last executing test programs:

18.980432789s ago: executing program 3 (id=4):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000340)={@dev={0xfe, 0x80, '\x00', 0x40}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r3})
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x86a305)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000004)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, &(0x7f0000000200)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x2250)
syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @private1, {[], @param_prob={0x2, 0x2, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0xd, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4, 0x1000000000000000]})
removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000000)=@known='security.apparmor\x00')

17.902325776s ago: executing program 3 (id=12):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080))

15.643911988s ago: executing program 3 (id=43):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b40)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000600)=ANY=[], 0x0, 0xd, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffe01}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="480000001200ffff"], 0x48}}, 0x4004900)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

15.643629728s ago: executing program 32 (id=43):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b40)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000600)=ANY=[], 0x0, 0xd, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffe01}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="480000001200ffff"], 0x48}}, 0x4004900)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

4.144724246s ago: executing program 4 (id=225):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
unshare(0x2040400)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000340), 0x4)

4.077047801s ago: executing program 4 (id=226):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)=ANY=[], 0x1bc}}, 0x20004040)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xfffd}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x688}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
socket$packet(0x11, 0x3, 0x300) (async)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)=ANY=[], 0x1bc}}, 0x20004040) (async)
socket(0x400000000010, 0x3, 0x0) (async)
socket$unix(0x1, 0x5, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xfffd}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x688}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) (async)

3.975064109s ago: executing program 4 (id=228):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000280)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@lazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x451, &(0x7f0000002240)="$eJzs28trXFUYAPDv3pmk9mXGUh99qNEqFh9JM33YhQsVBRcKgi7qMiZpqZ020kSwpWgUqUspuC8uBf8CV7oRdSW4VddSKJJNq1AYuTN3ksl0Jk3ipBMzvx9M55x7T3rOl3vOzDn35AbQt4azf5KIHRHxW0QM1bNLCwzX327OX5r4e/7SRBLV6lt/JbVyN+YvTTSKNn5ueyNTjEg/S2Jfm3pnLlw8M16pTJ3P86OzZ98fnblw8bnTZ8dPTZ2aOlc+fvzI4bFbx8pHuxJnFteNvR9N79/z2jtX3pg4ceXdn75JGvG3xNElw22PFutvT1arXa6ut3Y2pZNiDxvCqhTyLjlQG/9DUYjFizcUr37a08YB66parVYf6Hx6rgpsYkn0ugVAbzS+6LP1b+N1l6YeG8L1l+oLoCzum/mrfqYYaV5moGV9203DEXFi7p+rJ25Vr0brfYit61QpANDXvsvmP8+2m/+l0Xxf6N58D6UUEfdFxK6IOBYRuyPi/oha2Qcj4qFV1t+6SXL7/DO9tqbAViib/72Q720tnf81Zn9RKuS5nbX4B5KTpytTh/LfycEY2JLlx5ap4/tXfv2i07mF+V/+yurP3hdLpNeKW5b+zOT47Ph/ibnZ9U8i9hbbxZ8s7AQkEbEnIl5cYx2nn/56f6dzHeIfXNF/3IV9pupXEU/Vr/9ctMSfy7p9p/3J54+Vj47eE5WpQ6ONXnG7n3+5/Gan+u98/Zt1f0GQXf9tbft/I/4/Sknzfu3M6uu4/PvnHdeUa+3/g8nbS459OD47e34sYjB5vZYvNR8vt5QrL5bP4j94oP343xWLv4l9EZF14ocj4pGIeDRv+2MR8XhEHFgm/h9ffuK9tce/vrL4J5e9/tFy/RcTg9F6pH2icOaHb5dUWlpN/Nn1P1JLHcyPrOTzbyXtWltvBgAAgP+fNCJ2RJKOLKTTdGSk/jf8u2NbWpmemX3m5PQH5ybrzwiUYiBt3OkaarofOpYv6xv5ckv+cH7f+MvC1lp+ZGK6Mtnr4KHPbe8w/jN/FnrdOmDdeV4L+pfxD/3L+If+ZfxD/2oz/j16Bn2i3ff/xz1oB3D3tYz/Zbf9TAxgc7H+h/5l/EP/Mv6hL81sjTs/JL85EmlEbIBmbJZEpBuiGRLrlOj1JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB3/BsAAP//nobm9w==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000ac0)={'ip6gretap0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a400000", @ANYRES32=r3, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r5}, 0x10)
r6 = gettid()
rt_sigtimedwait(&(0x7f0000000100)={[0x3ff]}, 0x0, 0x0, 0x8)
tkill(r6, 0x7)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x30, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x4040000)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
r8 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10)
write$binfmt_script(r8, 0x0, 0x0)
sendmsg(r8, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
sendfile(r7, r0, 0x0, 0x3ffff)
sendfile(r7, r0, 0x0, 0x7fffeffd)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

3.629821107s ago: executing program 4 (id=231):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80880)
write$P9_RVERSION(r1, &(0x7f00000002c0)={0x15, 0x65, 0xffff, 0x8, 0x8, '9P2000.u'}, 0x15)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

3.561811782s ago: executing program 4 (id=233):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@newtaction={0xe0, 0x30, 0x1, 0x0, 0x0, {}, [{0xcc, 0x1, [@m_ife={0x80, 0x10, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, {0x4c, 0x6, "715223828bc22379c555b64007d0ce53e23fa639b671eed3bad31d6a9a090db9ec35733a528c1a4f9720287904d7841da90f32dc9569b269592414ca783d52760682480aba308b30"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xe0}}, 0x4010)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$inet(r3, &(0x7f0000000380)={0x2, 0x4e24, @empty}, 0x10)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e20, @empty}, 0x4, 0x1, 0x2, 0x2}}, 0x26)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB='7\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500004008000b", @ANYRESDEC=r6, @ANYRES8], 0x40}, 0x1, 0x0, 0x0, 0x94ced4add106a01f}, 0x4040)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000680)='kmem_cache_free\x00', r1, 0x0, 0x2000000000000}, 0xffffff5b)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r9, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r10 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000240)={'team0\x00', <r11=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x58, r10, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r11}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffbfff9}}}]}}]}, 0x58}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)

3.075335482s ago: executing program 5 (id=244):
socket$kcm(0x10, 0x2, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r0, 0x89b1, &(0x7f0000000000)={'macvlan1\x00', @ifru_map={0x8, 0x1ff, 0x8, 0x4, 0x9, 0x6}})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000040003"], 0xa8}}, 0x0)

3.036825215s ago: executing program 5 (id=246):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x3810744, &(0x7f0000000000)={[{@nomblk_io_submit}, {@max_batch_time={'max_batch_time', 0x3d, 0x5314}}, {@usrquota}, {@jqfmt_vfsv1}, {@jqfmt_vfsv0}, {@delalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@i_version}]}, 0x1, 0x453, &(0x7f0000002a80)="$eJzs289vFFUcAPDvzG4BAdmK+AMEraKx8UdLCyoHPWg08aCJiR7wWNtCkIUaWhMhRKsxeDQk3o1HE/8CT56MejLxqndDQpSYgF5cM7sztLvdLf2xZSv7+SQL7+28nfe+mfdm377XCaBvDWX/JBE7I+LXiKg0ss0Fhhr/Xb96YfLvqxcmk6jV3vwjqZe7dvXCZFG0+NyOPDOcRqSfJnklzWbPnT81Ua1On83zo3On3xudPXf+6ZOnJ05Mn5g+M3706JHDY889O/5MV+LM2nRt34cz+/e++val1yePXXrnx2+y9t57oHF8cRzdMpQF/metrvXYY92urMf+rS3EmZR73RpWqhQR2eUaqI//SpRi4eJV4pVPeto4YENl9+ytnQ/P14DbWBK9bgHQG8UXffb7t3jdoqnHpnDlxcYPoCzu6/mrcaQcaV5mYAPrH4qIY/P/fJm9omUdotZm3QAAYL2+y+Y/Ty2d/9X3RhpFXtiRl61ExGBE3BURuyPi7ojYExH35GXvi4j7V1l/69bQ0vlnenmtsa1ENv97Pt/bap7/FbO/GCzluTvr8Q8kx09Wpw9FxK6IGI6BrVl+rN3Ji1O8/MvnnepfPP/LXln9xVwwP8nlcssC3dTE3ES3JqVXPo7YV24Xf3JjJyDrC3sjYt/qTr2rSJx84uv9nQrdPP5ldGGfqfZVxOON6z8fLfEXkuX3J0e3RXX60GjRK5b66eeLb3Sqf13xd0F2/bc39/+WEpW/ksX7tbOrr+Pib591/E1ZXmP/35K8Vd+z3pK/98HE3NzZsYgtyWv1fNP74wufLfJF+Sz+4YPtx//u/DNZ/A9ERNaJD0TEgxHxUH7tHo6IRyLi4DLx//DSo+92OrYZrv9U2/vfjf4/2Hz9V58onfr+2071r+z+d6SeGs7fqd//bqJzc7blJdbamwEAAOD/J42InZGkIzfSaToy0vh7+T2xPa3OzM49eXzm/TNTjWcEBmMgLVa6KovWQ8eS+fyMjfx4vlZcHD+crxt/Ubqjnh+ZnKlO9Th26Hc7Ooz/zO+lXrcO2HCe14L+1Tr+0x61A7j1fP9D/zL+oX8Z/9C/2o3/j1ry9gLg9uT7H/qX8Q/9y/iH/mX8Q19az3P9G5UoL/P0vsRmSUS6KZoh0SZR7sLo7vGNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+CwAA//9uCfIx")
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

2.840111071s ago: executing program 4 (id=248):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@newtaction={0xe0, 0x30, 0x1, 0x0, 0x0, {}, [{0xcc, 0x1, [@m_ife={0x80, 0x10, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, {0x4c, 0x6, "715223828bc22379c555b64007d0ce53e23fa639b671eed3bad31d6a9a090db9ec35733a528c1a4f9720287904d7841da90f32dc9569b269592414ca783d52760682480aba308b30"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xe0}}, 0x4010)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$inet(r3, &(0x7f0000000380)={0x2, 0x4e24, @empty}, 0x10)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e20, @empty}, 0x4, 0x1, 0x2, 0x2}}, 0x26)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB='7\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500004008000b", @ANYRESDEC=r6, @ANYRES8], 0x40}, 0x1, 0x0, 0x0, 0x94ced4add106a01f}, 0x4040)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000680)='kmem_cache_free\x00', r1, 0x0, 0x2000000000000}, 0xffffff5b)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r9, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r10 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000240)={'team0\x00', <r11=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x58, r10, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r11}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffbfff9}}}]}}]}, 0x58}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)

2.59908714s ago: executing program 5 (id=250):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80880)
write$P9_RVERSION(r2, &(0x7f00000002c0)={0x15, 0x65, 0xffff, 0x8, 0x8, '9P2000.u'}, 0x15)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x3810744, &(0x7f0000000000)={[{@nomblk_io_submit}, {@max_batch_time={'max_batch_time', 0x3d, 0x5314}}, {@usrquota}, {@jqfmt_vfsv1}, {@jqfmt_vfsv0}, {@delalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@i_version}]}, 0x1, 0x453, &(0x7f0000002a80)="$eJzs289vFFUcAPDvzG4BAdmK+AMEraKx8UdLCyoHPWg08aCJiR7wWNtCkIUaWhMhRKsxeDQk3o1HE/8CT56MejLxqndDQpSYgF5cM7sztLvdLf2xZSv7+SQL7+28nfe+mfdm377XCaBvDWX/JBE7I+LXiKg0ss0Fhhr/Xb96YfLvqxcmk6jV3vwjqZe7dvXCZFG0+NyOPDOcRqSfJnklzWbPnT81Ua1On83zo3On3xudPXf+6ZOnJ05Mn5g+M3706JHDY889O/5MV+LM2nRt34cz+/e++val1yePXXrnx2+y9t57oHF8cRzdMpQF/metrvXYY92urMf+rS3EmZR73RpWqhQR2eUaqI//SpRi4eJV4pVPeto4YENl9+ytnQ/P14DbWBK9bgHQG8UXffb7t3jdoqnHpnDlxcYPoCzu6/mrcaQcaV5mYAPrH4qIY/P/fJm9omUdotZm3QAAYL2+y+Y/Ty2d/9X3RhpFXtiRl61ExGBE3BURuyPi7ojYExH35GXvi4j7V1l/69bQ0vlnenmtsa1ENv97Pt/bap7/FbO/GCzluTvr8Q8kx09Wpw9FxK6IGI6BrVl+rN3Ji1O8/MvnnepfPP/LXln9xVwwP8nlcssC3dTE3ES3JqVXPo7YV24Xf3JjJyDrC3sjYt/qTr2rSJx84uv9nQrdPP5ldGGfqfZVxOON6z8fLfEXkuX3J0e3RXX60GjRK5b66eeLb3Sqf13xd0F2/bc39/+WEpW/ksX7tbOrr+Pib591/E1ZXmP/35K8Vd+z3pK/98HE3NzZsYgtyWv1fNP74wufLfJF+Sz+4YPtx//u/DNZ/A9ERNaJD0TEgxHxUH7tHo6IRyLi4DLx//DSo+92OrYZrv9U2/vfjf4/2Hz9V58onfr+2071r+z+d6SeGs7fqd//bqJzc7blJdbamwEAAOD/J42InZGkIzfSaToy0vh7+T2xPa3OzM49eXzm/TNTjWcEBmMgLVa6KovWQ8eS+fyMjfx4vlZcHD+crxt/Ubqjnh+ZnKlO9Th26Hc7Ooz/zO+lXrcO2HCe14L+1Tr+0x61A7j1fP9D/zL+oX8Z/9C/2o3/j1ry9gLg9uT7H/qX8Q/9y/iH/mX8Q19az3P9G5UoL/P0vsRmSUS6KZoh0SZR7sLo7vGNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+CwAA//9uCfIx")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.162946215s ago: executing program 5 (id=255):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)=r1}, 0x20)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$igmp6(0xa, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000001880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000200000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3, 0x0, 0x7}, 0x18)
r4 = memfd_secret(0x80000)
fcntl$setlease(r4, 0x400, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x100006, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000005000000010001000800000001000000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000b0e89ae44c9348d4e28f3a91cdec6d37160eae249c953592fdcce02fbc3751f9ebb7cd06f15f6762ef4eefa95422032b2730b9ab1f705d6606c36a862244dc16cd72297d2f3f05621812719c3540871eb72b9e160cf468d30ec641e1927d088c0bac69784308bde7f6d7b83752032c2820622bc465b961c3eb445a611a6dbbd6f236f3e6afbd69e7249fe6a7a233f296ff0ce379b12e6a5ef55e3bd477c11bb918119015b731a5"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x4800)
vmsplice(r8, 0x0, 0x0, 0x0)
fcntl$setpipe(r8, 0x407, 0x6)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000340)={@dev={0xfe, 0x80, '\x00', 0x40}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r9})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00'}, 0x10)
r10 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
r11 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0)
fcntl$notify(r11, 0x402, 0x20)
getdents64(r10, &(0x7f0000000080)=""/34, 0x22)
syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0)

