last executing test programs:

5.964265269s ago: executing program 3 (id=6129):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000300)='system_u:object_r:dhcp_state_t:s0\x00', 0x22)

5.958114s ago: executing program 3 (id=6130):
msgsnd(0x0, 0x0, 0x39, 0x0)

5.176753193s ago: executing program 2 (id=6143):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000040000004500"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)

4.511860787s ago: executing program 2 (id=6149):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x3ff, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x7, 0xc3f1, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0xfffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffe, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

4.292585224s ago: executing program 2 (id=6152):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='leases_conflict\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000540)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r5}, 0x10)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000280)={0xfffffffc}, 0x9)
ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f00000003c0)={0x2, &(0x7f0000000380)=[{0xc000, 0x4, 0x9, 0x7}, {0x7fff, 0x8b, 0x81, 0x4b9}]})
msgsnd(0x0, 0x0, 0x39, 0x0)

4.153814005s ago: executing program 2 (id=6155):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f0000000140)={[{@acl}, {@user_xattr}, {@errors_remount}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x1, 0x4e4, &(0x7f0000002d40)="$eJzs3c9PXFsdAPDvHZgCLc/hqYvnS3w2+gxttDNQbEtcVEyMrppY68YVIgyEMDCEGdpCGkPjH2Bi/BVduXJj4tqYmP4JxqSJ7o0xmkbbunChjrnDHYu8AYaUYSjz+SSn95z763tO4R7m3HMzN4C+dTkiZiJiICKuRkQhW5/LUuzspnS/F88fzacpicbQvb8lkWTrWudKsuWl7LDhiPjaVyK+lXwwbm1re2WuUilvZOVSfXW9VNvavra8OrdUXiqvzUxN3py+NX1jeuLE2nr7S3/+4Xd//uXbv/nsgz/O/vXKt9NqjWbb9rajEzsd7rfb9Hzz/6JlMCI2jhPsDBvI2pPvdUUAAOhI+hn/wxHxyYh4+ZNe1wYAAADohsYXRuNfSUQDAAAAOLdyzWdgk1wxexZgNHK5YnH3Gd6PxsVcpVqrf2axurm2sPus7Fjkc4vLlfJE9qzwWOSTtDzZzL8qX99XnoqItyPi+4WRZrk4X60s9PrmBwAAAPSJS/vG//8o7I7/AQAAgHNmrNcVAAAAALrO+B8AAADOvwPH/8ng6VYEAAAA6Iav3rmTpkbr/dcL97c2V6r3ry2UayvF1c354nx1Y724VK0uNb+zb/Wo81Wq1fXPxdrmw1K9XKuXalvbs6vVzbX6bPO93rPlRuFUmgUAAADs8fYnnvwhiYidz480U+pCti1/9OEz3a0d0E254+2edKsewOkb6HUFgJ7xgC/0rw7G+MA5d8TA/gf7yse8bQAAAJwF4x97rfl/84HwBjOQh/5l/h/6l/l/6F/m/6HPDR29y/BBG357wnUBAAC6ZrSZklwxmwscjVyuWIx4q/lagHyyuFwpT0TEhyLi94X8UFqe7HWlAQAAAAAAAAAAAAAAAAAAAAAAAOAN02gk0QAAAADOtYjcX5LsRf7jhfdH998fuJD8s9BcRsSDn9770cO5en1jMl3/9/+tr/84W3+9tSb1jVO+kwEAAAC0tMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJykF88fzbfSacZ99sWIGGsXfzCGm8vhXxUi4uLLJAb3HJdExMAJxN95HBHvtIufpNWKsawW++PnImKkx/EvnUB86GdP0v5nJr3+8vuuv1xcbi7bX3+DWXpdzy4f1P/lWv1fs59r1/+9dfiph1uZd5/+snRg/McR7w62739a8ZN28S903sZvfn17+6BtjZ9FjB/x9yeNX6qvrpdqW9vXllfnlspL5bWpqcmb07emb0xPlBaXK+Xs37YxvvfxX//nsPZfbBt/t/89sP0R8X6H7f/304fPP3JI/Cufav/zf+eQ+OnvxKezvwPp9vFWfmc3v9d7v/jde4e1f+GA9h/684+IKx22/+rd7/ypw10BgFNQ29pematUyhtdyYx07cwyaaa6diaqIXN2M3ezC/3Yh/e4YwIAAE7cqw/9+7ccY4IHAAAAAAAAAAAAAAAAAAAAeC1d/xKyof//ZoHh3jUVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ/w0AAP//5w/Stg==")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x71f}, 0x18)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)

3.934790883s ago: executing program 2 (id=6160):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xe}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe2(&(0x7f0000000000)={0x0, <r2=>0x0}, 0x0)
vmsplice(r2, 0x0, 0x0, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
syz_emit_ethernet(0x66, &(0x7f0000000200)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x30, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x1f}, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2, [{0x1, 0x1, "909f50c21562"}]}}}}}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x200800, 0x8)
fcntl$getflags(r4, 0x1)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000540)={0x0, 0xa1ff, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

3.282166786s ago: executing program 4 (id=6171):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x28000600)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x9, 0x7fe2, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x6, r2}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f0000000380)="f8", &(0x7f00000002c0)=""/29}, 0x20)

3.204245802s ago: executing program 4 (id=6173):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r3, 0x301, 0x0, 0x25dfdbfc, {{0x5}, {@void, @val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4004015}, 0x20000000)

3.147434906s ago: executing program 4 (id=6175):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb00000000000000000000000000000000000000000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc010040000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000002000000000000000000000000000002000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000"], 0x1a0}}, 0x0)

3.055696154s ago: executing program 2 (id=6176):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4)
r3 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0x2, 0x2, 0x7000000}]}}]}, 0x48}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522ec, 0x0, {0x0, 0x0, 0x74, r6, {0x10, 0xf}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', <r9=>0x0})
getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000000380)=<r10=>0x0, &(0x7f0000000500)=0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r11=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f00000005c0)={'team0\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000980)=ANY=[@ANYBLOB="bc010000745e541bbd5c69e162ebc1ea53fc94ac90f317c991be779ac3ae58bb805e0375cd23230c952f7baecd316adcf7785ca4583eaae95602e3b86919c8af054148e39640cc9da4db7fdf461f7590a3fd99dc2aa67f039f71", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf250700000034000180140002007767320000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="140002007663616e3000000000000000000000001c00018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000300020000004400018008000100", @ANYRES32=r4, @ANYBLOB="1400020062617461647630000000000000000000140002006e657464657673696d3000000000000008000300000000000800030003000000400001800800030000000000140002006d6163766c616e31000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="1c0001800800030001000000080003000200000008000100", @ANYRES32=r10, @ANYBLOB="64000180080003000100000008000100", @ANYRES32, @ANYBLOB="1400020076657468305f766972745f776966690008000100", @ANYRES32=r11, @ANYBLOB="080003000200000008000300010000000800030003000000140002007866726d300000000000000000000000080003000100000054000180140002006261746164765f736c6176655f300000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="080003000100000008000100", @ANYRES32=r12, @ANYBLOB="14000200767863616e310000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1bc}, 0x1, 0x0, 0x0, 0x8000}, 0x24040055)
r13 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r13, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

2.793297925s ago: executing program 4 (id=6178):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x3ff, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x7, 0xc3f1, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0xfffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffe, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2.710496712s ago: executing program 4 (id=6181):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f0000000140)={[{@acl}, {@user_xattr}, {@errors_remount}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x1, 0x4e4, &(0x7f0000002d40)="$eJzs3c9PXFsdAPDvHZgCLc/hqYvnS3w2+gxttDNQbEtcVEyMrppY68YVIgyEMDCEGdpCGkPjH2Bi/BVduXJj4tqYmP4JxqSJ7o0xmkbbunChjrnDHYu8AYaUYSjz+SSn95z763tO4R7m3HMzN4C+dTkiZiJiICKuRkQhW5/LUuzspnS/F88fzacpicbQvb8lkWTrWudKsuWl7LDhiPjaVyK+lXwwbm1re2WuUilvZOVSfXW9VNvavra8OrdUXiqvzUxN3py+NX1jeuLE2nr7S3/+4Xd//uXbv/nsgz/O/vXKt9NqjWbb9rajEzsd7rfb9Hzz/6JlMCI2jhPsDBvI2pPvdUUAAOhI+hn/wxHxyYh4+ZNe1wYAAADohsYXRuNfSUQDAAAAOLdyzWdgk1wxexZgNHK5YnH3Gd6PxsVcpVqrf2axurm2sPus7Fjkc4vLlfJE9qzwWOSTtDzZzL8qX99XnoqItyPi+4WRZrk4X60s9PrmBwAAAPSJS/vG//8o7I7/AQAAgHNmrNcVAAAAALrO+B8AAADOvwPH/8ng6VYEAAAA6Iav3rmTpkbr/dcL97c2V6r3ry2UayvF1c354nx1Y724VK0uNb+zb/Wo81Wq1fXPxdrmw1K9XKuXalvbs6vVzbX6bPO93rPlRuFUmgUAAADs8fYnnvwhiYidz480U+pCti1/9OEz3a0d0E254+2edKsewOkb6HUFgJ7xgC/0rw7G+MA5d8TA/gf7yse8bQAAAJwF4x97rfl/84HwBjOQh/5l/h/6l/l/6F/m/6HPDR29y/BBG357wnUBAAC6ZrSZklwxmwscjVyuWIx4q/lagHyyuFwpT0TEhyLi94X8UFqe7HWlAQAAAAAAAAAAAAAAAAAAAAAAAOAN02gk0QAAAADOtYjcX5LsRf7jhfdH998fuJD8s9BcRsSDn9770cO5en1jMl3/9/+tr/84W3+9tSb1jVO+kwEAAAC0tMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJykF88fzbfSacZ99sWIGGsXfzCGm8vhXxUi4uLLJAb3HJdExMAJxN95HBHvtIufpNWKsawW++PnImKkx/EvnUB86GdP0v5nJr3+8vuuv1xcbi7bX3+DWXpdzy4f1P/lWv1fs59r1/+9dfiph1uZd5/+snRg/McR7w62739a8ZN28S903sZvfn17+6BtjZ9FjB/x9yeNX6qvrpdqW9vXllfnlspL5bWpqcmb07emb0xPlBaXK+Xs37YxvvfxX//nsPZfbBt/t/89sP0R8X6H7f/304fPP3JI/Cufav/zf+eQ+OnvxKezvwPp9vFWfmc3v9d7v/jde4e1f+GA9h/684+IKx22/+rd7/ypw10BgFNQ29pematUyhtdyYx07cwyaaa6diaqIXN2M3ezC/3Yh/e4YwIAAE7cqw/9+7ccY4IHAAAAAAAAAAAAAAAAAAAAeC1d/xKyof//ZoHh3jUVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ/w0AAP//5w/Stg==")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x71f}, 0x18)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)

