last executing test programs:

3.733185823s ago: executing program 2 (id=547):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00"], 0x0}, 0x90)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r0, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/119, 0x77}], 0x4, &(0x7f0000000540)=""/55, 0x37}}], 0x1, 0x0, 0x0)

3.668039918s ago: executing program 2 (id=548):
keyctl$reject(0x14, 0x0, 0x7fffffffefff, 0x3, 0xffffffffffffffff)
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000540)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)=',$:@^@,\x00', r0)
add_key$user(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x3}, &(0x7f0000000500)='?', 0x1, r0)
keyctl$read(0xb, r0, &(0x7f00000017c0)=""/4096, 0x1000)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000000380)=""/223)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x80044940, &(0x7f00000030c0))
r3 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x90000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x9}, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x200020000, 0x0, 0x0, 0x0, {0x38}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
shutdown(0xffffffffffffffff, 0x2)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

3.62989293s ago: executing program 2 (id=549):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000080)=0x13)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x10, 0x3, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r2, 0x0)
syz_emit_ethernet(0x96, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6010104000600600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYBLOB="84c20000907800"], 0x0)

3.594757243s ago: executing program 2 (id=550):
keyctl$reject(0x14, 0x0, 0x7fffffffefff, 0x3, 0xffffffffffffffff)
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000540)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)=',$:@^@,\x00', r0)
add_key$user(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x3}, &(0x7f0000000500)='?', 0x1, r0)
keyctl$read(0xb, r0, &(0x7f00000017c0)=""/4096, 0x1000)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000000380)=""/223)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x80044940, &(0x7f00000030c0)={0x0, ""/256, <r3=>0x0, <r4=>0x0, <r5=>0x0, 0x0, ""/16, ""/16, ""/16, 0x0, <r6=>0x0, <r7=>0x0})
r8 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x90000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x9}, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x200020000, 0x0, 0x0, 0x0, {0x38}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, r10)
r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000f40)=ANY=[@ANYRES64=r3, @ANYRES8, @ANYRES64=r5, @ANYRES64=r4, @ANYRES32, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRESOCT=r6, @ANYRES8, @ANYRES64=r7], 0x0, 0x0, &(0x7f0000000000))
r12 = open(&(0x7f0000000200)='./bus\x00', 0x1c507e, 0x0)
sendfile(r12, r12, 0x0, 0x100000000)

1.996500412s ago: executing program 1 (id=567):
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0xa00a14, &(0x7f0000000080)=ANY=[], 0x1, 0x322, &(0x7f0000000580)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT72W/ge97EE8ehN29x/wsrfdy1725mVhDyuL7CyZH5roJO6OZqPr9wMy78zzPOP7khieCc4c/vjvb7WKrVeMlsTTSmIiIkcieYlLIOZv4+44Jd225fOJZw8/Xlxe+a5YKs0uKDVXXPqyoJTKTd39/c+Mn7Y/Lgf5nw+fFp4cvH/w4eHLpV+rtqraqt5oKUOtNh63jFXLVOtVu6YrNW+Zhm2qat02m1684cUrVmNjo62M+vpkdqNp2rYy6m1VM9uq1VCtZlsZvxjVutJ1XU1mJUwq9OhtVd5ZWDCKEYvXrngyiOqF4zgDwk6saCREJHMuUt4Z6rwAAMC1dKb/T7gtfaT+X3Ju/99JPu3/dz+535r4YS/n9//7qbD+/6tH3rl6+v+0iFxp/58OWf35jujG23qT5Ev1/7geps5f08Z69prNopH1/35df/+0O+0O6P8BAAAAAAAAAAAAAAAAAAAAALgJjhxHcxxHC7b+zxenGd6xUc4Rw9Pn9dfG/Tumgv1RzxPDsbi8Imn3xr1kTsT6Z7O8Wfa2fjxInBZNjt33g68zDu48Uh15uWdt+fVbm+WEGylWpCqWmDIjmuTP1jvO3Lel2Rnl6a0fk2x3fUE0eS+8vhBan5LPPu2q10WTB2vSEEvWO+/rY+ek/q8Zpb75vnSmPuPmAQAAAADwLtDVidDrd13vF/fqT66ve78fEOm6Pp8OvT5Pah8lR7t2AAAAAABuC7v9R82wLLM5YJCRi3OiD5LRyscG5SS6VtgTku2+S075Twge3koHDIJ/pKilukJp+d8/HOXMwfqHM+e4RKmaEmfcm9VlfnvwtVG/HJkf9uuV7BP64L87z6OdOeY/tbc79PVe+oKVDm0w9lofHk7ikp8+AAAAAN6moOnP2O5ubNTzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNhrwGLDkVT1ObNRrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6LVwEAAP//mxn/6g==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$netlbl_calipso(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0)

1.995719582s ago: executing program 1 (id=568):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbe51, 0x0, 0x0, 0x0, 0x1000}, [@generic={0x31, 0x7, 0xe, 0x3d2d, 0x16}, @generic={0xb3, 0x8, 0x4, 0x6, 0x1000}]}, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x23, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f00000000c0)={[{@jqfmt_vfsold}, {@data_err_abort}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@debug}]}, 0xfe, 0x46d, &(0x7f0000000f00)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQKNbQmQohWD3g0JN6N/4XxpBejXjTxqndDQgwXUC9rZmemLMtu2aXbLnQ/n2S6zzPzdJ/nOzPP7jPz7G4APWsk+5NE/C8ifo+IoTx7a4GR/OHGtYtTf1+7OJVEpfLWX0m13PVrF6fKouX/bcszlUqR39Sg3kvvRkzOzc2cK/Jji2c+GFs4f+GF2TOTp2ZOzZydOHbs8KG9g0cnjnQkziyu67s/nt+z6/g7l9+YOnH5vZ+S/sjjjro4OmUk37sNPd3pyrpse026umOX7fvlZrrRmUA39UVEdrgGqv1/KPpiy/K2oXjts642DlhTlUqlssKr8lIF2MCS6HYLgO4o3+iz699yWaehxz3h6sv5BVAW941iybf0R5on9g3UXd920khEnFj656tsiTW6DwEAUOu7bPzzfKPxXxoP54nB7M//izmU4Yh4ICJ2RMSDEbEzIh6KqJZ9JCIebbP++hmS28c/6ZW7Dq4F2fjvpWJu69bxX1oWGe4rctur8Q8kJ2fnZg4W++RADGw6OZvMjK9Qx/ev/vZFs221479syeovx4JFO670192gm55cnFxNzLWufhqxu79R/EmU0zhJROyKiN13Wcfss/1Nt905/hU0f9qWVb6OeCY//ktRF38paTo/Of7i0YkjY5tjbubgWHlW3O7nXy+92az+VcXfAdnx39rw/F+OfzjZHLFw/sLp6nztQvt1XPrj86bXNG2e/8e3F+f/YPJ2dcVgseGjycXFc+MRg8nrt6+fuPlsZb4sn8V/YH/j/r8jbu6JxyJiT0TsjYjHs4vCou1PRMSTEbF/hfh/fOWp99uPf33mSrP4p+90/KP2+Lef6Dv9w7d3jn9zRDQ7/oerqQPFmlZe/1pt4Gr2HQAAANwv0upn4JN0dDmdpqOj+Wf4d8bWdG5+YfG5k/Mfnp3OPys/HANpeadrqOZ+6Hhxb7jMT9TlDxX3jb/s21LNj07Nz013O3jocdua9P/Mn33dbh2w5jowjwbcp/R/6F36P/SmRP+Hnqb/Q+9q1P8/aVp69Js1bQywrrz/Q+9qof8v5Q/NRwXA/cn7P/Qu/R96UtPvxqer+sr/uif+LX7P8F5pz8ZPRHpPNGPjJ/pb/jGLNhKVobz/Z2s2NSzT7VcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvgvAAD//w3J5b0=")
r2 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x10103e, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
recvmmsg(r1, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2042, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0)
rt_sigsuspend(&(0x7f0000000040)={[0x20000001]}, 0x8)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000040)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c010880"], 0x1d8}}, 0x0)

1.60850486s ago: executing program 0 (id=577):
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket(0x1e, 0x80005, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
getsockname$packet(r1, &(0x7f00000007c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000800)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

1.48013039s ago: executing program 0 (id=578):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

1.47930259s ago: executing program 0 (id=579):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x802, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000000))
r2 = socket$inet(0x2, 0x3, 0x33)
getsockopt$inet_mreqsrc(r2, 0x0, 0x53, &(0x7f0000000100)={@dev, @local, @broadcast}, &(0x7f0000000040)=0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_uring_setup(0x3538, &(0x7f0000000300))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001380)={0x12, 0x4, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x77)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x2d41, 0x0)
flock(r3, 0x11)
ioctl$USBDEVFS_GET_CAPABILITIES(r3, 0x8004551a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
renameat2(0xffffffffffffffff, 0x0, r3, &(0x7f00000000c0)='./file0/file0\x00', 0x0)
r4 = syz_io_uring_complete(0x0)
socket$can_raw(0x1d, 0x3, 0x1)
ioctl$TIOCL_BLANKSCREEN(r4, 0x541c, &(0x7f0000000400))
socket$can_raw(0x1d, 0x3, 0x1)
socket$can_raw(0x1d, 0x3, 0x1)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), r5)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), r5)

1.47797778s ago: executing program 0 (id=580):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002ec0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)="e19a86aa6884dff9fd1605", 0xb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)}}], 0x2, 0x20004000)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005000c0001000000080006004802000005000b"], 0x44}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000009385000000710000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000300000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140000001100010004000000000000000000000a"], 0x74}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xfc, 0x597, &(0x7f0000000900)="$eJzs3c9rG8ceAPDvyj8S2+HFgRDee4dHIIeXkEaO7f5IodD0WNrQQHtPha2YYDkKlh1iN9Dk0Fx6KaFQSgOlf0DvPYZeeuxfEWhDQwmmPZSCy8orR7Zsy5blSIk+H1h7ZmdXM6PdGc1oV2wAPetk+icX8Z+I+CKJOFqX1h9Z4sm17Vae3p5KlyRWVz/8PYkkW1fbPsn+j2SRf0fEj59FnM015ltZWp4tlErF+Sw+tjB3Y6yytHzu2lxhpjhTvD4xOXnhtcmJN994vaV6JZtXDEacufzn1x88fPfC56dWvvr+8bH7SVyMI1lyfT324U595GTh7yw0EBc3bTjehsy6ScP73dyZgygHe9OXtfOBSPuAo9GXtXrg5fdpRKwCPSrR/qFH1cYBtbl9m+bBL4wn76xNgBrr37/23Ugcrs6NhleSDTOjdL472ob80zx++PXB/XSJnb+HGGoSB9iTO3cj4nx/f2P/l2T9X+vOV7883tnmPHrt8wc66WE6/nllq/FPbn38kxoe3LjfyBZttxXN23/ucRuy2VY6/ntry/Hvetc12pfFctUx30By9VqpeD4i/hURp2PgUBrf6XrOhZVHq9ul1Y//0iXNvzYWzMrxuP/Qxn2mCwuF/dS53pO7Ef/dcvybrB//ZIvxb/peXN5lHieKD/63XVrz+h+s1e8i/r/l8X92RSvZ+frkWPV8GKudFY3+uHfi5+3y73T90+M/vHP9R5P667WVvefx7eG/itultXr+DyYfVcO1bulWYWFhfjxiMHm/cf3Es31r8dr2af1Pn9q5/1s7/zdeGUsnXx/vsv73jt/bdtNuOP7Tezr+ew88eu+Tb7bLf3fH/9Vq/3k6W7Ob/m+3BdzXmwcAAAAAAABdJhcRRyLJ5dfDuVw+v3Z/x/EYzpXKlYWzV8uL16ej+lvZ0RjI1a50H627H2I8ux+2Fp/YFJ+MiGMR8WXfUDWenyqXpjtdeQAAAAAAAAAAAAAAAAAAAOgSI42////tpyztl75mezfdAOh21QcbHOp0KYBOaPrI/3Y86QnoSk3bP/DS0v6hd2n/0Lu0f+hdG9r/QOfKATx/Pv+hd7XS/ocOoBzA8+fzHwAAAAAAAAAAAAAAAAAAAAAAAAAAANrq8qVL6bK68vT2VBqfvrm0OFu+eW66WJnNzy1O5afK8zfyM+XyTKmYnyrPNXu9Url8Y3wiFm+NLRQrC2OVpeUrc+XF60NXrs0VZopXip4uAgAAAAAAAAAAAAAAAAAAAI0qS8uzhVKpON9SoG9/u78ggbejK4pxkBVc09Lu/d1SiwMK5Ee6ohi7COSinS/Y4Y4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr8EwAA///a6TVl")
syz_io_uring_setup(0x1e4e, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, &(0x7f0000000580))
r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x80a, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r5, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000340), &(0x7f000001f200)=0x4)

1.394429327s ago: executing program 4 (id=584):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b708000000005aab7b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x10, &(0x7f00000003c0)=ANY=[], 0xfe, 0x267, &(0x7f0000000740)="$eJzs3cFqU1kYB/AvbTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruiu+gr6BLt4ILcesLiCBVcGNddSFE6k3bpCaxUdOI/f02/Tj3+3POSS/30kVPrvy6vLSwsra4u7sT+XwmsuUox14mijESo5HaCgDge7LXaMSbRmrYawEATof3PwCcPb3e/5mtw7Hzp78yAGBQvujv/5GBLAkAGLCLly7/P1upzF1IknzE8vZ6db2a/kyvzy7G9ahHLaaiEO8iGofS+t//KnNTyb6Xxcgvbzbzm+vV0fb8dBSi2Dk/naSi2pofi4lm/tlE1GImCvFT5/xMx/wP8ecfLfOXohBPr8ZK1GMh9rNpPhcRG9NJ8s+5yrF87kMfAAAAAAAAAAAAAAAAAAAAAAAMQik5VGw//yY9v6dU6nY9zbeeDzTe83yg4+fzZOOX7HD3DgAAAAAAAAAAAAAAAAAAAN+KtZu3lubr9dpqr+LGk3uPdnJp4JPNvYtMc97+Uts9e8ZPtotjxY+/v7jT6VIucv1+Pp9XjEVE60jSnPLhbwOc9GsVj3eu/fzX2uTf3Xoi2zpye3+rbT1dbqTsoD7w14WIrj35vm/I1uL+QVF++1HPwa1UWx0f9i9u8m55/sHG81cnTfV4aDRGB/EoAgAAAAAAAAAAAAAAAACAM+/on36HvRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGJ6j7//vt8hF20i+a/PWsPcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvAwAA//8InpRb")
r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x16d43e, 0x0)
ftruncate(r3, 0x7fff)
io_setup(0x3, 0x0)
io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='a', 0x1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x0, r2, 0x0}])

1.35253885s ago: executing program 0 (id=585):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0xfffffc8f)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
epoll_create1(0x80000)
sendto$inet6(r5, &(0x7f0000000500)="dc", 0x1, 0x40004, &(0x7f0000000100)={0xa, 0x4e23, 0x6, @loopback}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000440)={'team0\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYRES64=r6, @ANYRES32=r6, @ANYBLOB="3c00028038000100240001006e6f746966795f70656572735f696e74657276616c000000000000000000000001000300030000000800040000000000"], 0x58}}, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000680)=ANY=[@ANYRESOCT], &(0x7f0000000600)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', r6, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
io_setup(0x8, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000017c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x168, 0x9, 0x270, 0xa, 0x388, 0x250, 0x250, 0x388, 0x250, 0x3, 0x0, {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'rose0\x00', 'vlan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x40}, 0x6000000, 0x208, 0x270, 0x0, {0x0, 0x28e}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @broadcast}, @private2, @private0, @loopback, @mcast2, @remote, @private0, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xf8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r8}, 0x10)
syz_read_part_table(0x5df, &(0x7f0000000000)="$eJzs3DGIE1kYB/CXIBEFETs7gykichAh3UkEDXGQgAnBQ4s70c4t0qyVRYxgQCzMNhE5Gy0UYQ1aaCUiCCImFkIqUXavuN1l2eJY2CawLHMEZrvjYG/JHQe/Hzx4b97/zcfHMOVM4H8tHf6I4zgVQoj37vz0T/OVs+ey9dONCyGkwi8hhN/zs79OdlJJYvuuR5P1YrIuvt3TvDcf3en2Dhx+nd38nE72byVjZfjw8q6bY+qOXT/+/sh4dOhNNTwenBqc3N+8dK2fL7f7X+qvzjzNPtt+7oUp1X9Z+njwdmc26t4ozXyNWkvRanpjPTr/4FEhM9du5NdOJLkrU6rf3LqYef7kQ7mzvK/4qVqr9V58v59rVd51bo6GuW/ju1eT3MI/eLsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj3Hbt+/P2R8ejQm2p4PDg1OLm/eelaP19u97/UX515mn12NMkVplT/Zenjwdud2ah7ozTzNWotRavpjfXo/INHhcxcu5FfO5HkrvzV4TiO27us39y6mHn+5EO5s7yv+Klaq/VefL+fa1XedW6Ohrlv47tXk9zC3l0WAgAAAAAAAAAAAAAAAAAAgL9ROXsuWz/duDCZ/xxC+GHmx7nJPE6+d08lue3/ACxOrqdDKL7d07w3H93p9g4cfp3d/Pxbkr+VjJXhw8v/QTvs0J8BAAD//9odjZ8=")