2.043325625s ago: executing program 5 (id=259):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000004c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffd}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3, 0x5063}], 0x1, 0xffffffffffbffff8)

1.457311962s ago: executing program 0 (id=265):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000005c0)=""/71, 0x47}, {&(0x7f0000000640)=""/235, 0xeb}, {&(0x7f0000000740)}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000000780)=""/108, 0x6c}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f00000008c0)=""/151, 0x97}, {&(0x7f0000000980)}], 0x8, 0x0)

1.384635818s ago: executing program 0 (id=266):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80880)
write$P9_RVERSION(r2, &(0x7f00000002c0)={0x15, 0x65, 0xffff, 0x8, 0x8, '9P2000.u'}, 0x15)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x3810744, &(0x7f0000000000)={[{@nomblk_io_submit}, {@max_batch_time={'max_batch_time', 0x3d, 0x5314}}, {@usrquota}, {@jqfmt_vfsv1}, {@jqfmt_vfsv0}, {@delalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@i_version}]}, 0x1, 0x453, &(0x7f0000002a80)="$eJzs289vFFUcAPDvzG4BAdmK+AMEraKx8UdLCyoHPWg08aCJiR7wWNtCkIUaWhMhRKsxeDQk3o1HE/8CT56MejLxqndDQpSYgF5cM7sztLvdLf2xZSv7+SQL7+28nfe+mfdm377XCaBvDWX/JBE7I+LXiKg0ss0Fhhr/Xb96YfLvqxcmk6jV3vwjqZe7dvXCZFG0+NyOPDOcRqSfJnklzWbPnT81Ua1On83zo3On3xudPXf+6ZOnJ05Mn5g+M3706JHDY889O/5MV+LM2nRt34cz+/e++val1yePXXrnx2+y9t57oHF8cRzdMpQF/metrvXYY92urMf+rS3EmZR73RpWqhQR2eUaqI//SpRi4eJV4pVPeto4YENl9+ytnQ/P14DbWBK9bgHQG8UXffb7t3jdoqnHpnDlxcYPoCzu6/mrcaQcaV5mYAPrH4qIY/P/fJm9omUdotZm3QAAYL2+y+Y/Ty2d/9X3RhpFXtiRl61ExGBE3BURuyPi7ojYExH35GXvi4j7V1l/69bQ0vlnenmtsa1ENv97Pt/bap7/FbO/GCzluTvr8Q8kx09Wpw9FxK6IGI6BrVl+rN3Ji1O8/MvnnepfPP/LXln9xVwwP8nlcssC3dTE3ES3JqVXPo7YV24Xf3JjJyDrC3sjYt/qTr2rSJx84uv9nQrdPP5ldGGfqfZVxOON6z8fLfEXkuX3J0e3RXX60GjRK5b66eeLb3Sqf13xd0F2/bc39/+WEpW/ksX7tbOrr+Pib591/E1ZXmP/35K8Vd+z3pK/98HE3NzZsYgtyWv1fNP74wufLfJF+Sz+4YPtx//u/DNZ/A9ERNaJD0TEgxHxUH7tHo6IRyLi4DLx//DSo+92OrYZrv9U2/vfjf4/2Hz9V58onfr+2071r+z+d6SeGs7fqd//bqJzc7blJdbamwEAAOD/J42InZGkIzfSaToy0vh7+T2xPa3OzM49eXzm/TNTjWcEBmMgLVa6KovWQ8eS+fyMjfx4vlZcHD+crxt/Ubqjnh+ZnKlO9Th26Hc7Ooz/zO+lXrcO2HCe14L+1Tr+0x61A7j1fP9D/zL+oX8Z/9C/2o3/j1ry9gLg9uT7H/qX8Q/9y/iH/mX8Q19az3P9G5UoL/P0vsRmSUS6KZoh0SZR7sLo7vGNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+CwAA//9uCfIx")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.253171388s ago: executing program 1 (id=267):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000002c0), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r4, 0x5063}], 0x1, 0xffffffffffbffff8)
dup2(r3, r4)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)

1.182609604s ago: executing program 5 (id=268):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
nanosleep(&(0x7f0000000040), 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b000c000000000000000000008f000000000000", @ANYRES32=r2, @ANYBLOB="0000000004000000000000003516cecedf4d5a1501e95eb3855c08610f8be42a4470d4", @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r5, 0x2284, &(0x7f0000000080))
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r6, <r7=>0xffffffffffffffff}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{}, &(0x7f0000000a00), &(0x7f0000000a40)}, 0x20)

1.160248946s ago: executing program 1 (id=269):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)

1.075683093s ago: executing program 0 (id=270):
r0 = socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x2, 0x0, 0x0, 0x52f83d40, 0x511, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f00000003c0), 0x2}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x2, 0x0, 0x20000006}, 0x0, 0x4, 0xffffffffffffffff, 0x2)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r5)
syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/cgroup\x00')
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_lsm={0x1e, 0x3, &(0x7f00000002c0)=ANY=[@ANYRES8=r1], &(0x7f0000000280)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0xd}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4}, 0x50)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000001000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
write$tun(r3, &(0x7f0000000480)=ANY=[@ANYBLOB="0800080007000000000014000000456f002c006600004011907864010101ac14141a4e204e210018907804000000020000000800000000000000c620107f23d7423c825e57b0a42527ef569f49338f55e85ee909d3ea06a1be96530f255d615ff36a76510dd3eab22dfd7a5802ea37b9161ab698a3ab832684005ef72a7b2adbc7977af3914ea8319701"], 0x3a)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r5, r2, 0x25, 0x1c, @void}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r8, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa, 0x0, 0x1}, 0x1c)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xf62b, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r9=>0x0, &(0x7f0000000300))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f0000000440)="5cdd30", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.039297866s ago: executing program 1 (id=271):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xc, 0xc, &(0x7f0000000740)=ANY=[@ANYRESOCT=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bff8ffffffb703000008000000b70400000000000085000000160000009500"/65], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x402}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="010000000400000008000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x40900, 0x0)
io_setup(0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000800200"/20, @ANYRES32=r1, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000000000000100"/28], 0x50)
openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x5400, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x400, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x14}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@getqdisc={0x44, 0x26, 0x100, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x9, 0x1}, {0xb, 0xc}, {0xe, 0x2}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="50000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="000000000000000030001280082400028008000300ac14141108000c000800000006000b000200000006000f000300"/56], 0x50}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
io_setup(0x3, &(0x7f00000004c0)=<r8=>0x0)
r9 = eventfd(0x7)
io_submit(r8, 0x2, &(0x7f0000000500)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x7, 0x4, r3, &(0x7f00000007c0)="189e493bc540a12892c93464589704e46cca0fc8fc7a242e28ac4bed4cc45d8e16bf2621d096bd8b66c079d09014b0895d1c99660ddc470b1c44433c0943657340e3f45c9c9aa4f39ae174cf2ee35dc417243c84aa831807e83dd36e86f52632481787d6c0a9fd52d2c0639f2fa277c9f0fa4e719400c3f33c346c52dc495fb8f8fbebf283455e0d33bc20a0fab775f484c5549a80f5f33385d87b289b738d6e063681bda126afaa860ce49520e1af7ad6375d432ac33f6c95c583b95ad29a5b47d76409019061a66cfe29656016a25cc70d04fd9249ca88aef4c6094a4b681a250f4413079454c17b5c82339b65b2", 0xef, 0x7b34a149, 0x0, 0x2, r7}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0xee5, 0xffffffffffffffff, &(0x7f00000008c0)="4c8031342d5c9e1d851184c41e215cb24c1317a9f66049746c566d0630d0f1a72ade0e3f3346e0762b08f529450c18aa9cf20322707aa91e9f5d068902090dbbdd457d6a1afcbf9004bc24f50ecb9561cfff039159bc4441ea68a1478c1de0a04fb881ff03dcdc807e5dda004bf7dcad342b282713566a4fc26959b452b09e66936d4fc310c4e0e12f8173a3", 0x8c, 0x17e98b31, 0x0, 0x2, r9}])
fremovexattr(r7, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
r10 = socket$igmp6(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
setsockopt$MRT6_ADD_MFC(r10, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x4e23, 0x103, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xa3c}, {0xa, 0xfffe, 0xfffffffd, @dev={0xfe, 0x80, '\x00', 0x16}, 0x4}, 0x1000, {[0xa, 0xdaa, 0x7fff, 0x5, 0x5, 0x1, 0x6d2e, 0xc33]}}, 0x5c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c"], 0x140}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1e, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

748.648629ms ago: executing program 0 (id=272):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000400000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bff8ffffffb703000008000000b70400000000000085000000160000009500"/65], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="010000000400000008000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x40900, 0x0)
io_setup(0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000800200"/20, @ANYRES32=r1, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000000000000100"/28], 0x50)
openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x5400, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x400, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x14}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xffff, 0xb}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="50000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="000000000000000030001280082400028008000300ac14141108000c000800000006000b000200000006000f000300"/56], 0x50}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
io_setup(0x3, &(0x7f00000004c0)=<r8=>0x0)
r9 = eventfd(0x7)
io_submit(r8, 0x2, &(0x7f0000000500)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x7, 0x4, r3, &(0x7f00000007c0)="189e493bc540a12892c93464589704e46cca0fc8fc7a242e28ac4bed4cc45d8e16bf2621d096bd8b66c079d09014b0895d1c99660ddc470b1c44433c0943657340e3f45c9c9aa4f39ae174cf2ee35dc417243c84aa831807e83dd36e86f52632481787d6c0a9fd52d2c0639f2fa277c9f0fa4e719400c3f33c346c52dc495fb8f8fbebf283455e0d33bc20a0fab775f484c5549a80f5f33385d87b289b738d6e063681bda126afaa860ce49520e1af7ad6375d432ac33f6c95c583b95ad29a5b47d76409019061a66cfe29656016a25cc70d04fd9249ca88aef4c6094a4b681a250f4413079454c17b5c82339b65b2", 0xef, 0x7b34a149, 0x0, 0x2, r7}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0xee5, 0xffffffffffffffff, &(0x7f00000008c0)="4c8031342d5c9e1d851184c41e215cb24c1317a9f66049746c566d0630d0f1a72ade0e3f3346e0762b08f529450c18aa9cf20322707aa91e9f5d068902090dbbdd457d6a1afcbf9004bc24f50ecb9561cfff039159bc4441ea68a1478c1de0a04fb881ff03dcdc807e5dda004bf7dcad342b282713566a4fc26959b452b09e66936d4fc310c4e0e12f8173a3", 0x8c, 0x17e98b31, 0x0, 0x2, r9}])
fremovexattr(r7, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
r10 = socket$igmp6(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
setsockopt$MRT6_ADD_MFC(r10, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0xfffc, 0x103, @loopback={0x10000000000000}, 0xa3c}, {0xa, 0xfffe, 0xfffffffd, @dev={0xfe, 0x80, '\x00', 0x16}, 0x4}, 0x1000, {[0x9, 0xdaa, 0x7fff, 0x31, 0x5, 0x1, 0x6d2e, 0xc33]}}, 0x5c)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c"], 0x140}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

722.831512ms ago: executing program 1 (id=273):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x8264, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
write$selinux_load(r0, &(0x7f0000000000)={0xf97cff8c, 0x8}, 0x10)

573.921723ms ago: executing program 1 (id=274):
socket$phonet_pipe(0x23, 0x5, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='kfree\x00', r0, 0x0, 0x8000000000000001}, 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x5, &(0x7f0000000040)=0x24, 0x5)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

540.262556ms ago: executing program 2 (id=276):
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000480)="010000000000006b00000000000000000000000000000000b6dfdc03eb73e204f5120904f54b3e2d1e0d0b76", 0x2c, 0xffffffffffffffff)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000640))
bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB], 0x48)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000d000000cc0002000608000005000000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r0}, 0x38)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000d0000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4}, &(0x7f0000000040), &(0x7f0000000140)=r3}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r4}, &(0x7f0000000100), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720a00fef8ffffff71a400fe0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffff20}, 0x48)
close(r1)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={&(0x7f0000000000)="73d96266bac97763da8bf6985a56877d493ed7eebfeb8621436e59d200614ce03f194e023cca11de330a11877ef9ad0910f322eb409b307ff6f8d4915f97d2cce173f4030240f55a30f2167b5db54dc7dfb7bb19207dda92d36ab2048eb004b8d93299385f4e7bf776cc854f7d5c0321abfd5b4f16a309f56dee10e1f79a8b314dbad24b22549479cd883c71f01437b68a8c9e946fdcd35b65d0d0378b4c5c03f6bef492ae9d099a22482796ba2a", &(0x7f00000000c0)=""/4, &(0x7f0000000100)="596849d3549d6ee9eedecc19ee39bd0df7dff80659b20924aebeaa631eef961f8c0b7793f05093f20e4a15c953b556dccfef05bdf702695f3ce65cd6b585945dc04cc0128d5a62901e", &(0x7f0000000380)="310ff19fc900de25592b521d400acdee543480f00243ba9f9b4e9938ca5849aa50c957cd61efc5012f80c9c71abb2eb36fd4e282555f3e77f7d0c91b981eca75a40b35dceaa9e1049830f8d7bd1149ada9c1240606306652516230beb5d2b744a57a9657e98efed54b97e6c38df68f7833d18bbfc8a6dfa5da6fd86acc800251d5dc5cb28145316a8779790a09df18843c630aefef00710f41d6010d1a5f962e2fdd4dec16e4b98902887273c2f8a2f16dd11debcb010da76654e63de6d1e991b85b277bd4118b3e9e4aee071d9a3194182c9aa9b632d8bafcc84cd3da3a9e040df7c70426bdd648de0e2bf36da77a041999f0561b6e61", 0x6, r0}, 0x38)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r5, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000002c0)={0x54, r7, 0x1, 0x70bd2b, 0xfffffffe, {0x1e}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3e}, {0xc, 0x8f, 0xffffffffffffffc0}, {0xc, 0x90, 0x3}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000081}, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r2, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000740)={0x18c, r7, 0x200, 0x70bd28, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8}, {0x6, 0x11, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xff80}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xd}, {0x6, 0x11, 0xc00}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xfffffff9}, {0x6, 0x11, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x1}}]}, 0x18c}, 0x1, 0x0, 0x0, 0x20040080}, 0x20000040)
sendmmsg$inet6(r5, &(0x7f00000009c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0xffffffff, @loopback}, 0x1c, 0x0}}], 0x1, 0x40)
recvmmsg(r5, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/11, 0xb}, 0x3}], 0x1, 0x12023, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000001740), 0x2, r0}, 0x38)
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f00000002c0)='./file0\x00', 0x2, &(0x7f0000000380)=ANY=[], 0x1, 0x294, &(0x7f0000000bc0)="$eJzs3c9qE1EUB+DTJm1iNgnoSlwMuHEVmr5BkApiQIhkUVcNtgVpQiGFgC5sd259Dhc+jI/hE0QQIk2CydT4p5hkbPN9MMyhd37DmS5yZ3FvcvCge3J4ena8f/dLFItJ5CMu4mtExGbkIm1jdGyn/nYRAMBN02y263+65tNqWmFJer16eysiCj+NtD5m0hAAAAAAAAAAAAD/bLT+fxjp9f+DiMrM+v+NyXnT+n8AuBX+Zv0/N1uvV2+XJu9vaa0PpUw6AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgYDIfl4W+OrPsDABbP/A8A68f8DwDrZ5Ca6zfC/A8At9+L/ZfP6o3GXjNJihHd9/1WvzU+j8frx/E6OnEUO1GOb3H5fjAxrp88beztJCOVOOieT/Ln/VYuna9FOSrz87VxPknnt6I0m9+Nctybn9+dm9+ORw9n8tUox+dXcRqdOIzL7DT/rpYkj583ruQLo+sAAAAAAAAAAAAAAAAAAABgFarJD3P371ervxof56/x/QBX9tfn434+22cHAAAAAAAAAAAAAAAAAACA/8XZm7cn7U7nqLfYIje5/eLvfK2isOI27iz3v6pQrKzI6AMJAAAAAAAAAAAAAAAAAADW2HTTb9adAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB2pr//v7wi62cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1sP3AAAA//8mxuIC")