2.169331705s ago: executing program 4 (id=6185):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xe}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
syz_emit_ethernet(0x66, &(0x7f0000000200)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x30, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x1f}, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2, [{0x1, 0x1, "909f50c21562"}]}}}}}}, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x200800, 0x8)
fcntl$getflags(r3, 0x1)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000540)={0x0, 0xa1ff, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

1.534682356s ago: executing program 3 (id=6132):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
rseq(0x0, 0x0, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
msgget$private(0x0, 0xfffffffffffffffd)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x18)
dup(r2)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10)
r6 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
quotactl_fd$Q_SYNC(r6, 0xffffffff80000100, 0x0, 0x0)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'fo\x00', 0x15, 0x9, 0x35}, 0x2c)

1.275457387s ago: executing program 0 (id=6193):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000600"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000300)='system_u:object_r:dhcp_state_t:s0\x00', 0x22)

1.212264403s ago: executing program 0 (id=6194):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0x11, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x7}}]}, 0x88}, 0x1, 0x7}, 0x0) (fail_nth: 1)

1.195149894s ago: executing program 0 (id=6195):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = gettid()
process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/dev\x00')
fsetxattr$system_posix_acl(r2, &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f00000009c0)=ANY=[@ANYBLOB="c27932ba7401000000000000007dacffed77f6652f3e7c768a4593727b7ea2c11bb051bd59792c", @ANYRES32=0xee01, @ANYBLOB="04000a000000000010000700000000002000040000000000"], 0x2c, 0x0)
connect$phonet_pipe(r0, &(0x7f0000000000)={0x23, 0x16, 0x4, 0x3}, 0x10)
ioctl$SIOCPNENABLEPIPE(r0, 0x89ed, 0x0)
syz_clone(0x820100, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="9e8d0000edbc1f7d14a61352b54be9946d533586bc76e8a77c14cd3b523f281c898f737219129407e0209a2e9f80df01a99ea98ad0b374745e2cf34dda01ad5559a5ccd52febf11e378f18d39e8788a55b61279ba704cc64792be5df7fe07afd122d668e84912b442a8c31b1d6fa4f010ba88806b18254517d5b1aa3b10900228a62f356bdf94b992557578ee02dce68c760bd17dbb768cd207d2b9a327b259ef2ac99edbd7e796194c59af8d35bad1ce7327233cb1b53d9b259a75f7af56086036819cff70a32e3f6023f2e689df67bbbf4f55543c3097bd0edd317f88b54958222a9a639c8065aee809a6a8f8873fff786d00aebc346567ea049f45f12da7875cd7d7561bd0db04d2594155c04b5e4485755c062fafcb03cc053744f29c1619d6a888071f54fcf8cdef895f6a3b1deb7d38fdfaae5e464c6019195d29c5757a7ecf17351ec09b450c9c724a4ba1703fe04b6ecfd60aab641832b68434c0f5f118080a8307841c7734e5a2d2308b465ea5dda0d805e243d773b300090e9441ea3b33bfd316bf0f99dfedbb7b427971f8917be31e635d4a1d883dca2005fc950215589e9f83c3e58725ac7d04b47f18d0acad4e27e1ab5f9078f00ab3def3d2397940e84fed0404b9b8f52ec844b43027874038dcdd5daf5014e1d85fc50a78e022d3175f921bd908d27c4", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000009c0)=ANY=[@ANYRES8=r3], 0x48}}, 0x40004)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r5=>r2, {0x76d4}}, './file2\x00'})
accept4$unix(r5, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e, 0x80c00)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x16, 0x88e18470934e5ed2, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES16=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b7"], &(0x7f0000000440)='syzkaller\x00', 0x4000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffffa4)
r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='sched_switch\x00', r7, 0x0, 0x2}, 0x18)
r8 = gettid()
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x80)
read(r9, &(0x7f0000000440)=""/247, 0x26)
tkill(r8, 0x7)
lseek(r6, 0x5, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r10, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x8000080, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)

905.954397ms ago: executing program 3 (id=6197):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000000), &(0x7f00000000c0)=r1}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x9, 0x7fe2, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000780), 0x6, r2}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f0000000380)="f8", &(0x7f00000002c0)=""/29}, 0x20)

863.23206ms ago: executing program 3 (id=6198):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffd}, 0x1c)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r1, 0x0, 0x0)
close_range(r0, r1, 0x0)

837.864143ms ago: executing program 3 (id=6200):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0xa, 0x300)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r4=>0x0})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r5)
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)={0x3c, r6, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_EXTENDED_ADDR={0xfffffffffffffebf, 0x17, {0xaaaaaaaaaaaa0302}}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4002}, 0x14004880)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xc1004a}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="26604298e9da22d76318ac3d72b1b3fddcae7be0dbc7349d7563aac292fe084ecad6b3fc85ffb5276b8c4f4362fb20a923e427655ce6c280bfd0df60fd5d6e0822", @ANYRES16=r7, @ANYBLOB="00042ebd7080bcdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4086}, 0x20048801)
r8 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r9=>0x0})
connect$can_bcm(r8, &(0x7f0000000240)={0x1d, r9}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/timer_list\x00', 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0218000012000000000000000000000005000600ff0000000a000000000000000000000000000000000000000000000000000000000000000800120000000000000000800000000006000000000000000000000000000000ac14140b000000000000000000000000e0000002000000000000000000000000030005000020000002"], 0x90}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r4, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

691.264245ms ago: executing program 0 (id=6204):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000580)={[], [{@audit}, {@subj_type}, {@obj_user}, {@pcr}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, ':^-#'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@flag='async'}]}, 0x1, 0xb89, &(0x7f0000002340)="$eJzs3cFvFNUfAPDvTLtLKfx+XYwHMSbUeIDEsG0BBYkH8Gg8mEiCnnBtt6RhAUNrYgmJ5WbiRQ2ePHlSEz16NcSoJw9GT/wHhoSYwh9QM7OzZaW7LZUt05TPJ5nd9/bt8r5D8t33ZudNJ4An1nj2kEbsj4hPk4ix4vU0Iqp5aSRiqf2+e8vXprMtiZWVt/5OIomIu8vXpjv/VlI878kehvNPxh8/RTw1tLbf+cWrFxqtVvNKUZ9YuPj+xPzi1cNzFxvnm+ebl468PHl06pVjJ146NrB9XTyefvL76699c+Pcl799f+K5j5M4FXuLtu79GJTxGF/9P+k2HBHvDLqzkgwV+9NrPwEA2H7Srjnc/hiLobzUNhb1uVKDAwAAAAbio4hYAQAAAHa4xPE/AAAA7HCddQB3l69Nd7ZyVyQAj8ud0xFRa+d/5/r+dstwLOXPI1GJiNF7SdeVQe3rvWsD6H88Ir774viBbIstug4f6G3pekQ802v8T/L8r+V/xWNt/qcRMTmA/scfqMt/eHweJf9PDaB/+Q8AAAAAAACDc/N0+0T+2vN/6er6n+hx/m+ox7m7/2Lj83/p7QF0A/Rw53TEq1339rnXlf+F2lBR+1++HqCSzM61mpMR8f+IOBSVXVl9ap0+vv7h5J/92rrX/2Vb1n9nLWARx+3hXf/+zExjofEo+wy03bke8exwr/xPVsf/pM/63zcfso9fzv44269t4/wHtsrKVxEHe47/9+/olqx/f76JfD4w0ZkVrHX2+Z+/7de//IfyZOP/6Pr5X0u679c5v/k+JkcPn+/Xtqn5f/uniHz+X03O5HcVrRZNHzYWFq5MRVSTN9a+fmTzMcNO1MmHTr5k+X/ohd7H/+vN/7Mke7f4lkgjolE8Z/X3Huhz17lfP+sXj/EfypPl/8ymxv/NFz5/e/lMv/4fbvw/lo/ph4pX/P4H63vYBC07TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhO0ojYG0laXy2nab0esScino7RtHV5fuHF2csfXJrJ2vK3ZJqTETEWEbWoJLNzreZUXr5fP/JA/WhE7IuIG2O783p9+nJrpuR9BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L49EbE3krQeEWleTtN6vd3211jZ0QEAAAADUys7AAAAAGDLOf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4BHtO3DzVhIRSyd351umWrRVSo0M2Gpp2QEApRkqOwCgNMNlBwCUxjE+kGzQPtK3xQwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ElycP/NW0lELJ3cnW+ZatFWKTUyYKulZQcAlGao7ACA0gyXHQBQGsf4QLJB+0jfFjMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCfJ/OLVC41Wq3lluxWqRYBb1EWl9B1UUNjOhZK/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjR/gkAAP//W2T2tw==")

569.369814ms ago: executing program 0 (id=6206):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x3ff, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x7, 0xc3f1, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0xfffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffe, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

526.773628ms ago: executing program 0 (id=6207):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe2(&(0x7f0000000000)={0x0, <r2=>0x0}, 0x0)
vmsplice(r2, 0x0, 0x0, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
syz_emit_ethernet(0x66, &(0x7f0000000200)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x30, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x1f}, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2, [{0x1, 0x1, "909f50c21562"}]}}}}}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x200800, 0x8)
fcntl$getflags(r4, 0x1)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000540)={0x0, 0xa1ff, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

229.623311ms ago: executing program 1 (id=6214):
socket$kcm(0x2, 0x3, 0x2)
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
close_range(r0, r1, 0x0)

208.745444ms ago: executing program 1 (id=6215):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r1, &(0x7f0000000300)='system_u:object_r:dhcp_state_t:s0\x00', 0x22)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="000000000000000000000000000000001860000000000000000000a97600000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