1.320899082s ago: executing program 4 (id=586):
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0xa00a14, &(0x7f0000000080)=ANY=[], 0x1, 0x322, &(0x7f0000000580)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT72W/ge97EE8ehN29x/wsrfdy1725mVhDyuL7CyZH5roJO6OZqPr9wMy78zzPOP7khieCc4c/vjvb7WKrVeMlsTTSmIiIkcieYlLIOZv4+44Jd225fOJZw8/Xlxe+a5YKs0uKDVXXPqyoJTKTd39/c+Mn7Y/Lgf5nw+fFp4cvH/w4eHLpV+rtqraqt5oKUOtNh63jFXLVOtVu6YrNW+Zhm2qat02m1684cUrVmNjo62M+vpkdqNp2rYy6m1VM9uq1VCtZlsZvxjVutJ1XU1mJUwq9OhtVd5ZWDCKEYvXrngyiOqF4zgDwk6saCREJHMuUt4Z6rwAAMC1dKb/T7gtfaT+X3Ju/99JPu3/dz+535r4YS/n9//7qbD+/6tH3rl6+v+0iFxp/58OWf35jujG23qT5Ev1/7geps5f08Z69prNopH1/35df/+0O+0O6P8BAAAAAAAAAAAAAAAAAAAAALgJjhxHcxxHC7b+zxenGd6xUc4Rw9Pn9dfG/Tumgv1RzxPDsbi8Imn3xr1kTsT6Z7O8Wfa2fjxInBZNjt33g68zDu48Uh15uWdt+fVbm+WEGylWpCqWmDIjmuTP1jvO3Lel2Rnl6a0fk2x3fUE0eS+8vhBan5LPPu2q10WTB2vSEEvWO+/rY+ek/q8Zpb75vnSmPuPmAQAAAADwLtDVidDrd13vF/fqT66ve78fEOm6Pp8OvT5Pah8lR7t2AAAAAABuC7v9R82wLLM5YJCRi3OiD5LRyscG5SS6VtgTku2+S075Twge3koHDIJ/pKilukJp+d8/HOXMwfqHM+e4RKmaEmfcm9VlfnvwtVG/HJkf9uuV7BP64L87z6OdOeY/tbc79PVe+oKVDm0w9lofHk7ikp8+AAAAAN6moOnP2O5ubNTzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNhrwGLDkVT1ObNRrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6LVwEAAP//mxn/6g==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000440), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0)

1.304871243s ago: executing program 3 (id=587):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x10)
r1 = open(&(0x7f0000000300)='.\x00', 0x418601, 0x0)
flock(r1, 0x2)

1.257640976s ago: executing program 3 (id=588):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0xfc, 0x65, 0x4, 0x0, 0x0, {}, [@TCA_CHAIN={0x8, 0xb, 0xffffffff}, @TCA_RATE={0x6}, @filter_kind_options=@f_flower={{0xb}, {0x8c, 0x2, [@TCA_FLOWER_KEY_MPLS_BOS={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x44, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8}]}]}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @private1={0xfc, 0x1, '\x00', 0x1}}, @TCA_FLOWER_KEY_CVLAN_PRIO={0x5}, @TCA_FLOWER_KEY_ICMPV4_TYPE={0x5}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast1}, @TCA_FLOWER_KEY_SCTP_DST_MASK={0x6}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_CLASSID={0x8, 0x3, {0x7, 0xfff1}}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000ec0)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)='k', 0x1}], 0x1}}], 0x1, 0x0)
sendto$inet6(r0, &(0x7f0000000340)='0', 0x1, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000440)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000540)=0x100)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000480)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='smaps\x00')
preadv2(r2, &(0x7f0000001540)=[{&(0x7f00000004c0)=""/120, 0x78}], 0x1, 0x3b0d, 0x0, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r5, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="02002cbd7000ffdbdf251d0000008c002f8054000380080001000200000005000200030000001400038006000300a0aa0000060001000100000008000100010000000c00050001000000000000000c00050004000000000000000c00050000080000000000000c000200000000000000000008000100000400000c0002000203aaaaaaaaaaaa0c0002000200aaaaaaaaaaaa0800010004000000"], 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x4008080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r7, 0xc0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe9c, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0}}, 0x5)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000085000000d000000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x90)
sendmsg$IEEE802154_SET_MACPARAMS(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r8, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x9}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x3}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0x2b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000800}, 0x80)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r9, 0x403, r9)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x1b0}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000005c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/54, 0x36, 0x0, &(0x7f0000000880)=""/165, 0xa5}, &(0x7f00000006c0)=0x40)

1.256812686s ago: executing program 4 (id=589):
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8)
syz_io_uring_setup(0x4603, &(0x7f00000006c0), 0x0, &(0x7f0000000100))
syz_io_uring_setup(0x1868, &(0x7f0000000140), &(0x7f00000000c0), &(0x7f0000000240))
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x3, 0x362, [], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000076657468315f746f5f62726964676500627269646765300000000000000000006261746164765f736c6176655f300000626f6e645f736c6176655f3100000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000006e000000ce000000fe000000726564697265637400000000000000000000000000000000000000000000000008000000000000000000000000000000434f4e4e5345434d41524b000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000076657468315f746f5f7465616d0000006e7230000000000000000000000000006970366772657461703000000000000076657468315f6d616376746170000000aaaaaaaaaaaa000000000000ffffffffffff0000000000006e000000be000000ee00000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000001000000000000000000000000006970766c616e31000000000000000000697036677265300000000000000000006e657464657673696d3000000000000064766d72703100000000"]}, 0x338)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000500)='./file0\x00', 0x2010048, &(0x7f0000001740)=ANY=[], 0xd, 0x2a9, &(0x7f0000000240)="$eJzs3c9qK2UUAPAzydw06iJF3CiCA7pwVW7dummUK4hdKRHUhQbbgiSh0ELACsau+gQufQ8fwY0b30BwK7hrF5WRycw0qU3/UGMKvb/f6jDfnPOdzFfSVc589fposLOfxPHp79FuJ9HYiq04S2I9GlH7IdIAAB6PszyPv/L7ZKaN5XcDAKxC+f+/9NC9AACr8clnn3/U3d5+9nGWtePVzsm4l0TE6GTcK9e7e/FNDGM3nkYnziPyC2X8wYfbzyLNCuvx1mgy7hWZoy9/rep3/4yY5m9GJ9YX529mpTq/WeW+GFl0957UrXbilcX57/wrP2I0iV4r3n5zrv+N6MRvX8d+DGMnitxZ/vebWfZ+/uPpd18U2xT5SSN6a9P7ZvLmqs4EAAAAAAAAAAAAAAAAAAAAAIDHbyPLknJ8z3R+T3FpOj9n3GueT9c3str8fJ9JPR8oqQuV84HyqEb0TPL4qZ6v8zTLsry6cZafxmupFwsAAAAAAAAAAAAAAAAAAABA4fDbo0F/ONw9WEpQTwOof9Z/3zpbc1feiKNBv3l9wbW77zU/baDo9cabI01jSY/ltuCFop+lV16bHe6nUQb1wSx1r5ffK4seDfpZtVQ/5EE/uW2vdn1wP8+WIm3Ff20sn/5JnOeXz7R90erlrNaSnkbrpYVLf+d5frc67/5RnlF1JZmO2Ljb7k+qYOEHLIL21bP45fqC135lNJfyxQMAAAAAAAAAAAAAAAAAAFwx+9HvgsXjG1Mb/1tTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBis/f/10E7IvrDZO7KlWBSJd90TxW04uDwgT8iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4F/AgAA//9V9E0a")
lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x5c, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@bridge_dellink={0x34, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r3}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8}]}}]}]}, 0x34}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
getxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@known='system.posix_acl_default\x00', 0x0, 0x2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000380)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$sock_int(r4, 0x1, 0x22, &(0x7f0000000200)=0xffffffff, 0x4)
recvmmsg(r4, &(0x7f0000000600), 0x204083acb88ff8b, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
cachestat(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
faccessat(r6, &(0x7f0000000000)='./file0\x00', 0x5)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fstatfs(r7, &(0x7f0000000700)=""/147)

1.108168118s ago: executing program 1 (id=590):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

1.103108138s ago: executing program 1 (id=591):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002ec0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)="e19a86aa6884dff9fd1605", 0xb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)}}], 0x2, 0x20004000)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005000c0001000000080006004802000005000b"], 0x44}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000009385000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000300000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140000001100010004000000000000000000000a"], 0x74}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xfc, 0x597, &(0x7f0000000900)="$eJzs3c9rG8ceAPDvyj8S2+HFgRDee4dHIIeXkEaO7f5IodD0WNrQQHtPha2YYDkKlh1iN9Dk0Fx6KaFQSgOlf0DvPYZeeuxfEWhDQwmmPZSCy8orR7Zsy5blSIk+H1h7ZmdXM6PdGc1oV2wAPetk+icX8Z+I+CKJOFqX1h9Z4sm17Vae3p5KlyRWVz/8PYkkW1fbPsn+j2SRf0fEj59FnM015ltZWp4tlErF+Sw+tjB3Y6yytHzu2lxhpjhTvD4xOXnhtcmJN994vaV6JZtXDEacufzn1x88fPfC56dWvvr+8bH7SVyMI1lyfT324U595GTh7yw0EBc3bTjehsy6ScP73dyZgygHe9OXtfOBSPuAo9GXtXrg5fdpRKwCPSrR/qFH1cYBtbl9m+bBL4wn76xNgBrr37/23Ugcrs6NhleSDTOjdL472ob80zx++PXB/XSJnb+HGGoSB9iTO3cj4nx/f2P/l2T9X+vOV7883tnmPHrt8wc66WE6/nllq/FPbn38kxoe3LjfyBZttxXN23/ucRuy2VY6/ntry/Hvetc12pfFctUx30By9VqpeD4i/hURp2PgUBrf6XrOhZVHq9ul1Y//0iXNvzYWzMrxuP/Qxn2mCwuF/dS53pO7Ef/dcvybrB//ZIvxb/peXN5lHieKD/63XVrz+h+s1e8i/r/l8X92RSvZ+frkWPV8GKudFY3+uHfi5+3y73T90+M/vHP9R5P667WVvefx7eG/itultXr+DyYfVcO1bulWYWFhfjxiMHm/cf3Es31r8dr2af1Pn9q5/1s7/zdeGUsnXx/vsv73jt/bdtNuOP7Tezr+ew88eu+Tb7bLf3fH/9Vq/3k6W7Ob/m+3BdzXmwcAAAAAAABdJhcRRyLJ5dfDuVw+v3Z/x/EYzpXKlYWzV8uL16ej+lvZ0RjI1a50H627H2I8ux+2Fp/YFJ+MiGMR8WXfUDWenyqXpjtdeQAAAAAAAAAAAAAAAAAAAOgSI42////tpyztl75mezfdAOh21QcbHOp0KYBOaPrI/3Y86QnoSk3bP/DS0v6hd2n/0Lu0f+hdG9r/QOfKATx/Pv+hd7XS/ocOoBzA8+fzHwAAAAAAAAAAAAAAAAAAAAAAAAAAANrq8qVL6bK68vT2VBqfvrm0OFu+eW66WJnNzy1O5afK8zfyM+XyTKmYnyrPNXu9Url8Y3wiFm+NLRQrC2OVpeUrc+XF60NXrs0VZopXip4uAgAAAAAAAAAAAAAAAAAAAI0qS8uzhVKpON9SoG9/u78ggbejK4pxkBVc09Lu/d1SiwMK5Ee6ohi7COSinS/Y4Y4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr8EwAA///a6TVl")
syz_io_uring_setup(0x1e4e, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, &(0x7f0000000580))
r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x80a, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r5, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000340), &(0x7f000001f200)=0x4)

1.020143324s ago: executing program 1 (id=592):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000e00)=ANY=[@ANYBLOB="c58e0eb1cc", @ANYBLOB="1efd46cb5c9f7b9c245d33e7f5ddd7e0bcdbaa0b1dd3e25e09f53e90b1b0b4e2d09720b17b8cc12c77409e6e5cc67bbd5ce3c41b333da43fa419939890299b0a58f9a60907cee690eb89a1215296191d5f1381f99d2b5d66e47f2de72a80842620dfe993c684722b0f85b012", @ANYRESOCT=r0, @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[], 0x20}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r5, 0xc0185879, &(0x7f0000000080)={0x0, 0x7fffffff, 0x6e0, 0x1, 0x0, 0x7, 0x2401})
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
sendmsg$tipc(r6, &(0x7f0000000600)={&(0x7f0000000240)=@id={0x1e, 0x3, 0x1, {0x4e23, 0x1}}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000340)="012b7e021f6feb4af46acbbc856341e9c1f96be37bc1a3d3c1a33dd65cdbbc8e3775ba6b7d5aaf61ccde05d921a2d28b5405734445d3dee0481dd61c924325ca0a1a8be23af6d0f34b07f978e1685c621bd2cff30ac2876ec6044d07e88aab1a0b51850b", 0x64}, {&(0x7f00000004c0)="149ede40a3e8ca4a2b8eedc39a5b717f251cd6c84663fa792169adb1f30b388160ba8fb57c48494ff18cc606084622457d1979ada52e33b40d4afb50392f4cb34b61edf5fb622d86761ced42398e8fc2f09ea6b49216834e2353bf74f4876f4a6c709070e61bac52f08dcd13750ba118b7fa01a2342832b68134ebe44672317074c864bfc2bd5b251df9718db2bce8b28d5aa8515280ed6813f4f7983e41cc3be2f86dd6860f98895ca45cf14532fa726f70ad9fcc057cca1e3fd81ca785cba71e5a867c955080c05db69231964ceec4b45196d4594370b1cd3bb95d64bab09d", 0xe0}, {&(0x7f00000003c0)="a7b2372c46cbe8999aaacad37892df4e8cd0355e2f1fb2a6d876b6bcf06c9957530d61f7b16ef922e7b165771205067b8fa29c66288910a435a66604b9fce43ea75b528da2b4db79c730eeb136622285621a51cf34071afab063877f9db96264308919032d9e1965f8db6c93d0bf3346013cd0fc52a3451d8d7181bc5c3904c514c0732039c0170f76a24cdd12af1966af3c14b2c69c71968d4384221a65928c5e9f1961d06ea0f43751886cdc948b0bec", 0xb1}, {&(0x7f0000000280)="cdaa85b081fa41d791b0c3a73a42bfb7fe0810ae708cdb15c6573fad09468b2b9ab75bbb7f0ed8e1c7941e66d8653f2d81be688e", 0x34}], 0x4, 0x0, 0x0, 0x40890}, 0x8044)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB="fc6f"])
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000cc0)={'vcan0\x00', <r9=>0x0})
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000d00)={0x1, 0x0, 0x0, r9, 0x8}, 0xc)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="df3eb525380e30c8fe1d4f5dc1fa66fcd82cf86c77c3ca0bba238ec2362ff9f80b2fbc85050cc4144c1ba4f2cecd994574ff4af0daccf7e74ff0284662563466c51c286c210e5bd218a46b10eaa463b3cb0b5908e95fefb90eb81bf62510ee949a82499c3350cb7140e97711276d30979f530849f13c5bc3880d300d203aabfe957686e7b6ceb28d3f0ced07b5ee3573279a3a59"], 0x1c}}, 0x0)