492.44397ms ago: executing program 1 (id=277):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
pipe(&(0x7f0000000080))
syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x79ab, 0x8, 0x8000, 0x400250}, &(0x7f00000003c0), &(0x7f0000000400))
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18)
connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2}, 0x18)
sendmmsg(r1, &(0x7f000000a200)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="220733d69b211bb4a3f85730728e28424ba4cda255348a19dfc31da6b47d7904126212e0e8502fb4f3dadbbdfa5c952f12a9036dae3d2b0fc75a7bee726dc4c93d91e404a7c235d50738b60402190afaa9e06aff5bdd9087ac06c98060dd3ce9d5871751f599848cefda4e3893ed17b43fadafd1e859e9376358372d4f3cb3a0bf0fe13d15f63fee7e5753f3b19ae14a1226f1d0e748b0b0fc15af257611a13d40cc6aa716bd2733d9395d32fafe82dccc3b211e02659298134932c7c7d1033958c52744bb6adcf202f058a68249", 0xce}, {&(0x7f0000000400)="73fd5418cdbef924ba442463287fbdde2ab7da9d2b26d6b741a60e2aba6555bff157db432a06da33ed74145ddfec5146fe85c31fd70ec45ce1d1fe8dbf85f5e9eed99d6adec3a8a271e9fa501ef5898da20a50c603fbb5af49e0c36b53c91e33ccd527e2ba5edab0f61b9833642fcc839ced7b2ae3c5ab3c565aa52b38f42b865e07775777066808b3a7c4e70e4c05717bc6da503324a9ab9e13b738908b5e9f5b080b464098931a725cfbf8403017399050e250f8cb8b99bd8e5b138dcd386b324e381a36f63aac6099b8aa3979408d4f9db909a8d353a3dc533e2b558cd5921dbf0b33760bb481ffd108e820e871b6e19a87f8141e990d94de13dd8faee04b4e732b122fc85beb7f0163f169e9744ce609ea57fdaafd954cd8562ab91b47176ed0548096ca08ad7264c40f882894a2dbfa9bbc37bdc253a477eb4ae52faa1e6632bfc950b0209bb048349ea50d3527fbbc31a706ffe7c566551ca79d4b0e1359275f044cfbf90cd8497ed033fa064e58f0c11a1a8d18cf53866d4d7b232fb54ed86ea9654440deabd4e8ca66061633ba34a298732ba9605fe31a530f5198aa3e1d1c0fda4c036dc845c835b1959dc0b13cf15c75f58c6ef62f56588d7043c03cfeff1f7b0792e514ac00c9d7570ac95037f6fa4f0cfd7263649bd2b5342320f74ef89799307f596d5db41c683f615da96eb5a5b802fa8ecf3764f6ffd5271e66b382e0e14b81f145c22d4f90306ef02c8c8921521e46b23f72b2fdd2b4fc9a3eb6f03207ada71244714e67cbf65c138215e612a8c9a4420aa45fc39164f5cfc4f9fc014fcfd10b856c3ebd4e1e877046aaee29a642b211f356cb7ed483eda92450d5ff66ff23a20a8bb845265a2939cb34c48a2b22b33bb3e774383588b9f7a53333eb20f4c1054368e34d3acc692d3b12f746b729a122b0aa62a74f5bf0040d589f815c1bce1b4a5934384998df3ab48fe41f0b90fb4d4d8cb01bfecfc86a96d91facba50a5828a8f62bb8759f3dfaeb728e3e42744e83fbad739bd03de69d1c78f6d01b714b11a284caa1ebba69fe7d29e2cbc43db1e6d249545a7c6debd66b5b5f53d4c1d6cebcb2fa427160eb86e48047aab6ce43f7fa0d5bb1dc99ba03e65a7bf178ccba74cf71dec7712414b38f7bf98065a518366839ca4f4a1887ad28d495c1d5c4aa413128d80ab031bd7694cf1101fe9dd65e99849ce6b2e69d6e371bd1df1022e32125747356748d0d3b30fa7d2aa6394707a60b572606d7297091fb45a5534cf269f77f6fc61c92b94f141f06ba8e347667c2fb2c87de5eacf60fadc48f7d7c5516be44807b48583ecc13e00a58143e134706700d28357ac38611494311b049dd497cc5ce315051e215a57f33939d320f808f8dcdedeb60f42b71d618e272506f0bc28843d3fd337989d74600299ab187395347c5bfbb665e5bc03e27978c0b0a464355a47da458690f957122beac9bb139b4223bd156ad74bb76e6880823e52f9eb806aad122892ebd8355ff6cb15ff2e0ce7cad2219a333999318f59c986b4bee11b9f05e355fe32e98732015f17eb19db77088c55d321828bec2dd25ba0da232717e8dafed91f96636d930f3c38b46da4c5541ae963e30e89a341af805176d9e1c9c88068bd81f4acf0325d24fa76dacbff3b88615699f08ded43403b7aeecdd2bbec00e60555317a4e24828ba9e8b9a737621d8ba12fa83c963d67a5a5e5ebbf29ac272cad91786c269fc053ce3f50bb0c05926ccefcc4548d42142efbd86460ec4516aa48e34b54af6319b8c948b69a1fd0d49930d844f13cf5bd1e67c662cdca6dc5f4daf11a75a123ed0a740dfe3014515917a2b01d691803cd7c8f4c46a2fefeab1608498503df514da7c62692b3c2b927b0f09164b367a260aee0c619575891e98ec8391a0b385d4b9ca4a421e2766047cbc11264e89f7d704e7c83d7e50b1c2fa3648c90cb8f66d93f40df5ac3fdd206a3997a5efb0a2cab9c07e00165c2b1cb2c2baf1b06493c4809d1d5dd5c7e6dbc22f1385482f54d4fb96e9e8aec587fe68b7d2d033c7efe622918e0d8661c89582f50db39a3376c1684b9dcfb10ef6cca665c75e2b7e468e7cb3a15604b759b0d949f459b982181f5f423f5dfc8b209665c9763ed0545f9ebf77661559312b4c2fc9518434530f75bf17d1ab39be227845a1d1c9982f2e27601009c36c9ce9cf11da012532e09d23ef2a749a5ca8df867", 0x62c}, {0x0, 0xe}], 0x3, &(0x7f0000002480)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x60000800)

467.817432ms ago: executing program 2 (id=278):
socket$phonet_pipe(0x23, 0x5, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='kfree\x00', r0, 0x0, 0x8000000000000001}, 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x5, &(0x7f0000000040)=0x24, 0x5)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

427.767045ms ago: executing program 0 (id=279):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x1b, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a0300000000f5ffffff00010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) (fail_nth: 7)

149.661058ms ago: executing program 0 (id=280):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000280)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@lazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x451, &(0x7f0000002240)="$eJzs28trXFUYAPDv3pmk9mXGUh99qNEqFh9JM33YhQsVBRcKgi7qMiZpqZ020kSwpWgUqUspuC8uBf8CV7oRdSW4VddSKJJNq1AYuTN3ksl0Jk3ipBMzvx9M55x7T3rOl3vOzDn35AbQt4azf5KIHRHxW0QM1bNLCwzX327OX5r4e/7SRBLV6lt/JbVyN+YvTTSKNn5ueyNTjEg/S2Jfm3pnLlw8M16pTJ3P86OzZ98fnblw8bnTZ8dPTZ2aOlc+fvzI4bFbx8pHuxJnFteNvR9N79/z2jtX3pg4ceXdn75JGvG3xNElw22PFutvT1arXa6ut3Y2pZNiDxvCqhTyLjlQG/9DUYjFizcUr37a08YB66parVYf6Hx6rgpsYkn0ugVAbzS+6LP1b+N1l6YeG8L1l+oLoCzum/mrfqYYaV5moGV9203DEXFi7p+rJ25Vr0brfYit61QpANDXvsvmP8+2m/+l0Xxf6N58D6UUEfdFxK6IOBYRuyPi/oha2Qcj4qFV1t+6SXL7/DO9tqbAViib/72Q720tnf81Zn9RKuS5nbX4B5KTpytTh/LfycEY2JLlx5ap4/tXfv2i07mF+V/+yurP3hdLpNeKW5b+zOT47Ph/ibnZ9U8i9hbbxZ8s7AQkEbEnIl5cYx2nn/56f6dzHeIfXNF/3IV9pupXEU/Vr/9ctMSfy7p9p/3J54+Vj47eE5WpQ6ONXnG7n3+5/Gan+u98/Zt1f0GQXf9tbft/I/4/Sknzfu3M6uu4/PvnHdeUa+3/g8nbS459OD47e34sYjB5vZYvNR8vt5QrL5bP4j94oP343xWLv4l9EZF14ocj4pGIeDRv+2MR8XhEHFgm/h9ffuK9tce/vrL4J5e9/tFy/RcTg9F6pH2icOaHb5dUWlpN/Nn1P1JLHcyPrOTzbyXtWltvBgAAgP+fNCJ2RJKOLKTTdGSk/jf8u2NbWpmemX3m5PQH5ybrzwiUYiBt3OkaarofOpYv6xv5ckv+cH7f+MvC1lp+ZGK6Mtnr4KHPbe8w/jN/FnrdOmDdeV4L+pfxD/3L+If+ZfxD/2oz/j16Bn2i3ff/xz1oB3D3tYz/Zbf9TAxgc7H+h/5l/EP/Mv6hL81sjTs/JL85EmlEbIBmbJZEpBuiGRLrlOj1JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB3/BsAAP//nobm9w==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000ac0)={'ip6gretap0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a400000", @ANYRES32=r3, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r5}, 0x10)
r6 = gettid()
rt_sigtimedwait(&(0x7f0000000100)={[0x3ff]}, 0x0, 0x0, 0x8)
tkill(r6, 0x7)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x30, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x4040000)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
r8 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10)
write(r7, &(0x7f00000009c0)="3bf5", 0x2)
sendfile(r7, r0, 0x0, 0x3ffff)
sendfile(r7, r0, 0x0, 0x7fffeffd)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

147.731618ms ago: executing program 2 (id=281):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000002c0), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r4, 0x5063}], 0x1, 0xffffffffffbffff8)
dup2(r3, r4)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)

78.442093ms ago: executing program 2 (id=282):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='kfree\x00', r0}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0xfffc}, 0x4000800)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000003080)=@delchain={0x48, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'ip_vti0\x00'}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)

35.806987ms ago: executing program 2 (id=283):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x8264, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000040000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
write$selinux_load(r0, &(0x7f0000000000)={0xf97cff8c, 0x8}, 0x10)

0s ago: executing program 2 (id=284):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000080000000100000000000007000000000100000002000084d6000000040000000200000075000000070000000900000003000000006130"], 0x0, 0x50, 0x0, 0x1, 0x9}, 0x28)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500060000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x1, 0x6}, 0x112026, 0x0, 0x2, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000400)={0x0, 0x2, r1, 0x21})
sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000e40)="d8000000180081064a81f782db44b904021d080400007c09e8fe55a10a0015c0050014a603600e1208000f0000000401a80016009a00014004000000036010fab94dcf5c0461c1d6900094007134cf6ee080000190d0a2ac922353a606487ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00320db70103000040fad95667dc06dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x48084)
r2 = memfd_create(&(0x7f0000000cc0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\xd5\xfd\xa9\r\xac7V\xf2\x93A\x94k\xcd\t\x00\x90\xbe\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\agB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\x9f#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xd8\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x96!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2_\x16\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0V\\w\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x17fNo\xb3\x1d\xbb\xcaI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%UH\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\x02Y\x8e\xae\xf5m\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5\x04\x00\x00\x00\x00\x00\x00\x00\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9\xcfJ\t}\xd4:\xe4\xbe\x1c\x10\n\xc6hPO\xeagxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!D\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\xca\xc5kz\x8e9\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3d5V\x80\x1a\x90\x10\xe3\xdf%\xfdz\xf7\x9aE\xe6\x9b\x00'/993, 0x3)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0x6, 0x1000000})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x44040, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0)
fcntl$addseals(r2, 0x409, 0xb)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet(0xa, 0x801, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1a, 0x4, 0x0, 0x1, 0x8000, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x50)
getsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000380), &(0x7f00000003c0)=0x10)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x1, @rand_addr=0x64010101}, 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x7d, &(0x7f0000000480)=@assoc_value={0x0, 0xc}, 0x8)
r7 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r8, 0x0, 0xffff7ffffffffffd}, 0x18)
write$binfmt_elf32(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c46fdc300030700000000000000020003"], 0x58)
close(r7)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000100)={'team0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r9}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804)

kernel console output (not intermixed with test programs):



