last executing test programs:

4.51703798s ago: executing program 4 (id=5784):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0xfffc, 0x1, @empty, 0x200}, 0x1c)

4.51649425s ago: executing program 4 (id=5785):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0xffffffffffffff0f, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x18)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8a}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kmem_cache_free\x00', r3}, 0x10)
preadv2(r3, 0x0, 0x0, 0x0, 0x9, 0x23)
r4 = socket(0x10, 0x3, 0x9)
connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000c80)=ANY=[@ANYBLOB="140000001000e7d0adb2ed45010000000000000000000a00000a1400000011000100000000000000"], 0x28}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x69, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020100000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[], 0xa8}}, 0x0)

4.428405081s ago: executing program 4 (id=5786):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0x1843}, 0x18)
r1 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x2040f5, 0x80, 0x0, 0x224}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x81, 0x8, 0x1, {0x2}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r1, 0x47f8, 0x0, 0x0, 0x0, 0x0)

4.258421882s ago: executing program 4 (id=5790):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68)
recvmsg(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1})

4.206312992s ago: executing program 4 (id=5792):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = getpid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
capset(0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000540)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='kmem_cache_free\x00', r4, 0x0, 0x2a7203d3}, 0x18)
socket$inet6(0xa, 0x800000000000002, 0x0)

1.890657478s ago: executing program 1 (id=5826):
socket$netlink(0x10, 0x3, 0x8000000004)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/22], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
creat(&(0x7f00000000c0)='./bus\x00', 0x1a2)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYRES16], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1b, '\x00', 0x0, 0x2}, 0xffffffffffffffae)
syz_emit_ethernet(0x5e, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaabaaa86dd60b804230028000000000000000000000000000000000000fe8000000000000000000000000000aa00040000000000000718000000010403090003000000000000000008000000000000010005020000a764bdb27f8a2c01658bd05d921816a1d1456163c205e0a0ac9695cc9a621b0a28f80b12d2ba17c8286f744c413b75eb480e29d1306e7dd9b10ea389dd4496b7aa7207cf370a482b0ddd6243230f289c578b6fe3e06dc27773bfd8121576c10600bd81aa283ec87476179e334d52864efcd4ffe2ecc1a4bfd41df9e89510568b07012b95638ecd5f4c47780690b61403f0d02688956b9c4f43305cff3617ecb7f44112cb929400"/272], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8, 0x0, 0x9}, 0x18)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c"], 0x65)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bridge\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x20000010)
r10 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r10, 0x114, 0x5, 0x0, &(0x7f00000000c0))
getsockopt$bt_l2cap_L2CAP_LM(r10, 0x6, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1f, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)

1.502968951s ago: executing program 1 (id=5831):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000004000000b7030000080000408500000069000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
epoll_create(0xb213)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sync()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
rmdir(0x0)
fcntl$setstatus(r1, 0x4, 0x2c00)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6d"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r3 = open(&(0x7f0000000040)='./bus\x00', 0x1c1242, 0x0)
ftruncate(r3, 0x2007ffb)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r4, r3, 0x0, 0x7ffff000)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f00000008c0)={0x84, @rand_addr=0x64010102, 0x4e22, 0x1, 'lblcr\x00', 0x0, 0x10001, 0x6f}, 0x2c)
setsockopt$IP_VS_SO_SET_DEL(r5, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @private=0xa010102, 0x1ffc, 0x200000001, 'none\x00', 0x9, 0x821}, 0x2c)

1.239253432s ago: executing program 0 (id=5835):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
clock_adjtime(0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone3(&(0x7f0000000940)={0x40010000, &(0x7f0000000340)=<r5=>0xffffffffffffffff, &(0x7f0000000380), &(0x7f00000006c0), {0x29}, &(0x7f00000007c0)=""/73, 0x49, &(0x7f0000000840)=""/185, &(0x7f0000000900)=[0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0], 0x6, {r3}}, 0x58)
process_mrelease(r5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @func_proto]}}, 0x0, 0x32, 0x0, 0x8}, 0x28)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, 0x0)
connect$can_bcm(r6, &(0x7f0000000140), 0x10)
syncfs(r1)

1.202366892s ago: executing program 0 (id=5837):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f0000000040))
r2 = msgget$private(0x0, 0x0)
msgsnd(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0)
msgrcv(r2, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
msgctl$IPC_SET(r2, 0x1, &(0x7f00000004c0)={{0x0, 0xee00}, 0x0, 0x0, 0xb, 0x6f76, 0x3, 0x0, 0x1, 0x8, 0x7f})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r5, 0x0, 0x900, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r6, <r8=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r7}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r8, &(0x7f0000000400), &(0x7f0000000480)=@tcp6, 0x1}, 0x20)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r9, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats_percpu\x00')
pread64(r10, &(0x7f000001a240)=""/102385, 0x18ff1, 0x100008)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000d000000000000000000000000000000cd42f63f55cfa5b7000000000000000000000000feffffff00000000"]}, 0x138)

1.182200962s ago: executing program 3 (id=5838):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000000000085"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="020000000000000002000002e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000002"], 0x110)

1.165428133s ago: executing program 3 (id=5839):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r1=>r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2, &(0x7f00000000c0)=0x6, 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x19fb, @loopback, 0x7}, 0x1c)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0x2, &(0x7f00000000c0)=0x6, 0x4)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x400004, @loopback, 0x7}, 0x1c)
listen(r4, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x2, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYRESOCT=r1, @ANYRESOCT, @ANYBLOB="95839b4d2dc3022d9bf038bde853be1522cbc012f0b52726197b8249cc005582cf14e936f29156b481afbd41036f11df6382380b3c2f34b38e82c33d1d5457fa8e2c7558e8ba595f6131b2ed2cc9f43d17c0e8fb0e9f0a57df677f22c90ad0cfecee55cdae819209cede0fb269f1b4d93b0325ea8df618ca7d693962f43397b9a339e9887e49a30e6e58df60fe1a3cfbe5d88543d29f2a090c5cbbde616ba2d31002c54af0cd195192f39677ffe0a8892a09a5076d67c2e7c1c0", @ANYRESHEX=r3], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r6}, 0x18)
r7 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x4661, 0x800, 0x8003, 0x28e}, &(0x7f0000000540)=<r8=>0x0, &(0x7f0000000440)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x400, 0x1})
io_uring_enter(r7, 0x40f9, 0x217, 0xa5, 0x0, 0x0)

1.079784143s ago: executing program 0 (id=5840):
r0 = socket(0x40000000015, 0x5, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500190000000000050018"], 0x44}}, 0x80)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000540), 0x2000)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0xfffffffffffffe86, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0)
sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)

1.048810003s ago: executing program 0 (id=5841):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfc, 0x0, 0x7ffc0002}]})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000019240)=@IORING_OP_SENDMSG={0x9, 0xc, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="78040000000000000d01000005000000ece538e8b62831eafcd9056be7c8a4f36891e0bd363476ba635f8d61e20221d10831df051097c214cf0e5f4345fa2c1eff6b0f8eedd3687f41fdd27b53aabf690ef80b8953b86b7943136212b1ec5c95809bc5d24c84f1ea4c6a1ff8b0dfc20e9b15115ddad4e233132bb07ee1577ae158a9ec4de6171ac0a7542ea221a3d97d80e7bed34fde3c64661a751d33a6d102ec5e611cee97f445ff21d4d3b360a17a83b7594ad811751ceb59ea8b5cde9525ac5679cf2e35907c0abbb85a25c776a98af56eff37c6627d00c51fd572f6113013d16a54d005b0f833f3c9cde6b897172b7ddc1b063781f822e06890c08ad3025e80b4a550a680e58053a8c33d2e1858f971a40788f6b287baa082a334140c0091f5f2d232ecbc86218a477e468e5be1b48d7787071b5c891cc3efde21a3b0337adeaa6a41ce8fd6edf1b0a47ca0cd6d785cc2c1c3803dde4d9749a10e21d489531efca60760b4ff2061dd7800c4f23c3d1e2bcd694fcc87261a2fdfee6baaa701c7083e9675a75b8d530f09f72d8d3fed4ed848ba18d11635893b52c84a6f0fdc9711b63cba52c9e33ac701261d5459b6ff53be036549b6d0e617d125a6a758370d0671f5f956918db7c4d0afb4f7369bad2a1cf0b7bcf130464bb031b092392a72e8234c1cc1d41190dad660bd1d9283d7d4c7f7410c83f6cfbd25b438097f3e5fd4a23e56c1995179797f03c6dfc5e8be4515fbc72ef9ecbb7cd80d4e71d2ac2f31396081eb9fee4b5d633aee32775a004f7aee9f33d81f9e469a"], 0x478}, 0x0, 0xe3d08660d3cd4684})
io_uring_enter(0xffffffffffffffff, 0x92, 0x0, 0x0, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x4004944)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000019480)={&(0x7f0000019200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000019440)={&(0x7f00000192c0)={0x140, 0x0, 0x1, 0x70bd25, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}]}, 0x140}, 0x1, 0x0, 0x0, 0x880}, 0x20000800)
sendmsg$NFT_BATCH(r1, &(0x7f0000019280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000194c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001", @ANYRES8=0x0, @ANYRES16=r0, @ANYRES8, @ANYRES16], 0x64}}, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = gettid()
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
read$ptp(r4, 0x0, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r5=>0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r6, &(0x7f0000000000)='map_files\x00')
mq_notify(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x16, 0x0, @tid=r6})
timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
dup(0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x500, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@dax_inode}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=")
chmod(&(0x7f0000000000)='./file0\x00', 0x60)
write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[], 0x53)
memfd_create(&(0x7f0000000ac0)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600"], 0x48)
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0x100000}, 0x10)
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000100)={&(0x7f0000001600)=""/4096, 0x1000})

1.029646514s ago: executing program 3 (id=5842):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x1843}, 0x18)
r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x2040f5, 0x80, 0x0, 0x224}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="000086dd050056005400000060ec"], 0xfdef)
syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x81, 0x8, 0x1, {0x2}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0)

904.341264ms ago: executing program 3 (id=5843):
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, 0x0, &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000100000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_sctp(0xa, 0x0, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYRES32=r7], 0x8)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, &(0x7f0000000640)='net/ip_vs\x00')
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r10, 0x6, 0x1, &(0x7f0000000040)={0x5, 0x9, 0x0, 0x4, 0x8, 0x1, 0xfffc}, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d1605040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e0700000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

681.279936ms ago: executing program 1 (id=5846):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0700000004000000a80200000e150000000000007872ddbe56", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50) (fail_nth: 1)

614.890746ms ago: executing program 2 (id=5847):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x200}, 0x18)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f00000000c0)=0x7)
ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000080)=0x3)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0700000004000000a80200000e150000000000007872ddbe56", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)

472.212557ms ago: executing program 1 (id=5848):
r0 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x4661, 0x800, 0x8003, 0x28e}, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000440)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x400, 0x1})
io_uring_enter(r0, 0x40f9, 0x217, 0xa5, 0x0, 0x0)

464.317687ms ago: executing program 2 (id=5849):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x98, 0x4)
ioctl$FIOCLEX(r0, 0x5451)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000800008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r5, &(0x7f0000002240)=[{&(0x7f0000001000)=@in={0x2, 0x4e23, @local}, 0x10, &(0x7f0000001040)=[{&(0x7f00000010c0)="13", 0x1}], 0x1, &(0x7f0000002180)=ANY=[@ANYBLOB="200000000000000084000000020000000300020009000000d90f0000", @ANYRES16=r1, @ANYRES32=r4], 0x38, 0x40010}], 0x1, 0x240000c0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="bbfb2bbd7000fddbdf25670000000800c40002000000"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r7 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xd, 0x3}, 0x12, 0x6, 0x7, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x2000000000000000, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f00000001c0)='cpu>00\t&&')
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001700)=ANY=[@ANYBLOB="540200001600010000000000fedbdf25ff0100000000000000000000000000010a0101010000000000000000000000004e2200004e2300000a00200021000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0000000000000000000000000000000000000033000000e0000002000000000000000000000000060000000000000019d000000000000009000000000000000000000000000000000000000000000008000000000000000000000000000000ff030000100000000300000000000000ffffffff00000000ffffff7f000000000900000000000000000000007f000000070000002bbd7000000000000200013f000000000000000001000000060000002c001300200100000000000000000000000000010000000000000000000000020000001c00040003004e204e210000fe"], 0x254}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

425.182068ms ago: executing program 2 (id=5850):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f0000000040))
r2 = msgget$private(0x0, 0x0)
msgsnd(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0)
msgrcv(r2, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
msgctl$IPC_SET(r2, 0x1, &(0x7f00000004c0)={{0x0, 0xee00}, 0x0, 0x0, 0xb, 0x6f76, 0x3, 0x0, 0x1, 0x8, 0x7f})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r5, 0x0, 0x900, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r6, <r8=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r7}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r8, &(0x7f0000000400), &(0x7f0000000480)=@tcp6, 0x1}, 0x20)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r9, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats_percpu\x00')
pread64(r10, &(0x7f000001a240)=""/102385, 0x18ff1, 0x100008)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000d000000000000000000000000000000cd42f63f55cfa5b7000000000000000000000000feffffff00000000"]}, 0x138)