539.59452ms ago: executing program 2 (id=593):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

539.19362ms ago: executing program 2 (id=594):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000380)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r0, &(0x7f0000000600), 0x204083acb88ff8b, 0x0, 0x0)

478.025794ms ago: executing program 0 (id=595):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x6}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000003000000cfeaff5fea4161043248690293000000407a0c00009500000000000146"], &(0x7f0000000280)='GPL\x00', 0x7ff, 0xd2, &(0x7f00000002c0)=""/210, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0xb, 0x0, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000880)=[r0, r0, r0, 0x1], &(0x7f0000000480)=[{0x5, 0x5, 0xe, 0x2}, {0x0, 0x1, 0x3}, {0x0, 0x5, 0xf}, {0x5, 0x4, 0x7, 0x5}, {0x0, 0x3, 0xb, 0x3}, {0x3, 0x2, 0x3, 0x8}], 0x10, 0x1000}, 0x90)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a04, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0xa}, 0x48)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000800), 0x80000, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r4, 0xc0403d08, &(0x7f0000000840))
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x300}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNISCRNMAP(r6, 0x4b48, &(0x7f0000003d40)=""/172)
acct(0xfffffffffffffffe)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r7, &(0x7f0000000580)="03", 0x1, 0x20000800, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="050000000000000071111d000000000085100000020000008500001f0000000095000007000000009500a5050000e344be86fd66f79cc32a0df5ad55ee62cb8d4733dbe74a370f1dcf"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffe96}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r9 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x6, 0x341442)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r9, 0x8108551b, &(0x7f0000000600)={0x8c2, 0x2, "fa84e8711ae3c5ec05c1eb2ffaec71e88b7de46cd5102f3b890a0266fdf2fe39dfecdf5111260dfabb05abc5443e4f94e3b3e1f6bc77aa67333dae1edfe81544890e5e795acc15717aff8136c49fabfac4408455c7a0709a0a7dbde77baa3eadfdc2a75d2d57270a2b89503e40c8762746c7dbcb6b28af2b395e12b6dff1b20e0d8f4080894ecf55a1b87f52250038209dbfe059fea454c8c4244619aa477ebed9f44f135a549893ae4ae7b8ff007035801b795c3aa8f006443ca19726739fc95129ee09bd5ccea29d25193fed48270e0282f08a7ef2b27278d5643ab1b9de7c1f8ad86f01ee33d0f3647e060ed574d7fa5e51b166bb671faa10591734ecc48f"})
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

396.62682ms ago: executing program 3 (id=596):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000200000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x28, 0x3, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0)

395.168341ms ago: executing program 4 (id=597):
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x2880, 0x1, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r2}, 0x10)
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg")
r3 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0)
r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
write$9p(r3, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200)
sendfile(r3, r4, 0x0, 0xe066)
sendfile(r3, r4, 0x0, 0xffff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0), 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r6}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000680)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r8, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000540)={'ip6_vti0\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x29, 0x9, 0x9, 0x4, 0x1, @mcast1, @local, 0x20, 0x80, 0x7fffffff, 0x2}})
connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000002200), 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

380.012842ms ago: executing program 3 (id=598):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x10)
r1 = open(&(0x7f0000000300)='.\x00', 0x418601, 0x0)
flock(r1, 0x2)

303.228777ms ago: executing program 3 (id=599):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
get_robust_list(0x0, &(0x7f0000000240)=0x0, &(0x7f0000000340)) (fail_nth: 1)

271.27826ms ago: executing program 3 (id=600):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x19, &(0x7f0000000740)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000009500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000a000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0xfffff000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r4, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000400)={0x9, {{0x2, 0x0, @multicast2}}, 0x1}, 0x90)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108)
r6 = socket(0x23, 0x5, 0x0)
unshare(0x28020480)
connect$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f00000004c0)={0x9, {{0x2, 0x0, @multicast2}}, 0x1, 0x1, [{{0x2, 0x0, @loopback}}]}, 0x110)
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x829852, &(0x7f00000001c0), 0x1, 0x4ce, &(0x7f0000000740)="$eJzs3E9sFFUcAODfbFtaoMiKiIKoi2hsNLZQUDiYGIwmHjQx4kGPTVsIUqihNRFCZEkMHg2Jd+PRqwev6s14MvGKRxNDQgwXwNOY2Z1tt9vdpX+2Xdt+X7Ld92be7Js3b97Mm/e6G8CWVcr+JBGDEXErInZHRKExQan6dv/u1fEHd6+ORzlNT/+TZJvFvSyeS/L3nXlkqBBR+DKZX1Fn5vKV82NTU5OX8vjI7IVPR2YuX3nl3IWxs5NnJy+Onjx5/NjRE6+Nvrr8QjXJLyvXvQNfTB/c/87HN98b760tH8jf68vRKaUoNduVihc6nVmX7aoLJ73tUr6x9jvDkmXnf1ZdfZX2vzt6om3lAZtImqZpf+vV5bTR9UVLgA0riW7vAdAdtRt99vxbezXrCGxbm+5H1905VX0Aysp9P39FPFtZWBsH6Wt4vu2kUkR8VP732+wVazQOAQBQ7+dTtZ5gQ/+vGLGvLt0j+RxKMSIejYg9EfFYROyNiMejmvaJiHiy4fN7IiJtk3+pIb64/1O4vboStpf1/17P57bm+39RPwtW7MljuyJqHebJI/kxGYq+/jPnpiaPtsnjl7f++LrVuvr+X/bK8q/1BfP9uN3bMEA3MTY7tuICN7hzPeJAb2P5k96IZG4mIImI/RFxYBmfW6wLn3vp+4Nzkb6F6R5e/oq06TxaB6Yq0u8iXqzWfzkW1P98jkn7+cmRgZiaPDKSnQVHmubx2+833m+V/0PL/+NfjZu8feKn03nLWr2s/nfUnf9Rm7+dL38xiUjm5mtnlp/HjT+/avlMs9Lzf1vyYSVcey79fGx29tLRiG3Ju4uXj85vW4tn71Guln/ocPP2vyffJjsST0VEdhI/HRHPRPUJsRTptUMR8VxEHG5T/l/ffP6TlZd/bWXln2h6/VtQ//Pz9a0CSbmausmqnvOHbj1ocfFYWv0fr4SG8iXNr3/JgktEmz1dEFjt8QMAAICNoBARg3VjSYNRKAwPV8eA9saOwtT0zOzLZ6Y/uzhR/Y5AMfoKtZGu6nhwX1Ib/yzWxUcb4sfyceNverZX4sPj01MTXS05sLPS5pPC8Ny1oNr+M393ZogZ+D/zlR/Yuh7W/vfdXKcdAdad+z9sXXXtv9wiSdl/ysDmtJT7v7FA2Jyatf9rlb+tfr7KMwNsBuny23Kb3wsCNprltH/3fdhceuODuXChq3sCrDf3dNiSlvQl+RUH0v7mqwZiceIYaP+BPbGy3djeJK+uBLKeVVdy376SrWojvy3TRGF5H9gfnanTM6s/LGf3dfzkT/P5sU7X4A/r0k6bBdpfN0YH1+6aBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0En/BQAA//+NHdx3")
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r7)
sendmsg$TIPC_NL_MON_GET(r7, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000c40)={0xd4, r8, 0x200, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x4}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xc4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xce}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK={0x5c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x198a}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x81}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}]}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8f7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6d1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x8000}, 0x40080)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f00000004c0)=ANY=[@ANYBLOB="000000004c90020052feffff0300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a2abd96b305bfc07f86e53cc2b6c5c887e919b8b8ed3b52f4f58dda1f86130c7637d64652cf06c9486ad8a774ba7eff578d429cfdf1db9e3d54c4ba32effe8a8bd97e1b2fea"])
socketpair(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x8911, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x10004, &(0x7f0000000a00), 0x0, 0x4c0, &(0x7f0000000540)="$eJzs3d9rXFUeAPDvnWSStJ1u0t3C/njZbtvdLpTOZLKk0IVlW/ZhF9aC2D+gxmQaQyaZkJnUJBRM/wUVLfggIvjki6DvRcRXfRH1QXzxSRAtFRF8GJk7kzZNMklImkzNfD5wuPfcO5nvORnu+c6cSe4JoGudioiViOiLiGcjYrB1PGmVuNwsjcfdv3drvFGSqNevfZek5xv1WPMzDcdazzkQEc/8N+K5ZGPc6tLy9Fi5XJpv1Qu1mblCdWn5wtTM2GRpsjQ7Mjx6abR4sVgsPra+vvRj7venP7j8rzeeeuvjt99bXEzW9HdtP3ZrZZNjza5nI7fmWG9E/H+vwZ4QPa3+9HW6IexKJiJ+GxGn0+t/MHrSVxMAOMzq9cGoD66tAwCHXePzfy6STL41F5CLTCafb87hnYyjmXKlWjt/o7IwOxHpHNZQZDM3psql4dbc2VBkk0a9mO4/rI+sq/8jIk5ExCv9R9J6frxSnujkGx8A6GLH1uX/H/qb+R8AOOQGOt0AAODAyf8A0H3kfwDoPvI/AHQf+R8Auo/8DwDdR/4HgK7y9NWrjVJfvf/1xM2lhenKzQsTpep0fmZhPD9emZ/LT1Yqk+k9e2a2e75ypTJ3MWYXFgu1UrVWqC4tX5+pLMzWrqf39b5eyh5IrwCArZz4890vkohY+eeRtMSatRzkajjcMp1uANAxPZ1uANAxVvuC7uUzPrDJEr1rZNv/idCd3cc09wCdde6P5v+hW8nB0L3M/0P3Mv8P3ateT6z5DwBdZjdz/Jf34X0I0Dlbf/+/xS1C9vD9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPza5dKSZPKttcBzkcnk8xHHI2IossmNqXJpOCJ+ExGf92f7G/VipxsNAOxR5puktf7XucGzufVn+5Kf+tNtRLzw+rXXFsdqtfli4/j3D47X7rSOj3Si/QDAdlbz9GoeX3X/3q3x1XKQ7fn2SnNx0Y3xe6M33Q5ENiKO3k9a9abG+5WexxB/5XZE/GGz+EnkIo4MtVY+XR+/Efv4/sePh/Ezj8TPpOea28bv4nePoS3Qbe5eaS5ovvH6y8SpdLv59T+QjlB71378yzwY/3rajH+ndtrHjwb/1zb+7Yg/9W4+/qzGT9rEP7vD+F9Xvny53bn6mxHnNs0/ySOxCrWZuUJ1afnC1MzYZGmyNDsyPHpptHixWCwW0jnqwupM9Ub/fvWzF7fq/9E28Qe26f9fd9j/rz75z4d/2SL+389s/vqf3CJ+Iyf+bYfx3znz/vPtzjXiT7Tp/3av//kdxr/76bs/7/ChAMABqC4tT4+Vy6V5O3b2c6fvyWiGnZ3udHpkAvbbw4u+0y0BAAAAAAAAAAAAAADaOYh/J+p0HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi8fgkAAP//ZCDc4A==")
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
mount_setattr(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r11}, 0x2c, {'wfdno', 0x3d, r11}})
get_robust_list(0x0, &(0x7f0000000240)=0x0, &(0x7f0000000340))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000003640))

96.343333ms ago: executing program 4 (id=601):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

85.608734ms ago: executing program 1 (id=602):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket(0x2, 0x3, 0xff)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000130000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r3 = syz_io_uring_setup(0xf3d, &(0x7f0000000480), &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000540)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x50, 0x2000, @fd=r3, 0xfff, 0x0})
io_uring_enter(r3, 0x47fa, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=603):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101)
openat$random(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
write$sndseq(r1, 0x0, 0x0)
r2 = dup(r1)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNGETFILTER(r4, 0x801054db, &(0x7f0000000840)=""/83)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x9c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000000000,privport'])
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r5, 0x8008662c, &(0x7f0000000040)={0x8})
ioctl$TUNSETSTEERINGEBPF(r4, 0x800454e0, &(0x7f0000000080)=r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @lookup={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_SET_ID={0x8}, @NFTA_LOOKUP_SET={0x9, 0x1, 'syz2\x00'}, @NFTA_LOOKUP_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x4}}, 0xd0}}, 0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x1)

kernel console output (not intermixed with test programs):

