   67.604332][ T4766] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.946315][ T4766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   67.956677][ T4766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   67.966686][ T4766] bond0 (unregistering): Released all slaves
[   67.975920][ T4766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   67.986303][ T4766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   67.996314][ T4766] bond0 (unregistering): Released all slaves
[   68.004978][ T4766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   68.014924][ T4766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   68.025389][ T4766] bond0 (unregistering): Released all slaves
[   68.034752][ T4766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   68.044756][ T4766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   68.054901][ T4766] bond0 (unregistering): Released all slaves
[   68.102951][ T4766] hsr_slave_0: left promiscuous mode
[   68.108716][ T4766] hsr_slave_1: left promiscuous mode
[   68.116121][ T4766] hsr_slave_0: left promiscuous mode
[   68.121807][ T4766] hsr_slave_1: left promiscuous mode
[   68.127877][ T4766] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.135411][ T4766] batman_adv: batadv0: Removing interface: batadv_slave_0
[   68.143131][ T4766] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.150544][ T4766] batman_adv: batadv0: Removing interface: batadv_slave_1
[   68.159748][ T4766] hsr_slave_0: left promiscuous mode
[   68.165472][ T4766] hsr_slave_1: left promiscuous mode
[   68.175406][ T4766] veth1_macvtap: left promiscuous mode
[   68.180883][ T4766] veth0_macvtap: left promiscuous mode
[   68.186541][ T4766] veth1_vlan: left promiscuous mode
[   68.191803][ T4766] veth0_vlan: left promiscuous mode
[   68.197559][ T4766] veth1_macvtap: left promiscuous mode
[   68.203120][ T4766] veth0_macvtap: left promiscuous mode
[   68.208639][ T4766] veth1_vlan: left promiscuous mode
[   68.213875][ T4766] veth0_vlan: left promiscuous mode
[   68.219516][ T4766] veth1_macvtap: left promiscuous mode
[   68.225026][ T4766] veth0_macvtap: left promiscuous mode
[   68.230541][ T4766] veth1_vlan: left promiscuous mode
[   68.235931][ T4766] veth0_vlan: left promiscuous mode
[   68.398414][ T4766] team0 (unregistering): Port device team_slave_1 removed
[   68.408940][ T4766] team0 (unregistering): Port device team_slave_0 removed
[   68.469274][ T4766] team0 (unregistering): Port device team_slave_1 removed
[   68.479768][ T4766] team0 (unregistering): Port device team_slave_0 removed
[   68.518310][ T4766] team0 (unregistering): Port device team_slave_1 removed
[   68.528460][ T4766] team0 (unregistering): Port device team_slave_0 removed
[   68.586791][ T4766] team0 (unregistering): Port device team_slave_1 removed
[   68.596803][ T4766] team0 (unregistering): Port device team_slave_0 removed