399.925158ms ago: executing program 1 (id=5851):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000021c0)=@delchain={0x21c, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x4}, {0x0, 0xa}}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8, 0xb, 0x89f}, @filter_kind_options=@f_u32={{0x8}, {0x1e0, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x2, 0x7, 0x2, 0x0, 0x7, 0xd, 0x94, 0x2}}, @TCA_U32_ACT={0x1c8, 0x7, [@m_skbedit={0xe8, 0x18, 0x0, 0x0, {{0xc}, {0x4}, {0xb9, 0x6, "ae7618fac8bef194e7d52d5104403c4e5d31577fc03f50185949080aaa1dc98f84f317f7940367cd55990b3c58f90b82c31d145e7c1bca149bce90dd0f3f5c6da78194b3ebd9a324aa39d2f81d442d6ec9d850f09c5906450150aee2722d5a7b50ec68bc0ace566e23da3bfefd52596e1fb6997677e38b9afc641d9cecc55b09059dcc97d8b8617cf00a5d61b0a8eedd40e119683b156242d9f8ade7de54542e11d4a49c4fd3aab3aaf9079d65ea1a3e807d47a242"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_police={0xb0, 0xb, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [[@TCA_POLICE_AVRATE={0x8, 0x4, 0x27}, @TCA_POLICE_RESULT={0x8, 0x5, 0xb}], [@TCA_POLICE_RATE64={0xc, 0x8, 0x1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x99}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x8}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xb3}]]}, {0x49, 0x6, "c0478b4ac12177a57e59fcc0b7147b619b7e273c9363a9994785d22032c57b3c06e39d2222c908bcc83d71527657e704d4c0df792d7ee6e7ffd5c8f38dc351c6c033c73ea4"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_bpf={0x2c, 0x13, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x21c}, 0x1, 0x0, 0x0, 0x91}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x2, 0x2}, 0x8)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000040))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@errors_remount}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

287.721829ms ago: executing program 1 (id=5852):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x1e, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, [@jmp={0x5, 0x1, 0xd, 0x2, 0x5, 0x6, 0xffffffffffffffff}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='syzkaller\x00', 0x1000, 0x21, &(0x7f0000000280)=""/33, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x2, 0x7, 0x200, 0x8}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000003c0)=[0x1, 0xffffffffffffffff], &(0x7f00000005c0)=[{0x3, 0x4, 0x4, 0x4}, {0x3, 0x2, 0xa, 0xc}, {0x3, 0x4, 0x10, 0x5}, {0x5, 0x5, 0x6, 0xc}, {0x0, 0x2, 0xc, 0xc}, {0x1, 0x5, 0xd, 0x9}, {0x3, 0x1, 0x7, 0x9}, {0x0, 0x2, 0x5, 0x4}, {0x5, 0x5, 0x10, 0x6}, {0x1, 0x1, 0x9}], 0x10, 0x480}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='cachefiles_ondemand_close\x00', r1, 0x0, 0x9}, 0x18)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, 0x0, 0x0)
shutdown(r2, 0x1)
socket$inet_sctp(0x2, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000540)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x9}]}, &(0x7f00000002c0)=0x22)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000340)={r6, 0x3}, 0x8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r7=>0x0})
sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r7}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRES64=r7, @ANYRES64=0x0, @ANYRES64=r7, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0)

286.922509ms ago: executing program 2 (id=5853):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7020000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x121202, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x6c}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfd86}, 0x94)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000005c0), 0x10)
sendmsg$can_raw(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)={&(0x7f000000a000)=@canfd={{0x5}, 0x2, 0x2, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000094e2f9663a918fa1efd9b0b"}, 0x48}, 0x2}, 0x24000895)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r4=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000440)="d8", 0x1}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00')
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
process_vm_readv(0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/74, 0x4a}], 0x1, &(0x7f0000000340)=[{&(0x7f0000000280)=""/63, 0x3f}], 0x1, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x5}, 0x8)

161.884459ms ago: executing program 0 (id=5854):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x18)
memfd_secret(0x80000)
tgkill(r2, r2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r6 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r5)
keyctl$search(0xa, r6, 0xfffffffffffffffe, &(0x7f0000000080)={'syz', 0x1}, r5)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700fdff04009cb5ec539d7eb167196f13f7000008020200d9", @ANYRES8], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7030000003e7400850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r8}, 0x18)
r9 = add_key$fscrypt_v1(&(0x7f0000000380), &(0x7f00000003c0)={'fscrypt:', @desc4}, &(0x7f0000000540)={0x0, "d88a0d8cda6c35607bd76c26c597aed8b3c1e1684ee82f899acf5e06113b1a7759965897d450989a0f5e0224f95c295ad1a43303c5c006296121cba84f202515", 0x23}, 0x48, r5)
keyctl$unlink(0x9, r9, r5)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
r11 = dup(r10)
sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000000306010100a0706758e640a2c300000a0500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x1, @perf_bp={&(0x7f0000000400), 0x5}, 0x0, 0x10003, 0x3, 0x1, 0x8, 0x20005, 0xb900, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b70200000a000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bce5a6f087ae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddf"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100)={0x2}, 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r12, 0x0, 0xe, 0x0, &(0x7f0000000280)="e0b9d5a2a00a3c6ffda2e3861121", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)

153.917259ms ago: executing program 2 (id=5855):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7020000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x121202, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x6c}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfd86}, 0x94)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000005c0), 0x10)
sendmsg$can_raw(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)={&(0x7f000000a000)=@canfd={{0x5}, 0x2, 0x2, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000094e2f9663a918fa1efd9b0b"}, 0x48}, 0x2}, 0x24000895)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r4=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000440)="d8", 0x1}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00')
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
process_vm_readv(0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/74, 0x4a}], 0x1, &(0x7f0000000340)=[{&(0x7f0000000280)=""/63, 0x3f}], 0x1, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x5}, 0x8)

135.34765ms ago: executing program 0 (id=5856):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000004000000b7030000080000408500000069000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
epoll_create(0xb213)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sync()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
rmdir(0x0)
fcntl$setstatus(r1, 0x4, 0x2c00)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6d"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r3 = open(&(0x7f0000000040)='./bus\x00', 0x1c1242, 0x0)
ftruncate(r3, 0x2007ffb)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r4, r3, 0x0, 0x7ffff000)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f00000008c0)={0x84, @rand_addr=0x64010102, 0x4e22, 0x1, 'lblcr\x00', 0x0, 0x10001, 0x6f}, 0x2c)
setsockopt$IP_VS_SO_SET_DEL(r5, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @private=0xa010102, 0x1ffc, 0x200000001, 'none\x00', 0x9, 0x821}, 0x2c)

69.76734ms ago: executing program 4 (id=5857):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r1=>0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])

40.57639ms ago: executing program 3 (id=5858):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000e4000080000000000000bf7953a63d318ebd1b0c2542a0582bec1282e6c8b6bfc0190800000006dd713aaa4dee8d80", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r1, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000000085000000860058b928b44b89c934fb000095010036cf0000000000"], &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r3, 0x0, 0x6}, 0x18)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r9, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x31, 0x0, &(0x7f0000000000)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36eb77dd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x50)
r10 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x203, 0x8401)
ioctl$USBDEVFS_FREE_STREAMS(r10, 0x8008551d, &(0x7f0000000340)={0xeec4, 0x1, [{0x6}]})
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001100)={&(0x7f00000007c0)=@newsa={0x1a0, 0x10, 0x1, 0xefff, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in6=@empty, {}, {0xfffffffffffffffd, 0x7, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0xa, 0x1, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x0, 0x0, 0x70bd2a, 0x70bd28}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x18}}]}, 0x1a0}}, 0x0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)={0x34, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)

828.1µs ago: executing program 2 (id=5859):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r2, 0x2285, 0x0)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="01000000c00000005a90f57f07703aefe7364ebbee07022c2277ae2a00"/42, 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

0s ago: executing program 3 (id=5860):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x98, 0x4)
ioctl$FIOCLEX(r0, 0x5451)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000800008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r5, &(0x7f0000002240)=[{&(0x7f0000001000)=@in={0x2, 0x4e23, @local}, 0x10, &(0x7f0000001040)=[{&(0x7f00000010c0)="13", 0x1}], 0x1, &(0x7f0000002180)=ANY=[@ANYBLOB="200000000000000084000000020000000300020009000000d90f0000", @ANYRES16=r1, @ANYRES32=r4], 0x38, 0x40010}], 0x1, 0x240000c0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="bbfb2bbd7000fddbdf25670000000800c40002000000"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r7 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xd, 0x3}, 0x12, 0x6, 0x7, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x2000000000000000, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f00000001c0)='cpu>00\t&&')
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001700)=ANY=[@ANYBLOB="540200001600010000000000fedbdf25ff0100000000000000000000000000010a0101010000000000000000000000004e2200004e2300000a00200021000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0000000000000000000000000000000000000033000000e0000002000000000000000000000000060000000000000019d000000000000009000000000000000000000000000000000000000000000008000000000000000000000000000000ff030000100000000300000000000000ffffffff00000000ffffff7f000000000900000000000000000000007f000000070000002bbd7000000000000200013f000000000000000001000000060000002c001300200100000000000000000000000000010000000000000000000000020000001c00040003004e204e210000fe"], 0x254}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

kernel console output (not intermixed with test programs):