151.983188ms ago: executing program 1 (id=6216):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000580)={[], [{@audit}, {@subj_type}, {@obj_user}, {@pcr}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, ':^-#'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@flag='async'}]}, 0x1, 0xb89, &(0x7f0000002340)="$eJzs3cFvFNUfAPDvTLtLKfx+XYwHMSbUeIDEsG0BBYkH8Gg8mEiCnnBtt6RhAUNrYgmJ5WbiRQ2ePHlSEz16NcSoJw9GT/wHhoSYwh9QM7OzZaW7LZUt05TPJ5nd9/bt8r5D8t33ZudNJ4An1nj2kEbsj4hPk4ix4vU0Iqp5aSRiqf2+e8vXprMtiZWVt/5OIomIu8vXpjv/VlI878kehvNPxh8/RTw1tLbf+cWrFxqtVvNKUZ9YuPj+xPzi1cNzFxvnm+ebl468PHl06pVjJ146NrB9XTyefvL76699c+Pcl799f+K5j5M4FXuLtu79GJTxGF/9P+k2HBHvDLqzkgwV+9NrPwEA2H7Srjnc/hiLobzUNhb1uVKDAwAAAAbio4hYAQAAAHa4xPE/AAAA7HCddQB3l69Nd7ZyVyQAj8ud0xFRa+d/5/r+dstwLOXPI1GJiNF7SdeVQe3rvWsD6H88Ir774viBbIstug4f6G3pekQ802v8T/L8r+V/xWNt/qcRMTmA/scfqMt/eHweJf9PDaB/+Q8AAAAAAACDc/N0+0T+2vN/6er6n+hx/m+ox7m7/2Lj83/p7QF0A/Rw53TEq1339rnXlf+F2lBR+1++HqCSzM61mpMR8f+IOBSVXVl9ap0+vv7h5J/92rrX/2Vb1n9nLWARx+3hXf/+zExjofEo+wy03bke8exwr/xPVsf/pM/63zcfso9fzv44269t4/wHtsrKVxEHe47/9+/olqx/f76JfD4w0ZkVrHX2+Z+/7de//IfyZOP/6Pr5X0u679c5v/k+JkcPn+/Xtqn5f/uniHz+X03O5HcVrRZNHzYWFq5MRVSTN9a+fmTzMcNO1MmHTr5k+X/ohd7H/+vN/7Mke7f4lkgjolE8Z/X3Huhz17lfP+sXj/EfypPl/8ymxv/NFz5/e/lMv/4fbvw/lo/ph4pX/P4H63vYBC07TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhO0ojYG0laXy2nab0esScino7RtHV5fuHF2csfXJrJ2vK3ZJqTETEWEbWoJLNzreZUXr5fP/JA/WhE7IuIG2O783p9+nJrpuR9BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L49EbE3krQeEWleTtN6vd3211jZ0QEAAAADUys7AAAAAGDLOf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4BHtO3DzVhIRSyd351umWrRVSo0M2Gpp2QEApRkqOwCgNMNlBwCUxjE+kGzQPtK3xQwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ElycP/NW0lELJ3cnW+ZatFWKTUyYKulZQcAlGao7ACA0gyXHQBQGsf4QLJB+0jfFjMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCfJ/OLVC41Wq3lluxWqRYBb1EWl9B1UUNjOhZK/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjR/gkAAP//W2T2tw==")

134.975759ms ago: executing program 1 (id=6217):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb00000000000000000000000000000000000000000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc010040000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000002000000000000000000000000000002000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000"], 0x1a0}}, 0x0)

56.556386ms ago: executing program 1 (id=6218):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r1, &(0x7f0000000300)='system_u:object_r:dhcp_state_t:s0\x00', 0x22)

0s ago: executing program 1 (id=6219):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000040000004500"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)

kernel console output (not intermixed with test programs):