syzkaller
syzkaller login: [   26.738743][   T29] kauditd_printk_skb: 45 callbacks suppressed
[   26.738762][   T29] audit: type=1400 audit(1756535464.000:57): avc:  denied  { transition } for  pid=3284 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   26.771288][   T29] audit: type=1400 audit(1756535464.000:58): avc:  denied  { noatsecure } for  pid=3284 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   26.790986][   T29] audit: type=1400 audit(1756535464.000:59): avc:  denied  { write } for  pid=3284 comm="sh" path="pipe:[1501]" dev="pipefs" ino=1501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   26.813551][   T29] audit: type=1400 audit(1756535464.000:60): avc:  denied  { rlimitinh } for  pid=3284 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   26.832313][   T29] audit: type=1400 audit(1756535464.000:61): avc:  denied  { siginh } for  pid=3284 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts.
[   34.912386][   T29] audit: type=1400 audit(1756535472.170:62): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   34.913449][ T3295] cgroup: Unknown subsys name 'net'
[   34.935176][   T29] audit: type=1400 audit(1756535472.170:63): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   34.962574][   T29] audit: type=1400 audit(1756535472.210:64): avc:  denied  { unmount } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   35.118725][ T3295] cgroup: Unknown subsys name 'cpuset'
[   35.125067][ T3295] cgroup: Unknown subsys name 'rlimit'
[   35.276231][   T29] audit: type=1400 audit(1756535472.530:65): avc:  denied  { setattr } for  pid=3295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   35.299570][   T29] audit: type=1400 audit(1756535472.530:66): avc:  denied  { create } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   35.320046][   T29] audit: type=1400 audit(1756535472.530:67): avc:  denied  { write } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   35.340596][   T29] audit: type=1400 audit(1756535472.530:68): avc:  denied  { read } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   35.360918][   T29] audit: type=1400 audit(1756535472.560:69): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   35.369804][ T3299] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   35.385746][   T29] audit: type=1400 audit(1756535472.560:70): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   35.417723][   T29] audit: type=1400 audit(1756535472.680:71): avc:  denied  { relabelto } for  pid=3299 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   35.450491][ T3295] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   36.615333][ T3307] chnl_net:caif_netlink_parms(): no params data found
[   36.684979][ T3313] chnl_net:caif_netlink_parms(): no params data found
[   36.706371][ T3306] chnl_net:caif_netlink_parms(): no params data found
[   36.742511][ T3310] chnl_net:caif_netlink_parms(): no params data found
[   36.757829][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.765040][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.772310][ T3307] bridge_slave_0: entered allmulticast mode
[   36.778765][ T3307] bridge_slave_0: entered promiscuous mode
[   36.788058][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.795159][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.802279][ T3307] bridge_slave_1: entered allmulticast mode
[   36.808751][ T3307] bridge_slave_1: entered promiscuous mode
[   36.862527][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.871841][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.878937][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.886108][ T3313] bridge_slave_0: entered allmulticast mode
[   36.892671][ T3313] bridge_slave_0: entered promiscuous mode
[   36.901002][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.908160][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.915271][ T3313] bridge_slave_1: entered allmulticast mode
[   36.921854][ T3313] bridge_slave_1: entered promiscuous mode
[   36.934967][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.944268][ T3305] chnl_net:caif_netlink_parms(): no params data found
[   36.976033][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.003674][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.013430][ T3307] team0: Port device team_slave_0 added
[   37.029344][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.036532][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.043754][ T3306] bridge_slave_0: entered allmulticast mode
[   37.050215][ T3306] bridge_slave_0: entered promiscuous mode
[   37.066262][ T3307] team0: Port device team_slave_1 added
[   37.074266][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.081376][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.088558][ T3306] bridge_slave_1: entered allmulticast mode
[   37.094827][ T3306] bridge_slave_1: entered promiscuous mode
[   37.101057][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.108175][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.115355][ T3310] bridge_slave_0: entered allmulticast mode
[   37.121920][ T3310] bridge_slave_0: entered promiscuous mode
[   37.128772][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.135859][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.143069][ T3310] bridge_slave_1: entered allmulticast mode
[   37.149396][ T3310] bridge_slave_1: entered promiscuous mode
[   37.177878][ T3313] team0: Port device team_slave_0 added
[   37.188874][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0
[   37.195829][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.221798][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   37.245135][ T3313] team0: Port device team_slave_1 added
[   37.251103][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.258086][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.284049][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.306073][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.316179][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.336786][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.343920][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.351076][ T3305] bridge_slave_0: entered allmulticast mode
[   37.357437][ T3305] bridge_slave_0: entered promiscuous mode
[   37.364906][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.380348][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.396392][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0
[   37.403377][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.429279][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   37.440152][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.447202][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.454409][ T3305] bridge_slave_1: entered allmulticast mode
[   37.460912][ T3305] bridge_slave_1: entered promiscuous mode
[   37.486651][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.493660][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.519605][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.536173][ T3306] team0: Port device team_slave_0 added
[   37.542889][ T3306] team0: Port device team_slave_1 added
[   37.549292][ T3310] team0: Port device team_slave_0 added
[   37.562287][ T3307] hsr_slave_0: entered promiscuous mode
[   37.568559][ T3307] hsr_slave_1: entered promiscuous mode
[   37.582452][ T3310] team0: Port device team_slave_1 added
[   37.596528][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.611084][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0
[   37.618215][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.644158][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   37.655863][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.662934][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.688898][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.705153][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.741277][ T3313] hsr_slave_0: entered promiscuous mode
[   37.747338][ T3313] hsr_slave_1: entered promiscuous mode
[   37.753290][ T3313] debugfs: 'hsr0' already exists in 'hsr'
[   37.759031][ T3313] Cannot create hsr debugfs directory
[   37.770978][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0
[   37.777998][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.803921][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   37.815803][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.822794][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.848771][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.894789][ T3305] team0: Port device team_slave_0 added
[   37.907639][ T3306] hsr_slave_0: entered promiscuous mode
[   37.914110][ T3306] hsr_slave_1: entered promiscuous mode
[   37.919954][ T3306] debugfs: 'hsr0' already exists in 'hsr'
[   37.925679][ T3306] Cannot create hsr debugfs directory
[   37.939946][ T3305] team0: Port device team_slave_1 added
[   37.975726][ T3310] hsr_slave_0: entered promiscuous mode
[   37.981794][ T3310] hsr_slave_1: entered promiscuous mode
[   37.987617][ T3310] debugfs: 'hsr0' already exists in 'hsr'
[   37.993366][ T3310] Cannot create hsr debugfs directory
[   38.010693][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.017758][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.043811][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.055032][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.062012][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.087933][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.162717][ T3305] hsr_slave_0: entered promiscuous mode
[   38.168889][ T3305] hsr_slave_1: entered promiscuous mode
[   38.174742][ T3305] debugfs: 'hsr0' already exists in 'hsr'
[   38.180596][ T3305] Cannot create hsr debugfs directory
[   38.271173][ T3307] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   38.291508][ T3307] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   38.307053][ T3307] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   38.315827][ T3307] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   38.344815][ T3313] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   38.358246][ T3313] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   38.367097][ T3313] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   38.381855][ T3313] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   38.397689][ T3310] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   38.407873][ T3310] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   38.424555][ T3310] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   38.433584][ T3310] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   38.460389][ T3305] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   38.469404][ T3305] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   38.483599][ T3305] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   38.495990][ T3305] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   38.536327][ T3306] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   38.552407][ T3306] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   38.561453][ T3306] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   38.570375][ T3306] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   38.589329][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.624573][ T3307] 8021q: adding VLAN 0 to HW filter on device team0
[   38.641906][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.649008][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.663833][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.671190][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.681388][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.696000][ T3313] 8021q: adding VLAN 0 to HW filter on device team0
[   38.704802][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.721283][ T2345] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.728525][ T2345] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.743944][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.753285][ T2345] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.760473][ T2345] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.796855][ T3310] 8021q: adding VLAN 0 to HW filter on device team0
[   38.809826][ T2345] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.816931][ T2345] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.835787][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   38.844563][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.866575][ T1969] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.873849][ T1969] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.892930][ T1969] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.900124][ T1969] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.909764][ T1969] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.916877][ T1969] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.934023][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   38.962459][ T2263] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.969628][ T2263] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.978649][ T2263] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.985732][ T2263] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.010918][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.027464][ T3305] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   39.037970][ T3305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   39.065101][ T3306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   39.115287][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.156362][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.180162][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.210032][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.321339][ T3306] veth0_vlan: entered promiscuous mode
[   39.356544][ T3306] veth1_vlan: entered promiscuous mode
[   39.366685][ T3307] veth0_vlan: entered promiscuous mode
[   39.374262][ T3313] veth0_vlan: entered promiscuous mode
[   39.386902][ T3307] veth1_vlan: entered promiscuous mode
[   39.395270][ T3310] veth0_vlan: entered promiscuous mode
[   39.406207][ T3313] veth1_vlan: entered promiscuous mode
[   39.420554][ T3310] veth1_vlan: entered promiscuous mode
[   39.436395][ T3306] veth0_macvtap: entered promiscuous mode
[   39.443379][ T3305] veth0_vlan: entered promiscuous mode
[   39.457632][ T3313] veth0_macvtap: entered promiscuous mode
[   39.466009][ T3313] veth1_macvtap: entered promiscuous mode
[   39.473690][ T3305] veth1_vlan: entered promiscuous mode
[   39.485622][ T3307] veth0_macvtap: entered promiscuous mode
[   39.494230][ T3306] veth1_macvtap: entered promiscuous mode
[   39.502108][ T3307] veth1_macvtap: entered promiscuous mode
[   39.512600][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.534080][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.542190][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.550453][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.562227][ T3310] veth0_macvtap: entered promiscuous mode
[   39.570482][ T3310] veth1_macvtap: entered promiscuous mode
[   39.579674][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.587115][ T3305] veth0_macvtap: entered promiscuous mode
[   39.594982][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.612473][ T2345] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.625362][ T3305] veth1_macvtap: entered promiscuous mode
[   39.632307][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.650324][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.660530][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.673352][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.683812][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.698447][   T31] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.707581][   T31] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.717190][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.727014][ T3313] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   39.745215][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.753650][   T31] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.784089][   T31] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.815694][   T31] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.836627][   T31] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.864224][   T31] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.870045][ T3478] loop3: detected capacity change from 0 to 512
[   39.873927][   T31] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.907445][   T31] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.931907][ T3478] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   39.937084][   T31] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.941457][   T29] kauditd_printk_skb: 28 callbacks suppressed
[   39.941475][   T29] audit: type=1400 audit(1756535477.210:100): avc:  denied  { create } for  pid=3481 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   39.960986][ T3478] EXT4-fs (loop3): invalid journal inode
[   39.978167][ T3483] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   39.993729][   T31] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.025503][   T29] audit: type=1326 audit(1756535477.210:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3484 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79978ebe9 code=0x7ffc0000
[   40.027270][    C0] hrtimer: interrupt took 56688 ns
[   40.048607][   T29] audit: type=1326 audit(1756535477.210:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3484 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79978ebe9 code=0x7ffc0000
[   40.064034][   T31] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.076739][   T29] audit: type=1326 audit(1756535477.210:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3484 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fb79978ebe9 code=0x7ffc0000
[   40.085704][ T3478] EXT4-fs (loop3): can't get journal size
[   40.108596][   T29] audit: type=1326 audit(1756535477.210:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3484 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79978ebe9 code=0x7ffc0000
[   40.108630][   T29] audit: type=1326 audit(1756535477.210:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3484 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79978ebe9 code=0x7ffc0000