sim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  333.000251][ T5151] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  333.008471][ T5151] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.034826][T17335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4731'.
[  333.108458][T17341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4734'.
[  333.270821][T17364] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  333.344365][T17364] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  333.372074][T17364] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  333.432308][T17364] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  333.579294][ T5169] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  333.594374][ T5169] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  333.609871][ T5169] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  333.632128][ T5169] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  333.823838][T17411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4758'.
[  333.883111][T17409] lo speed is unknown, defaulting to 1000
[  333.974005][T17409] lo speed is unknown, defaulting to 1000
[  334.045018][ T5143] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  334.110889][ T5143] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  334.177472][ T5143] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  334.246854][ T5143] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  334.409564][T17424] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4766'.
[  334.668140][T17444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4774'.
[  334.731527][T17448] pim6reg: entered allmulticast mode
[  334.890753][T17464] pim6reg: left allmulticast mode
[  334.920006][T17469] lo speed is unknown, defaulting to 1000
[  334.963182][T17472] xt_connbytes: Forcing CT accounting to be enabled
[  335.087774][T17472] Cannot find set identified by id 0 to match
[  335.183007][T17479] netlink: 'syz.0.4787': attribute type 12 has an invalid length.
[  335.239339][T17469] lo speed is unknown, defaulting to 1000
[  335.385769][T17486] pim6reg: entered allmulticast mode
[  335.685553][T17496] FAULT_INJECTION: forcing a failure.
[  335.685553][T17496] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.695552][T17494] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.698804][T17496] CPU: 0 UID: 0 PID: 17496 Comm: syz.0.4794 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  335.698894][T17496] Tainted: [W]=WARN
[  335.698904][T17496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  335.698922][T17496] Call Trace:
[  335.698932][T17496]  <TASK>
[  335.698945][T17496]  __dump_stack+0x1d/0x30
[  335.698984][T17496]  dump_stack_lvl+0xe8/0x140
[  335.699008][T17496]  dump_stack+0x15/0x1b
[  335.699034][T17496]  should_fail_ex+0x265/0x280
[  335.699064][T17496]  should_fail+0xb/0x20
[  335.699088][T17496]  should_fail_usercopy+0x1a/0x20
[  335.699116][T17496]  _copy_from_user+0x1c/0xb0
[  335.699202][T17496]  wants_mount_setattr+0x128/0x620
[  335.699270][T17496]  ? __rcu_read_unlock+0x4f/0x70
[  335.699311][T17496]  __se_sys_mount_setattr+0x10f/0x240
[  335.699498][T17496]  __x64_sys_mount_setattr+0x67/0x80
[  335.699552][T17496]  x64_sys_call+0x19ab/0x3000
[  335.699587][T17496]  do_syscall_64+0xd2/0x200
[  335.699642][T17496]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  335.699683][T17496]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  335.699730][T17496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.699762][T17496] RIP: 0033:0x7ffae21befc9
[  335.699784][T17496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.699866][T17496] RSP: 002b:00007ffae0c27038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[  335.699930][T17496] RAX: ffffffffffffffda RBX: 00007ffae2415fa0 RCX: 00007ffae21befc9
[  335.699949][T17496] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  335.699967][T17496] RBP: 00007ffae0c27090 R08: 0000000000000020 R09: 0000000000000000
[  335.699986][T17496] R10: 0000200000001dc0 R11: 0000000000000246 R12: 0000000000000001
[  335.700070][T17496] R13: 00007ffae2416038 R14: 00007ffae2415fa0 R15: 00007fffbc86a718
[  335.700099][T17496]  </TASK>
[  335.805873][   T29] kauditd_printk_skb: 12 callbacks suppressed
[  335.805894][   T29] audit: type=1400 audit(2000000109.520:18103): avc:  denied  { read } for  pid=17497 comm="syz.3.4795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  335.966954][T17494] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.978796][T17500] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[  336.020800][T17511] Cannot find set identified by id 0 to match
[  336.027899][T17494] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.049974][T17513] pim6reg: entered allmulticast mode
[  336.111996][T17494] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.165353][T17526] loop2: detected capacity change from 0 to 1024
[  336.172617][T17526] EXT4-fs: Ignoring removed nomblk_io_submit option
[  336.225103][ T5179] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.249434][ T5179] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.269257][T17526] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  336.276289][ T5179] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.289849][ T5179] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  336.324918][   T29] audit: type=1400 audit(2000000110.040:18104): avc:  denied  { read write } for  pid=17525 comm="syz.2.4807" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  336.347885][   T29] audit: type=1400 audit(2000000110.040:18105): avc:  denied  { open } for  pid=17525 comm="syz.2.4807" path="/347/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  336.428254][T17536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4806'.
[  336.507994][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.870512][   T29] audit: type=1400 audit(2000000110.570:18106): avc:  denied  { read write } for  pid=17546 comm="syz.2.4811" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  336.894190][   T29] audit: type=1400 audit(2000000110.570:18107): avc:  denied  { open } for  pid=17546 comm="syz.2.4811" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  336.921424][T17558] pim6reg: entered allmulticast mode
[  336.927377][T17543] pim6reg: left allmulticast mode
[  336.940981][T17562] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4817'.
[  336.988468][T17564] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.011176][T17567] netlink: 268 bytes leftover after parsing attributes in process `syz.4.4819'.
[  337.074512][T17564] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.142293][T17564] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.234374][T17564] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.253745][T17596] netlink: 268 bytes leftover after parsing attributes in process `syz.4.4831'.
[  337.291201][ T5143] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  337.316346][ T5143] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  337.344822][ T5143] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  337.356446][ T5143] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.395012][   T29] audit: type=1326 audit(2000000111.110:18108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17613 comm="syz.3.4838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  337.418810][   T29] audit: type=1326 audit(2000000111.110:18109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17613 comm="syz.3.4838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  337.419550][T17614] netlink: 'syz.3.4838': attribute type 2 has an invalid length.
[  337.442439][   T29] audit: type=1326 audit(2000000111.110:18110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17613 comm="syz.3.4838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  337.442487][   T29] audit: type=1326 audit(2000000111.110:18111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17613 comm="syz.3.4838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  337.450555][T17614] netlink: 'syz.3.4838': attribute type 1 has an invalid length.
[  337.474633][   T29] audit: type=1326 audit(2000000111.130:18112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17613 comm="syz.3.4838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  337.511313][T17614] netlink: 'syz.3.4838': attribute type 4 has an invalid length.
[  337.633303][T17628] pim6reg: entered allmulticast mode
[  337.639203][T17628] pim6reg: left allmulticast mode
[  337.797822][T17640] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4841'.
[  338.013461][T17647] pim6reg: entered allmulticast mode
[  338.038263][T17647] pim6reg: left allmulticast mode
[  338.278492][T17657] loop1: detected capacity change from 0 to 512
[  338.342772][T17657] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  338.359205][T17657] System zones: 0-2, 18-18, 34-35
[  338.365522][T17657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  338.378248][T17657] ext4 filesystem being mounted at /331/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  338.516896][T17674] pim6reg: entered allmulticast mode
[  338.523172][T17674] pim6reg: left allmulticast mode
[  338.540699][T12121] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.597652][T17678] lo speed is unknown, defaulting to 1000
[  338.634873][T17678] lo speed is unknown, defaulting to 1000
[  338.741285][T17685] xt_connbytes: Forcing CT accounting to be enabled
[  338.748775][T17685] Cannot find set identified by id 0 to match
[  339.005816][T17695] lo speed is unknown, defaulting to 1000
[  339.155346][T17696] loop2: detected capacity change from 0 to 2048
[  339.214571][T17705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4868'.
[  339.282321][T17695] lo speed is unknown, defaulting to 1000
[  339.325280][T17696] Alternate GPT is invalid, using primary GPT.
[  339.331637][T17696]  loop2: p1 p2 p3
[  339.335403][T17696] loop2: partition table partially beyond EOD, truncated
[  339.640547][T17711] pim6reg: entered allmulticast mode
[  339.646533][T17711] pim6reg: left allmulticast mode
[  339.671684][T17700] $Hÿ: renamed from bond0 (while UP)
[  339.686484][T17700] $Hÿ: entered promiscuous mode
[  339.691597][T17700] bond_slave_0: entered promiscuous mode
[  339.697329][T17700] bond_slave_1: entered promiscuous mode
[  340.317473][T17753] lo speed is unknown, defaulting to 1000
[  340.377425][T17753] lo speed is unknown, defaulting to 1000
[  340.406661][T17756] Cannot find set identified by id 0 to match
[  340.520245][T17761] lo speed is unknown, defaulting to 1000
[  340.536418][T17764] syzkaller1: entered promiscuous mode
[  340.542015][T17764] syzkaller1: entered allmulticast mode
[  340.650782][T17768] loop1: detected capacity change from 0 to 512
[  340.703308][T17768] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.1.4892: corrupted xattr block 95: invalid header
[  340.746399][T17764] lo speed is unknown, defaulting to 1000
[  340.750569][T17761] lo speed is unknown, defaulting to 1000
[  340.765059][T17768] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.4892: bg 0: block 7: invalid block bitmap
[  340.847836][T17768] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  340.883044][T17768] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2967: inode #11: comm syz.1.4892: corrupted xattr block 95: invalid header
[  340.942561][T17764] lo speed is unknown, defaulting to 1000
[  340.972453][T17768] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[  341.000302][T17768] EXT4-fs (loop1): 1 orphan inode deleted
[  341.020552][T17768] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.058855][T17775] syzkaller1: entered promiscuous mode
[  341.064421][T17775] syzkaller1: entered allmulticast mode
[  341.076317][T17775] loop2: detected capacity change from 0 to 512
[  341.091165][T17775] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.103415][T17775] ext4 filesystem being mounted at /362/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  341.118348][   T29] kauditd_printk_skb: 1355 callbacks suppressed
[  341.118363][   T29] audit: type=1400 audit(2000000114.840:19468): avc:  denied  { append } for  pid=17774 comm="syz.2.4895" path="/362/file0/blkio.throttle.io_serviced" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  341.162732][   T29] audit: type=1400 audit(2000000114.840:19469): avc:  denied  { map } for  pid=17774 comm="syz.2.4895" path="/362/file0/file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  341.185952][   T29] audit: type=1400 audit(2000000114.880:19470): avc:  denied  { ioctl } for  pid=17774 comm="syz.2.4895" path="/362/file0/blkio.throttle.io_serviced" dev="loop2" ino=18 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  341.214634][T12121] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  341.580269][   T29] audit: type=1400 audit(2000000115.290:19471): avc:  denied  { connect } for  pid=17799 comm="syz.4.4904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  341.600068][   T29] audit: type=1400 audit(2000000115.290:19472): avc:  denied  { create } for  pid=17799 comm="syz.4.4904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  341.688637][   T29] audit: type=1400 audit(2000000115.340:19473): avc:  denied  { create } for  pid=17796 comm="syz.3.4903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  341.700297][T17807] pim6reg: left allmulticast mode
[  341.708426][   T29] audit: type=1400 audit(2000000115.390:19474): avc:  denied  { write } for  pid=17796 comm="syz.3.4903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  341.851999][T17817] loop1: detected capacity change from 0 to 512
[  341.870468][T17817] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  341.882058][T17817] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  341.892191][T17817] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.4909: Corrupt directory, running e2fsck is recommended
[  341.920476][T17817] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117
[  341.929251][T17817] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.4909: corrupted in-inode xattr: invalid ea_ino
[  341.943317][T17817] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.4909: couldn't read orphan inode 15 (err -117)
[  341.956038][T17817] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  341.976046][T17817] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4909'.
[  342.190974][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.210832][T17842] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  342.280566][   T29] audit: type=1400 audit(2000000115.990:19475): avc:  denied  { write } for  pid=17816 comm="syz.1.4909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  342.380945][T17842] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  342.438772][T17817] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  342.450399][T17817] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  342.460633][T17817] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.4909: Corrupt directory, running e2fsck is recommended
[  342.485748][T17842] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  342.520289][T17817] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz.1.4909: path /347/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[  342.550410][T17817] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 64: comm syz.1.4909: path /347/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  342.745002][T17861] loop2: detected capacity change from 0 to 1024
[  342.766586][T17842] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  342.791798][T17861] EXT4-fs: Ignoring removed orlov option
[  342.801468][T12121] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.812956][T17861] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.886779][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.908591][ T5169] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  342.939646][ T5169] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  342.972117][ T5169] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  342.980351][ T5169] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  343.102659][T17879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4925'.
[  343.164789][T17879] loop1: detected capacity change from 0 to 1024
[  343.172770][T17879] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  343.183793][T17879] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  343.194714][T17879] JBD2: no valid journal superblock found
[  343.200522][T17879] EXT4-fs (loop1): Could not load journal inode
[  343.830531][T17903] pim6reg: entered allmulticast mode
[  343.853829][T17906] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.920490][T17903] pim6reg: left allmulticast mode
[  343.950683][T17906] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.048026][T17914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4941'.
[  344.091656][T17914] loop2: detected capacity change from 0 to 1024
[  344.133244][T17906] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.151466][T17914] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  344.162452][T17914] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  344.173389][T17914] JBD2: no valid journal superblock found
[  344.179128][T17914] EXT4-fs (loop2): Could not load journal inode
[  344.195045][T17917] Cannot find set identified by id 0 to match
[  344.236625][T17911] lo speed is unknown, defaulting to 1000
[  344.263711][T17906] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.346102][ T5143] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.375322][ T5143] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.466358][ T5143] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.500274][ T5143] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  344.532106][T17911] lo speed is unknown, defaulting to 1000