[   T29] audit: type=1326 audit(1754790453.586:55515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.124747][   T29] audit: type=1326 audit(1754790453.636:55516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.148583][   T29] audit: type=1326 audit(1754790453.636:55517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.172544][   T29] audit: type=1326 audit(1754790453.636:55518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.196212][   T29] audit: type=1326 audit(1754790453.636:55519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.220247][   T29] audit: type=1326 audit(1754790453.636:55520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.243968][   T29] audit: type=1326 audit(1754790453.636:55521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.267730][   T29] audit: type=1326 audit(1754790453.636:55522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20115 comm="syz.2.5367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ca180ebe9 code=0x7ffc0000
[  477.304967][T20128] syzkaller1: entered promiscuous mode
[  477.310798][T20128] syzkaller1: entered allmulticast mode
[  477.403590][T20135] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5372'.
[  477.568606][T20145] netlink: 'syz.1.5375': attribute type 1 has an invalid length.
[  477.602124][T20151] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  477.617651][T20145] bond15: entered promiscuous mode
[  477.629116][T20145] 8021q: adding VLAN 0 to HW filter on device bond15
[  477.671999][T20147] loop3: detected capacity change from 0 to 1024
[  477.696155][T20147] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  477.707726][T20147] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  477.739831][T20147] JBD2: no valid journal superblock found
[  477.745672][T20147] EXT4-fs (loop3): Could not load journal inode
[  477.770401][T20147] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  477.789037][T20157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5380'.
[  477.882175][T20167] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5384'.
[  477.925152][T20170] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  478.017308][T20183] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5388'.
[  478.062734][T20183] 8021q: adding VLAN 0 to HW filter on device bond20
[  478.090926][T20187] vlan2: entered allmulticast mode
[  478.096104][T20187] bond20: entered allmulticast mode
[  478.136925][T20192] FAULT_INJECTION: forcing a failure.
[  478.136925][T20192] name failslab, interval 1, probability 0, space 0, times 0
[  478.149985][T20192] CPU: 1 UID: 0 PID: 20192 Comm: syz.1.5390 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  478.150024][T20192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  478.150041][T20192] Call Trace:
[  478.150051][T20192]  <TASK>
[  478.150062][T20192]  __dump_stack+0x1d/0x30
[  478.150115][T20192]  dump_stack_lvl+0xe8/0x140
[  478.150160][T20192]  dump_stack+0x15/0x1b
[  478.150179][T20192]  should_fail_ex+0x265/0x280
[  478.150207][T20192]  should_failslab+0x8c/0xb0
[  478.150310][T20192]  kmem_cache_alloc_noprof+0x50/0x310
[  478.150382][T20192]  ? radix_tree_node_alloc+0x8a/0x1f0
[  478.150410][T20192]  radix_tree_node_alloc+0x8a/0x1f0
[  478.150468][T20192]  radix_tree_extend+0xcf/0x370
[  478.150534][T20192]  idr_get_free+0x12d/0x550
[  478.150630][T20192]  idr_alloc_u32+0xca/0x180
[  478.150668][T20192]  ? __pfx_loop_control_ioctl+0x10/0x10
[  478.150703][T20192]  idr_alloc+0x6e/0xd0
[  478.150731][T20192]  loop_add+0x145/0x590
[  478.150848][T20192]  ? __pfx_loop_control_ioctl+0x10/0x10
[  478.150884][T20192]  loop_control_ioctl+0xd0/0x3f0
[  478.150999][T20192]  ? __pfx_loop_control_ioctl+0x10/0x10
[  478.151041][T20192]  __se_sys_ioctl+0xce/0x140
[  478.151158][T20192]  __x64_sys_ioctl+0x43/0x50
[  478.151201][T20192]  x64_sys_call+0x1816/0x2ff0
[  478.151230][T20192]  do_syscall_64+0xd2/0x200
[  478.151265][T20192]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  478.151351][T20192]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  478.151384][T20192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.151413][T20192] RIP: 0033:0x7fa7b881ebe9
[  478.151433][T20192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.151462][T20192] RSP: 002b:00007fa7b7287038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  478.151535][T20192] RAX: ffffffffffffffda RBX: 00007fa7b8a45fa0 RCX: 00007fa7b881ebe9
[  478.151600][T20192] RDX: 0000000007000000 RSI: 0000000000004c80 RDI: 0000000000000003
[  478.151614][T20192] RBP: 00007fa7b7287090 R08: 0000000000000000 R09: 0000000000000000
[  478.151629][T20192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.151643][T20192] R13: 00007fa7b8a46038 R14: 00007fa7b8a45fa0 R15: 00007ffe967a5298
[  478.151665][T20192]  </TASK>
[  478.400427][T20194] netlink: 'syz.0.5391': attribute type 13 has an invalid length.
[  478.488805][T20199] netlink: 'syz.2.5393': attribute type 9 has an invalid length.
[  478.497740][T20199] netlink: 'syz.2.5393': attribute type 6 has an invalid length.
[  478.555267][T20207] loop1: detected capacity change from 0 to 1024
[  478.555352][T20200] netlink: 'syz.2.5393': attribute type 9 has an invalid length.
[  478.555371][T20200] netlink: 'syz.2.5393': attribute type 6 has an invalid length.
[  478.563242][T20207] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  478.589184][T20207] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  478.623625][T20207] JBD2: no valid journal superblock found
[  478.629485][T20207] EXT4-fs (loop1): Could not load journal inode
[  478.689445][T20229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5400'.
[  478.729958][T20207] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  478.999904][T20261] loop2: detected capacity change from 0 to 512
[  479.008644][T20261] EXT4-fs (loop2): orphan cleanup on readonly fs
[  479.017866][T20261] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.5416: bg 0: block 248: padding at end of block bitmap is not set
[  479.036952][T20261] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.5416: Failed to acquire dquot type 1
[  479.064840][T20261] EXT4-fs (loop2): 1 truncate cleaned up
[  479.085188][T20261] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  479.152216][T20265] loop1: detected capacity change from 0 to 2048
[  479.171065][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  479.185252][T20265] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  479.397068][T20273] FAULT_INJECTION: forcing a failure.
[  479.397068][T20273] name failslab, interval 1, probability 0, space 0, times 0
[  479.409890][T20273] CPU: 1 UID: 0 PID: 20273 Comm: syz.1.5417 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  479.409938][T20273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  479.409952][T20273] Call Trace:
[  479.409960][T20273]  <TASK>
[  479.409967][T20273]  __dump_stack+0x1d/0x30
[  479.409992][T20273]  dump_stack_lvl+0xe8/0x140
[  479.410019][T20273]  dump_stack+0x15/0x1b
[  479.410091][T20273]  should_fail_ex+0x265/0x280
[  479.410155][T20273]  should_failslab+0x8c/0xb0
[  479.410184][T20273]  kmem_cache_alloc_noprof+0x50/0x310
[  479.410213][T20273]  ? skb_clone+0x151/0x1f0
[  479.410244][T20273]  skb_clone+0x151/0x1f0
[  479.410273][T20273]  __netlink_deliver_tap+0x2c9/0x500
[  479.410388][T20273]  netlink_unicast+0x66b/0x690
[  479.410430][T20273]  netlink_sendmsg+0x58b/0x6b0
[  479.410454][T20273]  ? __pfx_netlink_sendmsg+0x10/0x10
[  479.410517][T20273]  __sock_sendmsg+0x142/0x180
[  479.410601][T20273]  ____sys_sendmsg+0x31e/0x4e0
[  479.410632][T20273]  ___sys_sendmsg+0x17b/0x1d0
[  479.410704][T20273]  __x64_sys_sendmsg+0xd4/0x160
[  479.410737][T20273]  x64_sys_call+0x191e/0x2ff0
[  479.410760][T20273]  do_syscall_64+0xd2/0x200
[  479.410812][T20273]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  479.410842][T20273]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  479.410866][T20273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.410959][T20273] RIP: 0033:0x7fa7b881ebe9
[  479.411039][T20273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.411065][T20273] RSP: 002b:00007fa7b7245038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  479.411119][T20273] RAX: ffffffffffffffda RBX: 00007fa7b8a46180 RCX: 00007fa7b881ebe9
[  479.411135][T20273] RDX: 0000000004000054 RSI: 0000200000000480 RDI: 0000000000000009
[  479.411152][T20273] RBP: 00007fa7b7245090 R08: 0000000000000000 R09: 0000000000000000
[  479.411169][T20273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  479.411186][T20273] R13: 00007fa7b8a46218 R14: 00007fa7b8a46180 R15: 00007ffe967a5298
[  479.411210][T20273]  </TASK>
[  479.679660][T20268] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 2: invalid block bitmap
[  479.741047][T20278] validate_nla: 5 callbacks suppressed
[  479.741067][T20278] netlink: 'syz.0.5421': attribute type 13 has an invalid length.
[  479.883174][T20293] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5426'.
[  480.029938][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.119194][T20306] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5430'.
[  480.177208][T20306] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.199554][T20318] netlink: 76 bytes leftover after parsing attributes in process `syz.2.5433'.
[  480.248622][T20306] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.315855][T20330] netlink: 'syz.4.5435': attribute type 13 has an invalid length.
[  480.353140][T20306] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.395145][T20333] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42256 sclass=netlink_route_socket pid=20333 comm=syz.0.5437
[  480.432898][T20306] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.433928][T20333] netlink: 'syz.0.5437': attribute type 3 has an invalid length.
[  480.482387][T20344] netlink: 'syz.2.5441': attribute type 3 has an invalid length.
[  480.517038][  T126] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  480.548331][  T126] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  480.573916][  T126] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  480.613014][  T126] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  480.625215][T20346] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  480.672964][T20363] netlink: 'syz.4.5449': attribute type 13 has an invalid length.
[  480.730742][T20357] loop2: detected capacity change from 0 to 8192
[  480.764763][T20357] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5444'.
[  480.934531][T20377] loop3: detected capacity change from 0 to 1024
[  480.943941][T20379] syzkaller1: entered promiscuous mode
[  480.949799][T20379] syzkaller1: entered allmulticast mode
[  480.960889][T20377] EXT4-fs: Ignoring removed orlov option
[  481.010562][T20377] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  481.464390][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.527656][T20396] 8021q: adding VLAN 0 to HW filter on device bond12
[  481.554836][T20396] vlan2: entered allmulticast mode
[  481.560180][T20396] bond12: entered allmulticast mode
[  481.700534][T20401] netlink: 'syz.3.5460': attribute type 13 has an invalid length.
[  481.746293][T20401] loop3: detected capacity change from 0 to 1024
[  481.783157][T20403] loop2: detected capacity change from 0 to 1024
[  481.809005][T20401] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  481.828619][T20403] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  481.916634][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.994510][T20409] loop3: detected capacity change from 0 to 1024
[  482.038009][T20409] EXT4-fs: Ignoring removed orlov option
[  482.079561][T20409] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  482.212223][T20415] 9pnet_fd: Insufficient options for proto=fd
[  482.506349][T20422] __nla_validate_parse: 1 callbacks suppressed
[  482.506370][T20422] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5465'.
[  482.872637][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.947115][T20440] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5469'.
[  482.973019][T20443] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5470'.
[  483.016462][T20443] bond13: entered promiscuous mode
[  483.038429][T20443] 8021q: adding VLAN 0 to HW filter on device bond13
[  483.073117][T20443] netlink: 3 bytes leftover after parsing attributes in process `syz.3.5470'.
[  483.107725][T20443] batadv0: entered promiscuous mode
[  483.113336][T20443] batadv0: entered allmulticast mode
[  483.169033][T20443] 8021q: adding VLAN 0 to HW filter on device batadv0
[  483.200496][T20443] bond13: (slave batadv0): Enslaving as an active interface with an up link
[  483.282518][T20462] loop3: detected capacity change from 0 to 1024
[  483.298692][T20462] EXT4-fs: Ignoring removed orlov option
[  483.320344][T20462] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  483.459121][T20471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5478'.
[  483.656199][   T29] kauditd_printk_skb: 321 callbacks suppressed
[  483.656218][   T29] audit: type=1400 audit(1754790460.176:55842): avc:  denied  { execute } for  pid=20475 comm="syz.0.5480" dev="tmpfs" ino=2312 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  483.801338][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  483.860828][T20478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5481'.
[  483.882407][T20478] bond13: (slave batadv0): Releasing backup interface
[  484.039184][T20483] loop3: detected capacity change from 0 to 512
[  484.047102][T20483] EXT4-fs (loop3): orphan cleanup on readonly fs
[  484.054469][T20483] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5482: bg 0: block 248: padding at end of block bitmap is not set
[  484.069658][T20483] Quota error (device loop3): write_blk: dquota write failed
[  484.077083][T20483] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  484.087046][T20483] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5482: Failed to acquire dquot type 1
[  484.100116][T20483] EXT4-fs (loop3): 1 truncate cleaned up
[  484.106493][T20483] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  484.131709][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  484.186769][T20487] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5485'.