[   40.108657][   T29] audit: type=1400 audit(1756535477.250:106): avc:  denied  { write } for  pid=3481 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   40.108678][   T29] audit: type=1400 audit(1756535477.270:107): avc:  denied  { open } for  pid=3486 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   40.147556][   T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.160491][   T29] audit: type=1400 audit(1756535477.270:108): avc:  denied  { kernel } for  pid=3486 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   40.168618][ T3491] 9pnet_fd: Insufficient options for proto=fd
[   40.182920][ T3490] loop4: detected capacity change from 0 to 128
[   40.211794][   T29] audit: type=1400 audit(1756535477.390:109): avc:  denied  { create } for  pid=3488 comm="syz.4.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[   40.237358][ T3490] vfat: Unknown parameter 'ÿÿÿÿ'
[   40.244233][ T3487] netlink: 'syz.0.1': attribute type 10 has an invalid length.
[   40.261819][   T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.282015][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.316265][ T3478] EXT4-fs (loop3): 1 truncate cleaned up
[   40.325424][ T3478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.337805][ T3487] team0: Port device dummy0 added
[   40.348904][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.356947][ T3490] SELinux: failed to load policy
[   40.372549][ T3492] loop0: detected capacity change from 0 to 512
[   40.385904][ T3492] =======================================================
[   40.385904][ T3492] WARNING: The mand mount option has been deprecated and
[   40.385904][ T3492]          and is ignored by this kernel. Remove the mand
[   40.385904][ T3492]          option from the mount to silence this warning.
[   40.385904][ T3492] =======================================================
[   40.425147][ T3492] EXT4-fs: Ignoring removed nomblk_io_submit option
[   40.432143][ T3496] syz.1.8 uses obsolete (PF_INET,SOCK_PACKET)
[   40.432868][ T3492] EXT4-fs: Ignoring removed i_version option
[   40.457960][ T3496] loop7: detected capacity change from 0 to 16384
[   40.465413][ T3492] EXT4-fs (loop0): 1 orphan inode deleted
[   40.471604][ T3478] loop3: detected capacity change from 512 to 0
[   40.472082][ T3492] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.486590][ T3500] FAULT_INJECTION: forcing a failure.
[   40.486590][ T3500] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   40.491307][    C0] I/O error, dev loop3, sector 26 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[   40.503570][ T3500] CPU: 1 UID: 0 PID: 3500 Comm: syz.4.9 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   40.503621][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   40.503709][ T3500] Call Trace:
[   40.503718][ T3500]  <TASK>
[   40.503728][ T3500]  __dump_stack+0x1d/0x30
[   40.503756][ T3500]  dump_stack_lvl+0xe8/0x140
[   40.503781][ T3500]  dump_stack+0x15/0x1b
[   40.503803][ T3500]  should_fail_ex+0x265/0x280
[   40.503842][ T3500]  should_fail+0xb/0x20
[   40.503865][ T3500]  should_fail_usercopy+0x1a/0x20
[   40.503894][ T3500]  copy_fpstate_to_sigframe+0x628/0x7d0
[   40.503939][ T3500]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[   40.504120][ T3500]  ? x86_task_fpu+0x36/0x60
[   40.504187][ T3500]  get_sigframe+0x34d/0x490
[   40.504209][ T3500]  ? get_signal+0xdc8/0xf70
[   40.504253][ T3500]  x64_setup_rt_frame+0xa8/0x580
[   40.504285][ T3500]  arch_do_signal_or_restart+0x27c/0x480
[   40.504325][ T3500]  exit_to_user_mode_loop+0x7a/0x100
[   40.504353][ T3500]  do_syscall_64+0x1d6/0x200
[   40.504391][ T3500]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   40.504495][ T3500]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   40.504567][ T3500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.504595][ T3500] RIP: 0033:0x7f2806fbebe7
[   40.504616][ T3500] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   40.504698][ T3500] RSP: 002b:00007f2805a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[   40.504769][ T3500] RAX: 0000000000000049 RBX: 00007f28071f5fa0 RCX: 00007f2806fbebe9
[   40.504786][ T3500] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
[   40.504802][ T3500] RBP: 00007f2805a27090 R08: 0000000000000000 R09: 0000000000000000
[   40.504818][ T3500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.504834][ T3500] R13: 00007f28071f6038 R14: 00007f28071f5fa0 R15: 00007ffe0c3d4608
[   40.504856][ T3500]  </TASK>
[   40.661209][ T3492] netlink: 'syz.0.1': attribute type 10 has an invalid length.
[   40.707939][ T3502] EXT4-fs error (device loop3): __ext4_find_entry:1615: inode #2: comm syz.3.4: reading directory lblock 0
[   40.731479][    C0] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[   40.741038][    C0] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[   40.750615][    C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[   40.774804][ T3502] EXT4-fs (loop3): I/O error while writing superblock
[   40.785854][ T3492] team0: Port device dummy0 removed
[   40.793844][ T3492] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   40.816465][ T3487] syz.0.1 (3487) used greatest stack depth: 10248 bytes left
[   40.866714][    C0] I/O error, dev loop3, sector 26 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[   40.876348][ T3306] EXT4-fs warning (device loop3): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz-executor: error -5 reading directory block
[   40.894366][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.904257][    C0] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 2
[   40.913883][    C1] I/O error, dev loop3, sector 10 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[   40.923516][ T3306] EXT4-fs error (device loop3): ext4_get_inode_loc:4999: inode #2: block 5: comm syz-executor: unable to read itable block
[   40.947862][    C1] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[   40.957422][    C1] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[   40.966906][    C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[   40.979846][ T3306] EXT4-fs (loop3): I/O error while writing superblock
[   40.986724][ T3306] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6334: IO failure
[   40.996093][    C1] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[   41.005652][    C1] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[   41.015139][    C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[   41.039187][ T3306] EXT4-fs (loop3): I/O error while writing superblock
[   41.046041][ T3306] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz-executor: mark_inode_dirty error
[   41.067970][ T3503] loop7: detected capacity change from 16384 to 0
[   41.125502][ T3511] netlink: 3 bytes leftover after parsing attributes in process `syz.0.11'.
[   41.146812][    C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[   41.155205][ T3306] EXT4-fs (loop3): I/O error while writing superblock
[   41.235946][   T51] EXT4-fs error (device loop3): __ext4_get_inode_loc_noinmem:4984: inode #2: block 5: comm kworker/u8:3: unable to read itable block
[   41.259314][    C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[   41.269500][ T3511] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.282665][   T51] EXT4-fs (loop3): I/O error while writing superblock
[   41.323005][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.339919][    C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[   41.349757][ T3306] EXT4-fs (loop3): I/O error while writing superblock
[   41.498201][ T3528] netlink: 24 bytes leftover after parsing attributes in process `syz.4.18'.
[   41.556220][ T3538] loop4: detected capacity change from 0 to 512
[   41.567871][ T3538] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   41.581162][ T3538] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   41.606392][ T3538] EXT4-fs (loop4): 1 truncate cleaned up
[   41.612663][ T3538] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.656696][ T3544] netlink: 'syz.2.22': attribute type 10 has an invalid length.
[   41.695789][ T3544] team0: Port device dummy0 added
[   41.711359][ T3541] netlink: 24 bytes leftover after parsing attributes in process `syz.1.21'.
[   41.740929][ T3544] loop2: detected capacity change from 0 to 512
[   41.751623][ T3544] EXT4-fs: Ignoring removed nomblk_io_submit option
[   41.765869][ T3544] EXT4-fs: Ignoring removed i_version option
[   41.791210][ T3544] EXT4-fs (loop2): 1 orphan inode deleted
[   41.803863][ T3544] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.837007][ T3544] netlink: 'syz.2.22': attribute type 10 has an invalid length.
[   41.882088][ T3544] team0: Port device dummy0 removed
[   41.926184][ T3544] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   41.943909][ T3544] syz.2.22 (3544) used greatest stack depth: 9224 bytes left
[   41.963703][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.033265][ T3561] loop2: detected capacity change from 0 to 512
[   42.072988][ T3561] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.089074][ T3561] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.164398][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.369428][ T3577] loop2: detected capacity change from 0 to 512
[   42.388710][ T3577] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   42.597013][ T3577] EXT4-fs (loop2): orphan cleanup on readonly fs
[   42.605368][ T3577] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.34: Block bitmap for bg 0 marked uninitialized
[   42.621353][ T3577] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   42.630409][ T3577] EXT4-fs (loop2): 1 orphan inode deleted
[   42.636600][ T3577] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   42.699556][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.737575][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.798895][ T3584] netlink: 'syz.2.36': attribute type 10 has an invalid length.
[   42.844155][ T3584] bond0: (slave dummy0): Releasing backup interface
[   42.891781][ T3584] team0: Port device dummy0 added
[   42.925654][ T3592] netlink: 'syz.2.40': attribute type 10 has an invalid length.
[   42.978256][ T3595] Zero length message leads to an empty skb
[   43.003163][ T3592] loop2: detected capacity change from 0 to 512
[   43.017736][ T3592] EXT4-fs: Ignoring removed nomblk_io_submit option
[   43.032560][ T3592] EXT4-fs: Ignoring removed i_version option
[   43.071263][ T3592] EXT4-fs (loop2): 1 orphan inode deleted
[   43.089163][ T3592] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.141123][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.186439][ T3603] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   43.218424][ T3592] netlink: 'syz.2.40': attribute type 10 has an invalid length.
[   43.247601][ T3592] team0: Port device dummy0 removed
[   43.271295][ T3612] netlink: 'syz.4.47': attribute type 10 has an invalid length.
[   43.296943][ T3592] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   43.309047][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.324836][ T3616] loop4: detected capacity change from 0 to 512
[   43.332639][ T3616] EXT4-fs: Ignoring removed nomblk_io_submit option
[   43.352823][ T3616] EXT4-fs: Ignoring removed i_version option
[   43.370842][ T3612] team0: Port device dummy0 added
[   43.377356][ T3616] EXT4-fs (loop4): 1 orphan inode deleted
[   43.377443][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.384861][ T3616] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.409822][ T3616] netlink: 'syz.4.47': attribute type 10 has an invalid length.
[   43.432299][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.452538][ T3511] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.483695][ T3616] team0: Port device dummy0 removed
[   43.493307][ T3616] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   43.552286][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.578622][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.640555][ T3635] loop2: detected capacity change from 0 to 128
[   43.710151][ T3511] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.726652][ T3639] netlink: 'syz.4.51': attribute type 10 has an invalid length.
[   43.760230][ T3639] bond0: (slave dummy0): Releasing backup interface
[   43.794229][ T3639] team0: Port device dummy0 added
[   43.828108][ T3511] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.905859][   T12] bridge_slave_1: left allmulticast mode
[   43.911658][   T12] bridge_slave_1: left promiscuous mode
[   43.917399][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.935189][ T3653] netlink: 24 bytes leftover after parsing attributes in process `syz.4.54'.
[   43.964955][ T3655] loop2: detected capacity change from 0 to 128
[   43.975240][   T12] bridge_slave_0: left allmulticast mode
[   43.981073][   T12] bridge_slave_0: left promiscuous mode
[   43.986740][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.111223][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   44.122050][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   44.131889][   T12] bond0 (unregistering): Released all slaves
[   44.197933][   T12] hsr_slave_0: left promiscuous mode
[   44.204081][   T12] hsr_slave_1: left promiscuous mode
[   44.210343][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   44.217777][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   44.226668][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   44.234129][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   44.252777][   T12] veth1_macvtap: left promiscuous mode
[   44.263578][   T12] veth0_macvtap: left promiscuous mode
[   44.270512][   T12] veth1_vlan: left promiscuous mode
[   44.281401][   T12] veth0_vlan: left promiscuous mode
[   44.396741][   T12] team0 (unregistering): Port device team_slave_1 removed
[   44.406266][   T12] team0 (unregistering): Port device team_slave_0 removed
[   44.439533][   T52] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   44.471330][   T52] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   44.509687][   T52] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   44.582228][   T52] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   44.603759][ T3712] SELinux: failed to load policy
[   44.643369][ T3605] chnl_net:caif_netlink_parms(): no params data found
[   44.744074][ T3386] IPVS: starting estimator thread 0...
[   44.752955][ T3725] loop0: detected capacity change from 0 to 512
[   44.767738][ T3725] EXT4-fs: Ignoring removed nomblk_io_submit option
[   44.787275][ T3725] EXT4-fs: Ignoring removed i_version option
[   44.807561][ T3725] EXT4-fs (loop0): 1 orphan inode deleted
[   44.817663][ T3725] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.840532][ T3724] IPVS: using max 2304 ests per chain, 115200 per kthread
[   44.854554][ T3718] bond0: (slave dummy0): Releasing backup interface
[   44.893814][ T3718] team0: Port device dummy0 added
[   44.916632][ T3725] team0: Port device dummy0 removed
[   44.925117][ T3725] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   44.948015][ T3605] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.955212][ T3605] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.964945][ T3605] bridge_slave_0: entered allmulticast mode
[   44.966010][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.971897][ T3605] bridge_slave_0: entered promiscuous mode
[   44.987945][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.995088][ T3605] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.003410][ T3605] bridge_slave_1: entered allmulticast mode
[   45.012613][ T3605] bridge_slave_1: entered promiscuous mode
[   45.039646][ T3745] bond0: (slave dummy0): Releasing backup interface
[   45.058235][ T3745] team0: Port device dummy0 added
[   45.091491][   T29] kauditd_printk_skb: 487 callbacks suppressed
[   45.091509][   T29] audit: type=1400 audit(1756535482.350:597): avc:  denied  { validate_trans } for  pid=3748 comm="syz.2.73" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   45.097200][ T3605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.129793][ T3605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   45.169657][ T3605] team0: Port device team_slave_0 added
[   45.177385][ T3605] team0: Port device team_slave_1 added
[   45.245059][ T3605] batman_adv: batadv0: Adding interface: batadv_slave_0
[   45.252184][ T3605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   45.278147][ T3605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   45.303738][   T29] audit: type=1326 audit(1756535482.560:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.329774][ T3605] batman_adv: batadv0: Adding interface: batadv_slave_1
[   45.336764][ T3605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   45.362756][ T3605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   45.372709][   T29] audit: type=1326 audit(1756535482.600:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.372745][   T29] audit: type=1326 audit(1756535482.600:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.372770][   T29] audit: type=1326 audit(1756535482.600:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.372875][   T29] audit: type=1326 audit(1756535482.620:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.372901][   T29] audit: type=1326 audit(1756535482.620:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.372950][   T29] audit: type=1326 audit(1756535482.620:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.372993][   T29] audit: type=1326 audit(1756535482.620:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.373021][   T29] audit: type=1326 audit(1756535482.620:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3763 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfc622ebe9 code=0x7ffc0000
[   45.542141][ T3770] loop0: detected capacity change from 0 to 512
[   45.622171][ T3770] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   45.630259][ T3770] EXT4-fs (loop0): orphan cleanup on readonly fs
[   45.677230][ T3770] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.76: corrupted inode contents
[   45.710269][ T3749] Set syz1 is full, maxelem 65536 reached
[   45.716640][ T3770] EXT4-fs (loop0): Remounting filesystem read-only
[   45.723616][ T3770] EXT4-fs (loop0): 1 truncate cleaned up
[   45.729918][   T52] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   45.740552][   T52] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   45.753152][   T52] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   45.768445][ T3770] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   45.783965][ T3605] hsr_slave_0: entered promiscuous mode