[  344.648330][T17924] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.725830][T17924] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.801197][T17924] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.922031][T17924] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.962955][T17937] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  345.011671][T17937] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  345.071508][T17937] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  345.131920][T17937] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  345.468849][ T5157] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  345.491328][ T5157] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  345.509715][ T5157] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  345.521406][ T5157] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  345.561407][T17960] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17960 comm=syz.3.4961
[  345.574047][T17960] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=17960 comm=syz.3.4961
[  345.861789][T17970] netlink: 268 bytes leftover after parsing attributes in process `syz.3.4965'.
[  345.947982][T17984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4971'.
[  346.161159][T18000] netlink: 268 bytes leftover after parsing attributes in process `syz.2.4977'.
[  346.292043][T18010] pim6reg: entered allmulticast mode
[  346.299692][T18010] pim6reg: left allmulticast mode
[  346.396252][   T29] audit: type=1326 audit(2000000120.100:19476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.420030][   T29] audit: type=1326 audit(2000000120.100:19477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.443669][   T29] audit: type=1326 audit(2000000120.100:19478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.467688][   T29] audit: type=1326 audit(2000000120.100:19479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.491419][   T29] audit: type=1326 audit(2000000120.100:19480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.515137][   T29] audit: type=1326 audit(2000000120.100:19481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.538683][   T29] audit: type=1326 audit(2000000120.100:19482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.562534][   T29] audit: type=1326 audit(2000000120.100:19483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.586594][   T29] audit: type=1326 audit(2000000120.100:19484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.610219][   T29] audit: type=1326 audit(2000000120.100:19485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18015 comm="syz.0.4982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  346.636846][T18026] pim6reg: entered allmulticast mode
[  346.643567][T18025] pim6reg: left allmulticast mode
[  346.660079][T18028] veth0_to_team: entered promiscuous mode
[  346.871335][T18049] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18049 comm=syz.0.4995
[  346.883956][T18049] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=18049 comm=syz.0.4995
[  346.933974][T18050] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4989'.
[  347.280270][T18056] loop2: detected capacity change from 0 to 1024
[  347.306182][T18056] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869)
[  347.317312][T18056] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  347.327023][T18061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5000'.
[  347.337281][T18056] EXT4-fs (loop2): failed to initialize system zone (-117)
[  347.344603][T18056] EXT4-fs (loop2): mount failed
[  347.454336][T18080] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5008'.
[  347.463332][T18080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5008'.
[  347.660991][T18102] netlink: 124 bytes leftover after parsing attributes in process `syz.2.5008'.
[  347.692406][T18095] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.722152][T18095] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.742344][T18109] lo speed is unknown, defaulting to 1000
[  347.772236][T18095] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.773883][T18118] Cannot find set identified by id 0 to match
[  347.831753][T18095] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.875765][T18109] lo speed is unknown, defaulting to 1000
[  347.905857][ T5179] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  347.919246][ T5179] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  347.938870][ T5179] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  347.950561][ T5179] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  348.186701][ T5143] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  348.206097][ T5143] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  348.222551][ T5143] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  348.233974][ T5143] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  348.260025][T18191] pim6reg: left allmulticast mode
[  348.786321][T18279] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.841978][T18279] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.902121][T18279] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.952450][T18279] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.987625][ T5179] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  348.999450][ T5179] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  349.015929][ T5143] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  349.024445][ T5143] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  349.067845][T18300] pim6reg: entered allmulticast mode
[  349.074041][T18300] pim6reg: left allmulticast mode
[  349.184647][T18314] Can't find ip_set type hash:net	
[  349.227517][T18324] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.322576][T18324] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.393100][T18339] pim6reg: entered allmulticast mode
[  349.407898][T18341] Cannot find set identified by id 0 to match
[  349.422365][T18324] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.447138][T18339] pim6reg: left allmulticast mode
[  349.506181][T18324] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.775638][T18369] pim6reg: entered allmulticast mode
[  349.787472][T18369] pim6reg: left allmulticast mode
[  349.803733][T18364] __nla_validate_parse: 1 callbacks suppressed
[  349.803752][T18364] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5066'.
[  349.881814][T18378] Cannot find set identified by id 0 to match
[  350.062616][T18399] pim6reg: entered allmulticast mode
[  350.069772][T18399] pim6reg: left allmulticast mode
[  350.082444][T18401] netlink: 268 bytes leftover after parsing attributes in process `syz.3.5080'.
[  350.260796][T18420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5088'.
[  350.290529][T18415] lo speed is unknown, defaulting to 1000
[  350.357004][T18415] lo speed is unknown, defaulting to 1000
[  350.436723][T18430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5090'.
[  350.481006][T18430] loop2: detected capacity change from 0 to 1024
[  350.488734][T18430] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  350.499742][T18430] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  350.511213][T18430] JBD2: no valid journal superblock found
[  350.516953][T18430] EXT4-fs (loop2): Could not load journal inode
[  350.624102][T18435] netlink: 268 bytes leftover after parsing attributes in process `syz.4.5094'.
[  350.829870][T18440] pim6reg: entered allmulticast mode
[  350.844331][T18440] pim6reg: left allmulticast mode
[  350.925058][T18447] netlink: 268 bytes leftover after parsing attributes in process `syz.0.5100'.
[  350.974517][T18453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5103'.
[  351.039068][T18459] netlink: 268 bytes leftover after parsing attributes in process `syz.0.5106'.
[  351.119864][T18469] Cannot find set identified by id 0 to match
[  351.187146][T18473] pim6reg: entered allmulticast mode
[  351.197760][T18473] pim6reg: left allmulticast mode
[  351.274377][T18490] netlink: 268 bytes leftover after parsing attributes in process `syz.3.5119'.
[  351.336444][T18500] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  351.380444][T18498] infiniband !yz!: set down
[  351.384996][T18498] infiniband !yz!: added team_slave_0
[  351.396534][T18498] RDS/IB: !yz!: added
[  351.401070][T18498] smc: adding ib device !yz! with port count 1
[  351.407718][T18498] smc:    ib device !yz! port 1 has no pnetid
[  351.572220][T18521] netlink: 268 bytes leftover after parsing attributes in process `syz.2.5133'.
[  351.667418][   T29] kauditd_printk_skb: 135 callbacks suppressed
[  351.667437][   T29] audit: type=1400 audit(2000000125.380:19621): avc:  denied  { write } for  pid=18525 comm="syz.2.5135" name="usbmon6" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  351.732493][T18533] loop2: detected capacity change from 0 to 1024
[  351.739391][T18533] EXT4-fs: Ignoring removed orlov option
[  351.767876][T18533] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  351.799817][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.836618][T18544] 9pnet_fd: Insufficient options for proto=fd
[  351.845889][T18544] netlink: 'syz.3.5141': attribute type 30 has an invalid length.
[  351.987567][   T29] audit: type=1400 audit(2000000125.700:19622): avc:  denied  { cpu } for  pid=18558 comm="syz.2.5147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  352.006996][   T29] audit: type=1400 audit(2000000125.700:19623): avc:  denied  { ioctl } for  pid=18558 comm="syz.2.5147" path="socket:[62763]" dev="sockfs" ino=62763 ioctlcmd=0x48cb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  352.032385][   T29] audit: type=1400 audit(2000000125.700:19624): avc:  denied  { bind } for  pid=18558 comm="syz.2.5147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  352.139679][T18586] Cannot find set identified by id 0 to match
[  352.264512][T18607] serio: Serial port ptm1
[  352.320885][T18614] Cannot find set identified by id 0 to match
[  352.373389][   T29] audit: type=1326 audit(2000000126.090:19625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18623 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  352.400080][   T29] audit: type=1326 audit(2000000126.120:19626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18623 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  352.423902][   T29] audit: type=1326 audit(2000000126.120:19627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18623 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  352.447655][   T29] audit: type=1326 audit(2000000126.120:19628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18623 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  352.471526][   T29] audit: type=1326 audit(2000000126.120:19629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18623 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  352.495388][   T29] audit: type=1326 audit(2000000126.120:19630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18623 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffae21befc9 code=0x7ffc0000
[  352.585794][ T5143] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  352.604322][ T5143] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  352.629432][ T5143] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  352.658703][ T5143] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  352.710681][T18644] Cannot find set identified by id 0 to match
[  352.812585][T18657] netlink: 'syz.3.5190': attribute type 21 has an invalid length.
[  352.909363][T18672] xt_connbytes: Forcing CT accounting to be enabled
[  352.918895][T18672] set match dimension is over the limit!
[  352.924040][T18674] loop2: detected capacity change from 0 to 512
[  352.981344][T18674] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  353.010272][T18674] ext4 filesystem being mounted at /416/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  353.042068][T18689] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  353.121704][T18689] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  353.174344][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.203989][T18689] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  353.244285][T18695] netlink: 'syz.2.5204': attribute type 10 has an invalid length.
[  353.255400][T18695] team0: Port device dummy0 added
[  353.263502][T18689] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  353.264183][T18695] netlink: 'syz.2.5204': attribute type 10 has an invalid length.
[  353.304513][T18695] team0: Port device dummy0 removed
[  353.321271][T18695] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  353.404283][T18682] loop1: detected capacity change from 0 to 2048
[  353.410840][ T5151] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  353.419540][T18682] EXT4-fs: Ignoring removed bh option
[  353.427347][ T5143] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  353.439549][ T5143] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  353.452644][ T5143] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  353.453258][T18682] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  353.517842][T18708] netlink: 'syz.2.5208': attribute type 4 has an invalid length.
[  353.622433][T18711] netlink: 'syz.2.5208': attribute type 4 has an invalid length.
[  354.094799][T18719] macvtap1: entered promiscuous mode
[  354.100423][T18719] team0: entered promiscuous mode
[  354.105643][T18719] macvtap1: entered allmulticast mode
[  354.111085][T18719] team0: entered allmulticast mode
[  354.174360][T18719] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  354.200265][T18719] team0: left allmulticast mode
[  354.205264][T18719] team0: left promiscuous mode
[  354.841195][T18749] __nla_validate_parse: 13 callbacks suppressed
[  354.841212][T18749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5223'.
[  355.160653][T18757] Cannot find set identified by id 0 to match
[  355.180101][T18759] netlink: 11800 bytes leftover after parsing attributes in process `syz.3.5227'.
[  355.192777][T18759] team0 (unregistering): Port device team_slave_0 removed
[  355.217516][T18759] team0 (unregistering): Port device team_slave_1 removed
[  355.237432][T18765] pim6reg: entered allmulticast mode
[  355.244844][T18765] pim6reg: left allmulticast mode
[  355.361765][T12121] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.392281][T18780] set match dimension is over the limit!
[  355.542515][T18788] loop2: detected capacity change from 0 to 1024
[  355.568109][T18788] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.584614][T18788] batadv_slave_1: entered promiscuous mode
[  355.610298][T18788] batadv_slave_1: left promiscuous mode
[  355.626536][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.684094][T18804] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5245'.
[  355.728802][T18812] Cannot find set identified by id 0 to match
[  355.850409][T18829] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5254'.
[  355.895404][T18829] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  356.102480][T18857] netlink: 268 bytes leftover after parsing attributes in process `syz.2.5264'.
[  356.653575][T18902] netlink: 268 bytes leftover after parsing attributes in process `syz.3.5280'.
[  356.876523][T18916] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  356.972036][T18916] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  356.988295][T18923] pim6reg: entered allmulticast mode
[  356.995833][T18923] pim6reg: left allmulticast mode
[  357.022026][T18916] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  357.073415][T18916] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  357.226077][ T5151] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  357.243232][ T5151] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  357.310838][T18931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5290'.
[  357.358992][T18931] loop2: detected capacity change from 0 to 1024
[  357.977868][T18936] netlink: 268 bytes leftover after parsing attributes in process `syz.3.5292'.
[  358.205982][ T5151] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  358.214553][ T5157] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  358.222743][T18931] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  358.233656][T18931] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  358.244871][T18931] JBD2: no valid journal superblock found
[  358.250688][T18931] EXT4-fs (loop2): Could not load journal inode
[  358.427251][T18955] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.512813][T18955] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.552672][T18955] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.622850][T18955] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.635386][T18966] netlink: 176 bytes leftover after parsing attributes in process `syz.3.5303'.
[  358.676388][ T5151] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  358.689288][ T5151] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  358.713635][ T5151] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  358.730244][ T5169] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  358.806345][   T29] kauditd_printk_skb: 47 callbacks suppressed