[  484.400129][T20504] netlink: 'syz.4.5490': attribute type 13 has an invalid length.
[  484.470840][T20505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5489'.
[  484.484979][T20508] loop1: detected capacity change from 0 to 1024
[  484.516940][T20508] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  484.633747][T20527] loop2: detected capacity change from 0 to 512
[  484.640635][   T29] audit: type=1326 audit(1754790461.156:55843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.664324][   T29] audit: type=1326 audit(1754790461.166:55844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.687954][   T29] audit: type=1326 audit(1754790461.166:55845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.711681][   T29] audit: type=1326 audit(1754790461.166:55846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.735484][   T29] audit: type=1326 audit(1754790461.166:55847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.760392][   T29] audit: type=1326 audit(1754790461.166:55848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.785161][   T29] audit: type=1326 audit(1754790461.166:55849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.4.5497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fbdfa01ebe9 code=0x7ffc0000
[  484.865912][T20527] EXT4-fs (loop2): orphan cleanup on readonly fs
[  484.884834][T20527] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.5495: bg 0: block 248: padding at end of block bitmap is not set
[  484.904625][T20540] syzkaller1: entered promiscuous mode
[  484.910554][T20540] syzkaller1: entered allmulticast mode
[  484.939501][T20545] netlink: 'syz.0.5502': attribute type 13 has an invalid length.
[  484.974496][T20527] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.5495: Failed to acquire dquot type 1
[  485.048672][T20527] EXT4-fs (loop2): 1 truncate cleaned up
[  485.061375][T20527] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  485.126264][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  485.248292][T20572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5509'.
[  485.870712][T20583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5514'.
[  485.906229][T20583] bond16: entered promiscuous mode
[  485.918369][T20583] 8021q: adding VLAN 0 to HW filter on device bond16
[  485.932997][T20583] batadv0: entered promiscuous mode
[  485.938372][T20583] batadv0: entered allmulticast mode
[  485.945162][T20583] 8021q: adding VLAN 0 to HW filter on device batadv0
[  485.953563][T20583] bond16: (slave batadv0): Enslaving as an active interface with an up link
[  486.041431][T20599] netlink: 'syz.0.5517': attribute type 13 has an invalid length.
[  486.117007][T20605] bond17: entered promiscuous mode
[  486.181583][T20609] netlink: 'syz.4.5521': attribute type 1 has an invalid length.
[  486.210028][T20609] bond21: entered promiscuous mode
[  486.235115][T20609] 8021q: adding VLAN 0 to HW filter on device bond21
[  486.262426][T20621] 8021q: adding VLAN 0 to HW filter on device bond16
[  486.285059][T20628] vlan0: entered allmulticast mode
[  486.285081][T20628] bond16: entered allmulticast mode
[  486.464285][T20647] netlink: 'syz.4.5530': attribute type 13 has an invalid length.
[  486.764094][T20666] netlink: 'syz.0.5536': attribute type 1 has an invalid length.
[  486.816278][T20666] bond17: entered promiscuous mode
[  486.821984][T20666] 8021q: adding VLAN 0 to HW filter on device bond17
[  487.113867][T20698] netlink: 'syz.2.5543': attribute type 13 has an invalid length.
[  487.164809][T20698] loop2: detected capacity change from 0 to 1024
[  487.196061][T20698] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  487.275980][T20667] chnl_net:caif_netlink_parms(): no params data found
[  487.345543][T20711] netlink: 'syz.3.5545': attribute type 13 has an invalid length.
[  487.400303][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.708767][T20711] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  487.830739][T20667] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.837840][T20667] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.858497][T20667] bridge_slave_0: entered allmulticast mode
[  487.865247][T20667] bridge_slave_0: entered promiscuous mode
[  487.872316][T20667] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.879700][T20667] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.913670][T20667] bridge_slave_1: entered allmulticast mode
[  487.923329][T20724] loop1: detected capacity change from 0 to 1024
[  487.948703][T20724] EXT4-fs: Ignoring removed orlov option
[  487.948999][T20667] bridge_slave_1: entered promiscuous mode
[  487.979544][T20724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  488.021356][T20733] loop2: detected capacity change from 0 to 1024
[  488.028050][T20733] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  488.038509][T20667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  488.060346][T20667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  488.068072][T20734] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  488.128136][T20667] team0: Port device team_slave_0 added
[  488.147930][T20667] team0: Port device team_slave_1 added
[  488.192142][T20739] __nla_validate_parse: 8 callbacks suppressed
[  488.192158][T20739] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5551'.
[  488.238772][T20714] loop3: detected capacity change from 0 to 32768
[  488.290071][T20714]  loop3: p1 p3 < >
[  488.312737][T20667] batman_adv: batadv0: Adding interface: batadv_slave_0
[  488.319752][T20667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.345738][T20667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  488.359311][T20667] batman_adv: batadv0: Adding interface: batadv_slave_1
[  488.366638][T20667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.392721][T20667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  488.446232][T20667] hsr_slave_0: entered promiscuous mode
[  488.458816][T20667] hsr_slave_1: entered promiscuous mode
[  488.465800][T20667] debugfs: 'hsr0' already exists in 'hsr'
[  488.471613][T20667] Cannot create hsr debugfs directory
[  488.535005][T20743] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5552'.
[  488.560545][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  488.671624][   T29] kauditd_printk_skb: 609 callbacks suppressed
[  488.671644][   T29] audit: type=1326 audit(1754790465.196:56457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.726057][T20748] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  488.733617][   T29] audit: type=1326 audit(1754790465.196:56458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.757475][   T29] audit: type=1326 audit(1754790465.196:56459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.781445][   T29] audit: type=1326 audit(1754790465.196:56460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.805102][   T29] audit: type=1326 audit(1754790465.196:56461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.829068][   T29] audit: type=1326 audit(1754790465.196:56462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.852961][   T29] audit: type=1326 audit(1754790465.196:56463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.876793][   T29] audit: type=1326 audit(1754790465.196:56464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.900541][   T29] audit: type=1326 audit(1754790465.196:56465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.924267][   T29] audit: type=1326 audit(1754790465.196:56466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20747 comm="syz.1.5553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  488.949418][   T10] IPVS: starting estimator thread 0...
[  489.012023][T20755] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5554'.
[  489.049359][T20752] IPVS: using max 2352 ests per chain, 117600 per kthread
[  489.094521][T20754] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5554'.
[  489.109054][T20760] netlink: 80 bytes leftover after parsing attributes in process `syz.1.5556'.
[  489.142603][T20760] loop1: detected capacity change from 0 to 4096
[  489.149419][T20760] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  489.276652][T20667] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  489.306466][T20667] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  489.343068][T20766] netlink: 'syz.2.5559': attribute type 1 has an invalid length.
[  489.350885][T20766] netlink: 'syz.2.5559': attribute type 4 has an invalid length.
[  489.358643][T20766] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.5559'.
[  489.381243][T20667] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  489.400755][T20667] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  489.419967][T20770] netlink: 'syz.3.5558': attribute type 13 has an invalid length.
[  489.475710][T20777] loop3: detected capacity change from 0 to 1024
[  489.475872][T20778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5561'.
[  489.532110][T20777] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  489.578367][T20787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5562'.
[  489.612106][T20667] 8021q: adding VLAN 0 to HW filter on device bond0
[  489.623928][T20667] 8021q: adding VLAN 0 to HW filter on device team0
[  489.642822][ T9537] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.649940][ T9537] bridge0: port 1(bridge_slave_0) entered forwarding state
[  489.692842][ T9537] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.699973][ T9537] bridge0: port 2(bridge_slave_1) entered forwarding state
[  489.748687][T20789] loop1: detected capacity change from 0 to 8192
[  489.789198][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.808720][T20800] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5567'.
[  489.900836][T20667] 8021q: adding VLAN 0 to HW filter on device batadv0
[  489.966648][T20821] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5568'.
[  490.069864][T20821] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.080351][T20821] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.152606][T20821] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.163077][T20821] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.251930][T20821] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.262340][T20821] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.358056][T20821] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.358102][T20821] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.412358][T20667] veth0_vlan: entered promiscuous mode
[  490.473182][T20667] veth1_vlan: entered promiscuous mode
[  490.487471][T20849] netlink: 'syz.3.5576': attribute type 13 has an invalid length.
[  490.521264][T20849] loop3: detected capacity change from 0 to 1024
[  490.528613][ T9537] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  490.536857][ T9537] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.550935][T20849] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  490.564615][ T9537] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  490.573027][ T9537] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.594427][T20667] veth0_macvtap: entered promiscuous mode
[  490.619481][ T9537] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  490.627981][ T9537] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  490.639410][ T9537] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  490.647704][ T9537] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  490.656821][T20667] veth1_macvtap: entered promiscuous mode
[  490.672546][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.687113][T20667] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.727613][T20667] batman_adv: batadv0: Interface activated: batadv_slave_1
[  490.752803][ T9485] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.774478][ T9485] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.816744][ T9482] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  490.873261][ T9482] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  490.909492][T20869] netlink: 'syz.0.5582': attribute type 1 has an invalid length.
[  490.909619][T20869] (unnamed net_device) (uninitialized): option mode: invalid value (115)
[  490.971607][T20869] batadv0: entered promiscuous mode
[  490.976909][T20869] batadv0: entered allmulticast mode
[  491.009694][T20884] loop3: detected capacity change from 0 to 8192
[  491.022263][T20882] 8021q: adding VLAN 0 to HW filter on device bond20
[  491.041044][T20889] vlan2: entered allmulticast mode
[  491.046223][T20889] bond20: entered allmulticast mode
[  491.269812][T20899] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  491.276820][   T10] IPVS: starting estimator thread 0...
[  491.388334][T20905] IPVS: using max 2016 ests per chain, 100800 per kthread
[  491.421289][T20911] loop1: detected capacity change from 0 to 512
[  491.460935][T20911] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  491.498036][T20911] ext4 filesystem being mounted at /444/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  491.648321][T20911] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  491.791544][T20925] 8021q: adding VLAN 0 to HW filter on device bond0
[  491.822793][T20925] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  491.948989][T20938] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  491.956161][ T3416] IPVS: starting estimator thread 0...
[  492.048432][T20945] IPVS: using max 2352 ests per chain, 117600 per kthread
[  492.109287][T20964] netlink: 'syz.4.5612': attribute type 1 has an invalid length.
[  492.126705][T20956] batadv1: entered promiscuous mode
[  492.132031][T20956] batadv1: entered allmulticast mode
[  492.216634][T20970] FAULT_INJECTION: forcing a failure.
[  492.216634][T20970] name failslab, interval 1, probability 0, space 0, times 0
[  492.229546][T20970] CPU: 0 UID: 0 PID: 20970 Comm: syz.0.5617 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  492.229582][T20970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  492.229645][T20970] Call Trace:
[  492.229655][T20970]  <TASK>
[  492.229675][T20970]  __dump_stack+0x1d/0x30
[  492.229701][T20970]  dump_stack_lvl+0xe8/0x140
[  492.229724][T20970]  dump_stack+0x15/0x1b