d files will use data=ordered instead of data journaling mode
[  122.105955][ T4449] EXT4-fs (loop2): 1 orphan inode deleted
[  122.111751][ T4449] EXT4-fs (loop2): 1 truncate cleaned up
[  122.117869][ T4449] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.177586][ T3783] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  122.192173][ T3783] EXT4-fs (loop2): Remounting filesystem read-only
[  122.199767][ T3783] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[  122.209600][ T3783] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[  122.483633][ T4452] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  122.524861][ T4458] loop4: detected capacity change from 0 to 2048
[  122.545455][ T4458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.550612][ T4461] loop0: detected capacity change from 0 to 512
[  123.474185][   T29] kauditd_printk_skb: 237 callbacks suppressed
[  123.474268][   T29] audit: type=1326 audit(1725112686.301:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4475 comm="syz.0.182" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f95b8dc9eb9 code=0x0
[  123.865013][ T4479] netlink: 28 bytes leftover after parsing attributes in process `syz.0.182'.
[  123.874765][   T29] audit: type=1400 audit(1725112686.701:981): avc:  denied  { read } for  pid=4475 comm="syz.0.182" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  123.898103][   T29] audit: type=1400 audit(1725112686.701:982): avc:  denied  { open } for  pid=4475 comm="syz.0.182" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  123.924402][ T3783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.940892][  T274] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.978397][  T274] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.990134][   T29] audit: type=1400 audit(1725112686.811:983): avc:  denied  { mounton } for  pid=4482 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  124.039826][  T274] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.073914][ T3786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.107977][  T274] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.143209][ T4482] chnl_net:caif_netlink_parms(): no params data found
[  124.166578][ T4500] loop3: detected capacity change from 0 to 512
[  124.190061][ T4482] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.197527][ T4482] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.207770][ T4507] syz.3.189 uses obsolete (PF_INET,SOCK_PACKET)
[  124.214616][ T4482] bridge_slave_0: entered allmulticast mode
[  124.221033][ T4482] bridge_slave_0: entered promiscuous mode
[  124.228261][ T4482] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.235423][ T4482] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.242642][ T4482] bridge_slave_1: entered allmulticast mode
[  124.249046][ T4482] bridge_slave_1: entered promiscuous mode
[  124.278247][ T4482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.287786][  T274] bridge_slave_1: left allmulticast mode
[  124.293467][  T274] bridge_slave_1: left promiscuous mode
[  124.299629][  T274] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.307774][  T274] bridge_slave_0: left allmulticast mode
[  124.313517][  T274] bridge_slave_0: left promiscuous mode
[  124.319468][  T274] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.336581][ T4509] loop3: detected capacity change from 0 to 2048
[  124.375142][ T4509] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.473532][  T274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  124.512325][   T29] audit: type=1326 audit(1725112687.331:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4508 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6bc19eb9 code=0x7ffc0000
[  124.535817][   T29] audit: type=1326 audit(1725112687.331:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4508 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6bc19eb9 code=0x7ffc0000
[  124.559231][   T29] audit: type=1326 audit(1725112687.331:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4508 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7ffa6bc19eb9 code=0x7ffc0000
[  124.582634][   T29] audit: type=1326 audit(1725112687.331:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4508 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6bc19eb9 code=0x7ffc0000
[  124.602708][  T274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  124.605990][   T29] audit: type=1326 audit(1725112687.331:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4508 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7ffa6bc19eb9 code=0x7ffc0000
[  124.637787][   T29] audit: type=1326 audit(1725112687.331:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4508 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6bc19eb9 code=0x7ffc0000
[  124.663830][  T274] bond0 (unregistering): Released all slaves
[  124.670758][ T4513] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  124.686072][ T4482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.702830][ T4509] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  124.718901][ T4509] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28
[  124.735524][ T4509] EXT4-fs (loop3): This should not happen!! Data will be lost
[  124.735524][ T4509] 
[  124.748593][ T4509] EXT4-fs (loop3): Total free blocks count 0
[  124.755259][ T4509] EXT4-fs (loop3): Free/Dirty block details
[  124.761302][ T4509] EXT4-fs (loop3): free_blocks=2415919104
[  124.768410][ T4509] EXT4-fs (loop3): dirty_blocks=32
[  124.773672][ T4509] EXT4-fs (loop3): Block reservation details
[  124.779870][ T4509] EXT4-fs (loop3): i_reserved_data_blocks=2
[  124.794748][ T4482] team0: Port device team_slave_0 added
[  124.801460][ T4482] team0: Port device team_slave_1 added
[  124.808998][ T4517] loop0: detected capacity change from 0 to 256
[  124.836284][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.836875][ T4482] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.852226][ T4482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.878552][ T4482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  124.907694][  T274] hsr_slave_0: left promiscuous mode
[  124.917571][  T274] hsr_slave_1: left promiscuous mode
[  124.925421][  T274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  124.932851][  T274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  124.964907][  T274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  124.972340][  T274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  124.990671][  T274] veth1_macvtap: left promiscuous mode
[  124.996318][  T274] veth0_macvtap: left promiscuous mode
[  125.001868][  T274] veth1_vlan: left promiscuous mode
[  125.007183][  T274] veth0_vlan: left promiscuous mode
[  125.129477][  T274] team0 (unregistering): Port device team_slave_1 removed
[  125.140698][  T274] team0 (unregistering): Port device team_slave_0 removed
[  125.176301][ T4482] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.183315][ T4482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.209587][ T4482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.246897][ T4550] loop1: detected capacity change from 0 to 2048
[  125.264840][ T4482] hsr_slave_0: entered promiscuous mode
[  125.270917][ T4482] hsr_slave_1: entered promiscuous mode
[  125.280480][ T4550] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.294701][ T4546] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  125.301980][ T4546] IPv6: NLM_F_CREATE should be set when creating new route
[  125.514167][ T3789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.544659][ T4584] netlink: 20 bytes leftover after parsing attributes in process `syz.4.203'.
[  125.682828][  T274] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.722474][ T4482] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  125.737590][ T4482] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  125.746844][ T4482] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  125.764054][  T274] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.776758][ T4482] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  125.810618][  T274] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.856800][ T4482] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.873343][  T274] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.902052][ T4482] 8021q: adding VLAN 0 to HW filter on device team0
[  125.925595][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.932675][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.943762][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.950874][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.989891][  T274] bridge_slave_1: left allmulticast mode
[  125.995565][  T274] bridge_slave_1: left promiscuous mode
[  126.001292][  T274] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.010814][  T274] bridge_slave_0: left allmulticast mode
[  126.016977][  T274] bridge_slave_0: left promiscuous mode
[  126.022741][  T274] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.084244][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.116435][  T274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  126.126731][  T274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  126.137886][  T274] bond0 (unregistering): Released all slaves
[  126.262641][ T4614] chnl_net:caif_netlink_parms(): no params data found
[  126.281135][  T274] hsr_slave_0: left promiscuous mode
[  126.290183][  T274] hsr_slave_1: left promiscuous mode
[  126.298449][  T274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  126.306145][  T274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  126.319838][  T274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.327582][  T274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.350260][  T274] veth1_macvtap: left promiscuous mode
[  126.355794][  T274] veth0_macvtap: left promiscuous mode
[  126.361353][  T274] veth1_vlan: left promiscuous mode
[  126.366675][  T274] veth0_vlan: left promiscuous mode
[  126.523533][  T274] team0 (unregistering): Port device team_slave_1 removed
[  126.545601][  T274] team0 (unregistering): Port device team_slave_0 removed
[  126.552825][ T4681] loop4: detected capacity change from 0 to 2048
[  126.577249][ T4681] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.618315][ T4482] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.721605][ T4614] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.728863][ T4614] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.738216][ T4614] bridge_slave_0: entered allmulticast mode
[  126.744719][ T4614] bridge_slave_0: entered promiscuous mode
[  126.759406][ T4614] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.766592][ T4614] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.774069][ T4614] bridge_slave_1: entered allmulticast mode
[  126.780613][ T4614] bridge_slave_1: entered promiscuous mode
[  126.812141][ T4614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.852149][ T4614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.897181][ T4482] veth0_vlan: entered promiscuous mode
[  126.909146][ T4614] team0: Port device team_slave_0 added
[  126.916529][ T4614] team0: Port device team_slave_1 added
[  126.941938][ T4482] veth1_vlan: entered promiscuous mode
[  126.976629][ T4614] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.983720][ T4614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.009884][ T4614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.023355][ T4614] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.030342][ T4614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.056363][ T4614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.078493][ T4710] loop1: detected capacity change from 0 to 256
[  127.100514][ T4482] veth0_macvtap: entered promiscuous mode
[  127.108173][ T4482] veth1_macvtap: entered promiscuous mode
[  127.116668][ T4614] hsr_slave_0: entered promiscuous mode
[  127.123016][ T4614] hsr_slave_1: entered promiscuous mode
[  127.130026][ T4614] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.137829][ T4614] Cannot create hsr debugfs directory
[  127.188653][ T4482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.199296][ T4482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.209156][ T4482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.219615][ T4482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.229447][ T4482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.239885][ T4482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.253305][ T4482] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.274430][ T4482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.285040][ T4482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.294864][ T4482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.305312][ T4482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.315119][ T4482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.325531][ T4482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.336691][ T4482] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.369290][ T4482] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.378041][ T4482] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.386908][ T4482] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.395610][ T4482] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.420525][ T4734] loop3: detected capacity change from 0 to 128
[  127.436337][ T4734] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  127.570608][ T4614] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  127.589009][ T4756] netlink: 28 bytes leftover after parsing attributes in process `syz.3.219'.
[  127.600535][ T4614] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  127.615289][ T4756] team_slave_0: entered promiscuous mode
[  127.621018][ T4756] team_slave_0: entered allmulticast mode
[  127.640195][ T4614] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  127.657136][ T4614] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  127.692619][ T4766] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 925 (only 8 groups)
[  127.720368][ T4614] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.738250][ T4614] 8021q: adding VLAN 0 to HW filter on device team0
[  127.754002][ T3374] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.761092][ T3374] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.771796][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.778958][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.833672][ T4783] loop3: detected capacity change from 0 to 256
[  127.871752][ T4614] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.981236][ T4614] veth0_vlan: entered promiscuous mode
[  127.995798][ T4614] veth1_vlan: entered promiscuous mode
[  128.047892][ T4614] veth0_macvtap: entered promiscuous mode
[  128.069271][ T4614] veth1_macvtap: entered promiscuous mode
[  128.086168][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.096742][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.106576][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.117051][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.126970][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.137519][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.147373][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.157832][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.172739][ T4614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.206502][ T4835] FAULT_INJECTION: forcing a failure.
[  128.206502][ T4835] name failslab, interval 1, probability 0, space 0, times 0
[  128.216080][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.219290][ T4835] CPU: 1 UID: 0 PID: 4835 Comm: syz.1.226 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  128.229650][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.240267][ T4835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  128.240283][ T4835] Call Trace:
[  128.240291][ T4835]  <TASK>
[  128.240297][ T4835]  dump_stack_lvl+0xf2/0x150
[  128.240328][ T4835]  dump_stack+0x15/0x20
[  128.240345][ T4835]  should_fail_ex+0x229/0x230
[  128.240411][ T4835]  ? getname_flags+0x81/0x3b0
[  128.240437][ T4835]  should_failslab+0x8f/0xb0
[  128.240465][ T4835]  kmem_cache_alloc_noprof+0x4c/0x290
[  128.250403][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.260313][ T4835]  getname_flags+0x81/0x3b0
[  128.260345][ T4835]  user_path_at+0x26/0x110
[  128.260363][ T4835]  __se_sys_mount_setattr+0x49c/0x1300
[  128.263651][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.266647][ T4835]  __x64_sys_mount_setattr+0x67/0x80
[  128.266675][ T4835]  x64_sys_call+0x2a7b/0x2d60
[  128.266700][ T4835]  do_syscall_64+0xc9/0x1c0
[  128.266746][ T4835]  ? clear_bhb_loop+0x55/0xb0
[  128.271410][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.271422][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.271434][ T4614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.275753][ T4835]  ? clear_bhb_loop+0x55/0xb0
[  128.275771][ T4835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.275809][ T4835] RIP: 0033:0x7f63b7d59eb9
[  128.275829][ T4835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.275849][ T4835] RSP: 002b:00007f63b69d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[  128.275866][ T4835] RAX: ffffffffffffffda RBX: 00007f63b7ef5f80 RCX: 00007f63b7d59eb9
[  128.275877][ T4835] RDX: 0000000000008800 RSI: 0000000020001d80 RDI: 0000000000000005
[  128.280531][ T4614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.449361][ T4835] RBP: 00007f63b69d7090 R08: 0000000000000020 R09: 0000000000000000
[  128.457417][ T4835] R10: 0000000020001dc0 R11: 0000000000000246 R12: 0000000000000001
[  128.465643][ T4835] R13: 0000000000000000 R14: 00007f63b7ef5f80 R15: 00007ffff352db58
[  128.473902][ T4835]  </TASK>
[  128.508747][ T4614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.528191][ T4614] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.536996][ T4614] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.545821][ T4614] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.554649][ T4614] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.664060][   T29] kauditd_printk_skb: 39 callbacks suppressed
[  128.664107][   T29] audit: type=1326 audit(1725112691.491:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.724641][ T4860] loop3: detected capacity change from 0 to 512
[  128.743987][ T4860] journal_path: Lookup failure for './file1'
[  128.748856][   T29] audit: type=1326 audit(1725112691.521:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.749998][ T4860] EXT4-fs: error: could not find journal device path
[  128.773335][   T29] audit: type=1326 audit(1725112691.521:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.773377][   T29] audit: type=1326 audit(1725112691.521:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.773402][   T29] audit: type=1326 audit(1725112691.521:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.773427][   T29] audit: type=1326 audit(1725112691.521:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.773449][   T29] audit: type=1326 audit(1725112691.521:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.897714][   T29] audit: type=1326 audit(1725112691.521:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.921243][   T29] audit: type=1326 audit(1725112691.521:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.944522][   T29] audit: type=1326 audit(1725112691.521:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4856 comm="syz.0.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  128.979998][ T4852] loop2: detected capacity change from 0 to 512
[  129.000064][ T4852] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  129.020399][ T4852] EXT4-fs (loop2): 1 orphan inode deleted
[  129.026269][ T4852] EXT4-fs (loop2): 1 truncate cleaned up
[  129.033438][ T4852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.040365][ T4875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.240'.
[  129.054313][ T4875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.240'.
[  129.063086][ T4875] vlan1: entered promiscuous mode
[  129.068364][ T4875] vlan1: entered allmulticast mode
[  129.073472][ T4875] veth0_vlan: entered allmulticast mode
[  129.086317][ T4875] veth0_vlan: left allmulticast mode
[  129.120267][ T4482] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  129.135324][ T4482] EXT4-fs (loop2): Remounting filesystem read-only
[  129.141995][ T4482] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[  129.161248][ T4482] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[  129.229258][ T4883] netlink: 280 bytes leftover after parsing attributes in process `syz.3.244'.
[  129.384850][ T4889] 9pnet_fd: Insufficient options for proto=fd