[  358.806391][   T29] audit: type=1326 audit(2000000132.520:19678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18978 comm="syz.2.5308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  358.905909][   T29] audit: type=1326 audit(2000000132.560:19679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18978 comm="syz.2.5308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  358.929644][   T29] audit: type=1326 audit(2000000132.560:19680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18978 comm="syz.2.5308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  358.953308][   T29] audit: type=1326 audit(2000000132.560:19681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18978 comm="syz.2.5308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  359.041226][   T29] audit: type=1326 audit(2000000132.750:19682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18994 comm="syz.4.5313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  359.061151][T18997] FAULT_INJECTION: forcing a failure.
[  359.061151][T18997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  359.064998][   T29] audit: type=1326 audit(2000000132.750:19683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18994 comm="syz.4.5313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  359.078047][T18997] CPU: 0 UID: 0 PID: 18997 Comm: syz.0.5314 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  359.078160][T18997] Tainted: [W]=WARN
[  359.078173][T18997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  359.078192][T18997] Call Trace:
[  359.078202][T18997]  <TASK>
[  359.078214][T18997]  __dump_stack+0x1d/0x30
[  359.078248][T18997]  dump_stack_lvl+0xe8/0x140
[  359.078280][T18997]  dump_stack+0x15/0x1b
[  359.078307][T18997]  should_fail_ex+0x265/0x280
[  359.078405][T18997]  should_fail+0xb/0x20
[  359.078430][T18997]  should_fail_usercopy+0x1a/0x20
[  359.078469][T18997]  _copy_from_user+0x1c/0xb0
[  359.078507][T18997]  kstrtouint_from_user+0x69/0xf0
[  359.078587][T18997]  ? 0xffffffff81000000
[  359.078606][T18997]  ? selinux_file_permission+0x1e4/0x320
[  359.078654][T18997]  proc_fail_nth_write+0x50/0x160
[  359.078732][T18997]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  359.078822][T18997]  vfs_write+0x269/0x960
[  359.078858][T18997]  ? vfs_read+0x4e6/0x770
[  359.078892][T18997]  ? __rcu_read_unlock+0x4f/0x70
[  359.078972][T18997]  ? __fget_files+0x184/0x1c0
[  359.079089][T18997]  ksys_write+0xda/0x1a0
[  359.079182][T18997]  __x64_sys_write+0x40/0x50
[  359.079220][T18997]  x64_sys_call+0x2802/0x3000
[  359.079254][T18997]  do_syscall_64+0xd2/0x200
[  359.079282][T18997]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  359.079330][T18997]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  359.079395][T18997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.079425][T18997] RIP: 0033:0x7ffae21bda7f
[  359.079472][T18997] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  359.079562][T18997] RSP: 002b:00007ffae0c27030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  359.079589][T18997] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffae21bda7f
[  359.079609][T18997] RDX: 0000000000000001 RSI: 00007ffae0c270a0 RDI: 0000000000000006
[  359.079705][T18997] RBP: 00007ffae0c27090 R08: 0000000000000000 R09: 0000000000000000
[  359.079722][T18997] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  359.079739][T18997] R13: 00007ffae2416038 R14: 00007ffae2415fa0 R15: 00007fffbc86a718
[  359.079768][T18997]  </TASK>
[  359.320872][   T29] audit: type=1326 audit(2000000132.760:19684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18994 comm="syz.4.5313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  359.344581][   T29] audit: type=1326 audit(2000000132.760:19685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18994 comm="syz.4.5313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  359.368378][   T29] audit: type=1326 audit(2000000132.760:19686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18994 comm="syz.4.5313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  359.392791][   T29] audit: type=1326 audit(2000000132.910:19687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18994 comm="syz.4.5313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  359.417520][T18999] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.512055][T19016] pim6reg: entered allmulticast mode
[  359.524973][T18999] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.536831][T19018] Cannot find set identified by id 0 to match
[  359.544105][T19016] pim6reg: left allmulticast mode
[  359.612158][T18999] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.742100][T18999] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.813311][T19035] netlink: 268 bytes leftover after parsing attributes in process `syz.0.5329'.
[  360.088125][T19045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5331'.
[  360.658595][T19054] 9pnet_fd: Insufficient options for proto=fd
[  361.073635][T19062] SELinux:  Context system_u:object_r:wireless_device_t:s0 is not valid (left unmapped).
[  361.093718][T19062] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.203290][T19062] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.261763][T19067] netlink: 268 bytes leftover after parsing attributes in process `syz.3.5342'.
[  361.333809][T19062] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.402690][T19062] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.565115][ T5143] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  361.581280][ T5143] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  361.602881][ T5143] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  361.620488][ T5143] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  361.925760][T19093] pim6reg: entered allmulticast mode
[  361.932994][T19093] pim6reg: left allmulticast mode
[  362.089373][T19104] netlink: 268 bytes leftover after parsing attributes in process `syz.4.5357'.
[  362.302551][T19108] netlink: 268 bytes leftover after parsing attributes in process `syz.4.5359'.
[  362.329541][T19109] pim6reg: entered allmulticast mode
[  362.345755][T19109] pim6reg: left allmulticast mode
[  362.475786][T19115] pim6reg1: entered promiscuous mode
[  362.481206][T19115] pim6reg1: entered allmulticast mode
[  362.497012][T19115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5362'.
[  362.787378][T19129] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5367'.
[  363.351807][T19133] Cannot find set identified by id 0 to match
[  363.630383][ T5143] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.658748][ T5143] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.689081][ T5143] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.721750][ T5143] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.755155][T19137] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.866758][T19137] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.954205][T19137] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.012426][T19137] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.029347][T19153] pim6reg: entered allmulticast mode
[  364.035525][T19153] pim6reg: left allmulticast mode
[  364.092569][   T29] kauditd_printk_skb: 57 callbacks suppressed
[  364.092586][   T29] audit: type=1326 audit(2000000137.810:19745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  364.096127][T19157] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5381'.
[  364.098902][   T29] audit: type=1326 audit(2000000137.810:19746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  364.155218][   T29] audit: type=1326 audit(2000000137.810:19747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  364.178925][   T29] audit: type=1326 audit(2000000137.810:19748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1374ce0ee7 code=0x7ffc0000
[  364.202457][   T29] audit: type=1326 audit(2000000137.810:19749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f1374ce0e5c code=0x7ffc0000
[  364.226037][   T29] audit: type=1326 audit(2000000137.810:19750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1374ce0d94 code=0x7ffc0000
[  364.249909][   T29] audit: type=1326 audit(2000000137.810:19751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1374ce0d94 code=0x7ffc0000
[  364.273514][   T29] audit: type=1326 audit(2000000137.810:19752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f1374cddc2a code=0x7ffc0000
[  364.297137][   T29] audit: type=1326 audit(2000000137.810:19753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  364.320763][   T29] audit: type=1326 audit(2000000137.810:19754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19156 comm="syz.3.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1374cdefc9 code=0x7ffc0000
[  364.385108][T19160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5382'.
[  364.794015][T19196] netlink: 268 bytes leftover after parsing attributes in process `syz.0.5393'.
[  364.842925][T19198] netlink: 268 bytes leftover after parsing attributes in process `syz.0.5394'.
[  365.080499][T19204] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=19204 comm=syz.0.5397
[  365.093158][T19204] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=19204 comm=syz.0.5397
[  365.173993][T19215] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  365.456043][T19226] pim6reg: entered allmulticast mode
[  365.463399][T19226] pim6reg: left allmulticast mode
[  366.564948][T19246] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  366.564948][T19246]    program syz.0.5415 not setting count and/or reply_len properly
[  366.840602][T19250] SELinux: failed to load policy
[  366.889308][T19255] set match dimension is over the limit!
[  367.572237][T19274] pim6reg: entered allmulticast mode
[  367.578318][T19274] pim6reg: left allmulticast mode
[  367.731495][ T5157] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  367.745688][ T5157] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  367.763842][ T5157] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  367.780260][ T5157] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  367.897382][T19282] xt_limit: Overflow, try lower: 0/0
[  367.916067][T19282] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  367.949732][T19282] tipc: Started in network mode
[  367.954778][T19282] tipc: Node identity 4, cluster identity 4711
[  367.961036][T19282] tipc: Node number set to 4
[  368.095607][T19289] vlan2: entered allmulticast mode
[  368.100912][T19289] bridge_slave_0: entered allmulticast mode
[  368.358811][T19296] netlink: 7 bytes leftover after parsing attributes in process `syz.2.5431'.
[  368.415978][T19296] netlink: 7 bytes leftover after parsing attributes in process `syz.2.5431'.
[  368.577299][T19301] netlink: 268 bytes leftover after parsing attributes in process `syz.4.5432'.
[  368.954568][T19312] pim6reg: entered allmulticast mode
[  368.983459][T19312] pim6reg: left allmulticast mode
[  369.651640][T19336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5447'.
[  369.660578][T19336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5447'.
[  369.669461][T19336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5447'.
[  369.704949][T19336] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  369.713422][T19336] tipc: Enabled bearer <udp:syz0>, priority 10
[  369.963048][T19345] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5449'.
[  370.010044][T19345] loop1: detected capacity change from 0 to 1024
[  370.061643][T19347] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5452'.
[  370.079688][T19345] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  370.090740][T19345] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  370.103772][T19345] JBD2: no valid journal superblock found
[  370.109615][T19345] EXT4-fs (loop1): Could not load journal inode
[  370.308946][   T29] kauditd_printk_skb: 82 callbacks suppressed
[  370.308964][   T29] audit: type=1400 audit(2000000144.020:19837): avc:  denied  { mounton } for  pid=19352 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  370.550513][T19352] lo speed is unknown, defaulting to 1000
[  370.627081][T19373] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.661906][T19352] lo speed is unknown, defaulting to 1000
[  370.668684][ T5157] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  370.701836][T19375] netlink: 268 bytes leftover after parsing attributes in process `syz.4.5459'.
[  370.702357][T19373] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.764106][ T5157] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  370.792305][T19373] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.825814][T19352] chnl_net:caif_netlink_parms(): no params data found
[  370.844855][ T5157] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  370.894818][T19385] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.933026][T19373] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.948052][ T5157] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  370.976605][T19385] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.006181][T19352] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.013437][T19352] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.021026][T19352] bridge_slave_0: entered allmulticast mode
[  371.027838][T19352] bridge_slave_0: entered promiscuous mode
[  371.044643][T19385] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.071076][T19352] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.078270][T19352] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.085688][T19352] bridge_slave_1: entered allmulticast mode
[  371.093378][T19352] bridge_slave_1: entered promiscuous mode
[  371.112751][T19385] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.123904][ T5157] bridge_slave_1: left allmulticast mode
[  371.129604][ T5157] bridge_slave_1: left promiscuous mode
[  371.135361][ T5157] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.143102][ T5157] bridge_slave_0: left allmulticast mode
[  371.148828][ T5157] bridge_slave_0: left promiscuous mode
[  371.154615][ T5157] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.233559][ T5157] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.242538][ T5157] bond_slave_0: left promiscuous mode
[  371.248965][ T5157] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.258084][ T5157] bond_slave_1: left promiscuous mode
[  371.265114][ T5157] $Hÿ (unregistering): (slave dummy0): Releasing backup interface
[  371.273737][ T5157] dummy0: left promiscuous mode
[  371.279017][ T5157] $Hÿ (unregistering): Released all slaves
[  371.288346][ T5157] bond1 (unregistering): Released all slaves
[  371.311536][T19352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  371.322221][T19352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  371.331345][ T5193] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.352435][ T5157] tipc: Left network mode
[  371.358828][ T5157] IPVS: stopping backup sync thread 13160 ...
[  371.392137][ T5193] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.412845][T19352] team0: Port device team_slave_0 added
[  371.422553][ T5193] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.432195][T19352] team0: Port device team_slave_1 added
[  371.470690][ T5193] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  371.479579][T19352] batman_adv: batadv0: Adding interface: batadv_slave_0
[  371.486631][T19352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  371.512688][T19352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  371.524287][T19352] batman_adv: batadv0: Adding interface: batadv_slave_1
[  371.531359][T19352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  371.557328][T19352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  371.570357][ T5157] hsr_slave_0: left promiscuous mode
[  371.576235][ T5157] hsr_slave_1: left promiscuous mode
[  371.582157][ T5157] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.589823][ T5157] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.627023][ T5151] smc: removing ib device !yz!
[  371.712242][T19352] hsr_slave_0: entered promiscuous mode
[  371.718338][T19352] hsr_slave_1: entered promiscuous mode
[  371.736943][T19352] debugfs: 'hsr0' already exists in 'hsr'
[  371.742741][T19352] Cannot create hsr debugfs directory
[  371.989794][ T5151] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.001511][ T5151] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.019710][ T5157] IPVS: stop unused estimator thread 0...
[  372.030220][ T5151] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.038517][ T5151] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.071727][T19421] pim6reg: entered allmulticast mode
[  372.078837][T19421] pim6reg: left allmulticast mode
[  372.135692][T19352] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  372.154242][T19352] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  372.173813][T19352] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  372.192574][T19352] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  372.317983][   T29] audit: type=1400 audit(2000000146.030:19838): avc:  denied  { setcheckreqprot } for  pid=19436 comm="syz.1.5477" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  372.412992][T19443] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5476'.
[  372.518126][T19352] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.580338][T19352] 8021q: adding VLAN 0 to HW filter on device team0
[  372.616404][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.623606][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.673229][T19352] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  372.683658][T19352] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  372.714450][   T29] audit: type=1326 audit(2000000146.060:19839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19436 comm="syz.1.5477" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd3633efc9 code=0x0
[  372.743361][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.750482][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.814071][T19352] 8021q: adding VLAN 0 to HW filter on device batadv0
[  372.995016][T19352] veth0_vlan: entered promiscuous mode
[  373.011458][T19352] veth1_vlan: entered promiscuous mode