[  492.229788][T20970]  should_fail_ex+0x265/0x280
[  492.229816][T20970]  should_failslab+0x8c/0xb0
[  492.229848][T20970]  __kmalloc_noprof+0xa5/0x3e0
[  492.229885][T20970]  ? kobject_get_path+0x92/0x1c0
[  492.229929][T20970]  kobject_get_path+0x92/0x1c0
[  492.230027][T20970]  kobject_uevent_env+0x1da/0x570
[  492.230055][T20970]  kobject_uevent+0x1d/0x30
[  492.230078][T20970]  __kobject_del+0x88/0x190
[  492.230196][T20970]  kobject_put+0x127/0x190
[  492.230237][T20970]  netdev_queue_update_kobjects+0x45f/0x4d0
[  492.230287][T20970]  netif_set_real_num_tx_queues+0x1a1/0x4f0
[  492.230400][T20970]  __tun_detach+0x6c2/0xad0
[  492.230461][T20970]  __tun_chr_ioctl+0x880/0x14c0
[  492.230584][T20970]  ? __pfx_tun_chr_ioctl+0x10/0x10
[  492.230625][T20970]  tun_chr_ioctl+0x27/0x40
[  492.230665][T20970]  __se_sys_ioctl+0xce/0x140
[  492.230726][T20970]  __x64_sys_ioctl+0x43/0x50
[  492.230809][T20970]  x64_sys_call+0x1816/0x2ff0
[  492.230838][T20970]  do_syscall_64+0xd2/0x200
[  492.230873][T20970]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  492.230967][T20970]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  492.231001][T20970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.231031][T20970] RIP: 0033:0x7f0f111debe9
[  492.231118][T20970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.231144][T20970] RSP: 002b:00007f0f0fc47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  492.231170][T20970] RAX: ffffffffffffffda RBX: 00007f0f11405fa0 RCX: 00007f0f111debe9
[  492.231187][T20970] RDX: 0000200000000100 RSI: 00000000400454d9 RDI: 0000000000000008
[  492.231203][T20970] RBP: 00007f0f0fc47090 R08: 0000000000000000 R09: 0000000000000000
[  492.231219][T20970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  492.231235][T20970] R13: 00007f0f11406038 R14: 00007f0f11405fa0 R15: 00007ffe9f1f85e8
[  492.231262][T20970]  </TASK>
[  492.535959][T20977] loop4: detected capacity change from 0 to 512
[  492.549082][T20977] EXT4-fs (loop4): orphan cleanup on readonly fs
[  492.556524][T20979] loop2: detected capacity change from 0 to 512
[  492.570788][T20977] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5619: bg 0: block 248: padding at end of block bitmap is not set
[  492.588298][T20979] EXT4-fs (loop2): orphan cleanup on readonly fs
[  492.590018][T20977] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5619: Failed to acquire dquot type 1
[  492.614122][T20979] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.5620: bg 0: block 248: padding at end of block bitmap is not set
[  492.630175][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  492.640160][T20977] EXT4-fs (loop4): 1 truncate cleaned up
[  492.646184][T20979] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.5620: Failed to acquire dquot type 1
[  492.667422][T20977] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  492.682349][T20979] EXT4-fs (loop2): 1 truncate cleaned up
[  492.688919][T20979] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  492.730022][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  492.753451][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  492.800652][T20996] syzkaller1: entered promiscuous mode
[  492.806213][T20996] syzkaller1: entered allmulticast mode
[  492.979436][T21004] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.073675][T21010] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.105052][T21004] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.135797][T21010] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.154593][T21017] loop2: detected capacity change from 0 to 1024
[  493.176211][T21017] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  493.275145][T21004] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.299412][T21010] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.367263][T21004] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.400299][T21010] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.448833][T21032] __nla_validate_parse: 11 callbacks suppressed
[  493.448887][T21032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5637'.
[  493.482031][ T9492] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  493.502018][ T9492] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  493.524752][T21033] netlink: 3 bytes leftover after parsing attributes in process `syz.4.5637'.
[  493.566721][ T9492] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  493.591914][T21033] batadv1: entered promiscuous mode
[  493.597203][T21033] batadv1: entered allmulticast mode
[  493.645518][ T9492] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  493.661026][ T9492] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  493.676961][ T9492] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  493.691709][   T29] kauditd_printk_skb: 247 callbacks suppressed
[  493.691723][   T29] audit: type=1400 audit(1754790470.216:56710): avc:  denied  { read write } for  pid=13597 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  493.722805][   T29] audit: type=1400 audit(1754790470.216:56711): avc:  denied  { open } for  pid=13597 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  493.754636][ T9492] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  493.763131][ T9492] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  493.771564][   T29] audit: type=1400 audit(1754790470.276:56712): avc:  denied  { prog_run } for  pid=21029 comm="syz.2.5636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  493.790818][   T29] audit: type=1400 audit(1754790470.276:56713): avc:  denied  { ioctl } for  pid=13597 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=101 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  493.816726][   T29] audit: type=1400 audit(1754790470.296:56714): avc:  denied  { map_create } for  pid=21042 comm="syz.1.5640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  493.836286][   T29] audit: type=1400 audit(1754790470.296:56715): avc:  denied  { map_read map_write } for  pid=21042 comm="syz.1.5640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  493.882858][   T29] audit: type=1326 audit(1754790470.406:56716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21045 comm="syz.4.5642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  493.906778][   T29] audit: type=1326 audit(1754790470.406:56717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21045 comm="syz.4.5642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  493.927321][   T29] audit: type=1326 audit(1754790470.406:56718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21045 comm="syz.4.5642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  493.938858][T21030] wireguard1: entered promiscuous mode
[  493.955657][   T29] audit: type=1326 audit(1754790470.406:56719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21045 comm="syz.4.5642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  493.961078][T21030] wireguard1: entered allmulticast mode
[  494.045240][T21053] loop4: detected capacity change from 0 to 512
[  494.078000][T21053] EXT4-fs (loop4): orphan cleanup on readonly fs
[  494.085292][T21053] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5644: bg 0: block 248: padding at end of block bitmap is not set
[  494.100066][T21053] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5644: Failed to acquire dquot type 1
[  494.111992][T21053] EXT4-fs (loop4): 1 truncate cleaned up
[  494.118359][T21053] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  494.143707][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.156646][T21060] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5647'.
[  494.198121][T21060] 8021q: adding VLAN 0 to HW filter on device bond14
[  494.214715][T21065] loop4: detected capacity change from 0 to 1024
[  494.245958][T21065] EXT4-fs: Ignoring removed orlov option
[  494.255120][T21066] vlan2: entered allmulticast mode
[  494.260355][T21066] bond14: entered allmulticast mode
[  494.299327][T21065] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  494.405856][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.459974][T21073] netlink: 'syz.2.5652': attribute type 3 has an invalid length.
[  494.509936][T21083] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5657'.
[  494.571977][T21088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5659'.
[  494.602992][T21088] vlan2: entered allmulticast mode
[  494.608311][T21088] batadv_slave_0: entered allmulticast mode
[  494.622560][T21097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5662'.
[  494.725414][T21105] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  494.733897][T21103] loop3: detected capacity change from 0 to 1024
[  494.763408][T21110] netlink: 'syz.2.5666': attribute type 3 has an invalid length.
[  494.796588][T21103] EXT4-fs: Ignoring removed orlov option
[  494.916309][T21119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5670'.
[  494.955576][T21130] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5674'.
[  495.027576][T21126] loop3: detected capacity change from 0 to 8192
[  495.131879][T21142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5676'.
[  495.229891][T21146] netlink: 'syz.4.5679': attribute type 3 has an invalid length.
[  495.442149][T21158] loop2: detected capacity change from 0 to 1024
[  495.472932][T21164] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5687'.
[  495.487148][T21158] EXT4-fs: Ignoring removed orlov option
[  495.672216][T21175] syzkaller1: entered promiscuous mode
[  495.677907][T21175] syzkaller1: entered allmulticast mode
[  495.792761][T21190] netlink: 'syz.1.5694': attribute type 3 has an invalid length.
[  495.945181][T21199] loop1: detected capacity change from 0 to 1024
[  495.959633][T21199] EXT4-fs: Ignoring removed orlov option
[  495.993780][T21199] EXT4-fs mount: 4 callbacks suppressed
[  495.993801][T21199] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  496.022927][T21196] loop2: detected capacity change from 0 to 8192
[  496.030709][T21204] loop3: detected capacity change from 0 to 512
[  496.055321][T21204] EXT4-fs (loop3): orphan cleanup on readonly fs
[  496.063713][T21204] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5701: bg 0: block 248: padding at end of block bitmap is not set
[  496.148870][T21204] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5701: Failed to acquire dquot type 1
[  496.176408][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  496.202560][T21204] EXT4-fs (loop3): 1 truncate cleaned up
[  496.219293][T21204] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  496.279615][T21218] 8021q: adding VLAN 0 to HW filter on device bond18
[  496.302692][T21218] vlan1: entered allmulticast mode
[  496.307972][T21218] bond18: entered allmulticast mode
[  496.326225][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  496.477758][T21231] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  496.515351][T21235] netlink: 'syz.4.5710': attribute type 3 has an invalid length.
[  496.551803][T21237] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  496.560154][T21233] netlink: 'syz.0.5709': attribute type 1 has an invalid length.
[  496.583145][T21233] bond18: entered promiscuous mode
[  496.598453][T21233] 8021q: adding VLAN 0 to HW filter on device bond18
[  496.612847][T21233] batadv0: entered promiscuous mode
[  496.618150][T21233] batadv0: entered allmulticast mode
[  496.636474][T21240] loop4: detected capacity change from 0 to 512
[  496.650493][T21240] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  496.671300][T21240] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  496.797158][T21240] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  496.876701][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  496.941718][T21264] batadv10: entered promiscuous mode
[  496.947112][T21264] batadv10: entered allmulticast mode
[  496.974182][T21269] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  496.981761][T21269] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.998655][T21269] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  497.006113][T21269] batman_adv: batadv0: Removing interface: batadv_slave_1
[  497.035064][T21274] syzkaller1: entered promiscuous mode
[  497.040751][T21274] syzkaller1: entered allmulticast mode
[  497.060347][T21275] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.114096][T21275] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.126518][T21279] netlink: 'syz.1.5724': attribute type 1 has an invalid length.
[  497.158076][T21279] bond19: entered promiscuous mode
[  497.163671][T21279] 8021q: adding VLAN 0 to HW filter on device bond19
[  497.175072][T21283] netlink: 'syz.0.5725': attribute type 3 has an invalid length.
[  497.186421][T21279] batadv9: entered promiscuous mode
[  497.191729][T21279] batadv9: entered allmulticast mode
[  497.207945][T21275] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.243737][T21286] 8021q: adding VLAN 0 to HW filter on device bond20
[  497.257611][T21286] vlan1: entered allmulticast mode
[  497.262918][T21286] bond20: entered allmulticast mode
[  497.303099][T21275] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.435514][ T9545] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  497.488290][ T9545] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  497.508247][ T3397] IPVS: starting estimator thread 0...
[  497.532461][ T9545] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  497.558427][ T9545] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  497.595147][T21312] netlink: 'syz.0.5735': attribute type 1 has an invalid length.
[  497.608557][T21305] IPVS: using max 1920 ests per chain, 96000 per kthread
[  497.632102][T21312] bond19: entered promiscuous mode
[  497.642872][T21312] 8021q: adding VLAN 0 to HW filter on device bond19
[  497.897802][T21326] loop3: detected capacity change from 0 to 512
[  497.904352][T21325] loop1: detected capacity change from 0 to 1024
[  497.911344][T21325] EXT4-fs: Ignoring removed orlov option
[  497.918012][T21326] EXT4-fs (loop3): orphan cleanup on readonly fs
[  497.919883][T21325] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  497.935415][T21326] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5742: bg 0: block 248: padding at end of block bitmap is not set