[   45.798788][ T3605] hsr_slave_1: entered promiscuous mode
[   45.817085][ T3605] debugfs: 'hsr0' already exists in 'hsr'
[   45.822891][ T3605] Cannot create hsr debugfs directory
[   45.829685][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.946599][ T3796] validate_nla: 4 callbacks suppressed
[   45.946628][ T3796] netlink: 'syz.2.82': attribute type 10 has an invalid length.
[   45.973300][ T3605] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   45.991630][ T3798] netlink: 'syz.0.81': attribute type 1 has an invalid length.
[   46.012660][ T3605] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   46.023822][ T3798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.81'.
[   46.036452][ T3605] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   46.046921][ T3799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.84'.
[   46.048916][ T3605] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   46.062805][ T3799] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   46.070048][ T3799] IPv6: NLM_F_CREATE should be set when creating new route
[   46.115281][ T3605] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.128971][ T3605] 8021q: adding VLAN 0 to HW filter on device team0
[   46.140066][ T3803] netlink: 24 bytes leftover after parsing attributes in process `syz.2.86'.
[   46.141683][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.156001][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.168554][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.175822][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.246676][ T3605] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.379402][ T3605] veth0_vlan: entered promiscuous mode
[   46.387333][ T3605] veth1_vlan: entered promiscuous mode
[   46.404106][ T3605] veth0_macvtap: entered promiscuous mode
[   46.411497][ T3605] veth1_macvtap: entered promiscuous mode
[   46.426270][ T3605] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.436221][ T3605] batman_adv: batadv0: Interface activated: batadv_slave_1
[   46.482428][   T31] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.491496][   T31] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.491718][ T3414] IPVS: starting estimator thread 0...
[   46.501748][   T31] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.516599][   T31] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.544440][ T3835] netlink: 'syz.5.44': attribute type 10 has an invalid length.
[   46.566411][ T3835] team0: Port device dummy0 added
[   46.598273][ T3832] IPVS: using max 2352 ests per chain, 117600 per kthread
[   46.611883][ T3835] loop5: detected capacity change from 0 to 512
[   46.620375][ T3835] EXT4-fs: Ignoring removed nomblk_io_submit option
[   46.629444][ T3835] EXT4-fs: Ignoring removed i_version option
[   46.649993][ T3835] EXT4-fs (loop5): 1 orphan inode deleted
[   46.657239][ T3835] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.673980][ T3835] netlink: 'syz.5.44': attribute type 10 has an invalid length.
[   46.694331][    C1] vcan0: j1939_tp_rxtimer: 0xffff888119f38e00: rx timeout, send abort
[   46.702596][    C1] vcan0: j1939_tp_rxtimer: 0xffff888119f39200: rx timeout, send abort
[   46.711000][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888119f38e00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   46.725323][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888119f39200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   46.741989][ T3835] team0: Port device dummy0 removed
[   46.782527][ T3835] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   46.784431][ T3841] SELinux: failed to load policy
[   46.799557][ T3840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.88'.
[   46.809750][ T3605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.865146][ T3844] loop5: detected capacity change from 0 to 512
[   46.874749][ T3849] SELinux: failed to load policy
[   46.884833][ T3847] loop4: detected capacity change from 0 to 512
[   46.893566][ T3844] EXT4-fs (loop5): revision level too high, forcing read-only mode
[   46.905584][ T3846] loop0: detected capacity change from 0 to 512
[   46.923094][ T3844] EXT4-fs (loop5): orphan cleanup on readonly fs
[   46.923832][ T3847] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   46.941246][ T3844] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.90: corrupted inode contents
[   46.957407][ T3847] EXT4-fs (loop4): orphan cleanup on readonly fs
[   46.959202][ T3844] EXT4-fs (loop5): Remounting filesystem read-only
[   46.967651][ T3847] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.91: corrupted inode contents
[   46.971297][ T3844] EXT4-fs (loop5): 1 truncate cleaned up
[   46.989471][ T3847] EXT4-fs (loop4): Remounting filesystem read-only
[   46.996075][ T3847] EXT4-fs (loop4): 1 truncate cleaned up
[   47.002677][   T52] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   47.013294][   T52] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   47.024071][   T52] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[   47.026992][ T3846] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.048184][ T3846] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.053293][   T52] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   47.069331][   T52] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   47.081249][   T52] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   47.094763][ T3844] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   47.101581][ T3862] loop1: detected capacity change from 0 to 512
[   47.108641][ T3847] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   47.224325][ T3862] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   47.236373][ T3862] EXT4-fs (loop1): 1 truncate cleaned up
[   47.242743][ T3605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.245353][ T3862] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.301912][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.380365][ T3875] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.392983][ T3879] netlink: 'syz.2.100': attribute type 10 has an invalid length.
[   47.449416][ T3875] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.471446][ T3879] loop2: detected capacity change from 0 to 512
[   47.486055][ T3879] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.495727][ T3879] EXT4-fs: Ignoring removed i_version option
[   47.523169][ T3879] EXT4-fs (loop2): 1 orphan inode deleted
[   47.536315][ T3879] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.555691][ T3879] netlink: 'syz.2.100': attribute type 10 has an invalid length.
[   47.577805][ T3879] team0: Port device dummy0 removed
[   47.613097][ T3879] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   47.630725][ T3846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.650389][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.670558][ T3888] netlink: 24 bytes leftover after parsing attributes in process `syz.4.102'.
[   47.772034][ T3896] netlink: 'syz.2.106': attribute type 10 has an invalid length.
[   47.820529][ T3896] bond0: (slave dummy0): Releasing backup interface
[   47.842442][ T3900] loop2: detected capacity change from 0 to 512
[   47.854607][ T3900] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.873371][ T3896] team0: Port device dummy0 added
[   47.880173][ T3900] EXT4-fs: Ignoring removed i_version option
[   47.892228][ T3900] EXT4-fs (loop2): 1 orphan inode deleted
[   47.898596][ T3900] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.927860][ T3896] netlink: 'syz.2.106': attribute type 10 has an invalid length.
[   47.963928][ T3903] netlink: 'syz.4.108': attribute type 10 has an invalid length.
[   47.995941][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.013547][ T3896] team0: Port device dummy0 removed
[   48.027443][ T3906] SELinux: failed to load policy
[   48.033811][ T3905] loop4: detected capacity change from 0 to 512
[   48.053583][ T3896] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   48.074987][ T3905] EXT4-fs: Ignoring removed nomblk_io_submit option
[   48.081856][ T3905] EXT4-fs: Ignoring removed i_version option
[   48.094315][ T3905] EXT4-fs (loop4): 1 orphan inode deleted
[   48.107170][ T3905] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.124396][ T3903] netlink: 'syz.4.108': attribute type 10 has an invalid length.
[   48.125148][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.141747][ T3903] team0: Port device dummy0 removed
[   48.152127][ T3903] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   48.165509][ T3911] loop1: detected capacity change from 0 to 128
[   48.205431][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.247041][ T3917] SELinux: failed to load policy
[   48.273697][ T3921] netlink: 3 bytes leftover after parsing attributes in process `syz.4.116'.
[   48.298708][ T3920] bond0: (slave dummy0): Releasing backup interface
[   48.322147][ T3920] team0: Port device dummy0 added
[   48.394524][ T3930] loop1: detected capacity change from 0 to 2048
[   48.394539][ T3932] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   48.447294][ T3937] loop2: detected capacity change from 0 to 512
[   48.455729][ T3574]  loop1: p1 < > p4
[   48.462766][ T3574] loop1: p4 size 8388608 extends beyond EOD, truncated
[   48.471595][ T3937] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   48.472207][ T3930]  loop1: p1 < > p4
[   48.479692][ T3937] EXT4-fs (loop2): orphan cleanup on readonly fs
[   48.491910][ T3930] loop1: p4 size 8388608 extends beyond EOD, truncated
[   48.492310][ T3937] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.121: corrupted inode contents
[   48.514214][ T3930] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=29 sclass=netlink_tcpdiag_socket pid=3930 comm=syz.1.120
[   48.529503][ T3937] EXT4-fs (loop2): Remounting filesystem read-only
[   48.536192][ T3937] EXT4-fs (loop2): 1 truncate cleaned up
[   48.544045][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   48.554615][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   48.566680][   T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[   48.578456][ T3937] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   48.611327][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.641288][ T3875] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   48.694783][ T3950] netlink: 3 bytes leftover after parsing attributes in process `syz.1.128'.
[   48.738658][ T3956] netlink: 24 bytes leftover after parsing attributes in process `syz.2.131'.
[   48.828839][ T3962] loop2: detected capacity change from 0 to 128
[   48.857628][ T3964] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   48.913405][ T3965] loop2: detected capacity change from 0 to 512
[   48.929194][ T3965] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   48.937338][ T3965] EXT4-fs (loop2): orphan cleanup on readonly fs
[   48.945359][ T3965] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.135: corrupted inode contents
[   48.957499][ T3965] EXT4-fs (loop2): Remounting filesystem read-only
[   48.964367][ T3965] EXT4-fs (loop2): 1 truncate cleaned up
[   48.970197][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   48.980773][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   48.991468][   T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[   49.002597][ T3965] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   49.025462][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.112074][ T3976] netlink: 3 bytes leftover after parsing attributes in process `syz.2.140'.
[   49.152230][ T3979] : port 1(erspan0) entered blocking state
[   49.158413][ T3979] : port 1(erspan0) entered disabled state
[   49.158823][ T3981] netlink: 24 bytes leftover after parsing attributes in process `syz.0.142'.
[   49.165739][ T3979] erspan0: entered allmulticast mode
[   49.179683][ T3979] erspan0: entered promiscuous mode
[   49.209095][ T3983] nfs4: Bad value for 'source'
[   49.216127][   T36] hid-generic 0000:0100:0001.0001: unknown main item tag 0x0
[   49.226328][   T36] hid-generic 0000:0100:0001.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   49.407064][ T3979] loop2: detected capacity change from 0 to 32768
[   49.415786][ T3991] loop4: detected capacity change from 0 to 128
[   49.460157][ T3979]  loop2: p1 p3 < >
[   49.464181][ T3995] loop4: detected capacity change from 0 to 512
[   49.483156][    C1] vcan0: j1939_tp_rxtimer: 0xffff888119f37e00: rx timeout, send abort
[   49.491458][    C1] vcan0: j1939_tp_rxtimer: 0xffff888119f37a00: rx timeout, send abort
[   49.501438][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888119f37e00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   49.515782][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888119f37a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   49.544107][ T3995] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   49.558886][ T4003] FAULT_INJECTION: forcing a failure.
[   49.558886][ T4003] name failslab, interval 1, probability 0, space 0, times 1
[   49.571587][ T4003] CPU: 0 UID: 0 PID: 4003 Comm: syz.0.148 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.571613][ T4003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.571625][ T4003] Call Trace:
[   49.571635][ T4003]  <TASK>
[   49.571644][ T4003]  __dump_stack+0x1d/0x30
[   49.571670][ T4003]  dump_stack_lvl+0xe8/0x140
[   49.571691][ T4003]  dump_stack+0x15/0x1b
[   49.571751][ T4003]  should_fail_ex+0x265/0x280
[   49.571793][ T4003]  should_failslab+0x8c/0xb0
[   49.571823][ T4003]  __kmalloc_cache_node_noprof+0x54/0x320
[   49.571899][ T4003]  ? __get_vm_area_node+0x106/0x1d0
[   49.571932][ T4003]  __get_vm_area_node+0x106/0x1d0
[   49.571970][ T4003]  __vmalloc_node_range_noprof+0x273/0xe00
[   49.572036][ T4003]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.572069][ T4003]  ? avc_has_perm_noaudit+0x1b1/0x200
[   49.572104][ T4003]  ? cred_has_capability+0x210/0x280
[   49.572133][ T4003]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.572296][ T4003]  __vmalloc_noprof+0x83/0xc0
[   49.572330][ T4003]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.572364][ T4003]  bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.572389][ T4003]  ? bpf_prog_alloc+0x2a/0x150
[   49.572421][ T4003]  bpf_prog_alloc+0x3c/0x150
[   49.572464][ T4003]  bpf_prog_load+0x514/0x1070
[   49.572499][ T4003]  ? security_bpf+0x2b/0x90
[   49.572535][ T4003]  __sys_bpf+0x462/0x7b0
[   49.572573][ T4003]  __x64_sys_bpf+0x41/0x50
[   49.572654][ T4003]  x64_sys_call+0x2aea/0x2ff0
[   49.572676][ T4003]  do_syscall_64+0xd2/0x200
[   49.572712][ T4003]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.572742][ T4003]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.572801][ T4003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.572890][ T4003] RIP: 0033:0x7fdfc622ebe9
[   49.572908][ T4003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.572926][ T4003] RSP: 002b:00007fdfc4c97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   49.572949][ T4003] RAX: ffffffffffffffda RBX: 00007fdfc6465fa0 RCX: 00007fdfc622ebe9
[   49.572965][ T4003] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[   49.572980][ T4003] RBP: 00007fdfc4c97090 R08: 0000000000000000 R09: 0000000000000000
[   49.572995][ T4003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.573010][ T4003] R13: 00007fdfc6466038 R14: 00007fdfc6465fa0 R15: 00007ffdbff3aa58
[   49.573099][ T4003]  </TASK>
[   49.573234][ T4003] syz.0.148: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null)
[   49.595332][ T3995] EXT4-fs (loop4): orphan cleanup on readonly fs
[   49.596479][ T4003] ,cpuset=
[   49.626107][ T3995] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.147: corrupted inode contents
[   49.627825][ T4003] /,mems_allowed=0
[   49.666238][ T3995] EXT4-fs (loop4): Remounting filesystem read-only
[   49.670630][ T4003] 
[   49.670644][ T4003] CPU: 0 UID: 0 PID: 4003 Comm: syz.0.148 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.670673][ T4003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.670686][ T4003] Call Trace:
[   49.670696][ T4003]  <TASK>
[   49.670708][ T4003]  __dump_stack+0x1d/0x30
[   49.670738][ T4003]  dump_stack_lvl+0xe8/0x140
[   49.670800][ T4003]  dump_stack+0x15/0x1b
[   49.670822][ T4003]  warn_alloc+0x12b/0x1a0
[   49.670873][ T4003]  __vmalloc_node_range_noprof+0x297/0xe00
[   49.670922][ T4003]  ? avc_has_perm_noaudit+0x1b1/0x200
[   49.670967][ T4003]  ? cred_has_capability+0x210/0x280
[   49.670999][ T4003]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.671084][ T4003]  __vmalloc_noprof+0x83/0xc0
[   49.671124][ T4003]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.671170][ T4003]  bpf_prog_alloc_no_stats+0x47/0x3a0
[   49.671205][ T4003]  ? bpf_prog_alloc+0x2a/0x150
[   49.671261][ T4003]  bpf_prog_alloc+0x3c/0x150
[   49.671338][ T4003]  bpf_prog_load+0x514/0x1070
[   49.671433][ T4003]  ? security_bpf+0x2b/0x90
[   49.671479][ T4003]  __sys_bpf+0x462/0x7b0
[   49.671592][ T4003]  __x64_sys_bpf+0x41/0x50
[   49.671701][ T4003]  x64_sys_call+0x2aea/0x2ff0
[   49.671730][ T4003]  do_syscall_64+0xd2/0x200
[   49.671833][ T4003]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.671867][ T4003]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.671976][ T4003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.672005][ T4003] RIP: 0033:0x7fdfc622ebe9
[   49.672025][ T4003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.672050][ T4003] RSP: 002b:00007fdfc4c97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   49.672075][ T4003] RAX: ffffffffffffffda RBX: 00007fdfc6465fa0 RCX: 00007fdfc622ebe9
[   49.672120][ T4003] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[   49.672144][ T4003] RBP: 00007fdfc4c97090 R08: 0000000000000000 R09: 0000000000000000
[   49.672162][ T4003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.672245][ T4003] R13: 00007fdfc6466038 R14: 00007fdfc6465fa0 R15: 00007ffdbff3aa58
[   49.672270][ T4003]  </TASK>
[   49.672295][ T4003] Mem-Info:
[   49.678566][ T4006] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   49.681634][ T4003] active_anon:12429 inactive_anon:0 isolated_anon:0
[   49.681634][ T4003]  active_file:18420 inactive_file:2299 isolated_file:0
[   49.681634][ T4003]  unevictable:0 dirty:1490 writeback:3