[  129.430243][ T4876] netlink: 28 bytes leftover after parsing attributes in process `syz.0.238'.
[  129.442767][ T4890] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  129.560943][ T3789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.582058][ T4893] loop4: detected capacity change from 0 to 128
[  129.592058][ T4893] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  129.689949][ T4902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.252'.
[  129.698857][ T4902] netlink: 4 bytes leftover after parsing attributes in process `syz.1.252'.
[  129.707876][ T4902] geneve0: entered promiscuous mode
[  129.713247][ T4902] geneve0: entered allmulticast mode
[  129.930811][ T4910] netlink: 'syz.1.255': attribute type 27 has an invalid length.
[  130.005653][ T4910] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.012977][ T4910] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.097738][ T4910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.115760][ T4910] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.188185][ T4910] geneve0: left promiscuous mode
[  130.193179][ T4910] geneve0: left allmulticast mode
[  130.214057][ T4910] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.222981][ T4910] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.231941][ T4910] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.240925][ T4910] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.338854][ T4943] loop0: detected capacity change from 0 to 512
[  130.348526][ T4943] EXT4-fs: Ignoring removed orlov option
[  130.368944][ T4946] loop1: detected capacity change from 0 to 128
[  130.385023][ T4943] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  130.396697][ T4943] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[  130.405138][ T4946] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  130.406804][ T4943] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.260: Corrupt directory, running e2fsck is recommended
[  130.447900][ T4943] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  130.460911][ T4943] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.260: corrupted in-inode xattr: invalid ea_ino
[  130.475883][ T4943] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.260: couldn't read orphan inode 15 (err -117)
[  130.491459][ T4943] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.529668][ T4614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.551737][ T4950] Zero length message leads to an empty skb
[  130.560633][ T4941] loop3: detected capacity change from 0 to 512
[  130.583135][ T4957] FAULT_INJECTION: forcing a failure.
[  130.583135][ T4957] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  130.596359][ T4957] CPU: 0 UID: 0 PID: 4957 Comm: syz.1.266 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  130.606991][ T4957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  130.608108][ T4960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[  130.617160][ T4957] Call Trace:
[  130.625971][ T4960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'.
[  130.629211][ T4957]  <TASK>
[  130.638112][ T4960] team0: entered promiscuous mode
[  130.640847][ T4957]  dump_stack_lvl+0xf2/0x150
[  130.645871][ T4960] team_slave_0: entered promiscuous mode
[  130.650413][ T4957]  dump_stack+0x15/0x20
[  130.656117][ T4960] team_slave_1: entered promiscuous mode
[  130.660172][ T4957]  should_fail_ex+0x229/0x230
[  130.665895][ T4960] team0: entered allmulticast mode
[  130.670514][ T4957]  should_fail+0xb/0x10
[  130.675579][ T4960] team_slave_0: entered allmulticast mode
[  130.679659][ T4957]  should_fail_usercopy+0x1a/0x20
[  130.685388][ T4960] team_slave_1: entered allmulticast mode
[  130.696417][ T4957]  _copy_from_user+0x1e/0xd0
[  130.701071][ T4957]  copy_msghdr_from_user+0x54/0x2a0
[  130.706365][ T4957]  __sys_sendmsg+0x17d/0x280
[  130.710967][ T4957]  __x64_sys_sendmsg+0x46/0x50
[  130.715790][ T4957]  x64_sys_call+0x2689/0x2d60
[  130.720459][ T4957]  do_syscall_64+0xc9/0x1c0
[  130.725009][ T4957]  ? clear_bhb_loop+0x55/0xb0
[  130.729678][ T4957]  ? clear_bhb_loop+0x55/0xb0
[  130.734420][ T4957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.740401][ T4957] RIP: 0033:0x7f63b7d59eb9
[  130.744809][ T4957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.764407][ T4957] RSP: 002b:00007f63b69d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  130.772849][ T4957] RAX: ffffffffffffffda RBX: 00007f63b7ef5f80 RCX: 00007f63b7d59eb9
[  130.780896][ T4957] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004
[  130.788858][ T4957] RBP: 00007f63b69d7090 R08: 0000000000000000 R09: 0000000000000000
[  130.796850][ T4957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.804981][ T4957] R13: 0000000000000000 R14: 00007f63b7ef5f80 R15: 00007ffff352db58
[  130.812947][ T4957]  </TASK>
[  130.818076][ T4941] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  130.851415][ T4941] EXT4-fs (loop3): 1 orphan inode deleted
[  130.857252][ T4941] EXT4-fs (loop3): 1 truncate cleaned up
[  130.868496][ T4941] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.923278][ T4966] loop0: detected capacity change from 0 to 1024
[  130.938375][ T4966] EXT4-fs: test_dummy_encryption option not supported
[  130.939941][ T3786] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  130.960805][ T3786] EXT4-fs (loop3): Remounting filesystem read-only
[  130.967749][ T3786] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=16
[  130.977785][ T3786] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=16
[  131.030270][ T4961] netlink: 'syz.4.267': attribute type 27 has an invalid length.
[  131.093036][ T4961] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.100368][ T4961] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.166622][ T4961] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  131.177933][ T4961] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  131.231233][ T4961] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.240417][ T4961] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.249688][ T4961] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.258877][ T4961] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.266730][ T3786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.380875][ T3272] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.404505][ T4987] loop4: detected capacity change from 0 to 512
[  131.413277][ T4987] EXT4-fs: Ignoring removed mblk_io_submit option
[  131.425363][ T4987] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  131.437677][ T3272] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.448967][ T4987] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  131.458175][ T4987] System zones: 1-12
[  131.462690][ T4987] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.277: corrupted in-inode xattr: e_value size too large
[  131.477570][ T4987] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.277: couldn't read orphan inode 15 (err -117)
[  131.492485][ T4987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.508471][ T3272] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.560896][ T4983] chnl_net:caif_netlink_parms(): no params data found
[  131.577788][ T3272] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.611910][ T4983] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.618996][ T4983] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.626367][ T4983] bridge_slave_0: entered allmulticast mode
[  131.632822][ T4983] bridge_slave_0: entered promiscuous mode
[  131.639754][ T4983] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.647207][ T4983] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.654699][ T4983] bridge_slave_1: entered allmulticast mode
[  131.661151][ T4983] bridge_slave_1: entered promiscuous mode
[  131.680347][ T4983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.690906][ T4983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.711757][ T4983] team0: Port device team_slave_0 added
[  131.727043][ T4983] team0: Port device team_slave_1 added
[  131.752942][ T4983] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.759912][ T4983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.786008][ T4983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.797011][ T3272] bridge_slave_1: left allmulticast mode
[  131.802729][ T3272] bridge_slave_1: left promiscuous mode
[  131.808615][ T3272] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.816371][ T3272] bridge_slave_0: left allmulticast mode
[  131.822031][ T3272] bridge_slave_0: left promiscuous mode
[  131.827826][ T3272] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.985692][ T3272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.996010][ T3272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  132.005989][ T3272] bond0 (unregistering): Released all slaves
[  132.015015][ T4983] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.021993][ T4983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.048031][ T4983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.081721][ T4983] hsr_slave_0: entered promiscuous mode
[  132.087874][ T4983] hsr_slave_1: entered promiscuous mode
[  132.093877][ T4983] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  132.101516][ T4983] Cannot create hsr debugfs directory
[  132.129515][ T3272] hsr_slave_0: left promiscuous mode
[  132.135404][ T3272] hsr_slave_1: left promiscuous mode
[  132.141141][ T3272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.149254][ T3272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.156863][ T3272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.157968][ T5010] loop1: detected capacity change from 0 to 512
[  132.164296][ T3272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  132.180050][ T3272] veth1_macvtap: left promiscuous mode
[  132.185722][ T3272] veth0_macvtap: left promiscuous mode
[  132.191346][ T3272] veth1_vlan: left promiscuous mode
[  132.196745][ T3272] veth0_vlan: left promiscuous mode
[  132.206352][ T5010] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.219188][ T5010] ext4 filesystem being mounted at /38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  132.254811][ T3789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.270512][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.275175][ T5014] FAULT_INJECTION: forcing a failure.
[  132.275175][ T5014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  132.292700][ T5014] CPU: 0 UID: 0 PID: 5014 Comm: syz.4.281 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  132.303375][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  132.313472][ T5014] Call Trace:
[  132.316735][ T5014]  <TASK>
[  132.319652][ T5014]  dump_stack_lvl+0xf2/0x150
[  132.324237][ T5014]  dump_stack+0x15/0x20
[  132.328394][ T5014]  should_fail_ex+0x229/0x230
[  132.333157][ T5014]  should_fail+0xb/0x10
[  132.337358][ T5014]  should_fail_usercopy+0x1a/0x20
[  132.342427][ T5014]  _copy_from_user+0x1e/0xd0
[  132.347033][ T5014]  ext4_ioctl+0x9d9/0x2de0
[  132.351540][ T5014]  ? ioctl_has_perm+0x28b/0x2e0
[  132.356385][ T5014]  ? do_vfs_ioctl+0x1196/0x1560
[  132.361279][ T5014]  ? selinux_file_ioctl+0x2f7/0x380
[  132.366575][ T5014]  ? __fget_files+0x1da/0x210
[  132.371295][ T5014]  ? __pfx_ext4_ioctl+0x10/0x10
[  132.376162][ T5014]  __se_sys_ioctl+0xd3/0x150
[  132.380744][ T5014]  __x64_sys_ioctl+0x43/0x50
[  132.385323][ T5014]  x64_sys_call+0x15cc/0x2d60
[  132.389991][ T5014]  do_syscall_64+0xc9/0x1c0
[  132.394484][ T5014]  ? clear_bhb_loop+0x55/0xb0
[  132.399187][ T5014]  ? clear_bhb_loop+0x55/0xb0
[  132.403852][ T5014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.410159][ T5014] RIP: 0033:0x7f606c3b9eb9
[  132.414628][ T5014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.434270][ T5014] RSP: 002b:00007f606b037038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  132.442672][ T5014] RAX: ffffffffffffffda RBX: 00007f606c555f80 RCX: 00007f606c3b9eb9
[  132.450633][ T5014] RDX: 00000000200003c0 RSI: 000000004004662b RDI: 000000000000000a
[  132.458591][ T5014] RBP: 00007f606b037090 R08: 0000000000000000 R09: 0000000000000000
[  132.466549][ T5014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.474608][ T5014] R13: 0000000000000000 R14: 00007f606c555f80 R15: 00007fff214083b8
[  132.482616][ T5014]  </TASK>
[  132.516416][ T5020] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  132.536155][ T3272] team0 (unregistering): Port device team_slave_1 removed
[  132.557159][ T3272] team0 (unregistering): Port device team_slave_0 removed
[  132.572903][ T5022] loop1: detected capacity change from 0 to 2048
[  132.594481][ T5025] loop4: detected capacity change from 0 to 128
[  132.605763][ T5025] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  132.610685][ T5022] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.659610][ T5029] loop0: detected capacity change from 0 to 2048
[  132.676455][ T5029] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.781092][ T5044] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  132.799588][ T5045] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  132.825666][ T5044] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  132.845458][ T4482] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.861741][ T5045] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28
[  132.874184][ T5045] EXT4-fs (loop0): This should not happen!! Data will be lost
[  132.874184][ T5045] 
[  132.883913][ T5045] EXT4-fs (loop0): Total free blocks count 0
[  132.889959][ T5045] EXT4-fs (loop0): Free/Dirty block details
[  132.896028][ T5045] EXT4-fs (loop0): free_blocks=2415919104
[  132.901753][ T5045] EXT4-fs (loop0): dirty_blocks=32
[  132.906950][ T5045] EXT4-fs (loop0): Block reservation details
[  132.912947][ T5045] EXT4-fs (loop0): i_reserved_data_blocks=2
[  132.921634][ T5044] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28
[  132.934219][ T5044] EXT4-fs (loop1): This should not happen!! Data will be lost
[  132.934219][ T5044] 
[  132.944150][ T5044] EXT4-fs (loop1): Total free blocks count 0
[  132.950438][ T5044] EXT4-fs (loop1): Free/Dirty block details
[  132.956384][ T5044] EXT4-fs (loop1): free_blocks=2415919104
[  132.962117][ T5044] EXT4-fs (loop1): dirty_blocks=32
[  132.967262][ T5044] EXT4-fs (loop1): Block reservation details
[  132.973317][ T5044] EXT4-fs (loop1): i_reserved_data_blocks=2
[  133.135672][ T4983] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  133.148868][ T4983] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  133.171111][ T3272] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.183111][ T4983] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  133.198182][ T4983] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  133.217969][ T3272] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.256811][ T3272] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.303587][ T3272] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.318156][ T5060] chnl_net:caif_netlink_parms(): no params data found
[  133.336268][ T4983] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.385033][ T4983] 8021q: adding VLAN 0 to HW filter on device team0
[  133.398550][ T3272] bridge_slave_1: left allmulticast mode
[  133.404416][ T3272] bridge_slave_1: left promiscuous mode
[  133.410076][ T3272] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.418538][ T3272] bridge_slave_0: left allmulticast mode
[  133.424357][ T3272] bridge_slave_0: left promiscuous mode
[  133.430016][ T3272] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.536286][ T3272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  133.546279][ T3272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  133.556279][ T3272] bond0 (unregistering): Released all slaves
[  133.575176][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.582261][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.602232][ T5060] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.609553][ T5060] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.619448][ T5060] bridge_slave_0: entered allmulticast mode
[  133.626567][ T5060] bridge_slave_0: entered promiscuous mode
[  133.629747][ T5113] netlink: 8 bytes leftover after parsing attributes in process `syz.4.291'.
[  133.648352][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.655509][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.668792][ T5060] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.675902][ T5060] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.683344][ T5060] bridge_slave_1: entered allmulticast mode
[  133.689917][ T5060] bridge_slave_1: entered promiscuous mode
[  133.728035][ T3272] hsr_slave_0: left promiscuous mode
[  133.734329][ T3272] hsr_slave_1: left promiscuous mode
[  133.740114][ T3272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.747541][ T3272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.755071][ T3272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.762545][ T3272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.771876][ T3272] veth1_macvtap: left promiscuous mode
[  133.777492][ T3272] veth0_macvtap: left promiscuous mode
[  133.783015][ T3272] veth1_vlan: left promiscuous mode
[  133.788302][ T3272] veth0_vlan: left promiscuous mode
[  133.866006][ T3272] team0 (unregistering): Port device team_slave_1 removed
[  133.876742][ T3272] team0 (unregistering): Port device team_slave_0 removed
[  133.913450][ T5060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.927676][ T5060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.949672][ T5060] team0: Port device team_slave_0 added
[  133.957940][ T5060] team0: Port device team_slave_1 added
[  133.975910][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.982888][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.008873][ T5060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.020485][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.027462][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.053579][ T5060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.081030][ T4983] 8021q: adding VLAN 0 to HW filter on device batadv0
[  134.090958][ T5060] hsr_slave_0: entered promiscuous mode
[  134.098678][ T5060] hsr_slave_1: entered promiscuous mode
[  134.235820][ T4983] veth0_vlan: entered promiscuous mode
[  134.249051][ T4983] veth1_vlan: entered promiscuous mode
[  134.259315][ T5158] loop4: detected capacity change from 0 to 256
[  134.277524][ T5158] FAT-fs (loop4): bogus logical sector size 8
[  134.283722][ T5158] FAT-fs (loop4): Can't find a valid FAT filesystem
[  134.301048][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  134.301060][   T29] audit: type=1326 audit(1725112697.121:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5151 comm="syz.4.292" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f606c3b9eb9 code=0x0
[  134.315063][ T4983] veth0_macvtap: entered promiscuous mode
[  134.356560][   T29] audit: type=1400 audit(1725112697.181:1210): avc:  denied  { connect } for  pid=5151 comm="syz.4.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  134.376470][   T29] audit: type=1400 audit(1725112697.181:1211): avc:  denied  { name_connect } for  pid=5151 comm="syz.4.292" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  134.378079][ T4983] veth1_macvtap: entered promiscuous mode
[  134.411859][   T29] audit: type=1400 audit(1725112697.231:1212): avc:  denied  { connect } for  pid=5170 comm="syz.4.293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  134.412111][ T5171] FAULT_INJECTION: forcing a failure.
[  134.412111][ T5171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.443962][ T4983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.444504][ T5171] CPU: 1 UID: 0 PID: 5171 Comm: syz.4.293 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  134.454880][ T4983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.465362][ T5171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  134.465383][ T5171] Call Trace:
[  134.465391][ T5171]  <TASK>
[  134.480508][ T4983] batman_adv: batadv0: Interface activated: batadv_slave_0
[  134.485241][ T5171]  dump_stack_lvl+0xf2/0x150
[  134.485270][ T5171]  dump_stack+0x15/0x20
[  134.494496][ T4983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.498621][ T5171]  should_fail_ex+0x229/0x230
[  134.503184][ T4983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.504945][ T4983] batman_adv: batadv0: Interface activated: batadv_slave_1
[  134.507318][ T5171]  should_fail+0xb/0x10
[  134.520983][ T4983] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.522345][ T5171]  should_fail_usercopy+0x1a/0x20
[  134.532164][ T4983] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.539284][ T5171]  _copy_from_iter+0xd3/0xb00
[  134.543432][ T4983] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.552134][ T5171]  ? avc_has_perm+0xd4/0x160