[  497.957139][T21326] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5742: Failed to acquire dquot type 1
[  497.971092][T21326] EXT4-fs (loop3): 1 truncate cleaned up
[  497.977460][T21326] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  498.017388][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.210250][T21346] netlink: 'syz.3.5746': attribute type 3 has an invalid length.
[  498.261620][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.302249][T21348] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.350058][T21348] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.431598][T21348] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.490772][T21348] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.539178][T21363] __nla_validate_parse: 16 callbacks suppressed
[  498.539198][T21363] netlink: 80 bytes leftover after parsing attributes in process `syz.2.5751'.
[  498.573608][T21363] loop2: detected capacity change from 0 to 4096
[  498.576233][ T9527] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.580436][T21363] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  498.619404][ T9527] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.644492][ T9527] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.671137][ T9527] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  498.739210][ T3416] IPVS: starting estimator thread 0...
[  498.745258][   T29] kauditd_printk_skb: 506 callbacks suppressed
[  498.745272][   T29] audit: type=1326 audit(1754790475.266:57220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21370 comm="syz.3.5755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  498.775461][   T29] audit: type=1326 audit(1754790475.266:57221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21370 comm="syz.3.5755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  498.811199][T21380] netlink: 'syz.4.5759': attribute type 3 has an invalid length.
[  498.828418][T21382] IPVS: using max 2352 ests per chain, 117600 per kthread
[  498.852353][   T29] audit: type=1326 audit(1754790475.376:57222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.876056][   T29] audit: type=1326 audit(1754790475.376:57223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.899775][   T29] audit: type=1326 audit(1754790475.376:57224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.899851][   T29] audit: type=1326 audit(1754790475.376:57225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.899885][   T29] audit: type=1326 audit(1754790475.376:57226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.899941][   T29] audit: type=1326 audit(1754790475.376:57227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.899979][   T29] audit: type=1326 audit(1754790475.376:57228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.900131][   T29] audit: type=1326 audit(1754790475.376:57229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21386 comm="syz.4.5761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  498.949414][T21389] netlink: 'syz.0.5760': attribute type 1 has an invalid length.
[  498.969991][T21389] bond20: entered promiscuous mode
[  499.065968][T21393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5760'.
[  499.081595][T21389] 8021q: adding VLAN 0 to HW filter on device bond20
[  499.213310][T21409] loop1: detected capacity change from 0 to 1024
[  499.220722][T21409] EXT4-fs: Ignoring removed orlov option
[  499.240290][T21400] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  499.263364][T21409] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  499.431674][T21428] loop3: detected capacity change from 0 to 1024
[  499.439881][T21428] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  499.450984][T21428] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  499.461446][T21430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5776'.
[  499.477663][T21430] 8021q: adding VLAN 0 to HW filter on device bond21
[  499.485407][T21428] JBD2: no valid journal superblock found
[  499.491202][T21428] EXT4-fs (loop3): Could not load journal inode
[  499.497861][T21430] vlan2: entered allmulticast mode
[  499.503106][T21430] bond21: entered allmulticast mode
[  499.511166][T21428] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  499.651834][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  499.735237][T21438] netlink: 'syz.0.5779': attribute type 3 has an invalid length.
[  499.843173][T21451] loop1: detected capacity change from 0 to 512
[  499.871462][T21451] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  499.884233][T21455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5783'.
[  499.908431][T21451] ext4 filesystem being mounted at /488/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  499.973092][T21451] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  500.005360][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  500.012628][T21459] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5785'.
[  500.099477][T21467] loop1: detected capacity change from 0 to 1024
[  500.117921][T21467] EXT4-fs: Ignoring removed orlov option
[  500.134103][T21467] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  500.175118][T21469] loop2: detected capacity change from 0 to 8192
[  500.358600][T21488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5795'.
[  500.438804][T21492] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5797'.
[  500.452922][T21490] loop3: detected capacity change from 0 to 512
[  500.466391][T21490] EXT4-fs (loop3): orphan cleanup on readonly fs
[  500.482311][T21490] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5796: bg 0: block 248: padding at end of block bitmap is not set
[  500.501726][T21490] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5796: Failed to acquire dquot type 1
[  500.514327][T21490] EXT4-fs (loop3): 1 truncate cleaned up
[  500.523329][T21490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  500.577123][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  500.618960][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  500.706902][T21504] loop1: detected capacity change from 0 to 1024
[  500.734998][T21504] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  500.866985][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  500.934635][T21522] loop3: detected capacity change from 0 to 1024
[  500.953584][T21522] ext4: Unknown parameter 'nouser_xattr'
[  500.974518][T21527] loop1: detected capacity change from 0 to 512
[  501.044003][T21527] EXT4-fs (loop1): orphan cleanup on readonly fs
[  501.057224][T21527] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.5811: bg 0: block 248: padding at end of block bitmap is not set
[  501.077192][T21527] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.5811: Failed to acquire dquot type 1
[  501.093262][T21527] EXT4-fs (loop1): 1 truncate cleaned up
[  501.108843][T21527] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  501.156247][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  501.170945][T21538] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5815'.
[  501.238746][T21545] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5817'.
[  501.435732][T21575] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5829'.
[  501.633439][T21591] netlink: 'syz.0.5836': attribute type 27 has an invalid length.
[  501.663421][T21591] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.670699][T21591] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.720565][T21597] loop2: detected capacity change from 0 to 4096
[  501.731110][T21591] vxlan0: left promiscuous mode
[  501.739526][T21597] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  501.758678][T21591] bond1: left promiscuous mode
[  501.763951][T21591] batadv1: left promiscuous mode
[  501.769213][T21591] batadv1: left allmulticast mode
[  501.774868][T21591] bond2: left promiscuous mode
[  501.783634][T21591] batadv2: left promiscuous mode
[  501.791064][T21591] batadv2: left allmulticast mode
[  501.796749][T21591] bond3: left promiscuous mode
[  501.802554][T21591] batadv3: left promiscuous mode
[  501.807561][T21591] batadv3: left allmulticast mode
[  501.813499][T21591] bond4: left promiscuous mode
[  501.819505][T21591] batadv4: left promiscuous mode
[  501.824620][T21591] batadv4: left allmulticast mode
[  501.830690][T21591] bond5: left promiscuous mode
[  501.839310][T21591] batadv5: left promiscuous mode
[  501.844337][T21591] batadv5: left allmulticast mode
[  501.850279][T21591] bond6: left promiscuous mode
[  501.856116][T21591] batadv6: left promiscuous mode
[  501.861171][T21591] batadv6: left allmulticast mode
[  501.888606][T21591] bond7: left promiscuous mode
[  501.894554][T21591] batadv7: left promiscuous mode
[  501.899660][T21591] batadv7: left allmulticast mode
[  501.915588][T21591] bond8: left promiscuous mode
[  501.926750][T21591] bond9: left promiscuous mode
[  501.933347][T21591] bond10: left promiscuous mode
[  501.939299][T21591] batadv8: left promiscuous mode
[  501.944290][T21591] batadv8: left allmulticast mode
[  501.953595][T21591] bond13: left promiscuous mode
[  501.966126][T21591] batadv9: left promiscuous mode
[  501.971163][T21591] batadv9: left allmulticast mode
[  501.988802][T21591] bond14: left promiscuous mode
[  502.006178][T21591] bond17: left promiscuous mode
[  502.020260][T21591] bond18: left promiscuous mode
[  502.035471][T21591] bond19: left promiscuous mode
[  502.048993][T21591] bond20: left promiscuous mode
[  502.066171][ T9534] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  502.074847][ T9534] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.105380][ T9534] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  502.113835][ T9534] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.142755][ T9534] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  502.151276][ T9534] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.160118][ T9534] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  502.168710][ T9534] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.224949][T21623] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.320581][T21623] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.370202][T21623] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.432102][T21623] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.501515][ T9516] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  502.516809][ T9527] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  502.551964][ T9527] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  502.562098][ T9527] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.667056][T21654] loop4: detected capacity change from 0 to 512
[  502.713620][T21654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  502.751722][T21657] loop1: detected capacity change from 0 to 4096
[  502.779297][T21654] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  502.799239][T21657] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  502.846052][T21654] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  502.872462][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.098914][T21679] 9pnet_fd: Insufficient options for proto=fd
[  503.519109][T21694] netlink: 'syz.1.5874': attribute type 3 has an invalid length.
[  503.623336][T21697] __nla_validate_parse: 10 callbacks suppressed
[  503.623356][T21697] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5875'.
[  503.720070][T21697] bond16: (slave batadv0): Releasing backup interface
[  503.749310][T21705] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5877'.
[  503.885447][   T29] kauditd_printk_skb: 266 callbacks suppressed
[  503.885463][   T29] audit: type=1326 audit(1754790480.406:57492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  503.940833][T21711] loop4: detected capacity change from 0 to 1024
[  503.947856][T21711] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  503.959041][T21711] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  503.978216][   T29] audit: type=1326 audit(1754790480.406:57493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.001951][   T29] audit: type=1326 audit(1754790480.406:57494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.025555][   T29] audit: type=1326 audit(1754790480.446:57495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.049335][   T29] audit: type=1326 audit(1754790480.446:57496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.073195][   T29] audit: type=1326 audit(1754790480.446:57497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.074795][T21711] JBD2: no valid journal superblock found
[  504.097493][   T29] audit: type=1326 audit(1754790480.446:57498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.102550][T21711] EXT4-fs (loop4): Could not load journal inode
[  504.126159][   T29] audit: type=1326 audit(1754790480.446:57499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.156148][   T29] audit: type=1326 audit(1754790480.446:57500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.179833][   T29] audit: type=1326 audit(1754790480.446:57501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21708 comm="syz.1.5879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b881ebe9 code=0x7ffc0000
[  504.254687][T21716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5880'.
[  504.259299][T21719] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5881'.
[  504.290060][T21707] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  504.297747][T21716] 8021q: adding VLAN 0 to HW filter on device bond21
[  504.327921][T21716] vlan0: entered allmulticast mode
[  504.333208][T21716] bond21: entered allmulticast mode
[  504.460234][T21730] netlink: 'syz.0.5885': attribute type 3 has an invalid length.
[  504.725959][T21750] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.820560][T21750] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.920144][T21750] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.947407][T21769] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  504.993474][T21750] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.021966][T21771] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  505.030289][T21774] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5906'.