[  373.101103][T19352] veth0_macvtap: entered promiscuous mode
[  373.112288][T19352] veth1_macvtap: entered promiscuous mode
[  373.127261][T19352] batman_adv: batadv0: Interface activated: batadv_slave_0
[  373.138901][T19352] batman_adv: batadv0: Interface activated: batadv_slave_1
[  373.163640][ T5157] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  373.172817][ T5157] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  373.184473][ T5157] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  373.232601][ T5157] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  373.245338][T19463] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19463 comm=syz.2.5481
[  373.274455][   T29] audit: type=1400 audit(2000000146.990:19840): avc:  denied  { mounton } for  pid=19352 comm="syz-executor" path="/root/syzkaller.c9pblw/syz-tmp" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  373.299152][   T29] audit: type=1400 audit(2000000146.990:19841): avc:  denied  { mounton } for  pid=19352 comm="syz-executor" path="/root/syzkaller.c9pblw/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  373.326079][   T29] audit: type=1400 audit(2000000146.990:19842): avc:  denied  { mounton } for  pid=19352 comm="syz-executor" path="/root/syzkaller.c9pblw/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=66967 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  373.362103][T19463] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2051 sclass=netlink_route_socket pid=19463 comm=syz.2.5481
[  373.396426][   T29] audit: type=1400 audit(2000000147.100:19843): avc:  denied  { mounton } for  pid=19352 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  373.419565][   T29] audit: type=1400 audit(2000000147.100:19844): avc:  denied  { mount } for  pid=19352 comm="syz-executor" name="/" dev="gadgetfs" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  373.469388][T19474] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.559257][T19484] netlink: 96 bytes leftover after parsing attributes in process `syz.4.5488'.
[  373.571751][T19478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5486'.
[  373.582914][T19478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5486'.
[  373.585150][   T29] audit: type=1400 audit(2000000147.300:19845): avc:  denied  { create } for  pid=19475 comm="syz.0.5485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  373.629559][T19488] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  373.629559][T19488]    program syz.1.5489 not setting count and/or reply_len properly
[  373.664113][T19478] vhci_hcd: invalid port number 96
[  373.669297][T19478] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  373.758483][T19497] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  373.758483][T19497]    program syz.1.5493 not setting count and/or reply_len properly
[  373.811516][T19500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  373.818784][T19500] IPv6: NLM_F_CREATE should be set when creating new route
[  373.826028][T19500] IPv6: NLM_F_CREATE should be set when creating new route
[  373.833256][T19500] IPv6: NLM_F_CREATE should be set when creating new route
[  373.850156][T19500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  373.963650][T19505] futex_wake_op: syz.4.5496 tries to shift op by 32; fix this program
[  374.076017][   T29] audit: type=1326 audit(2000000147.790:19846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19514 comm="syz.4.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4902d6efc9 code=0x7ffc0000
[  374.084593][T19515] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5500'.
[  374.663321][T19533] pim6reg: entered allmulticast mode
[  374.669419][T19533] pim6reg: left allmulticast mode
[  374.744889][T19474] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.977129][T19556] netlink: 'syz.1.5514': attribute type 10 has an invalid length.
[  375.010059][T19556] team0: Device ipvlan0 failed to register rx_handler
[  375.054479][T19560] 9p: Unknown access argument ¿: -22
[  375.657633][T19590] netlink: 268 bytes leftover after parsing attributes in process `syz.4.5528'.
[  375.679845][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  375.679877][   T29] audit: type=1326 audit(2000000149.390:19972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.716279][   T29] audit: type=1326 audit(2000000149.430:19973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.751812][   T29] audit: type=1326 audit(2000000149.460:19974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.775581][   T29] audit: type=1326 audit(2000000149.460:19975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.799475][   T29] audit: type=1326 audit(2000000149.460:19976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.823131][   T29] audit: type=1326 audit(2000000149.470:19977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.846886][   T29] audit: type=1326 audit(2000000149.470:19978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  375.870542][   T29] audit: type=1326 audit(2000000149.470:19979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19591 comm="syz.2.5529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  376.243124][T19474] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.459869][T19474] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.471476][T19611] lo speed is unknown, defaulting to 1000
[  376.518835][ T5157] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.534390][ T5157] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.542701][T19611] lo speed is unknown, defaulting to 1000
[  376.555023][ T5157] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  376.577258][ T5157] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.316929][T19639] FAULT_INJECTION: forcing a failure.
[  377.316929][T19639] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.330124][T19639] CPU: 0 UID: 0 PID: 19639 Comm: syz.3.5547 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  377.330165][T19639] Tainted: [W]=WARN
[  377.330174][T19639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  377.330201][T19639] Call Trace:
[  377.330208][T19639]  <TASK>
[  377.330216][T19639]  __dump_stack+0x1d/0x30
[  377.330239][T19639]  dump_stack_lvl+0xe8/0x140
[  377.330260][T19639]  dump_stack+0x15/0x1b
[  377.330284][T19639]  should_fail_ex+0x265/0x280
[  377.330361][T19639]  should_fail+0xb/0x20
[  377.330384][T19639]  should_fail_usercopy+0x1a/0x20
[  377.330468][T19639]  _copy_from_iter+0xd2/0xe80
[  377.330492][T19639]  ? __build_skb_around+0x1ab/0x200
[  377.330528][T19639]  ? __alloc_skb+0x223/0x320
[  377.330614][T19639]  netlink_sendmsg+0x471/0x6b0
[  377.330644][T19639]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.330672][T19639]  __sock_sendmsg+0x145/0x180
[  377.330707][T19639]  ____sys_sendmsg+0x31e/0x4e0
[  377.330768][T19639]  ___sys_sendmsg+0x17b/0x1d0
[  377.330854][T19639]  __x64_sys_sendmsg+0xd4/0x160
[  377.330886][T19639]  x64_sys_call+0x191e/0x3000
[  377.330918][T19639]  do_syscall_64+0xd2/0x200
[  377.330983][T19639]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  377.331029][T19639]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  377.331073][T19639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.331102][T19639] RIP: 0033:0x7f3f2711efc9
[  377.331120][T19639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.331140][T19639] RSP: 002b:00007f3f25b87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.331220][T19639] RAX: ffffffffffffffda RBX: 00007f3f27375fa0 RCX: 00007f3f2711efc9
[  377.331234][T19639] RDX: 0000000020000004 RSI: 0000200000000100 RDI: 0000000000000003
[  377.331252][T19639] RBP: 00007f3f25b87090 R08: 0000000000000000 R09: 0000000000000000
[  377.331269][T19639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.331284][T19639] R13: 00007f3f27376038 R14: 00007f3f27375fa0 R15: 00007ffd269eb578
[  377.331303][T19639]  </TASK>
[  377.739175][T19643] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.753114][T19645] vhci_hcd: invalid port number 96
[  377.758281][T19645] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  377.781786][T19643] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.871611][T19643] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.902784][T19659] loop3: detected capacity change from 0 to 1024
[  377.916020][T19659] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  377.927132][T19659] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  377.951937][T19643] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.960263][T19659] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  377.986473][T19659] EXT4-fs (loop3): invalid journal inode
[  378.004001][T19659] EXT4-fs (loop3): can't get journal size
[  378.009314][ T5151] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  378.020376][T19659] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #3: comm syz.3.5555: blocks 2-2 from inode overlap system zone
[  378.022532][ T5151] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  378.052418][T19659] EXT4-fs (loop3): failed to initialize system zone (-117)
[  378.059672][T19659] EXT4-fs (loop3): mount failed
[  378.070443][ T5151] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.089979][ T5179] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.149405][T19667] loop1: detected capacity change from 0 to 1024
[  378.158378][T19667] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  378.169433][T19667] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  378.181983][T19669] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5559'.
[  378.200568][T19669] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5559'.
[  378.219774][T19667] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  378.253958][T19675] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.307949][T19667] EXT4-fs (loop1): invalid journal inode
[  378.320533][T19667] EXT4-fs (loop1): can't get journal size
[  378.337239][T19667] EXT4-fs error (device loop1): ext4_protect_reserved_inode:182: inode #3: comm syz.1.5558: blocks 2-2 from inode overlap system zone
[  378.338100][T19675] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.370500][T19667] EXT4-fs (loop1): failed to initialize system zone (-117)
[  378.380327][T19667] EXT4-fs (loop1): mount failed
[  378.427541][   T29] audit: type=1400 audit(2000000152.140:19980): avc:  denied  { append } for  pid=19687 comm="syz.0.5566" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  378.453129][T19688] blktrace: Concurrent blktraces are not allowed on sg0
[  378.454269][T19675] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.494303][   T29] audit: type=1400 audit(2000000152.170:19981): avc:  granted  { setsecparam } for  pid=19689 comm="syz.1.5567" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  378.566928][T19694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5569'.
[  378.575989][T19694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5569'.
[  378.586201][T19675] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.594119][T19694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5569'.
[  378.663956][T19702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5572'.
[  378.690556][T19702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5572'.
[  378.860652][T19709] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  378.860652][T19709]    program syz.0.5574 not setting count and/or reply_len properly
[  378.927680][T19712] xt_cluster: node mask cannot exceed total number of nodes
[  379.031659][T19712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5575'.
[  379.450797][T19732] netlink: 272 bytes leftover after parsing attributes in process `syz.0.5583'.
[  379.475533][T19736] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  379.475533][T19736]    program syz.1.5585 not setting count and/or reply_len properly
[  379.898981][T19758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5592'.
[  380.333764][T19767] pim6reg: entered allmulticast mode
[  380.339947][T19767] pim6reg: left allmulticast mode
[  380.502781][T19770] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  380.502781][T19770]    program syz.1.5597 not setting count and/or reply_len properly
[  380.814169][T19782] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5599'.
[  380.878647][T19782] loop1: detected capacity change from 0 to 1024
[  380.887270][T19782] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  380.898235][T19782] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  380.909098][T19782] JBD2: no valid journal superblock found
[  380.914923][T19782] EXT4-fs (loop1): Could not load journal inode
[  381.512164][   T29] kauditd_printk_skb: 153 callbacks suppressed
[  381.512182][   T29] audit: type=1400 audit(2000000155.230:20135): avc:  denied  { nlmsg_write } for  pid=19790 comm="syz.1.5604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  381.568007][T19795] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  381.579173][   T29] audit: type=1400 audit(2000000155.250:20136): avc:  denied  { audit_write } for  pid=19790 comm="syz.1.5604" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  381.600685][   T29] audit: type=1107 audit(2000000155.250:20137): pid=19790 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  381.614193][   T29] audit: type=1326 audit(2000000155.260:20138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19790 comm="syz.1.5604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3633efc9 code=0x7ffc0000
[  381.637850][   T29] audit: type=1326 audit(2000000155.260:20139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19790 comm="syz.1.5604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd3633efc9 code=0x7ffc0000
[  381.661708][   T29] audit: type=1326 audit(2000000155.260:20140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19790 comm="syz.1.5604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3633efc9 code=0x7ffc0000
[  381.685372][   T29] audit: type=1326 audit(2000000155.260:20141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19790 comm="syz.1.5604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7efd3633efc9 code=0x7ffc0000
[  381.709015][   T29] audit: type=1326 audit(2000000155.260:20142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19790 comm="syz.1.5604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3633efc9 code=0x7ffc0000
[  381.931476][T19801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5607'.
[  382.040273][ T5193] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  382.057212][ T5193] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  382.070334][T19801] vhci_hcd: invalid port number 96
[  382.075463][T19801] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  382.102974][ T5193] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  382.133238][ T5193] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  382.445172][T19820] loop3: detected capacity change from 0 to 1024
[  382.481847][T19820] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  382.492772][T19820] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  382.503683][T19820] JBD2: no valid journal superblock found
[  382.509412][T19820] EXT4-fs (loop3): Could not load journal inode
[  382.520115][   T29] audit: type=1400 audit(2000000156.090:20143): avc:  denied  { listen } for  pid=19817 comm="syz.0.5614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  382.540313][   T29] audit: type=1400 audit(2000000156.090:20144): avc:  denied  { connect } for  pid=19817 comm="syz.0.5614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  382.963538][T19836] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  383.109135][T19847] block device autoloading is deprecated and will be removed.
[  383.175185][T19847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=19847 comm=syz.0.5624
[  383.224374][T19847] loop0: detected capacity change from 0 to 1024
[  383.231559][T19847] EXT4-fs: Ignoring removed orlov option
[  383.237390][T19847] /dev/loop0: Can't open blockdev
[  383.671343][T19878] loop0: detected capacity change from 0 to 164
[  383.706834][T19882] pim6reg: entered allmulticast mode
[  383.715375][T19878] atomic_op ffff88814acfd528 conn xmit_atomic 0000000000000000
[  383.746133][T19882] pim6reg: left allmulticast mode
[  384.353491][T19914] __nla_validate_parse: 4 callbacks suppressed
[  384.353536][T19914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5649'.
[  384.379551][T19914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5649'.
[  384.398647][T19914] vhci_hcd: invalid port number 96
[  384.403868][T19914] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  385.012624][T19936] loop3: detected capacity change from 0 to 164
[  385.021069][T19936] Unable to read rock-ridge attributes
[  385.029757][T19936] Unable to read rock-ridge attributes
[  385.036749][T19936] bio_check_eod: 32 callbacks suppressed
[  385.036766][T19936] syz.3.5657: attempt to access beyond end of device
[  385.036766][T19936] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  385.110469][T19940] syz.3.5657: attempt to access beyond end of device
[  385.110469][T19940] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  385.182625][T19945] pim6reg: entered allmulticast mode
[  385.188918][T19945] pim6reg: left allmulticast mode
[  385.208829][T12121] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  385.219782][T12121] CPU: 1 UID: 0 PID: 12121 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  385.219818][T12121] Tainted: [W]=WARN
[  385.219827][T12121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  385.219845][T12121] Call Trace:
[  385.219853][T12121]  <TASK>
[  385.219903][T12121]  __dump_stack+0x1d/0x30
[  385.220002][T12121]  dump_stack_lvl+0xe8/0x140
[  385.220030][T12121]  dump_stack+0x15/0x1b