[   49.681634][ T4003]  slab_reclaimable:3218 slab_unreclaimable:14874
[   49.681634][ T4003]  mapped:29224 shmem:5700 pagetables:1213
[   49.681634][ T4003]  sec_pagetables:0 bounce:0
[   49.681634][ T4003]  kernel_misc_reclaimable:0
[   49.681634][ T4003]  free:1873228 free_pcp:19449 free_cma:0
[   49.720321][ T3995] EXT4-fs (loop4): 1 truncate cleaned up
[   49.724435][ T4003] Node 0 active_anon:47744kB inactive_anon:0kB active_file:73680kB inactive_file:8848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117012kB dirty:5960kB writeback:12kB shmem:21292kB kernel_stack:3472kB pagetables:4852kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   49.856618][ T4009] loop1: detected capacity change from 0 to 512
[   49.857196][ T4003] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   49.882967][ T3574] udevd[3574]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   49.885620][ T4003] lowmem_reserve[]: 0 2883 7862
[   49.892268][ T3649] udevd[3649]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   49.894706][ T4003]  7862
[   49.920373][ T4013] netlink: 24 bytes leftover after parsing attributes in process `syz.2.153'.
[   49.925311][ T4003] 
[   49.925320][ T4003] Node 0 DMA32 free:2949196kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952828kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB
[   49.933256][ T4009] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   49.935625][ T4003] lowmem_reserve[]: 0 0 4978 4978
[   49.935657][ T4003] Node 0 Normal free:4546484kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33128kB inactive_anon:0kB active_file:73680kB inactive_file:8848kB unevictable:0kB writepending:5972kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:71464kB local_pcp:17692kB free_cma:0kB
[   49.941564][ T4009] EXT4-fs (loop1): orphan cleanup on readonly fs
[   49.945867][ T4003] lowmem_reserve[]:
[   49.953737][ T4009] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.152: corrupted inode contents
[   49.955129][ T4003]  0 0 0 0
[   49.960283][ T4009] EXT4-fs (loop1): Remounting filesystem read-only
[   49.963927][ T4003] 
[   49.963935][ T4003] Node 0 DMA: 0*4kB 0*8kB 
[   49.970157][ T4009] EXT4-fs (loop1): 1 truncate cleaned up
[   49.973071][ T4003] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   50.364328][ T4003] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 3*16kB (M) 2*32kB (M) 3*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949196kB
[   50.380511][ T4003] Node 0 Normal: 115*4kB (UME) 51*8kB (UME) 41*16kB (UM) 65*32kB (UME) 48*64kB (UM) 40*128kB (ME) 32*256kB (UM) 1*512kB (E) 0*1024kB 2*2048kB (UE) 1104*4096kB (M) = 4546580kB
[   50.398158][ T4003] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   50.407462][ T4003] 22344 total pagecache pages
[   50.412184][ T4003] 0 pages in swap cache
[   50.416342][ T4003] Free swap  = 124996kB
[   50.420535][ T4003] Total swap = 124996kB
[   50.424696][ T4003] 2097051 pages RAM
[   50.428603][ T4003] 0 pages HighMem/MovableOnly
[   50.433337][ T4003] 80444 pages reserved
[   50.437636][   T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   50.451360][   T51] __quota_error: 380 callbacks suppressed
[   50.451375][   T51] Quota error (device loop4): write_blk: dquota write failed
[   50.465137][   T51] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[   50.469147][ T4019] loop0: detected capacity change from 0 to 128
[   50.475258][   T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   50.492113][   T51] Quota error (device loop4): write_blk: dquota write failed
[   50.499567][   T51] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list
[   50.510678][   T51] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   50.520831][   T51] Quota error (device loop4): v2_write_file_info: Can't write info structure
[   50.529687][   T51] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[   50.539852][   T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   50.550646][   T51] Quota error (device loop1): write_blk: dquota write failed
[   50.558103][   T51] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[   50.568241][   T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   50.578800][   T51] Quota error (device loop1): write_blk: dquota write failed
[   50.586275][   T51] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[   50.597080][   T51] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   50.609087][ T3995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   50.628432][ T4009] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   50.667829][ T4022] netlink: 128 bytes leftover after parsing attributes in process `syz.2.155'.
[   50.694981][ T4025] bond0: (slave dummy0): Releasing backup interface
[   50.704666][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.714926][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.743394][ T4031] loop4: detected capacity change from 0 to 128
[   50.757253][ T4025] team0: Port device dummy0 added
[   50.767507][ T4034] loop1: detected capacity change from 0 to 128
[   50.919254][ T4045] can0: slcan on ttyS3.
[   50.950517][ T3875] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.988309][ T4046] can0 (unregistered): slcan off ttyS3.
[   51.039398][   T52] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   51.063573][ T4054] loop2: detected capacity change from 0 to 512
[   51.072853][   T52] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   51.083134][   T12] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   51.091899][ T4054] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   51.098151][   T12] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   51.106259][ T4054] EXT4-fs (loop2): orphan cleanup on readonly fs
[   51.156463][ T4063] loop1: detected capacity change from 0 to 512
[   51.176213][ T4054] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.167: corrupted inode contents
[   51.190117][ T4066] loop4: detected capacity change from 0 to 128
[   51.243202][ T4054] EXT4-fs (loop2): Remounting filesystem read-only
[   51.249951][ T4063] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   51.259334][ T4054] EXT4-fs (loop2): 1 truncate cleaned up
[   51.265193][   T52] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   51.272215][ T4063] EXT4-fs (loop1): orphan cleanup on readonly fs
[   51.275763][   T52] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   51.297106][ T4063] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.170: corrupted inode contents
[   51.309354][   T52] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[   51.320068][ T4054] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   51.336589][ T4063] EXT4-fs (loop1): Remounting filesystem read-only
[   51.343439][ T4063] EXT4-fs (loop1): 1 truncate cleaned up
[   51.353890][ T2345] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   51.364542][ T2345] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   51.377063][ T2345] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   51.388005][ T4063] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   51.388690][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.403146][ T4073] loop5: detected capacity change from 0 to 512
[   51.442159][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.452602][ T4073] EXT4-fs (loop5): revision level too high, forcing read-only mode
[   51.462368][ T4073] EXT4-fs (loop5): orphan cleanup on readonly fs
[   51.481093][ T4073] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.174: corrupted inode contents
[   51.504196][ T4073] EXT4-fs (loop5): Remounting filesystem read-only
[   51.527218][ T4085] FAULT_INJECTION: forcing a failure.
[   51.527218][ T4085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   51.528160][ T4073] EXT4-fs (loop5): 1 truncate cleaned up
[   51.540398][ T4085] CPU: 0 UID: 0 PID: 4085 Comm: syz.1.177 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   51.540435][ T4085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   51.540452][ T4085] Call Trace:
[   51.540461][ T4085]  <TASK>
[   51.540473][ T4085]  __dump_stack+0x1d/0x30
[   51.540535][ T4085]  dump_stack_lvl+0xe8/0x140
[   51.540561][ T4085]  dump_stack+0x15/0x1b
[   51.540582][ T4085]  should_fail_ex+0x265/0x280
[   51.540617][ T4085]  should_fail+0xb/0x20
[   51.540641][ T4085]  should_fail_usercopy+0x1a/0x20
[   51.540672][ T4085]  _copy_from_user+0x1c/0xb0
[   51.540709][ T4085]  ___sys_sendmsg+0xc1/0x1d0
[   51.540770][ T4085]  __x64_sys_sendmsg+0xd4/0x160
[   51.540807][ T4085]  x64_sys_call+0x191e/0x2ff0
[   51.540835][ T4085]  do_syscall_64+0xd2/0x200
[   51.540872][ T4085]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.540921][ T4085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.540973][ T4085] RIP: 0033:0x7fb79978ebe9
[   51.540993][ T4085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.541037][ T4085] RSP: 002b:00007fb7981f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   51.541061][ T4085] RAX: ffffffffffffffda RBX: 00007fb7999c5fa0 RCX: 00007fb79978ebe9
[   51.541078][ T4085] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000006
[   51.541094][ T4085] RBP: 00007fb7981f7090 R08: 0000000000000000 R09: 0000000000000000
[   51.541110][ T4085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.541126][ T4085] R13: 00007fb7999c6038 R14: 00007fb7999c5fa0 R15: 00007ffe4b03e728
[   51.541177][ T4085]  </TASK>
[   51.541766][   T12] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   51.723200][   T12] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   51.798779][ T4097] loop1: detected capacity change from 0 to 512
[   51.815305][ T4097] ext3: Unknown parameter 'fsmagic'
[   51.848743][   T12] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[   51.867060][ T4073] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   51.903561][ T4100] __nla_validate_parse: 1 callbacks suppressed
[   51.903578][ T4100] netlink: 28 bytes leftover after parsing attributes in process `syz.2.182'.
[   51.904853][ T4102] netlink: 12 bytes leftover after parsing attributes in process `syz.1.183'.
[   51.919570][ T4103] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[   51.981658][ T4102] loop1: detected capacity change from 0 to 2048
[   51.994799][ T4105] validate_nla: 6 callbacks suppressed
[   51.994837][ T4105] netlink: 'syz.2.184': attribute type 10 has an invalid length.
[   52.018252][ T3605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.047688][ T4106] loop2: detected capacity change from 0 to 512
[   52.055469][ T3574] Alternate GPT is invalid, using primary GPT.
[   52.061971][ T3574]  loop1: p1 p2 p3
[   52.077136][ T4108] netlink: 'syz.5.185': attribute type 10 has an invalid length.
[   52.100297][ T4106] EXT4-fs: Ignoring removed nomblk_io_submit option
[   52.112244][ T4106] EXT4-fs: Ignoring removed i_version option
[   52.112331][ T4102] Alternate GPT is invalid, using primary GPT.
[   52.124651][ T4102]  loop1: p1 p2 p3
[   52.171703][ T4112] loop5: detected capacity change from 0 to 512
[   52.182256][ T4106] EXT4-fs (loop2): 1 orphan inode deleted
[   52.230597][ T4106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.285152][ T4112] EXT4-fs (loop5): revision level too high, forcing read-only mode
[   52.302714][ T4112] EXT4-fs (loop5): orphan cleanup on readonly fs
[   52.328970][ T4105] netlink: 'syz.2.184': attribute type 10 has an invalid length.
[   52.348179][ T4112] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.186: corrupted inode contents
[   52.352278][ T3574] udevd[3574]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   52.371600][ T3649] udevd[3649]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   52.387108][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[   52.399150][ T4112] EXT4-fs (loop5): Remounting filesystem read-only
[   52.410137][ T4126] loop1: detected capacity change from 0 to 512
[   52.426447][ T4105] team0: Port device dummy0 removed
[   52.439049][ T4126] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   52.452868][ T4112] EXT4-fs (loop5): 1 truncate cleaned up
[   52.459706][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   52.470380][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   52.493669][ T4126] EXT4-fs (loop1): orphan cleanup on readonly fs
[   52.533489][ T4126] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.189: corrupted inode contents
[   52.555893][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   52.567216][ T3574] udevd[3574]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[   52.578619][   T31] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[   52.593196][ T4126] EXT4-fs (loop1): Remounting filesystem read-only
[   52.602434][ T4112] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   52.616446][ T4130] netlink: 'syz.4.190': attribute type 10 has an invalid length.
[   52.629606][ T4105] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   52.643757][ T4126] EXT4-fs (loop1): 1 truncate cleaned up
[   52.652720][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   52.663459][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   52.675846][ T3605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.722268][   T12] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   52.737049][ T4126] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   52.750246][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.799555][ T4142] netlink: 'syz.2.194': attribute type 10 has an invalid length.
[   52.813665][ T4143] vlan2: entered allmulticast mode
[   52.818898][ T4143] vlan0: entered allmulticast mode
[   52.824063][ T4143] veth0_vlan: entered allmulticast mode
[   52.832303][ T4149] loop5: detected capacity change from 0 to 1024
[   52.839635][ T4149] SELinux: security_context_str_to_sid (root) failed with errno=-22
[   52.850519][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.864515][ T4149] loop5: detected capacity change from 0 to 1024
[   52.876064][ T4149] ext4: Unknown parameter 'fowner>00000000000000000000'
[   52.899408][ T4150] loop2: detected capacity change from 0 to 512
[   52.910861][ T4154] SELinux: failed to load policy
[   52.917213][ T4150] EXT4-fs: Ignoring removed nomblk_io_submit option
[   52.949096][ T4150] EXT4-fs: Ignoring removed i_version option
[   53.019192][ T4162] loop0: detected capacity change from 0 to 512
[   53.032309][ T4150] EXT4-fs (loop2): 1 orphan inode deleted
[   53.036807][ T4142] bond0: (slave dummy0): Releasing backup interface
[   53.043598][ T4162] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   53.046116][ T4150] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.079517][ T4162] EXT4-fs (loop0): 1 truncate cleaned up
[   53.085921][ T4162] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.098580][ T4150] netlink: 'syz.2.194': attribute type 10 has an invalid length.
[   53.108684][ T4142] team0: Port device dummy0 added
[   53.124164][ T4150] team0: Port device dummy0 removed
[   53.132131][ T4150] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   53.154012][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.172257][ T4168] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   53.213905][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.236791][ T4174] loop2: detected capacity change from 0 to 512
[   53.250658][ T4174] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   53.258825][ T4174] EXT4-fs (loop2): orphan cleanup on readonly fs
[   53.266863][ T4174] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.199: corrupted inode contents
[   53.279501][ T4174] EXT4-fs (loop2): Remounting filesystem read-only
[   53.286252][ T4174] EXT4-fs (loop2): 1 truncate cleaned up
[   53.292200][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   53.302949][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   53.305295][ T4180] loop4: detected capacity change from 0 to 128
[   53.324305][   T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[   53.338821][ T4174] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   53.372771][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.406321][ T4184] loop4: detected capacity change from 0 to 512
[   53.416370][ T4188] netlink: 'syz.2.205': attribute type 10 has an invalid length.
[   53.447042][ T4186] netlink: 'syz.0.206': attribute type 10 has an invalid length.
[   53.465940][ T4190] loop4: detected capacity change from 0 to 512
[   53.474630][ T4190] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   53.486897][ T4188] bond0: (slave dummy0): Releasing backup interface
[   53.488189][ T4191] loop2: detected capacity change from 0 to 512
[   53.502502][ T4191] EXT4-fs: Ignoring removed nomblk_io_submit option
[   53.511940][ T4190] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.521081][ T4191] EXT4-fs: Ignoring removed i_version option
[   53.539434][ T4190] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.555208][ T4191] EXT4-fs (loop2): 1 orphan inode deleted
[   53.565011][ T4191] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.585840][ T4188] team0: Port device dummy0 added
[   53.610916][ T4191] netlink: 'syz.2.205': attribute type 10 has an invalid length.
[   53.620820][ T4196] netlink: 36 bytes leftover after parsing attributes in process `syz.4.208'.
[   53.626626][ T4186] team0: Port device dummy0 removed
[   53.653952][ T4186] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   53.673965][ T4199] netlink: 36 bytes leftover after parsing attributes in process `syz.4.208'.
[   53.701436][ T4191] team0: Port device dummy0 removed
[   53.712416][ T4191] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   53.779317][ T4204] loop5: detected capacity change from 0 to 512
[   53.812947][ T4204] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   53.828008][ T4204] EXT4-fs (loop5): 1 truncate cleaned up
[   53.880850][ T4214] netlink: 24 bytes leftover after parsing attributes in process `syz.2.213'.
[   53.911559][ T4216] sd 0:0:1:0: device reset
[   53.929384][ T4217] loop1: detected capacity change from 0 to 512
[   53.974469][ T4212] loop4: detected capacity change from 0 to 128
[   54.020424][ T4217] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   54.109350][ T4217] EXT4-fs (loop1): orphan cleanup on readonly fs
[   54.164411][ T4224] netlink: 'syz.2.217': attribute type 10 has an invalid length.
[   54.218795][ T4217] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.216: corrupted inode contents