[  134.557173][ T4983] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.565714][ T5171]  ? __check_object_size+0x8b/0x510
[  134.565739][ T5171]  ping_common_sendmsg+0xa5/0x230
[  134.565764][ T5171]  ping_v6_sendmsg+0xe3/0xa00
[  134.607781][ T5171]  ? avc_has_perm+0xd4/0x160
[  134.612453][ T5171]  ? __pfx_ping_v6_sendmsg+0x10/0x10
[  134.617824][ T5171]  inet_sendmsg+0xc5/0xd0
[  134.622134][ T5171]  __sock_sendmsg+0x102/0x180
[  134.626842][ T5171]  ____sys_sendmsg+0x312/0x410
[  134.631695][ T5171]  __sys_sendmsg+0x1e9/0x280
[  134.636307][ T5171]  __x64_sys_sendmsg+0x46/0x50
[  134.641084][ T5171]  x64_sys_call+0x2689/0x2d60
[  134.645741][ T5171]  do_syscall_64+0xc9/0x1c0
[  134.650276][ T5171]  ? clear_bhb_loop+0x55/0xb0
[  134.655003][ T5171]  ? clear_bhb_loop+0x55/0xb0
[  134.659659][ T5171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.665616][ T5171] RIP: 0033:0x7f606c3b9eb9
[  134.670012][ T5171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.689610][ T5171] RSP: 002b:00007f606b037038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  134.697998][ T5171] RAX: ffffffffffffffda RBX: 00007f606c555f80 RCX: 00007f606c3b9eb9
[  134.705946][ T5171] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[  134.713976][ T5171] RBP: 00007f606b037090 R08: 0000000000000000 R09: 0000000000000000
[  134.721996][ T5171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.729964][ T5171] R13: 0000000000000000 R14: 00007f606c555f80 R15: 00007fff214083b8
[  134.738143][ T5171]  </TASK>
[  134.759574][   T29] audit: type=1400 audit(1725112697.581:1213): avc:  denied  { name_bind } for  pid=5172 comm="syz.4.294" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  134.785038][   T29] audit: type=1400 audit(1725112697.611:1214): avc:  denied  { execute } for  pid=5177 comm="syz.4.295" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=11819 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  134.892542][ T5180] 9pnet_fd: Insufficient options for proto=fd
[  134.935078][ T5198] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  134.950503][ T5060] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  134.967011][ T5200] loop3: detected capacity change from 0 to 512
[  134.975575][ T5060] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  134.982405][ T5200] EXT4-fs: Ignoring removed mblk_io_submit option
[  134.989928][ T5200] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  134.999941][ T5188] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  135.010984][ T5060] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  135.021554][ T5200] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  135.024920][ T5060] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  135.029967][ T5200] System zones: 1-12
[  135.041892][ T5200] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.298: corrupted in-inode xattr: e_value size too large
[  135.072482][ T5200] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.298: couldn't read orphan inode 15 (err -117)
[  135.098671][ T5200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.115336][ T5060] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.129749][ T5060] 8021q: adding VLAN 0 to HW filter on device team0
[  135.148730][ T3272] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.155834][ T3272] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.170271][ T3272] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.177380][ T3272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.202808][ T5060] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  135.213225][ T5060] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  135.276492][ T5060] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.358017][ T5060] veth0_vlan: entered promiscuous mode
[  135.366960][ T5060] veth1_vlan: entered promiscuous mode
[  135.382961][ T5060] veth0_macvtap: entered promiscuous mode
[  135.392172][ T5060] veth1_macvtap: entered promiscuous mode
[  135.403394][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.413896][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.424074][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.434511][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.446501][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.457591][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  135.468131][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.477990][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  135.488570][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.499521][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_1
[  135.511531][ T5060] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.520356][ T5060] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.529239][ T5060] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.538038][ T5060] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.579457][ T5271] loop1: detected capacity change from 0 to 2048
[  135.596697][ T5045] syz.0.285 (5045) used greatest stack depth: 9672 bytes left
[  135.606130][ T5271] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.628985][ T4614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.785961][ T5284] loop4: detected capacity change from 0 to 256
[  135.797732][ T5274] loop2: detected capacity change from 0 to 512
[  135.812347][ T5284] FAT-fs (loop4): bogus logical sector size 8
[  135.818540][ T5284] FAT-fs (loop4): Can't find a valid FAT filesystem
[  135.827101][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.835731][ T5274] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  135.843169][   T29] audit: type=1326 audit(1725112698.661:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5280 comm="syz.4.301" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f606c3b9eb9 code=0x0
[  135.877431][ T5274] EXT4-fs (loop2): 1 orphan inode deleted
[  135.883242][ T5274] EXT4-fs (loop2): 1 truncate cleaned up
[  135.890661][ T5274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.934768][ T5283] netlink: 'syz.0.302': attribute type 27 has an invalid length.
[  135.975294][ T5060] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  135.989991][ T5060] EXT4-fs (loop2): Remounting filesystem read-only
[  136.003296][ T5295] loop3: detected capacity change from 0 to 512
[  136.010180][ T5060] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[  136.019114][ T5060] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[  136.032610][ T5283] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.035070][ T5295] journal_path: Lookup failure for './file1'
[  136.039868][ T5283] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.045764][ T5295] EXT4-fs: error: could not find journal device path
[  136.089981][ T5283] team0: left promiscuous mode
[  136.094886][ T5283] team_slave_0: left promiscuous mode
[  136.100605][ T5283] team_slave_1: left promiscuous mode
[  136.106102][ T5283] team0: left allmulticast mode
[  136.110958][ T5283] team_slave_0: left allmulticast mode
[  136.116510][ T5283] team_slave_1: left allmulticast mode
[  136.172138][ T5283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.186186][ T5283] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.231121][ T5283] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  136.240204][ T5283] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  136.249396][ T5283] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  136.258371][ T5283] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  136.377134][ T5306] dummy0: entered promiscuous mode
[  136.382281][ T5306] dummy0: entered allmulticast mode
[  136.407552][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.437905][ T5307] loop0: detected capacity change from 0 to 512
[  136.448125][ T5309] loop3: detected capacity change from 0 to 2048
[  136.453058][ T5307] journal_path: Lookup failure for './file1'
[  136.460605][ T5307] EXT4-fs: error: could not find journal device path
[  136.502234][ T5312] FAULT_INJECTION: forcing a failure.
[  136.502234][ T5312] name failslab, interval 1, probability 0, space 0, times 0
[  136.514901][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: syz.1.310 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  136.525526][ T5312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  136.535606][ T5312] Call Trace:
[  136.538867][ T5312]  <TASK>
[  136.541782][ T5312]  dump_stack_lvl+0xf2/0x150
[  136.546371][ T5312]  dump_stack+0x15/0x20
[  136.550511][ T5312]  should_fail_ex+0x229/0x230
[  136.555178][ T5312]  ? sel_netport_sid+0x1e0/0x420
[  136.560202][ T5312]  should_failslab+0x8f/0xb0
[  136.564875][ T5312]  __kmalloc_cache_noprof+0x4b/0x2a0
[  136.570245][ T5312]  sel_netport_sid+0x1e0/0x420
[  136.575136][ T5312]  selinux_socket_connect_helper+0x35c/0x480
[  136.581161][ T5312]  selinux_socket_connect+0x31/0x70
[  136.586443][ T5312]  security_socket_connect+0x4a/0x80
[  136.591725][ T5312]  __sys_connect+0x13b/0x1c0
[  136.596357][ T5312]  __x64_sys_connect+0x41/0x50
[  136.601117][ T5312]  x64_sys_call+0x2220/0x2d60
[  136.605825][ T5312]  do_syscall_64+0xc9/0x1c0
[  136.610389][ T5312]  ? clear_bhb_loop+0x55/0xb0
[  136.615108][ T5312]  ? clear_bhb_loop+0x55/0xb0
[  136.619788][ T5312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.625679][ T5312] RIP: 0033:0x7f63b7d59eb9
[  136.630111][ T5312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.650009][ T5312] RSP: 002b:00007f63b69d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  136.658487][ T5312] RAX: ffffffffffffffda RBX: 00007f63b7ef5f80 RCX: 00007f63b7d59eb9
[  136.666441][ T5312] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003
[  136.674416][ T5312] RBP: 00007f63b69d7090 R08: 0000000000000000 R09: 0000000000000000
[  136.682429][ T5312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.690386][ T5312] R13: 0000000000000000 R14: 00007f63b7ef5f80 R15: 00007ffff352db58
[  136.698487][ T5312]  </TASK>
[  136.716818][ T5309] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.801215][   T29] audit: type=1326 audit(1725112699.621:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5308 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  136.825449][   T29] audit: type=1326 audit(1725112699.651:1217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5308 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  136.827277][ T5323] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, 
[  136.848778][   T29] audit: type=1326 audit(1725112699.651:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5308 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  136.857160][ T5323] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  136.891232][ T5323] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28
[  136.903602][ T5323] EXT4-fs (loop3): This should not happen!! Data will be lost
[  136.903602][ T5323] 
[  136.913290][ T5323] EXT4-fs (loop3): Total free blocks count 0
[  136.919473][ T5323] EXT4-fs (loop3): Free/Dirty block details
[  136.925416][ T5323] EXT4-fs (loop3): free_blocks=2415919104
[  136.931170][ T5323] EXT4-fs (loop3): dirty_blocks=32
[  136.936306][ T5323] EXT4-fs (loop3): Block reservation details
[  136.942297][ T5323] EXT4-fs (loop3): i_reserved_data_blocks=2
[  136.961040][ T5327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.314'.
[  136.970058][ T5327] batadv_slave_1: entered promiscuous mode
[  136.976142][ T5327] batadv_slave_1: entered allmulticast mode
[  136.982587][ T5327] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.990863][ T5327] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.013042][ T5329] FAULT_INJECTION: forcing a failure.
[  137.013042][ T5329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.026152][ T5329] CPU: 1 UID: 0 PID: 5329 Comm: syz.0.315 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  137.036759][ T5329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  137.046799][ T5329] Call Trace:
[  137.050059][ T5329]  <TASK>
[  137.053053][ T5329]  dump_stack_lvl+0xf2/0x150
[  137.057728][ T5329]  dump_stack+0x15/0x20
[  137.061885][ T5329]  should_fail_ex+0x229/0x230
[  137.066556][ T5329]  should_fail+0xb/0x10
[  137.070773][ T5329]  should_fail_usercopy+0x1a/0x20
[  137.075881][ T5329]  _copy_from_iter+0xd3/0xb00
[  137.080541][ T5329]  ? alloc_pages_mpol_noprof+0xd5/0x1e0
[  137.086147][ T5329]  copy_page_from_iter+0x14f/0x280
[  137.091245][ T5329]  tun_get_user+0x689/0x24b0
[  137.095824][ T5329]  ? kstrtoull+0x110/0x140
[  137.100247][ T5329]  ? ref_tracker_alloc+0x1f5/0x2f0
[  137.105409][ T5329]  tun_chr_write_iter+0x18e/0x240
[  137.110480][ T5329]  vfs_write+0x78f/0x900
[  137.114743][ T5329]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  137.120305][ T5329]  ksys_write+0xeb/0x1b0
[  137.124598][ T5329]  __x64_sys_write+0x42/0x50
[  137.129329][ T5329]  x64_sys_call+0x27dd/0x2d60
[  137.134077][ T5329]  do_syscall_64+0xc9/0x1c0
[  137.138606][ T5329]  ? clear_bhb_loop+0x55/0xb0
[  137.143377][ T5329]  ? clear_bhb_loop+0x55/0xb0
[  137.148051][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.153935][ T5329] RIP: 0033:0x7f6ad9f2899f
[  137.158332][ T5329] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  137.178085][ T5329] RSP: 002b:00007f6ad8ba7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  137.186564][ T5329] RAX: ffffffffffffffda RBX: 00007f6ada0c5f80 RCX: 00007f6ad9f2899f
[  137.194523][ T5329] RDX: 000000000000004c RSI: 0000000020000140 RDI: 00000000000000c8
[  137.202488][ T5329] RBP: 00007f6ad8ba7090 R08: 0000000000000000 R09: 0000000000000000
[  137.210553][ T5329] R10: 000000000000004c R11: 0000000000000293 R12: 0000000000000001
[  137.218509][ T5329] R13: 0000000000000000 R14: 00007f6ada0c5f80 R15: 00007ffdaab58418
[  137.226553][ T5329]  </TASK>
[  137.576800][ T5350] loop4: detected capacity change from 0 to 2048
[  137.595172][ T5350] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.663349][ T5354] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  138.273782][ T5360] loop1: detected capacity change from 0 to 512
[  138.286557][ T5360] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.299462][ T5360] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  138.332974][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.374087][ T5206] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  138.509240][ T5368] netlink: 'syz.1.328': attribute type 27 has an invalid length.
[  138.612027][ T5377] loop1: detected capacity change from 0 to 512
[  139.114429][ T5060] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.127426][ T3272] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.278505][ T5379] chnl_net:caif_netlink_parms(): no params data found
[  139.317016][ T5379] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.322692][   T29] kauditd_printk_skb: 136 callbacks suppressed
[  139.322705][   T29] audit: type=1326 audit(1725112702.141:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.324267][ T5379] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.330674][   T29] audit: type=1326 audit(1725112702.141:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.361268][ T5379] bridge_slave_0: entered allmulticast mode
[  139.384561][   T29] audit: type=1326 audit(1725112702.141:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.384587][   T29] audit: type=1326 audit(1725112702.141:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.391007][ T5379] bridge_slave_0: entered promiscuous mode
[  139.414004][   T29] audit: type=1326 audit(1725112702.141:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.414091][   T29] audit: type=1326 audit(1725112702.141:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.414114][   T29] audit: type=1326 audit(1725112702.141:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.438626][ T5379] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.443182][   T29] audit: type=1326 audit(1725112702.141:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.466466][ T5379] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.489703][   T29] audit: type=1326 audit(1725112702.141:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.522631][ T5379] bridge_slave_1: entered allmulticast mode
[  139.543316][   T29] audit: type=1326 audit(1725112702.141:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5382 comm="syz.0.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  139.546813][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.551017][ T5379] bridge_slave_1: entered promiscuous mode
[  139.642902][ T5379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.667384][ T5397] syzkaller0: entered promiscuous mode
[  139.672861][ T5397] syzkaller0: entered allmulticast mode
[  139.680585][ T5379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.716028][ T5379] team0: Port device team_slave_0 added
[  139.722507][ T5379] team0: Port device team_slave_1 added
[  139.737735][ T5379] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.745133][ T5379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.771131][ T5379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.782817][ T5379] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.789843][ T5379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.815804][ T5379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.840971][ T5379] hsr_slave_0: entered promiscuous mode
[  139.847489][ T5379] hsr_slave_1: entered promiscuous mode
[  139.853485][ T5379] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  139.861093][ T5379] Cannot create hsr debugfs directory
[  139.937553][ T5402] loop1: detected capacity change from 0 to 256
[  140.101426][ T5415] loop0: detected capacity change from 0 to 256
[  140.172628][ T5420] loop1: detected capacity change from 0 to 2048
[  140.186233][ T5423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.194945][ T5420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.195411][ T5423] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.307974][ T5428] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  140.324525][ T5428] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28
[  140.336812][ T5428] EXT4-fs (loop1): This should not happen!! Data will be lost
[  140.336812][ T5428] 
[  140.346469][ T5428] EXT4-fs (loop1): Total free blocks count 0
[  140.352529][ T5428] EXT4-fs (loop1): Free/Dirty block details
[  140.358459][ T5428] EXT4-fs (loop1): free_blocks=2415919104
[  140.364379][ T5428] EXT4-fs (loop1): dirty_blocks=32
[  140.369571][ T5428] EXT4-fs (loop1): Block reservation details
[  140.375619][ T5428] EXT4-fs (loop1): i_reserved_data_blocks=2
[  140.470434][ T5439] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  140.507597][ T5441] loop3: detected capacity change from 0 to 512
[  140.526109][ T5441] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.539877][ T5441] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  140.571507][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.595442][ T3789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.613473][ T5445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.352'.
[  140.797231][ T5447] loop4: detected capacity change from 0 to 512
[  140.810151][ T5447] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  140.825893][ T5447] EXT4-fs (loop4): 1 orphan inode deleted
[  140.831648][ T5447] EXT4-fs (loop4): 1 truncate cleaned up
[  140.837937][ T5447] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.896710][ T3789] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  140.911573][ T3789] EXT4-fs (loop4): Remounting filesystem read-only
[  140.918342][ T3789] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=16
[  140.927770][ T3789] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=16
[  140.994640][ T3789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.157762][ T5451] chnl_net:caif_netlink_parms(): no params data found
[  141.214865][ T5451] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.222029][ T5451] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.229605][ T5451] bridge_slave_0: entered allmulticast mode
[  141.233014][ T5463] loop3: detected capacity change from 0 to 256
[  141.237435][ T5451] bridge_slave_0: entered promiscuous mode
[  141.248991][ T5463] FAT-fs (loop3): bogus logical sector size 8
[  141.249373][ T5451] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.255105][ T5463] FAT-fs (loop3): Can't find a valid FAT filesystem
[  141.269007][ T5451] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.276336][ T5451] bridge_slave_1: entered allmulticast mode
[  141.282634][ T5451] bridge_slave_1: entered promiscuous mode
[  141.299407][ T5451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.310163][ T5451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.329228][ T5451] team0: Port device team_slave_0 added
[  141.336191][ T5451] team0: Port device team_slave_1 added