[  385.220054][T12121]  dump_header+0x81/0x220
[  385.220078][T12121]  oom_kill_process+0x342/0x400
[  385.220119][T12121]  out_of_memory+0x979/0xb80
[  385.220233][T12121]  try_charge_memcg+0x610/0xa10
[  385.220276][T12121]  charge_memcg+0x51/0xc0
[  385.220305][T12121]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  385.220417][T12121]  __read_swap_cache_async+0x17b/0x2d0
[  385.220508][T12121]  swap_cluster_readahead+0x362/0x3c0
[  385.220547][T12121]  swapin_readahead+0xde/0x6f0
[  385.220583][T12121]  ? copy_from_kernel_nofault+0x15f/0x200
[  385.220607][T12121]  ? css_rstat_updated+0xb7/0x240
[  385.220647][T12121]  ? __rcu_read_unlock+0x4f/0x70
[  385.220706][T12121]  ? __rcu_read_unlock+0x4f/0x70
[  385.220735][T12121]  ? swap_cache_get_folio+0x277/0x280
[  385.220756][T12121]  do_swap_page+0x2ae/0x2370
[  385.220791][T12121]  ? _raw_spin_unlock+0x26/0x50
[  385.220830][T12121]  ? finish_task_switch+0xad/0x2b0
[  385.220863][T12121]  ? __pfx_default_wake_function+0x10/0x10
[  385.220903][T12121]  handle_mm_fault+0x9a5/0x2be0
[  385.220980][T12121]  ? vma_start_read+0x141/0x1f0
[  385.221028][T12121]  do_user_addr_fault+0x630/0x1080
[  385.221055][T12121]  ? fpregs_restore_userregs+0xe2/0x1d0
[  385.221087][T12121]  ? switch_fpu_return+0xe/0x20
[  385.221181][T12121]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  385.221208][T12121]  exc_page_fault+0x62/0xa0
[  385.221235][T12121]  asm_exc_page_fault+0x26/0x30
[  385.221254][T12121] RIP: 0033:0x7efd36371845
[  385.221272][T12121] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 6d 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  385.221359][T12121] RSP: 002b:00007fffe814e928 EFLAGS: 00010246
[  385.221381][T12121] RAX: 0000000000000000 RBX: 000000000000045d RCX: 00007efd36371843
[  385.221393][T12121] RDX: 00007fffe814e940 RSI: 0000000000000000 RDI: 0000000000000000
[  385.221405][T12121] RBP: 00007fffe814e9ac R08: 0000000005d586a9 R09: 0000000000000000
[  385.221417][T12121] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  385.221429][T12121] R13: 00000000000927c0 R14: 000000000005ddde R15: 00007fffe814ea00
[  385.221447][T12121]  </TASK>
[  385.470428][T12121] memory: usage 307200kB, limit 307200kB, failcnt 970
[  385.477258][T12121] memory+swap: usage 307488kB, limit 9007199254740988kB, failcnt 0
[  385.485391][T12121] kmem: usage 307084kB, limit 9007199254740988kB, failcnt 0
[  385.492777][T12121] Memory cgroup stats for /syz1:
[  385.493259][T12121] cache 0
[  385.501189][T12121] rss 0
[  385.503961][T12121] shmem 0
[  385.506903][T12121] mapped_file 0
[  385.510380][T12121] dirty 0
[  385.513667][T12121] writeback 0
[  385.516946][T12121] workingset_refault_anon 218
[  385.521659][T12121] workingset_refault_file 4209
[  385.526429][T12121] swap 294912
[  385.529724][T12121] swapcached 4096
[  385.533356][T12121] pgpgin 333597
[  385.536824][T12121] pgpgout 333568
[  385.540409][T12121] pgfault 360087
[  385.543972][T12121] pgmajfault 139
[  385.547507][T12121] inactive_anon 0
[  385.551143][T12121] active_anon 4096
[  385.554872][T12121] inactive_file 0
[  385.558500][T12121] active_file 114688
[  385.562404][T12121] unevictable 0
[  385.565882][T12121] hierarchical_memory_limit 314572800
[  385.571254][T12121] hierarchical_memsw_limit 9223372036854771712
[  385.577421][T12121] total_cache 0
[  385.580889][T12121] total_rss 0
[  385.584165][T12121] total_shmem 0
[  385.587691][T12121] total_mapped_file 0
[  385.591724][T12121] total_dirty 0
[  385.595177][T12121] total_writeback 0
[  385.598990][T12121] total_workingset_refault_anon 218
[  385.604428][T12121] total_workingset_refault_file 4209
[  385.609729][T12121] total_swap 294912
[  385.613664][T12121] total_swapcached 4096
[  385.617810][T12121] total_pgpgin 333597
[  385.621870][T12121] total_pgpgout 333568
[  385.625932][T12121] total_pgfault 360087
[  385.629991][T12121] total_pgmajfault 139
[  385.634202][T12121] total_inactive_anon 0
[  385.638370][T12121] total_active_anon 4096
[  385.642709][T12121] total_inactive_file 0
[  385.646858][T12121] total_active_file 114688
[  385.651281][T12121] total_unevictable 0
[  385.655264][T12121] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.5651,pid=19917,uid=0
[  385.669998][T12121] Memory cgroup out of memory: Killed process 19917 (syz.1.5651) total-vm:94088kB, anon-rss:1136kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  385.749125][T19949] loop2: detected capacity change from 0 to 1764
[  385.865351][T19951] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  385.865351][T19951]    program syz.2.5662 not setting count and/or reply_len properly
[  385.989611][T19964] loop1: detected capacity change from 0 to 512
[  385.996250][T19964] EXT4-fs: Ignoring removed nobh option
[  386.005424][T19964] EXT4-fs (loop1): failed to initialize system zone (-117)
[  386.012807][T19964] EXT4-fs (loop1): mount failed
[  386.711309][   T29] kauditd_printk_skb: 126 callbacks suppressed
[  386.711325][   T29] audit: type=1400 audit(2000000160.430:20271): avc:  denied  { sqpoll } for  pid=19973 comm="syz.2.5671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  386.801687][   T29] audit: type=1400 audit(2000000160.510:20272): avc:  denied  { create } for  pid=19973 comm="syz.2.5671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  386.821358][   T29] audit: type=1400 audit(2000000160.510:20273): avc:  denied  { write } for  pid=19973 comm="syz.2.5671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  386.840934][   T29] audit: type=1400 audit(2000000160.510:20274): avc:  denied  { module_request } for  pid=19973 comm="syz.2.5671" kmod="crypto-digest_null" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  387.055444][T19999] FAULT_INJECTION: forcing a failure.
[  387.055444][T19999] name failslab, interval 1, probability 0, space 0, times 0
[  387.056358][   T29] audit: type=1400 audit(2000000160.560:20275): avc:  denied  { read } for  pid=19973 comm="syz.2.5671" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  387.068135][T19999] CPU: 1 UID: 0 PID: 19999 Comm: syz.0.5678 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  387.068202][T19999] Tainted: [W]=WARN
[  387.068212][T19999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  387.068287][T19999] Call Trace:
[  387.068297][T19999]  <TASK>
[  387.068307][T19999]  __dump_stack+0x1d/0x30
[  387.068342][T19999]  dump_stack_lvl+0xe8/0x140
[  387.068379][T19999]  dump_stack+0x15/0x1b
[  387.068404][T19999]  should_fail_ex+0x265/0x280
[  387.068432][T19999]  ? __pfx_resume_store+0x10/0x10
[  387.068500][T19999]  should_failslab+0x8c/0xb0
[  387.068579][T19999]  kmem_cache_alloc_noprof+0x50/0x480
[  387.068622][T19999]  ? getname_kernel+0x3c/0x1f0
[  387.068711][T19999]  ? __pfx_resume_store+0x10/0x10
[  387.068750][T19999]  getname_kernel+0x3c/0x1f0
[  387.068794][T19999]  kern_path+0x23/0x130
[  387.068884][T19999]  ? __pfx_resume_store+0x10/0x10
[  387.068936][T19999]  lookup_bdev+0x66/0x150
[  387.068969][T19999]  resume_store+0x10b/0x3d0
[  387.069068][T19999]  ? should_fail_ex+0xdb/0x280
[  387.069094][T19999]  ? __pfx_resume_store+0x10/0x10
[  387.069132][T19999]  kobj_attr_store+0x4a/0x70
[  387.069166][T19999]  ? __pfx_kobj_attr_store+0x10/0x10
[  387.069210][T19999]  sysfs_kf_write+0xfe/0x120
[  387.069245][T19999]  ? __pfx_sysfs_kf_write+0x10/0x10
[  387.069278][T19999]  kernfs_fop_write_iter+0x1eb/0x300
[  387.069310][T19999]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  387.069425][T19999]  vfs_write+0x52a/0x960
[  387.069585][T19999]  ksys_write+0xda/0x1a0
[  387.069704][T19999]  __x64_sys_write+0x40/0x50
[  387.069742][T19999]  x64_sys_call+0x2802/0x3000
[  387.069775][T19999]  do_syscall_64+0xd2/0x200
[  387.069864][T19999]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  387.069903][T19999]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  387.070010][T19999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.070041][T19999] RIP: 0033:0x7ffae21befc9
[  387.070061][T19999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.070086][T19999] RSP: 002b:00007ffae0c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  387.070155][T19999] RAX: ffffffffffffffda RBX: 00007ffae2415fa0 RCX: 00007ffae21befc9
[  387.070173][T19999] RDX: 00000000fffffd65 RSI: 0000200000000000 RDI: 0000000000000004
[  387.070263][T19999] RBP: 00007ffae0c27090 R08: 0000000000000000 R09: 0000000000000000
[  387.070280][T19999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  387.070321][T19999] R13: 00007ffae2416038 R14: 00007ffae2415fa0 R15: 00007fffbc86a718
[  387.070347][T19999]  </TASK>
[  387.345308][   T29] audit: type=1400 audit(2000000160.560:20276): avc:  denied  { open } for  pid=19973 comm="syz.2.5671" path="/dev/ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  387.368898][   T29] audit: type=1400 audit(2000000160.560:20277): avc:  denied  { ioctl } for  pid=19973 comm="syz.2.5671" path="/dev/ptp0" dev="devtmpfs" ino=246 ioctlcmd=0x3d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  387.394044][   T29] audit: type=1400 audit(2000000160.710:20278): avc:  denied  { mount } for  pid=19987 comm="syz.0.5676" name="/" dev="autofs" ino=69107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  387.416753][   T29] audit: type=1400 audit(2000000160.720:20279): avc:  denied  { setattr } for  pid=19987 comm="syz.0.5676" path="pipe:[69745]" dev="pipefs" ino=69745 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  387.440106][   T29] audit: type=1400 audit(2000000160.720:20280): avc:  denied  { connect } for  pid=19987 comm="syz.0.5676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  388.264233][T20145] FAULT_INJECTION: forcing a failure.
[  388.264233][T20145] name failslab, interval 1, probability 0, space 0, times 0
[  388.276929][T20145] CPU: 0 UID: 0 PID: 20145 Comm: syz.1.5690 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  388.276979][T20145] Tainted: [W]=WARN
[  388.276986][T20145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  388.277004][T20145] Call Trace:
[  388.277013][T20145]  <TASK>
[  388.277023][T20145]  __dump_stack+0x1d/0x30
[  388.277071][T20145]  dump_stack_lvl+0xe8/0x140
[  388.277153][T20145]  dump_stack+0x15/0x1b
[  388.277173][T20145]  should_fail_ex+0x265/0x280
[  388.277201][T20145]  should_failslab+0x8c/0xb0
[  388.277236][T20145]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[  388.277282][T20145]  ? sidtab_sid2str_get+0xa0/0x130
[  388.277374][T20145]  kmemdup_noprof+0x2b/0x70
[  388.277410][T20145]  sidtab_sid2str_get+0xa0/0x130
[  388.277518][T20145]  security_sid_to_context_core+0x1eb/0x2e0
[  388.277625][T20145]  security_sid_to_context+0x27/0x40
[  388.277691][T20145]  sel_write_context+0x12f/0x200
[  388.277713][T20145]  selinux_transaction_write+0xc6/0x110
[  388.277734][T20145]  ? __pfx_selinux_transaction_write+0x10/0x10
[  388.277761][T20145]  vfs_write+0x269/0x960
[  388.277815][T20145]  ? __rcu_read_unlock+0x4f/0x70
[  388.277842][T20145]  ? __fget_files+0x184/0x1c0
[  388.277880][T20145]  ksys_write+0xda/0x1a0
[  388.277916][T20145]  __x64_sys_write+0x40/0x50
[  388.278026][T20145]  x64_sys_call+0x2802/0x3000
[  388.278049][T20145]  do_syscall_64+0xd2/0x200
[  388.278075][T20145]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  388.278114][T20145]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  388.278195][T20145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.278280][T20145] RIP: 0033:0x7efd3633efc9
[  388.278346][T20145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.278365][T20145] RSP: 002b:00007efd34d9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  388.278389][T20145] RAX: ffffffffffffffda RBX: 00007efd36595fa0 RCX: 00007efd3633efc9
[  388.278406][T20145] RDX: 000000000000001d RSI: 0000200000000340 RDI: 0000000000000003
[  388.278423][T20145] RBP: 00007efd34d9f090 R08: 0000000000000000 R09: 0000000000000000
[  388.278439][T20145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.278461][T20145] R13: 00007efd36596038 R14: 00007efd36595fa0 R15: 00007fffe814e5e8
[  388.278485][T20145]  </TASK>
[  388.527564][T20148] pim6reg: entered allmulticast mode
[  388.533629][T20148] pim6reg: left allmulticast mode
[  388.649635][T20155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5689'.
[  388.724557][T20155] loop2: detected capacity change from 0 to 1024
[  388.733053][T20155] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  388.743975][T20155] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  388.755120][T20155] JBD2: no valid journal superblock found
[  388.760878][T20155] EXT4-fs (loop2): Could not load journal inode
[  388.905930][T20158] program syz.1.5693 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  389.221087][T20169] bond0: (slave bond_slave_0): Releasing backup interface
[  389.242167][T20174] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5697'.
[  389.252059][T20174] netlink: 'syz.4.5697': attribute type 10 has an invalid length.
[  389.259884][T20174] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5697'.
[  389.300122][T20169] bond0: (slave bond_slave_1): Releasing backup interface
[  389.325560][T20169] team0: Port device team_slave_0 removed
[  389.350800][T20178] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  389.350800][T20178]    program syz.1.5701 not setting count and/or reply_len properly
[  389.371481][T20169] team0: Port device team_slave_1 removed
[  389.398993][T20169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.406509][T20169] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.416924][T20169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.424532][T20169] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.437365][T20169] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  389.458628][T20174] batman_adv: batadv0: Adding interface: veth1_vlan
[  389.465289][T20174] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  389.497159][T20174] batman_adv: batadv0: Interface activated: veth1_vlan
[  389.498277][T20182] netlink: 268 bytes leftover after parsing attributes in process `syz.3.5702'.
[  389.517815][T20186] pim6reg: entered allmulticast mode
[  389.523947][T20186] pim6reg: left allmulticast mode
[  389.578284][T20190] sd 0:0:1:0: device reset
[  389.590938][T20190] binfmt_misc: register: failed to install interpreter file ./file0
[  389.736162][T20196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5704'.
[  389.785338][T20196] loop0: detected capacity change from 0 to 1024
[  389.792709][T20196] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  389.803720][T20196] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  389.814819][T20196] JBD2: no valid journal superblock found
[  389.820634][T20196] EXT4-fs (loop0): Could not load journal inode
[  390.012398][T20202] netlink: 47 bytes leftover after parsing attributes in process `syz.4.5709'.
[  390.225313][T20216] vhci_hcd: invalid port number 96
[  390.230535][T20216] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  390.284123][T20219] netlink: 660 bytes leftover after parsing attributes in process `syz.2.5716'.
[  390.391486][T20219] netlink: 64 bytes leftover after parsing attributes in process `syz.2.5716'.
[  390.493276][T20233] syzkaller1: entered promiscuous mode
[  390.498795][T20233] syzkaller1: entered allmulticast mode
[  390.516696][T20233] xt_CT: No such helper "pptp"
[  390.552198][T20239] loop3: detected capacity change from 0 to 164
[  390.590289][T20239] Unsupported NM flag settings (240)
[  390.617708][T19352] Unsupported NM flag settings (240)
[  390.635692][T19352] Unsupported NM flag settings (240)
[  390.647797][T19352] Unsupported NM flag settings (240)
[  390.665772][T19352] Unsupported NM flag settings (240)
[  390.680516][T19352] Unsupported NM flag settings (240)
[  390.691542][T19352] Unsupported NM flag settings (240)
[  391.027350][T20250] netlink: 'syz.0.5730': attribute type 1 has an invalid length.
[  391.042169][T20250] 8021q: adding VLAN 0 to HW filter on device bond2
[  391.086184][T20250] bond2: (slave geneve2): making interface the new active one
[  391.122664][T20250] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  391.131624][ T5136] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.153696][ T5136] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.162746][ T5136] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.198384][ T5136] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.446500][T20283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5743'.
[  391.455508][T20283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5743'.
[  391.471341][T20283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5743'.
[  391.676382][T20306] vhci_hcd: invalid port number 96
[  391.681602][T20306] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  391.735138][T20312] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  391.735138][T20312]    program syz.2.5754 not setting count and/or reply_len properly
[  391.765387][T20314] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  391.765387][T20314]    program syz.0.5755 not setting count and/or reply_len properly
[  391.806651][T20319] netlink: 'syz.2.5757': attribute type 21 has an invalid length.
[  391.814850][T20319] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5757'.
[  391.824001][T20319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5757'.
[  391.836469][   T29] kauditd_printk_skb: 288 callbacks suppressed