[   54.293388][ T4230] loop2: detected capacity change from 0 to 512
[   54.299987][ T4217] EXT4-fs (loop1): Remounting filesystem read-only
[   54.306748][ T4217] EXT4-fs (loop1): 1 truncate cleaned up
[   54.312965][ T4230] EXT4-fs: Ignoring removed oldalloc option
[   54.319523][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   54.330216][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   54.342246][   T31] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   54.343327][ T4230] EXT4-fs (loop2): 1 truncate cleaned up
[   54.402732][ T4234] bond0: (slave dummy0): Releasing backup interface
[   54.441331][ T4238] loop4: detected capacity change from 0 to 512
[   54.453229][ T4238] EXT4-fs: Ignoring removed nomblk_io_submit option
[   54.460439][ T4238] EXT4-fs: Ignoring removed i_version option
[   54.476348][ T4234] team0: Port device dummy0 added
[   54.478308][ T4238] EXT4-fs (loop4): 1 orphan inode deleted
[   54.509654][ T4238] team0: Port device dummy0 removed
[   54.517379][ T4238] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   54.560456][ T4247] netlink: 4 bytes leftover after parsing attributes in process `syz.5.223'.
[   54.610802][ T4250] loop1: detected capacity change from 0 to 512
[   54.617737][ T4250] EXT4-fs: Ignoring removed nomblk_io_submit option
[   54.624776][ T4250] EXT4-fs: Ignoring removed i_version option
[   54.631750][ T4246] bond0: (slave dummy0): Releasing backup interface
[   54.642540][ T4250] EXT4-fs (loop1): 1 orphan inode deleted
[   54.695231][ T4246] team0: Port device dummy0 added
[   54.705700][ T4250] team0: Port device dummy0 removed
[   54.713632][ T4250] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   54.819416][ T4262] 9p: Unknown uid 00000000004294967295
[   54.826966][ T4264] loop4: detected capacity change from 0 to 512
[   54.840140][ T4264] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   54.855214][ T4264] EXT4-fs (loop4): 1 truncate cleaned up
[   54.865080][ T4258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.227'.
[   54.869881][ T4267] FAULT_INJECTION: forcing a failure.
[   54.869881][ T4267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.887495][ T4267] CPU: 1 UID: 0 PID: 4267 Comm: syz.2.229 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.887538][ T4267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.887551][ T4267] Call Trace:
[   54.887557][ T4267]  <TASK>
[   54.887566][ T4267]  __dump_stack+0x1d/0x30
[   54.887588][ T4267]  dump_stack_lvl+0xe8/0x140
[   54.887607][ T4267]  dump_stack+0x15/0x1b
[   54.887624][ T4267]  should_fail_ex+0x265/0x280
[   54.887705][ T4267]  should_fail+0xb/0x20
[   54.887723][ T4267]  should_fail_usercopy+0x1a/0x20
[   54.887746][ T4267]  _copy_from_user+0x1c/0xb0
[   54.887775][ T4267]  evdev_ioctl_handler+0x5a7/0x1660
[   54.887893][ T4267]  ? __fget_files+0x184/0x1c0
[   54.887978][ T4267]  ? __pfx_evdev_ioctl+0x10/0x10
[   54.888033][ T4267]  evdev_ioctl+0x24/0x30
[   54.888063][ T4267]  __se_sys_ioctl+0xce/0x140
[   54.888082][ T4267]  __x64_sys_ioctl+0x43/0x50
[   54.888116][ T4267]  x64_sys_call+0x1816/0x2ff0
[   54.888137][ T4267]  do_syscall_64+0xd2/0x200
[   54.888237][ T4267]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.888342][ T4267]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.888368][ T4267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.888390][ T4267] RIP: 0033:0x7f07e1c3ebe9
[   54.888405][ T4267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.888423][ T4267] RSP: 002b:00007f07e069f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.888472][ T4267] RAX: ffffffffffffffda RBX: 00007f07e1e75fa0 RCX: 00007f07e1c3ebe9
[   54.888484][ T4267] RDX: 0000000000000000 RSI: 0000000040104593 RDI: 0000000000000003
[   54.888576][ T4267] RBP: 00007f07e069f090 R08: 0000000000000000 R09: 0000000000000000
[   54.888588][ T4267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.888600][ T4267] R13: 00007f07e1e76038 R14: 00007f07e1e75fa0 R15: 00007ffddde29838
[   54.888619][ T4267]  </TASK>
[   55.080792][ T4268] loop1: detected capacity change from 0 to 256
[   55.098902][ T4268] msdos: Unknown parameter '0x00000000ffffffff0x000000000000ee00'
[   55.134111][ T4262] netlink: 16 bytes leftover after parsing attributes in process `syz.1.227'.
[   55.220700][ T4277] loop1: detected capacity change from 0 to 512
[   55.249043][ T4277] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   55.258824][ T4277] EXT4-fs (loop1): orphan cleanup on readonly fs
[   55.267358][ T4281] netlink: 3 bytes leftover after parsing attributes in process `syz.4.233'.
[   55.284227][ T4281] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.295727][ T4277] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.232: corrupted inode contents
[   55.336001][ T4277] EXT4-fs (loop1): Remounting filesystem read-only
[   55.344921][ T4277] EXT4-fs (loop1): 1 truncate cleaned up
[   55.352634][ T2263] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   55.363212][ T2263] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   55.399067][ T2263] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   55.412944][ T4281] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.475484][   T29] kauditd_printk_skb: 321 callbacks suppressed
[   55.475499][   T29] audit: type=1326 audit(1756535492.730:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.510401][   T29] audit: type=1326 audit(1756535492.770:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.533845][   T29] audit: type=1326 audit(1756535492.770:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.557262][   T29] audit: type=1326 audit(1756535492.770:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.580674][   T29] audit: type=1326 audit(1756535492.770:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.583448][ T4296] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[   55.604025][   T29] audit: type=1326 audit(1756535492.770:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.611737][ T4296] audit: out of memory in audit_log_start
[   55.640917][   T29] audit: type=1326 audit(1756535492.770:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.664332][   T29] audit: type=1326 audit(1756535492.770:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4293 comm="syz.5.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f92dee9ebe9 code=0x7ffc0000
[   55.675861][ T4300] loop2: detected capacity change from 0 to 512
[   55.690502][ T4281] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.697301][ T4300] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   55.715324][ T4300] EXT4-fs (loop2): 1 truncate cleaned up
[   55.751857][ T4281] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.795690][ T4307] bond0: (slave dummy0): Releasing backup interface
[   55.813369][ T4307] team0: Port device dummy0 added
[   55.833280][   T51] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.844324][   T51] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.856144][   T51] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.868806][   T51] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.928198][ T4307] loop5: detected capacity change from 0 to 512
[   55.941123][ T4307] EXT4-fs: Ignoring removed nomblk_io_submit option
[   55.953682][ T4307] EXT4-fs: Ignoring removed i_version option
[   55.991247][ T4314] bond0: (slave dummy0): Releasing backup interface
[   56.002187][ T4307] EXT4-fs (loop5): 1 orphan inode deleted
[   56.064352][ T4314] team0: Port device dummy0 added
[   56.071673][ T4318] netlink: 3 bytes leftover after parsing attributes in process `syz.4.248'.
[   56.146672][ T4307] team0: Port device dummy0 removed
[   56.181334][ T4307] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   56.194945][ T4318] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.266055][ T4324] bond0: (slave dummy0): Releasing backup interface
[   56.283196][ T4324] team0: Port device dummy0 added
[   56.302161][ T4326] loop1: detected capacity change from 0 to 512
[   56.305442][ T4327] loop5: detected capacity change from 0 to 512
[   56.305879][ T4327] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.306123][ T4327] EXT4-fs: Ignoring removed i_version option
[   56.434131][ T4326] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   56.452021][ T4326] EXT4-fs (loop1): orphan cleanup on readonly fs
[   56.463230][ T4318] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.476768][ T4327] EXT4-fs (loop5): 1 orphan inode deleted
[   56.481179][ T4326] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.251: corrupted inode contents
[   56.494887][ T4326] EXT4-fs (loop1): Remounting filesystem read-only
[   56.501623][ T4326] EXT4-fs (loop1): 1 truncate cleaned up
[   56.513701][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   56.524304][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   56.540083][   T12] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   56.567727][ T4324] team0: Port device dummy0 removed
[   56.599893][ T4324] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   56.624673][ T4318] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.661257][ T4318] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.736706][ T4342] 8021q: adding VLAN 0 to HW filter on device team0
[   56.755318][ T4342] bond0: (slave team0): Enslaving as an active interface with an up link
[   56.787327][ T4344] tipc: Started in network mode
[   56.792632][ T4344] tipc: Node identity 16d19a6fa95b, cluster identity 4711
[   56.799914][ T4344] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   56.808693][ T4342] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:9415:12ff:fea4:3227 error=-28
[   56.821337][ T4344] syzkaller0: entered promiscuous mode
[   56.826906][ T4344] syzkaller0: entered allmulticast mode
[   56.836989][ T4344] tipc: Resetting bearer <eth:syzkaller0>
[   56.855516][ T4344] tipc: Disabling bearer <eth:syzkaller0>
[   56.873085][ T4342] infiniband syz!: set active
[   56.877810][ T4342] infiniband syz!: added team_slave_0
[   56.897134][ T4342] RDS/IB: syz!: added
[   56.901250][ T4342] smc: adding ib device syz! with port count 1
[   56.907549][ T4342] smc:    ib device syz! port 1 has pnetid 
[   56.987300][ T4370] loop0: detected capacity change from 0 to 512
[   57.003590][ T4370] EXT4-fs: Ignoring removed mblk_io_submit option
[   57.015183][ T4370] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   57.027437][ T4370] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c018, mo2=0002]
[   57.035640][ T4370] System zones: 1-12
[   57.040158][ T4370] EXT4-fs (loop0): 1 truncate cleaned up
[   57.111559][ T4381] EXT4-fs (loop0): shut down requested (0)
[   57.321182][ T4397] netlink: 28 bytes leftover after parsing attributes in process `syz.2.263'.
[   57.396468][ T4412] validate_nla: 13 callbacks suppressed
[   57.396509][ T4412] netlink: 'syz.0.266': attribute type 10 has an invalid length.
[   57.431834][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881195bda00: rx timeout, send abort
[   57.440105][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881195bde00: rx timeout, send abort
[   57.446087][ T4412] bond0: (slave dummy0): Releasing backup interface
[   57.448397][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881195bda00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   57.448453][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881195bde00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   57.510543][ T4424] loop0: detected capacity change from 0 to 512
[   57.517288][ T4424] EXT4-fs: Ignoring removed nomblk_io_submit option
[   57.541056][ T4418] tmpfs: Bad value for 'mpol'
[   57.588359][ T4424] EXT4-fs: Ignoring removed i_version option
[   57.596675][ T4424] EXT4-fs (loop0): 1 orphan inode deleted
[   57.609909][ T4424] netlink: 'syz.0.266': attribute type 10 has an invalid length.
[   57.645649][ T4412] team0: Port device dummy0 added
[   57.695075][ T4435] netlink: 'syz.1.269': attribute type 10 has an invalid length.
[   57.707032][ T4424] team0: Port device dummy0 removed
[   57.714486][ T4424] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   57.775323][ T4440] syzkaller1: entered promiscuous mode
[   57.780988][ T4440] syzkaller1: entered allmulticast mode
[   57.794658][ T4440] capability: warning: `syz.0.270' uses deprecated v2 capabilities in a way that may be insecure
[   57.806831][ T4442] netlink: 44 bytes leftover after parsing attributes in process `syz.1.271'.
[   57.869200][ T4446] sd 0:0:1:0: device reset
[   58.181032][ T4454] SELinux: failed to load policy
[   58.204159][ T4449] netlink: 44 bytes leftover after parsing attributes in process `syz.0.272'.
[   58.220524][ T4449] netlink: 120 bytes leftover after parsing attributes in process `syz.0.272'.
[   58.229534][ T4449] netlink: 120 bytes leftover after parsing attributes in process `syz.0.272'.
[   58.289273][ T4460] netlink: 'syz.2.276': attribute type 62 has an invalid length.
[   58.302970][ T4460] loop2: detected capacity change from 0 to 512
[   58.310776][ T4460] vfat: Unknown parameter '1ñŸÉ'
[   58.392332][ T4466] FAULT_INJECTION: forcing a failure.
[   58.392332][ T4466] name failslab, interval 1, probability 0, space 0, times 0
[   58.405122][ T4466] CPU: 1 UID: 0 PID: 4466 Comm: syz.0.279 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   58.405252][ T4466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.405264][ T4466] Call Trace:
[   58.405271][ T4466]  <TASK>
[   58.405279][ T4466]  __dump_stack+0x1d/0x30
[   58.405304][ T4466]  dump_stack_lvl+0xe8/0x140
[   58.405383][ T4466]  dump_stack+0x15/0x1b
[   58.405400][ T4466]  should_fail_ex+0x265/0x280
[   58.405426][ T4466]  ? nf_tables_newtable+0x375/0xea0
[   58.405452][ T4466]  should_failslab+0x8c/0xb0
[   58.405481][ T4466]  __kmalloc_cache_noprof+0x4c/0x320
[   58.405577][ T4466]  ? __nla_validate_parse+0x1652/0x1d00
[   58.405601][ T4466]  nf_tables_newtable+0x375/0xea0
[   58.405629][ T4466]  nfnetlink_rcv+0xb96/0x1690
[   58.405777][ T4466]  netlink_unicast+0x5bd/0x690
[   58.405804][ T4466]  netlink_sendmsg+0x58b/0x6b0
[   58.405835][ T4466]  ? __pfx_netlink_sendmsg+0x10/0x10
[   58.405963][ T4466]  __sock_sendmsg+0x145/0x180
[   58.406065][ T4466]  ____sys_sendmsg+0x31e/0x4e0
[   58.406095][ T4466]  ___sys_sendmsg+0x17b/0x1d0
[   58.406129][ T4466]  __x64_sys_sendmsg+0xd4/0x160
[   58.406159][ T4466]  x64_sys_call+0x191e/0x2ff0
[   58.406224][ T4466]  do_syscall_64+0xd2/0x200
[   58.406308][ T4466]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.406330][ T4466]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.406401][ T4466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.406421][ T4466] RIP: 0033:0x7fdfc622ebe9
[   58.406514][ T4466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.406535][ T4466] RSP: 002b:00007fdfc4c97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.406558][ T4466] RAX: ffffffffffffffda RBX: 00007fdfc6465fa0 RCX: 00007fdfc622ebe9
[   58.406573][ T4466] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   58.406584][ T4466] RBP: 00007fdfc4c97090 R08: 0000000000000000 R09: 0000000000000000
[   58.406627][ T4466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.406637][ T4466] R13: 00007fdfc6466038 R14: 00007fdfc6465fa0 R15: 00007ffdbff3aa58
[   58.406654][ T4466]  </TASK>
[   58.634247][ T4468] loop0: detected capacity change from 0 to 512
[   58.642411][ T4468] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   58.659814][ T4468] EXT4-fs (loop0): 1 truncate cleaned up
[   58.749402][ T4476] netlink: 24 bytes leftover after parsing attributes in process `syz.2.282'.
[   58.795671][ T4478] SELinux: failed to load policy
[   58.823541][ T4474] ==================================================================
[   58.831676][ T4474] BUG: KCSAN: data-race in filemap_splice_read / filemap_splice_read
[   58.839772][ T4474] 
[   58.842110][ T4474] write to 0xffff888117b6bfa8 of 8 bytes by task 4468 on cpu 0:
[   58.849754][ T4474]  filemap_splice_read+0x4f4/0x740
[   58.854882][ T4474]  ext4_file_splice_read+0x8f/0xb0
[   58.860029][ T4474]  splice_direct_to_actor+0x26f/0x680
[   58.865498][ T4474]  do_splice_direct+0xda/0x150
[   58.870286][ T4474]  do_sendfile+0x380/0x650
[   58.874728][ T4474]  __x64_sys_sendfile64+0x105/0x150
[   58.879952][ T4474]  x64_sys_call+0x2bb0/0x2ff0
[   58.884647][ T4474]  do_syscall_64+0xd2/0x200
[   58.889171][ T4474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.895182][ T4474] 
[   58.897526][ T4474] write to 0xffff888117b6bfa8 of 8 bytes by task 4474 on cpu 1:
[   58.905162][ T4474]  filemap_splice_read+0x4f4/0x740
[   58.910295][ T4474]  ext4_file_splice_read+0x8f/0xb0
[   58.915448][ T4474]  splice_direct_to_actor+0x26f/0x680
[   58.920831][ T4474]  do_splice_direct+0xda/0x150
[   58.925619][ T4474]  do_sendfile+0x380/0x650
[   58.930071][ T4474]  __x64_sys_sendfile64+0x105/0x150
[   58.935309][ T4474]  x64_sys_call+0x2bb0/0x2ff0
[   58.940013][ T4474]  do_syscall_64+0xd2/0x200
[   58.944636][ T4474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.950552][ T4474] 
[   58.952884][ T4474] value changed: 0x000000000000012c -> 0x000000000000012e
[   58.959994][ T4474] 
[   58.962334][ T4474] Reported by Kernel Concurrency Sanitizer on:
[   58.968494][ T4474] CPU: 1 UID: 0 PID: 4474 Comm: syz.0.280 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   58.978135][ T4474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.988222][ T4474] ==================================================================
[   59.005044][ T4481] netlink: 'syz.2.284': attribute type 21 has an invalid length.
[   59.013155][ T4481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.284'.
[   59.088019][    C0] vcan0: j1939_tp_rxtimer: 0xffff888119f7fa00: rx timeout, send abort
[   59.096292][    C0] vcan0: j1939_tp_rxtimer: 0xffff888119f7f400: rx timeout, send abort
[   59.104587][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888119f7fa00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   59.118931][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888119f7f400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   59.190843][ T4481] process 'syz.2.284' launched './file0' with NULL argv: empty string added
[   59.913849][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.924779][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.935772][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.947473][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0