[  141.351374][ T5451] batman_adv: batadv0: Adding interface: batadv_slave_0
[  141.358400][ T5451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.384376][ T5451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  141.395753][ T5451] batman_adv: batadv0: Adding interface: batadv_slave_1
[  141.402710][ T5451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.428723][ T5451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  141.453506][ T5451] hsr_slave_0: entered promiscuous mode
[  141.459663][ T5451] hsr_slave_1: entered promiscuous mode
[  141.465506][ T5451] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  141.473044][ T5451] Cannot create hsr debugfs directory
[  142.089991][ T5478] loop3: detected capacity change from 0 to 512
[  142.105283][ T5478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.117833][ T5478] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  142.132351][ T3272] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.145262][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.178210][ T3272] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.179701][ T5485] loop3: detected capacity change from 0 to 256
[  142.246486][ T3272] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.338879][ T3272] bridge_slave_1: left allmulticast mode
[  142.341454][ T5489] loop3: detected capacity change from 0 to 256
[  142.344646][ T3272] bridge_slave_1: left promiscuous mode
[  142.356845][ T3272] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.356921][ T5489] FAT-fs (loop3): bogus logical sector size 8
[  142.369982][ T5489] FAT-fs (loop3): Can't find a valid FAT filesystem
[  142.382015][ T3272] bridge_slave_0: left allmulticast mode
[  142.387735][ T3272] bridge_slave_0: left promiscuous mode
[  142.393471][ T3272] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.475625][ T3272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  142.485898][ T3272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  142.496291][ T3272] bond0 (unregistering): Released all slaves
[  142.626090][ T3272] hsr_slave_0: left promiscuous mode
[  142.632026][ T3272] hsr_slave_1: left promiscuous mode
[  142.639447][ T3272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.646929][ T3272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.656125][ T3272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.663753][ T3272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.673300][ T3272] veth1_macvtap: left promiscuous mode
[  142.679055][ T3272] veth0_macvtap: left promiscuous mode
[  142.684628][ T3272] veth1_vlan: left promiscuous mode
[  142.689949][ T3272] veth0_vlan: left promiscuous mode
[  142.768477][ T3272] team0 (unregistering): Port device team_slave_1 removed
[  142.778887][ T3272] team0 (unregistering): Port device team_slave_0 removed
[  142.920555][ T5379] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  142.931177][ T5379] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  142.943621][ T5379] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  142.952466][ T5379] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  142.995753][ T5379] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.008707][ T5379] 8021q: adding VLAN 0 to HW filter on device team0
[  143.020704][ T3374] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.027879][ T3374] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.049782][ T5379] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  143.060202][ T5379] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  143.074519][ T3374] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.081637][ T3374] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.147267][ T5564] loop3: detected capacity change from 0 to 512
[  143.147905][ T5379] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.162824][ T5564] EXT4-fs: Ignoring removed i_version option
[  143.182447][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.200153][   T11] bridge_slave_1: left allmulticast mode
[  143.206019][   T11] bridge_slave_1: left promiscuous mode
[  143.211706][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.221313][ T5564] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  143.241321][   T11] bridge_slave_0: left allmulticast mode
[  143.247100][   T11] bridge_slave_0: left promiscuous mode
[  143.252729][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.290097][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  143.379314][ T5451] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  143.394203][ T5451] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  143.419524][ T5451] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  143.439139][ T5451] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  143.456044][ T5379] veth0_vlan: entered promiscuous mode
[  143.465865][ T5585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.372'.
[  143.474764][ T5585] macsec0: entered promiscuous mode
[  143.480099][ T5585] macsec0: entered allmulticast mode
[  143.485423][ T5585] veth1_macvtap: entered allmulticast mode
[  143.488774][ T5587] FAULT_INJECTION: forcing a failure.
[  143.488774][ T5587] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.495829][ T5379] veth1_vlan: entered promiscuous mode
[  143.504471][ T5587] CPU: 1 UID: 0 PID: 5587 Comm: syz.1.374 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  143.518627][ T5379] veth0_macvtap: entered promiscuous mode
[  143.520557][ T5587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  143.527764][ T5379] veth1_macvtap: entered promiscuous mode
[  143.536279][ T5587] Call Trace:
[  143.536287][ T5587]  <TASK>
[  143.536308][ T5587]  dump_stack_lvl+0xf2/0x150
[  143.536369][ T5587]  dump_stack+0x15/0x20
[  143.557023][ T5587]  should_fail_ex+0x229/0x230
[  143.561820][ T5587]  should_fail+0xb/0x10
[  143.565966][ T5587]  should_fail_usercopy+0x1a/0x20
[  143.570986][ T5587]  _copy_from_user+0x1e/0xd0
[  143.575591][ T5587]  copy_msghdr_from_user+0x54/0x2a0
[  143.580870][ T5587]  __sys_sendmsg+0x17d/0x280
[  143.585464][ T5587]  __x64_sys_sendmsg+0x46/0x50
[  143.590225][ T5587]  x64_sys_call+0x2689/0x2d60
[  143.594895][ T5587]  do_syscall_64+0xc9/0x1c0
[  143.599440][ T5587]  ? clear_bhb_loop+0x55/0xb0
[  143.604105][ T5587]  ? clear_bhb_loop+0x55/0xb0
[  143.608767][ T5587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.614658][ T5587] RIP: 0033:0x7f63b7d59eb9
[  143.619103][ T5587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.638845][ T5587] RSP: 002b:00007f63b69d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.647276][ T5587] RAX: ffffffffffffffda RBX: 00007f63b7ef5f80 RCX: 00007f63b7d59eb9
[  143.655412][ T5587] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000003
[  143.663439][ T5587] RBP: 00007f63b69d7090 R08: 0000000000000000 R09: 0000000000000000
[  143.671394][ T5587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.679408][ T5587] R13: 0000000000000000 R14: 00007f63b7ef5f80 R15: 00007ffff352db58
[  143.687369][ T5587]  </TASK>
[  143.711736][ T5585] veth1_macvtap: left allmulticast mode
[  143.717558][ T5585] veth1_macvtap: left promiscuous mode
[  143.751793][ T5451] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.765867][ T5379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.776357][ T5379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.787175][ T5379] batman_adv: batadv0: Interface activated: batadv_slave_0
[  143.801394][ T5379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.811888][ T5379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.822732][ T5379] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.831025][ T5451] 8021q: adding VLAN 0 to HW filter on device team0
[  143.841104][ T3272] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.848281][ T3272] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.857936][ T5379] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.866712][ T5379] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.875425][ T5379] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.884436][ T5379] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.900862][ T3374] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.908089][ T3374] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.959862][   T11] hsr_slave_0: left promiscuous mode
[  143.970825][   T11] hsr_slave_1: left promiscuous mode
[  143.977193][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.984995][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  144.025088][   T11] team0 (unregistering): Port device team_slave_1 removed
[  144.035193][   T11] team0 (unregistering): Port device team_slave_0 removed
[  144.071972][ T5592] netlink: 'syz.3.376': attribute type 27 has an invalid length.
[  144.131202][ T5592] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.138490][ T5592] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.158647][ T5592] dummy0: left promiscuous mode
[  144.163509][ T5592] dummy0: left allmulticast mode
[  144.207733][ T5592] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.224437][ T5592] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  144.261104][ T5592] macsec0: left promiscuous mode
[  144.266315][ T5592] macsec0: left allmulticast mode
[  144.305857][ T5592] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  144.314956][ T5592] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  144.316253][ T5604] loop0: detected capacity change from 0 to 2048
[  144.324060][ T5592] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  144.339954][ T5592] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  144.429190][ T5612] loop3: detected capacity change from 0 to 256
[  144.447536][ T5451] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.494847][   T29] kauditd_printk_skb: 191 callbacks suppressed
[  144.494868][   T29] audit: type=1400 audit(1725112707.311:1556): avc:  denied  { setopt } for  pid=5611 comm="syz.3.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  144.552231][ T5626] SELinux:  policydb version 1073001066 does not match my version range 15-33
[  144.562084][   T29] audit: type=1326 audit(1725112707.371:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.585716][   T29] audit: type=1326 audit(1725112707.371:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.609337][   T29] audit: type=1326 audit(1725112707.371:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.632917][   T29] audit: type=1326 audit(1725112707.371:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.635363][ T5626] SELinux: failed to load policy
[  144.656402][   T29] audit: type=1326 audit(1725112707.371:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.656432][   T29] audit: type=1326 audit(1725112707.371:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.656453][   T29] audit: type=1326 audit(1725112707.371:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.731546][   T29] audit: type=1326 audit(1725112707.371:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.754849][   T29] audit: type=1326 audit(1725112707.371:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0c7d39eb9 code=0x7ffc0000
[  144.846494][ T5451] veth0_vlan: entered promiscuous mode
[  144.855022][ T5451] veth1_vlan: entered promiscuous mode
[  144.874783][ T5451] veth0_macvtap: entered promiscuous mode
[  144.882371][ T5451] veth1_macvtap: entered promiscuous mode
[  144.892896][ T5451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.903425][ T5451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.917631][ T5451] batman_adv: batadv0: Interface activated: batadv_slave_0
[  144.934797][ T5639] 9pnet_fd: Insufficient options for proto=fd
[  144.944875][ T5451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.954369][ T5641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.385'.
[  144.955425][ T5451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.975303][ T5451] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.985350][ T5451] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.994249][ T5451] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  145.003033][ T5451] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  145.011870][ T5451] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.023941][ T5642] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  145.295994][ T5651] loop3: detected capacity change from 0 to 512
[  145.312867][ T5651] EXT4-fs: Ignoring removed mblk_io_submit option
[  145.320185][ T5651] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  145.329774][ T5651] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  145.337843][ T5651] System zones: 1-12
[  145.342154][ T5651] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.387: corrupted in-inode xattr: e_value size too large
[  145.357774][ T5651] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.387: couldn't read orphan inode 15 (err -117)
[  145.396945][ T5648] netlink: 28 bytes leftover after parsing attributes in process `syz.4.356'.
[  145.621335][ T5666] loop1: detected capacity change from 0 to 512
[  145.635137][ T5666] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  145.679872][ T5670] loop1: detected capacity change from 0 to 256
[  145.816728][ T5677] loop1: detected capacity change from 0 to 512
[  145.840087][ T5682] loop1: detected capacity change from 0 to 128
[  145.846967][ T5682] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  145.897654][ T5684] loop1: detected capacity change from 0 to 128
[  145.905336][ T5684] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  146.042930][ T5688] syzkaller0: entered promiscuous mode
[  146.048471][ T5688] syzkaller0: entered allmulticast mode
[  146.199739][ T5704] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  146.208201][ T5704] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  146.221992][ T5709] loop4: detected capacity change from 0 to 128
[  146.248418][ T5704] loop1: detected capacity change from 0 to 1024
[  146.256862][ T5715] 9pnet_fd: Insufficient options for proto=fd
[  146.279302][ T5704] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.406: bad orphan inode 1536
[  146.309987][ T5721] loop0: detected capacity change from 0 to 512
[  146.404431][ T5733] syzkaller0: entered promiscuous mode
[  146.409921][ T5733] syzkaller0: entered allmulticast mode
[  146.429518][ T5739] FAULT_INJECTION: forcing a failure.
[  146.429518][ T5739] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  146.442633][ T5739] CPU: 0 UID: 0 PID: 5739 Comm: syz.0.420 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  146.453273][ T5739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  146.463347][ T5739] Call Trace:
[  146.466615][ T5739]  <TASK>
[  146.469529][ T5739]  dump_stack_lvl+0xf2/0x150
[  146.474145][ T5739]  dump_stack+0x15/0x20
[  146.478303][ T5739]  should_fail_ex+0x229/0x230
[  146.483100][ T5739]  should_fail+0xb/0x10
[  146.487245][ T5739]  should_fail_usercopy+0x1a/0x20
[  146.492323][ T5739]  _copy_to_user+0x1e/0xa0
[  146.496760][ T5739]  simple_read_from_buffer+0xa0/0x110
[  146.502134][ T5739]  proc_fail_nth_read+0xff/0x140
[  146.507058][ T5739]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  146.512724][ T5739]  vfs_read+0x1a2/0x6e0
[  146.516864][ T5739]  ? mutex_lock+0xd/0x40
[  146.521135][ T5739]  ? sg_ioctl+0xf48/0x1870
[  146.525612][ T5739]  ksys_read+0xeb/0x1b0
[  146.529819][ T5739]  __x64_sys_read+0x42/0x50
[  146.534335][ T5739]  x64_sys_call+0x27d3/0x2d60
[  146.539029][ T5739]  do_syscall_64+0xc9/0x1c0
[  146.543595][ T5739]  ? clear_bhb_loop+0x55/0xb0
[  146.548273][ T5739]  ? clear_bhb_loop+0x55/0xb0
[  146.553045][ T5739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.558984][ T5739] RIP: 0033:0x7f6ad9f288fc
[  146.563417][ T5739] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  146.579448][ T5746] loop2: detected capacity change from 0 to 4096
[  146.583019][ T5739] RSP: 002b:00007f6ad8ba7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  146.583042][ T5739] RAX: ffffffffffffffda RBX: 00007f6ada0c5f80 RCX: 00007f6ad9f288fc
[  146.583054][ T5739] RDX: 000000000000000f RSI: 00007f6ad8ba70a0 RDI: 0000000000000005
[  146.613777][ T5739] RBP: 00007f6ad8ba7090 R08: 0000000000000000 R09: 0000000000000000
[  146.621740][ T5739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.629704][ T5739] R13: 0000000000000000 R14: 00007f6ada0c5f80 R15: 00007ffdaab58418
[  146.637671][ T5739]  </TASK>
[  146.759022][ T5760] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  146.767069][ T5757] loop0: detected capacity change from 0 to 2048
[  146.767316][ T5760] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  146.805370][ T5760] loop3: detected capacity change from 0 to 1024
[  146.824255][ T5760] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.426: bad orphan inode 1536
[  146.965792][ T5775] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  146.974029][ T5775] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  146.981950][ T5776] netlink: 28 bytes leftover after parsing attributes in process `syz.1.416'.
[  146.988487][ T5775] loop3: detected capacity change from 0 to 1024
[  147.005617][ T5775] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.431: bad orphan inode 1536
[  147.042917][ T5780] loop3: detected capacity change from 0 to 2048
[  147.352662][ T5785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.433'.
[  147.603433][ T5789] netlink: 8 bytes leftover after parsing attributes in process `syz.0.435'.
[  147.612288][ T5789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.435'.
[  147.661431][ T5797] loop2: detected capacity change from 0 to 128
[  147.668610][ T5797] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  147.895506][ T5808] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  147.903887][ T5808] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  147.916758][ T5808] loop3: detected capacity change from 0 to 1024
[  147.944659][ T5808] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.444: bad orphan inode 1536
[  147.955588][ T5808] EXT4-fs mount: 20 callbacks suppressed
[  147.955597][ T5808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.981274][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.001787][ T5813] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  148.288234][ T5820] netlink: 28 bytes leftover after parsing attributes in process `syz.1.443'.
[  148.443819][ T5822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.447'.
[  148.452670][ T5822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.447'.
[  148.461463][ T5822] wg2: entered promiscuous mode
[  148.466384][ T5822] wg2: entered allmulticast mode
[  148.483697][ T5824] SELinux:  policydb version 1073001066 does not match my version range 15-33
[  148.492634][ T5824] SELinux: failed to load policy
[  148.528405][ T5828] loop0: detected capacity change from 0 to 512
[  148.545300][ T5828] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.547003][ T5826] loop2: detected capacity change from 0 to 2048
[  148.557872][ T5828] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.582772][ T5828] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=73 sclass=netlink_tcpdiag_socket pid=5828 comm=syz.0.450
[  148.597159][ T5826] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.610326][ T4614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.612550][ T5826] EXT4-fs error (device loop2): ext4_find_extent:936: inode #2: comm syz.2.449: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  148.645171][ T5379] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.671980][ T5837] loop0: detected capacity change from 0 to 256
[  148.713837][ T5842] loop2: detected capacity change from 0 to 512
[  148.904337][ T5859] program syz.3.460 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  149.346999][ T5875] loop4: detected capacity change from 0 to 256
[  149.573241][ T5879] loop0: detected capacity change from 0 to 2048
[  149.585356][ T5879] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.610900][   T29] kauditd_printk_skb: 204 callbacks suppressed
[  149.610913][   T29] audit: type=1326 audit(1725112712.431:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.640434][   T29] audit: type=1326 audit(1725112712.431:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.663923][   T29] audit: type=1326 audit(1725112712.431:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.685036][ T5884] loop2: detected capacity change from 0 to 128
[  149.687332][   T29] audit: type=1326 audit(1725112712.431:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.699679][ T5884] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  149.717888][   T29] audit: type=1326 audit(1725112712.431:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.749488][   T29] audit: type=1326 audit(1725112712.431:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.772838][   T29] audit: type=1326 audit(1725112712.431:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.796149][   T29] audit: type=1326 audit(1725112712.461:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.0.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ad9f29eb9 code=0x7ffc0000