[  391.836485][   T29] audit: type=1326 audit(2000000165.550:20569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  391.899413][   T29] audit: type=1326 audit(2000000165.550:20570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  391.923238][   T29] audit: type=1326 audit(2000000165.550:20571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  391.946942][   T29] audit: type=1326 audit(2000000165.550:20572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  391.970684][   T29] audit: type=1326 audit(2000000165.550:20573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  391.994376][   T29] audit: type=1326 audit(2000000165.550:20574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  392.018707][   T29] audit: type=1326 audit(2000000165.550:20575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  392.042379][   T29] audit: type=1326 audit(2000000165.550:20576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  392.066072][   T29] audit: type=1326 audit(2000000165.550:20577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  392.089816][   T29] audit: type=1326 audit(2000000165.550:20578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20317 comm="syz.2.5757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  392.176995][T20029] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.213934][T20334] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  392.261661][T20029] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.294789][T20326] lo speed is unknown, defaulting to 1000
[  392.323007][T20029] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.351347][T20029] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.376311][T20326] lo speed is unknown, defaulting to 1000
[  392.445989][T20029] batadv1: left allmulticast mode
[  392.451138][T20029] batadv1: left promiscuous mode
[  392.456208][T20029] bridge0: port 3(batadv1) entered disabled state
[  392.464353][T20029] bridge_slave_1: left allmulticast mode
[  392.470111][T20029] bridge_slave_1: left promiscuous mode
[  392.475768][T20029] bridge0: port 2(bridge_slave_1) entered disabled state
[  392.496562][T20029] bridge_slave_0: left allmulticast mode
[  392.502339][T20029] bridge_slave_0: left promiscuous mode
[  392.508113][T20029] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.532127][T20029] bond2 (unregistering): (slave geneve2): Releasing active interface
[  392.622530][T20029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  392.632622][T20029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  392.642523][T20029] bond0 (unregistering): Released all slaves
[  392.652806][T20029] bond1 (unregistering): Released all slaves
[  392.661863][T20029] bond2 (unregistering): Released all slaves
[  392.710839][T20326] chnl_net:caif_netlink_parms(): no params data found
[  392.867713][T20029] hsr_slave_0: left promiscuous mode
[  392.873571][T20029] batman_adv: batadv0: Removing interface: batadv_slave_0
[  392.881351][T20029] batman_adv: batadv0: Removing interface: batadv_slave_1
[  392.916222][T20029] team0 (unregistering): Port device team_slave_1 removed
[  393.041842][T20368] loop3: detected capacity change from 0 to 1024
[  393.049212][T20368] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  393.060182][T20368] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  393.070960][T20368] JBD2: no valid journal superblock found
[  393.076707][T20368] EXT4-fs (loop3): Could not load journal inode
[  393.090914][T20029] team0 (unregistering): Port device team_slave_0 removed
[  393.140553][T20370] vhci_hcd: invalid port number 96
[  393.145715][T20370] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  393.168972][   T37] smc: removing ib device s
z1
[  393.590928][T20326] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.598174][T20326] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.606101][T20326] bridge_slave_0: entered allmulticast mode
[  393.613969][T20326] bridge_slave_0: entered promiscuous mode
[  393.621023][T20326] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.628095][T20326] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.652464][T20326] bridge_slave_1: entered allmulticast mode
[  393.659104][T20326] bridge_slave_1: entered promiscuous mode
[  393.723495][T20386] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.751631][T20384] pim6reg: entered allmulticast mode
[  393.758845][T20326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  393.769898][T20326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  393.779070][T20384] pim6reg: left allmulticast mode
[  393.781094][ T5136] Bluetooth: hci0: Frame reassembly failed (-84)
[  393.803713][T20326] team0: Port device team_slave_0 added
[  393.806619][T20029] IPVS: stop unused estimator thread 0...
[  393.816675][T20386] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.828350][T20326] team0: Port device team_slave_1 added
[  393.850480][T20326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  393.857468][T20326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  393.883440][T20326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  393.895491][T20326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  393.902571][T20326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  393.928679][T20326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  393.952496][T20386] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.970692][T20326] hsr_slave_0: entered promiscuous mode
[  393.976675][T20326] hsr_slave_1: entered promiscuous mode
[  393.982756][T20326] debugfs: 'hsr0' already exists in 'hsr'
[  393.988502][T20326] Cannot create hsr debugfs directory
[  394.043138][T20386] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.115868][T20406] program syz.2.5781 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  394.151818][T20029] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.176554][T20029] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.188950][T20029] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.210930][T20029] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.300987][T20326] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  394.301155][T20414] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=20414 comm=syz.4.5785
[  394.322875][T20326] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  394.336176][T20326] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  394.366483][T20326] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  394.414997][T20429] IPv6: Can't replace route, no match found
[  394.441811][T20326] 8021q: adding VLAN 0 to HW filter on device bond0
[  394.464833][T20326] 8021q: adding VLAN 0 to HW filter on device team0
[  394.491199][T20029] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.498311][T20029] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.514057][T20029] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.521343][T20029] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.544878][T20326] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  394.555302][T20326] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  394.583999][T20393] Bluetooth: hci0: Opcode 0x1003 failed: -4
[  394.594211][T20436] loop2: detected capacity change from 0 to 1024
[  394.610657][T20436] EXT4-fs: Ignoring removed orlov option
[  394.636040][T20439] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.647226][T20441] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  394.647226][T20441]    program syz.3.5793 not setting count and/or reply_len properly
[  394.674891][T20436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.692949][T20436] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  394.701855][T20326] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.709834][T20439] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.782161][T20439] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.802710][T20448] vhci_hcd: invalid port number 96
[  394.807860][T20448] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  394.851642][T20439] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.866512][T20326] veth0_vlan: entered promiscuous mode
[  394.883135][T20326] veth1_vlan: entered promiscuous mode
[  394.901052][T20326] veth0_macvtap: entered promiscuous mode
[  394.908813][T20326] veth1_macvtap: entered promiscuous mode
[  394.925039][T20326] batman_adv: batadv0: Interface activated: batadv_slave_0
[  394.937388][T20326] batman_adv: batadv0: Interface activated: batadv_slave_1
[  394.948913][ T5136] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.958497][ T5136] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.968756][ T5136] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.988267][ T5136] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.208076][T20470] loop0: detected capacity change from 0 to 8192
[  395.276925][T20473] __nla_validate_parse: 11 callbacks suppressed
[  395.276941][T20473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5797'.
[  395.347130][T20473] loop3: detected capacity change from 0 to 1024
[  395.356768][T20473] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  395.367763][T20473] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  395.379286][T20473] JBD2: no valid journal superblock found
[  395.385086][T20473] EXT4-fs (loop3): Could not load journal inode
[  395.414073][T20470]  loop0: p1 p2 p4 < >
[  395.418214][T20470] loop0: partition table partially beyond EOD, truncated
[  395.481788][T20470] loop0: p1 start 16777216 is beyond EOD, truncated
[  395.488464][T20470] loop0: p2 size 515840 extends beyond EOD, truncated
[  395.535275][T20470] loop0: p4 start 16777216 is beyond EOD, truncated
[  395.557266][T12857] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.654462][T20476] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5800'.
[  395.664650][T20476] netlink: 268 bytes leftover after parsing attributes in process `syz.1.5800'.
[  395.716093][T20483] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not '
'
[  395.759030][T20488] loop1: detected capacity change from 0 to 1024
[  395.781721][T20488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.795685][T20488] nfs4: Bad value for 'source'
[  395.871998][T12121] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.922221][T20496] vhci_hcd: invalid port number 96
[  395.927451][T20496] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  395.962711][ T6206] IPVS: starting estimator thread 0...
[  395.991766][T20501] pim6reg: entered allmulticast mode
[  396.021274][T20501] pim6reg: left allmulticast mode
[  396.050365][T20499] IPVS: using max 2064 ests per chain, 103200 per kthread
[  396.233139][T20514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5812'.
[  396.267405][T20514] netlink: 268 bytes leftover after parsing attributes in process `syz.2.5812'.
[  396.317562][T20518] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  396.317562][T20518]    program syz.3.5814 not setting count and/or reply_len properly
[  396.531895][T20525] vhci_hcd: invalid port number 96
[  396.537056][T20525] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  396.622875][T20529] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5819'.
[  396.659062][T20529] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5819'.
[  396.699360][T20537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5822'.
[  396.708385][T20537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5822'.
[  396.721184][T20537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5822'.
[  396.749646][T20539] loop2: detected capacity change from 0 to 136
[  396.934360][   T29] kauditd_printk_skb: 143 callbacks suppressed
[  396.934386][   T29] audit: type=1400 audit(2000000170.650:20722): avc:  denied  { getopt } for  pid=20548 comm="syz.1.5826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  396.961013][   T29] audit: type=1326 audit(2000000170.660:20723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  396.984732][   T29] audit: type=1326 audit(2000000170.660:20724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.008497][   T29] audit: type=1326 audit(2000000170.660:20725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.032306][   T29] audit: type=1326 audit(2000000170.660:20726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.056015][   T29] audit: type=1326 audit(2000000170.660:20727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.079899][   T29] audit: type=1326 audit(2000000170.660:20728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.103857][   T29] audit: type=1326 audit(2000000170.660:20729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.127684][   T29] audit: type=1326 audit(2000000170.660:20730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.151424][   T29] audit: type=1326 audit(2000000170.660:20731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20550 comm="syz.2.5827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff49674efc9 code=0x7ffc0000
[  397.510691][T20567] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  397.510691][T20567]    program syz.0.5833 not setting count and/or reply_len properly
[  397.869043][T20590] loop0: detected capacity change from 0 to 512
[  397.893985][T20590] EXT4-fs: dax option not supported
[  397.995958][T20597] IPv6: Can't replace route, no match found
[  398.124700][T20606] FAULT_INJECTION: forcing a failure.
[  398.124700][T20606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.138040][T20606] CPU: 0 UID: 0 PID: 20606 Comm: syz.1.5846 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  398.138071][T20606] Tainted: [W]=WARN
[  398.138078][T20606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  398.138090][T20606] Call Trace:
[  398.138097][T20606]  <TASK>
[  398.138104][T20606]  __dump_stack+0x1d/0x30
[  398.138133][T20606]  dump_stack_lvl+0xe8/0x140
[  398.138210][T20606]  dump_stack+0x15/0x1b
[  398.138235][T20606]  should_fail_ex+0x265/0x280
[  398.138260][T20606]  should_fail+0xb/0x20
[  398.138278][T20606]  should_fail_usercopy+0x1a/0x20
[  398.138370][T20606]  _copy_from_user+0x1c/0xb0
[  398.138394][T20606]  __sys_bpf+0x183/0x7c0
[  398.138418][T20606]  __x64_sys_bpf+0x41/0x50
[  398.138448][T20606]  x64_sys_call+0x2aee/0x3000
[  398.138540][T20606]  do_syscall_64+0xd2/0x200
[  398.138594][T20606]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  398.138665][T20606]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  398.138723][T20606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.138801][T20606] RIP: 0033:0x7efd3633efc9
[  398.138815][T20606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.138830][T20606] RSP: 002b:00007efd34d9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  398.138848][T20606] RAX: ffffffffffffffda RBX: 00007efd36595fa0 RCX: 00007efd3633efc9
[  398.138859][T20606] RDX: 0000000000000050 RSI: 0000200000000440 RDI: 0000000000000000
[  398.138871][T20606] RBP: 00007efd34d9f090 R08: 0000000000000000 R09: 0000000000000000
[  398.138955][T20606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.138971][T20606] R13: 00007efd36596038 R14: 00007efd36595fa0 R15: 00007fffe814e5e8
[  398.138996][T20606]  </TASK>
[  398.406437][T20618] loop1: detected capacity change from 0 to 512
[  398.413422][T20618] EXT4-fs: Ignoring removed nobh option
[  398.422490][T20618] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.5851: corrupted inode contents
[  398.434810][T20618] EXT4-fs (loop1): Remounting filesystem read-only
[  398.441998][T20618] EXT4-fs (loop1): 1 truncate cleaned up
[  398.448236][T20618] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.460945][T20618] ext4 filesystem being mounted at /468/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  398.481712][T12121] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.670244][ T5178] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.681084][ T5178] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.693112][ T5178] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.704810][ T5178] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  398.800301][ T6208] ==================================================================
[  398.808493][ T6208] BUG: KCSAN: data-race in kick_pool / wq_worker_running
[  398.815521][ T6208] 
[  398.817840][ T6208] read-write to 0xffff888237d29de4 of 4 bytes by task 6858 on cpu 1:
[  398.825902][ T6208]  wq_worker_running+0x95/0x120
[  398.830757][ T6208]  schedule_timeout+0xb7/0x170
[  398.835556][ T6208]  msleep+0x50/0x90
[  398.839379][ T6208]  nsim_fib_event_work+0x42e6/0x4790
[  398.844665][ T6208]  process_scheduled_works+0x4ce/0x9d0
[  398.850145][ T6208]  worker_thread+0x582/0x770
[  398.854739][ T6208]  kthread+0x489/0x510
[  398.858808][ T6208]  ret_from_fork+0x122/0x1b0
[  398.863399][ T6208]  ret_from_fork_asm+0x1a/0x30
[  398.868172][ T6208] 
[  398.870499][ T6208] read to 0xffff888237d29de4 of 4 bytes by task 6208 on cpu 0:
[  398.878034][ T6208]  kick_pool+0x49/0x2d0
[  398.882204][ T6208]  __queue_work+0x8cb/0xb50
[  398.886708][ T6208]  queue_work_on+0xd1/0x160
[  398.891233][ T6208]  wg_packet_encrypt_worker+0xc0a/0xe10
[  398.896962][ T6208]  process_scheduled_works+0x4ce/0x9d0
[  398.902434][ T6208]  worker_thread+0x582/0x770
[  398.907022][ T6208]  kthread+0x489/0x510
[  398.911090][ T6208]  ret_from_fork+0x122/0x1b0
[  398.915678][ T6208]  ret_from_fork_asm+0x1a/0x30
[  398.920439][ T6208] 
[  398.922754][ T6208] value changed: 0x00000000 -> 0x00000001
[  398.928458][ T6208] 
[  398.930770][ T6208] Reported by Kernel Concurrency Sanitizer on:
[  398.936915][ T6208] CPU: 0 UID: 0 PID: 6208 Comm: kworker/0:10 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  398.948386][ T6208] Tainted: [W]=WARN
[  398.952234][ T6208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  398.962366][ T6208] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker
[  398.968905][ T6208] ==================================================================
[  398.979181][T20644] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  398.979181][T20644]    program syz.2.5859 not setting count and/or reply_len properly