[  149.832670][ T4614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.859367][ T5888] syz.3.470 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  149.904494][   T29] audit: type=1400 audit(1725112712.731:1778): avc:  denied  { read } for  pid=5894 comm="syz.3.475" name="ptp0" dev="devtmpfs" ino=221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  149.917833][ T5892] syzkaller0: entered promiscuous mode
[  149.933124][ T5892] syzkaller0: entered allmulticast mode
[  149.947390][ T5896] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  149.949068][   T29] audit: type=1400 audit(1725112712.731:1779): avc:  denied  { open } for  pid=5894 comm="syz.3.475" path="/dev/ptp0" dev="devtmpfs" ino=221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  150.015121][ T5898] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  150.023307][ T5898] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  150.035769][ T5898] loop0: detected capacity change from 0 to 1024
[  150.048276][ T5898] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.476: bad orphan inode 1536
[  150.059230][ T5898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.100687][ T5890] loop1: detected capacity change from 0 to 512
[  150.107813][ T4614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.137155][ T5890] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.151586][ T5890] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.697245][ T3771] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  150.723026][ T5933] loop1: detected capacity change from 0 to 2048
[  150.738918][ T5933] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.752935][ T5933] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  150.759664][ T5933] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  150.767830][ T5933] vhci_hcd vhci_hcd.0: Device attached
[  150.779358][ T5938] vhci_hcd: connection closed
[  150.779518][ T3272] vhci_hcd: stop threads
[  150.788792][ T3272] vhci_hcd: release socket
[  150.793195][ T3272] vhci_hcd: disconnect device
[  150.954209][ T5942] loop2: detected capacity change from 0 to 2048
[  150.966026][ T5942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.052122][ T5952] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  151.083731][ T5903] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  151.133761][ T5903] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 2: invalid block bitmap
[  151.287814][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.320617][ T5966] loop1: detected capacity change from 0 to 256
[  151.414033][ T5981] loop0: detected capacity change from 0 to 2048
[  151.435649][ T5981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.506654][ T5987] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  151.518518][ T5987] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  151.533687][ T5987] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28
[  151.546101][ T5987] EXT4-fs (loop0): This should not happen!! Data will be lost
[  151.546101][ T5987] 
[  151.555769][ T5987] EXT4-fs (loop0): Total free blocks count 0
[  151.561763][ T5987] EXT4-fs (loop0): Free/Dirty block details
[  151.567769][ T5987] EXT4-fs (loop0): free_blocks=2415919104
[  151.573713][ T5987] EXT4-fs (loop0): dirty_blocks=32
[  151.579003][ T5987] EXT4-fs (loop0): Block reservation details
[  151.585282][ T5987] EXT4-fs (loop0): i_reserved_data_blocks=2
[  151.591630][ T5988] Direct I/O collision with buffered writes! File: /bus Comm: syz.0.503
[  152.216570][ T6000] loop4: detected capacity change from 0 to 256
[  152.228506][ T6000] FAT-fs (loop4): bogus logical sector size 8
[  152.234758][ T6000] FAT-fs (loop4): Can't find a valid FAT filesystem
[  152.266406][ T5998] 9pnet_fd: Insufficient options for proto=fd
[  152.325019][ T6001] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  152.723293][ T6011] netlink: 40 bytes leftover after parsing attributes in process `syz.3.512'.
[  152.763849][ T6011] loop3: detected capacity change from 0 to 1024
[  152.772526][ T6011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.793233][ T6011] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.069458][ T6024] loop1: detected capacity change from 0 to 2048
[  153.086364][ T6024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.210494][ T6029] netlink: 'syz.4.517': attribute type 27 has an invalid length.
[  153.277805][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.285134][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.346896][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.358156][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.411619][ T6029] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.420759][ T6029] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.429793][ T6029] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.438831][ T6029] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.660379][ T6038] loop3: detected capacity change from 0 to 256
[  153.902296][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.928091][ T6048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.523'.
[  153.952230][ T6050] loop1: detected capacity change from 0 to 512
[  153.967872][ T5379] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.975054][ T6050] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.989481][ T6050] ext4 filesystem being mounted at /96/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  154.026319][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.044707][ T6054] loop2: detected capacity change from 0 to 256
[  154.053011][ T6054] FAT-fs (loop2): bogus logical sector size 8
[  154.059256][ T6054] FAT-fs (loop2): Can't find a valid FAT filesystem
[  154.119018][ T6061] loop1: detected capacity change from 0 to 128
[  154.126200][ T6061] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  154.247687][ T6064] 9pnet_fd: Insufficient options for proto=fd
[  154.410819][ T6067] 9pnet_fd: Insufficient options for proto=fd
[  154.470047][ T6072] netlink: 28 bytes leftover after parsing attributes in process `syz.0.532'.
[  154.479306][ T6072] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  154.486578][ T6072] IPv6: NLM_F_CREATE should be set when creating new route
[  154.493839][ T6072] IPv6: NLM_F_CREATE should be set when creating new route
[  154.661561][ T6077] loop3: detected capacity change from 0 to 2048
[  154.686798][ T6077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.687635][ T6079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.708017][ T6079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.905252][ T6085] loop2: detected capacity change from 0 to 2048
[  154.926822][ T6085] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.012668][   T29] kauditd_printk_skb: 129 callbacks suppressed
[  155.012696][   T29] audit: type=1326 audit(1725112717.831:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.085249][ T6090] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  155.116900][   T29] audit: type=1326 audit(1725112717.861:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.140377][   T29] audit: type=1326 audit(1725112717.861:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.164234][   T29] audit: type=1326 audit(1725112717.861:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f95e53e8757 code=0x7ffc0000
[  155.187911][   T29] audit: type=1326 audit(1725112717.861:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f95e53eb65a code=0x7ffc0000
[  155.211834][   T29] audit: type=1326 audit(1725112717.941:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f95e53e8850 code=0x7ffc0000
[  155.223992][ T6092] loop1: detected capacity change from 0 to 2048
[  155.235326][   T29] audit: type=1326 audit(1725112717.941:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.265232][   T29] audit: type=1326 audit(1725112717.941:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.288428][   T29] audit: type=1326 audit(1725112717.941:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.311945][   T29] audit: type=1326 audit(1725112717.941:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6084 comm="syz.2.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f95e53e9eb9 code=0x7ffc0000
[  155.375603][ T6092] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.445125][ T5379] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.461700][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.513311][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.714410][ T6117] loop3: detected capacity change from 0 to 256
[  155.830380][ T6121] loop3: detected capacity change from 0 to 256
[  155.846126][ T6121] FAT-fs (loop3): bogus logical sector size 8
[  155.852399][ T6121] FAT-fs (loop3): Can't find a valid FAT filesystem
[  155.891024][ T6125] loop2: detected capacity change from 0 to 2048
[  155.907417][ T6125] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.949683][ T5379] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.996927][ T6132] loop2: detected capacity change from 0 to 2048
[  156.015624][ T6132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.088865][ T6137] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  156.423380][ T6140] loop4: detected capacity change from 0 to 256
[  156.431691][ T6140] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  156.618992][ T6146] syz.3.554[6146] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  156.619031][ T6146] syz.3.554[6146] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  156.631736][ T6146] netlink: 'syz.3.554': attribute type 4 has an invalid length.
[  156.651503][ T6146] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  156.669874][ T6146] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  156.676473][ T6146] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  156.684150][ T6146] vhci_hcd vhci_hcd.0: Device attached
[  156.733829][ T6147] vhci_hcd: connection closed
[  156.734050][   T40] vhci_hcd: stop threads
[  156.743390][   T40] vhci_hcd: release socket
[  156.748362][   T40] vhci_hcd: disconnect device
[  157.206318][ T6155] loop4: detected capacity change from 0 to 512
[  157.236066][ T6159] loop4: detected capacity change from 0 to 512
[  157.276513][ T6159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.289158][ T6159] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  157.317406][ T5451] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.518675][ T6179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.565'.
[  157.552578][ T6183] loop1: detected capacity change from 0 to 128
[  157.559439][ T6183] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  157.592270][ T6185] loop1: detected capacity change from 0 to 512
[  157.599068][ T6185] EXT4-fs: Ignoring removed mblk_io_submit option
[  157.606079][ T6185] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  157.615482][ T6185] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  157.623788][ T6185] System zones: 1-12
[  157.627939][ T6185] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.568: corrupted in-inode xattr: e_value size too large
[  157.642050][ T6185] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.568: couldn't read orphan inode 15 (err -117)
[  157.654764][ T6185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.884037][ T6198] loop0: detected capacity change from 0 to 256
[  157.927351][ T6200] loop0: detected capacity change from 0 to 512
[  157.983264][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.577'.
[  157.994753][ T6208] macvtap1: entered promiscuous mode
[  158.000074][ T6208] bond0: entered promiscuous mode
[  158.005251][ T6208] bond_slave_0: entered promiscuous mode
[  158.010991][ T6208] bond_slave_1: entered promiscuous mode
[  158.017245][ T6208] macvtap1: entered allmulticast mode
[  158.022615][ T6208] bond0: entered allmulticast mode
[  158.027774][ T6208] bond_slave_0: entered allmulticast mode
[  158.033507][ T6208] bond_slave_1: entered allmulticast mode
[  158.039533][ T6208] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  158.108096][ T6216] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  158.116352][ T6216] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  158.130696][ T6216] loop0: detected capacity change from 0 to 1024
[  158.146016][ T6216] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.580: bad orphan inode 1536
[  158.165101][ T6216] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.172384][ T6224] loop3: detected capacity change from 0 to 512
[  158.196824][ T6224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.202532][ T6226] loop4: detected capacity change from 0 to 256
[  158.210471][ T6224] ext4 filesystem being mounted at /74/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  158.226687][ T4614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.267027][ T6232] loop4: detected capacity change from 0 to 128
[  158.275936][ T4983] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.286314][ T6232] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  158.333393][ T6237] loop4: detected capacity change from 0 to 256
[  158.369700][ T6240] xt_CT: You must specify a L4 protocol and not use inversions on it
[  158.385513][ T6240] loop0: detected capacity change from 0 to 2048
[  158.428120][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.434934][ T6240] Alternate GPT is invalid, using primary GPT.
[  158.443389][ T6240]  loop0: p1 p2 p3
[  158.488598][ T6247] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  158.497062][ T6247] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  158.509993][ T6247] loop1: detected capacity change from 0 to 1024
[  158.524825][ T6247] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.591: bad orphan inode 1536
[  158.535633][ T6247] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.558740][ T3771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.643487][ T6251] 9pnet_fd: Insufficient options for proto=fd
[  158.701767][ T6252] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  158.763645][ T6013] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  159.011267][ T5379] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.205660][ T6263] loop4: detected capacity change from 0 to 256
[  159.228894][ T6268] FAULT_INJECTION: forcing a failure.
[  159.228894][ T6268] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.242044][ T6268] CPU: 0 UID: 0 PID: 6268 Comm: syz.3.599 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  159.252701][ T6268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  159.263004][ T6268] Call Trace:
[  159.266295][ T6268]  <TASK>
[  159.269285][ T6268]  dump_stack_lvl+0xf2/0x150
[  159.274066][ T6268]  dump_stack+0x15/0x20
[  159.274092][ T6268]  should_fail_ex+0x229/0x230
[  159.274113][ T6268]  should_fail+0xb/0x10
[  159.274130][ T6268]  should_fail_usercopy+0x1a/0x20
[  159.274284][ T6268]  _copy_to_user+0x1e/0xa0
[  159.274304][ T6268]  simple_read_from_buffer+0xa0/0x110
[  159.274325][ T6268]  proc_fail_nth_read+0xff/0x140
[  159.274344][ T6268]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  159.274361][ T6268]  vfs_read+0x1a2/0x6e0
[  159.274381][ T6268]  ? __rcu_read_unlock+0x4e/0x70
[  159.274462][ T6268]  ? __fget_files+0x1da/0x210
[  159.274488][ T6268]  ksys_read+0xeb/0x1b0
[  159.274511][ T6268]  __x64_sys_read+0x42/0x50
[  159.274534][ T6268]  x64_sys_call+0x27d3/0x2d60
[  159.274660][ T6268]  do_syscall_64+0xc9/0x1c0
[  159.274688][ T6268]  ? clear_bhb_loop+0x55/0xb0
[  159.274738][ T6268]  ? clear_bhb_loop+0x55/0xb0
[  159.274830][ T6268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.274858][ T6268] RIP: 0033:0x7ff0c7d388fc
[  159.274872][ T6268] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  159.274887][ T6268] RSP: 002b:00007ff0c69b7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  159.274944][ T6268] RAX: ffffffffffffffda RBX: 00007ff0c7ed5f80 RCX: 00007ff0c7d388fc
[  159.274955][ T6268] RDX: 000000000000000f RSI: 00007ff0c69b70a0 RDI: 0000000000000005
[  159.274966][ T6268] RBP: 00007ff0c69b7090 R08: 0000000000000000 R09: 0000000000000000
[  159.274978][ T6268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.274990][ T6268] R13: 0000000000000000 R14: 00007ff0c7ed5f80 R15: 00007ffe32aa18b8
[  159.275083][ T6268]  </TASK>
[  159.335187][ T6270] loop3: detected capacity change from 0 to 512
[  159.470270][ T6270] loop3: detected capacity change from 0 to 512
[  159.497990][ T6273] syz.1.602[6273] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.498128][ T6273] syz.1.602[6273] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.512026][ T6270] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  159.512522][ T6273] netlink: 'syz.1.602': attribute type 4 has an invalid length.
[  159.529504][ T6270] System zones: 0-2, 18-18, 34-35
[  159.547071][ T6270] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.560280][ T6273] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  159.569133][ T6280] 9pnet_fd: Insufficient options for proto=fd
[  159.579610][ T6270] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.606881][ T6283] ==================================================================
[  159.614998][ T6283] BUG: KCSAN: data-race in io_submit_sqes / io_uring_poll
[  159.622133][ T6283] 
[  159.624448][ T6283] read-write to 0xffff8881143f2070 of 4 bytes by task 6273 on cpu 1:
[  159.632584][ T6283]  io_submit_sqes+0x23f/0x1080
[  159.637340][ T6283]  __se_sys_io_uring_enter+0x1c6/0x15a0
[  159.642889][ T6283]  __x64_sys_io_uring_enter+0x78/0x90
[  159.648260][ T6283]  x64_sys_call+0x2567/0x2d60
[  159.653016][ T6283]  do_syscall_64+0xc9/0x1c0
[  159.657518][ T6283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.663415][ T6283] 
[  159.665786][ T6283] read to 0xffff8881143f2070 of 4 bytes by task 6283 on cpu 0:
[  159.674103][ T6283]  io_uring_poll+0xcf/0x190
[  159.678686][ T6283]  __io_arm_poll_handler+0x229/0xf30
[  159.684070][ T6283]  io_arm_poll_handler+0x433/0x5f0
[  159.689175][ T6283]  io_wq_submit_work+0x512/0x600
[  159.694102][ T6283]  io_worker_handle_work+0x486/0x9d0
[  159.699381][ T6283]  io_wq_worker+0x286/0x820
[  159.703872][ T6283]  ret_from_fork+0x4b/0x60
[  159.708279][ T6283]  ret_from_fork_asm+0x1a/0x30
[  159.713044][ T6283] 
[  159.715359][ T6283] value changed: 0x00000f9f -> 0x00000fab
[  159.721168][ T6283] 
[  159.723476][ T6283] Reported by Kernel Concurrency Sanitizer on:
[  159.729701][ T6283] CPU: 0 UID: 0 PID: 6283 Comm: iou-wrk-6273 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  159.740540][ T6283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  159.750586][ T6283] ==================================================================
[  159.762262][ T6284] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(13)
[  159.769268][ T6284] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  159.776935][ T6284] vhci_hcd vhci_hcd.0: Device attached
[  159.783451][ T6284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  159.792362][ T6284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  159.801630][ T6284] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(19)
[  159.808352][ T6284] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  159.816057][ T6284] vhci_hcd vhci_hcd.0: Device attached
[  159.822576][ T6284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  159.831452][ T6284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  159.840254][ T6284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  159.849250][ T6284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  159.858358][ T6284] vhci_hcd vhci_hcd.0: port 0 already used
[  159.973607][ T3784] vhci_hcd: vhci_device speed not set
[  160.053675][ T3784] usb 9-1: new full-speed USB device number 2 using vhci_hcd
[  160.154968][ T6270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.380742][ T6288] vhci_hcd: connection closed
[  160.380915][ T6286] vhci_hcd: connection reset by peer
[  160.391229][   T50] vhci_hcd: stop threads
[  160.395670][   T50] vhci_hcd: release socket
[  160.400138][   T50] vhci_hcd: disconnect device
[  160.405036][   T50] vhci_hcd: stop threads
[  160.409271][   T50] vhci_hcd: release socket
[  160.413908][   T50] vhci_hcd: disconnect device
[  160.956017][ T6280] 9pnet_fd: p9_fd_create_tcp (6280): problem connecting socket to 127.0.0.1
[  165.083676][ T3784] usb 9-1: enqueue for inactive port 0
[  165.089260][ T3784] usb 9-1: enqueue for inactive port 0
[  165.174194][ T3784] vhci_hcd: vhci_device speed not set