[  505.038576][T21779] loop3: detected capacity change from 0 to 512
[  505.055951][T21779] EXT4-fs (loop3): orphan cleanup on readonly fs
[  505.068140][T21779] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5908: bg 0: block 248: padding at end of block bitmap is not set
[  505.080135][ T9497] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  505.091041][T21779] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5908: Failed to acquire dquot type 1
[  505.111517][T21783] netlink: 'syz.0.5905': attribute type 21 has an invalid length.
[  505.124843][ T9497] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  505.134242][T21779] EXT4-fs (loop3): 1 truncate cleaned up
[  505.134494][T21783] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5905'.
[  505.149363][T21783] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5905'.
[  505.178615][T21789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5910'.
[  505.195596][ T9497] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  505.210324][T21779] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  505.232387][ T9497] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  505.300134][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  505.429181][T21800] loop4: detected capacity change from 0 to 8192
[  505.530364][T21816] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5920'.
[  505.658404][ T9527] bridge_slave_1: left allmulticast mode
[  505.664123][ T9527] bridge_slave_1: left promiscuous mode
[  505.669947][ T9527] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.690142][ T9527] bridge_slave_0: left promiscuous mode
[  505.695912][ T9527] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.798664][T21832] loop2: detected capacity change from 0 to 1024
[  505.805436][T21832] EXT4-fs: Ignoring removed orlov option
[  505.831098][ T9527] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  505.833958][T21832] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  505.857466][ T9527] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  505.890005][ T9527] bond0 (unregistering): Released all slaves
[  505.918057][ T9527] bond1 (unregistering): Released all slaves
[  505.937386][ T9527] bond2 (unregistering): (slave batadv2): Releasing active interface
[  505.959597][ T9527] bond2 (unregistering): Released all slaves
[  505.994636][ T9527] bond3 (unregistering): (slave batadv3): Releasing active interface
[  506.012188][T21843] loop3: detected capacity change from 0 to 1024
[  506.019006][ T9527] bond3 (unregistering): Released all slaves
[  506.029081][ T9527] bond4 (unregistering): (slave batadv4): Releasing active interface
[  506.038016][ T9527] bond4 (unregistering): Released all slaves
[  506.043031][T21843] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  506.102539][ T9527] bond5 (unregistering): (slave batadv5): Releasing backup interface
[  506.132076][ T9527] bond5 (unregistering): Released all slaves
[  506.141744][ T9527] bond6 (unregistering): (slave batadv6): Releasing active interface
[  506.165938][ T9527] bond6 (unregistering): Released all slaves
[  506.186466][ T9527] bond7 (unregistering): (slave batadv7): Releasing active interface
[  506.198887][ T9527] bond7 (unregistering): Released all slaves
[  506.208141][ T9527] bond8 (unregistering): Released all slaves
[  506.218946][ T9527] bond9 (unregistering): Released all slaves
[  506.238721][ T9527] bond10 (unregistering): (slave batadv8): Releasing active interface
[  506.259693][ T9527] bond10 (unregistering): Released all slaves
[  506.279139][ T9527] bond11 (unregistering): Released all slaves
[  506.291008][ T9527] bond12 (unregistering): Released all slaves
[  506.310355][ T9527] bond13 (unregistering): Released all slaves
[  506.329442][ T9527] bond14 (unregistering): Released all slaves
[  506.348943][ T9527] bond15 (unregistering): Released all slaves
[  506.357269][ T9527] bond16 (unregistering): Released all slaves
[  506.379619][ T9527] bond17 (unregistering): Released all slaves
[  506.389297][ T9527] bond18 (unregistering): Released all slaves
[  506.404937][ T9527] bond19 (unregistering): Released all slaves
[  506.413526][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  506.416990][ T9527] bond20 (unregistering): Released all slaves
[  506.429028][T21855] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5931'.
[  506.432353][ T9527] bond21 (unregistering): Released all slaves
[  506.498889][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  506.671258][T21806] chnl_net:caif_netlink_parms(): no params data found
[  506.720213][ T9527] hsr_slave_0: left promiscuous mode
[  506.728990][ T9527] hsr_slave_1: left promiscuous mode
[  506.831538][T21878] loop3: detected capacity change from 0 to 1024
[  506.885619][T21878] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  506.944889][T21806] bridge0: port 1(bridge_slave_0) entered blocking state
[  506.952388][T21806] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.977159][T21806] bridge_slave_0: entered allmulticast mode
[  506.984065][T21806] bridge_slave_0: entered promiscuous mode
[  507.006578][T21806] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.013702][T21806] bridge0: port 2(bridge_slave_1) entered disabled state
[  507.021587][T21806] bridge_slave_1: entered allmulticast mode
[  507.032344][T21806] bridge_slave_1: entered promiscuous mode
[  507.088932][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  507.102351][T21806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  507.125934][T21806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  507.180195][T21806] team0: Port device team_slave_0 added
[  507.209572][T21806] team0: Port device team_slave_1 added
[  507.253598][T21913] loop4: detected capacity change from 0 to 512
[  507.263062][T21806] batman_adv: batadv0: Adding interface: batadv_slave_0
[  507.270192][T21806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.296299][T21806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  507.327660][T21806] batman_adv: batadv0: Adding interface: batadv_slave_1
[  507.334682][T21806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.361198][T21806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  507.382468][T21917] loop2: detected capacity change from 0 to 1024
[  507.394375][T21913] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  507.408801][T21917] EXT4-fs: Ignoring removed orlov option
[  507.414924][T21913] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  507.429734][T21917] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  507.463126][T21806] hsr_slave_0: entered promiscuous mode
[  507.477382][T21806] hsr_slave_1: entered promiscuous mode
[  507.488489][T21806] debugfs: 'hsr0' already exists in 'hsr'
[  507.494385][T21806] Cannot create hsr debugfs directory
[  507.513555][T21913] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  507.601634][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  507.640890][ T9527] IPVS: stop unused estimator thread 0...
[  507.702737][T21935] loop3: detected capacity change from 0 to 1024
[  507.738218][T21935] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  507.749498][T21935] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  507.782422][T21934] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  507.804313][T21935] JBD2: no valid journal superblock found
[  507.810249][T21935] EXT4-fs (loop3): Could not load journal inode
[  507.917033][T21925] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  507.974484][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  508.116583][T21806] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  508.148404][T21806] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  508.173684][T21941] Set syz1 is full, maxelem 65536 reached
[  508.189479][T21806] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  508.228502][T21806] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  508.345739][T21806] 8021q: adding VLAN 0 to HW filter on device bond0
[  508.371258][T21968] loop1: detected capacity change from 0 to 512
[  508.382506][T21966] loop2: detected capacity change from 0 to 512
[  508.385595][T21806] 8021q: adding VLAN 0 to HW filter on device team0
[  508.406083][ T9527] bridge0: port 1(bridge_slave_0) entered blocking state
[  508.413210][ T9527] bridge0: port 1(bridge_slave_0) entered forwarding state
[  508.430720][ T9527] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.437828][ T9527] bridge0: port 2(bridge_slave_1) entered forwarding state
[  508.449510][T21966] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  508.469234][T21968] EXT4-fs (loop1): too many log groups per flexible block group
[  508.477018][T21968] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  508.484069][T21968] EXT4-fs (loop1): mount failed
[  508.491827][T21966] ext4 filesystem being mounted at /580/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  508.600601][T21966] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  508.712030][T12042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  508.730581][T21806] 8021q: adding VLAN 0 to HW filter on device batadv0
[  508.761300][T21996] __nla_validate_parse: 5 callbacks suppressed
[  508.761392][T21996] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5973'.
[  508.890148][T21806] veth0_vlan: entered promiscuous mode
[  508.913431][T21806] veth1_vlan: entered promiscuous mode
[  508.938958][T22011] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5974'.
[  508.975785][T21806] veth0_macvtap: entered promiscuous mode
[  509.000053][T21806] veth1_macvtap: entered promiscuous mode
[  509.029916][T21806] batman_adv: batadv0: Interface activated: batadv_slave_0
[  509.039605][T21806] batman_adv: batadv0: Interface activated: batadv_slave_1
[  509.049272][ T9534] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  509.069636][ T9534] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  509.069791][   T29] kauditd_printk_skb: 318 callbacks suppressed
[  509.069809][   T29] audit: type=1326 audit(1754790485.596:57818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.100773][ T9534] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  509.108536][   T29] audit: type=1326 audit(1754790485.596:57819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.123827][ T9534] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  509.141879][   T29] audit: type=1326 audit(1754790485.606:57820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.173250][   T29] audit: type=1326 audit(1754790485.606:57821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.196901][   T29] audit: type=1326 audit(1754790485.606:57822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.220793][   T29] audit: type=1326 audit(1754790485.606:57823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.244418][   T29] audit: type=1326 audit(1754790485.606:57824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.268048][   T29] audit: type=1326 audit(1754790485.606:57825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.292265][   T29] audit: type=1326 audit(1754790485.606:57826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.316039][   T29] audit: type=1326 audit(1754790485.606:57827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22023 comm="syz.4.5977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d37bebe9 code=0x7ffc0000
[  509.606798][T22041] loop1: detected capacity change from 0 to 4096
[  509.634209][T22027] Set syz1 is full, maxelem 65536 reached
[  509.641078][T22041] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  509.703864][T22052] loop4: detected capacity change from 0 to 1024
[  509.711963][T22052] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  509.725468][T22052] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  509.736909][T22052] JBD2: no valid journal superblock found
[  509.742767][T22052] EXT4-fs (loop4): Could not load journal inode
[  509.767033][T22046] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  509.908521][T22077] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  509.996593][T22086] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  510.167407][T22106] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6008'.
[  510.191599][T22099] loop1: detected capacity change from 0 to 1024
[  510.236682][T22099] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  510.247775][T22099] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  510.274512][T22099] JBD2: no valid journal superblock found
[  510.280483][T22099] EXT4-fs (loop1): Could not load journal inode
[  510.297764][T22120] netlink: 76 bytes leftover after parsing attributes in process `syz.2.6012'.
[  510.298488][T22099] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  510.387079][T22132] netlink: 9 bytes leftover after parsing attributes in process `syz.3.6013'.
[  510.413445][T22132] gretap0: entered promiscuous mode
[  510.438123][T22132] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6013'.
[  510.475036][T22132] 0ªX¹¦D: renamed from gretap0
[  510.494349][T22144] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22144 comm=syz.3.6013
[  510.518474][T22132] 0ªX¹¦D: left promiscuous mode
[  510.523386][T22132] 0ªX¹¦D: entered allmulticast mode
[  510.559970][T22132] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  510.595200][T22148] netlink: 'syz.2.6015': attribute type 3 has an invalid length.
[  510.648472][T22155] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  510.897452][T22170] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6023'.
[  511.253494][T22188] netlink: 'syz.0.6028': attribute type 3 has an invalid length.
[  511.515873][ T3398] IPVS: starting estimator thread 0...
[  511.522874][T22193] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  511.668550][T22195] IPVS: using max 2016 ests per chain, 100800 per kthread
[  511.686655][T22199] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  511.807483][T22212] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6038'.
[  511.844504][T22216] netlink: 76 bytes leftover after parsing attributes in process `syz.2.6040'.
[  511.950095][T22228] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6041'.
[  512.134624][T22242] loop3: detected capacity change from 0 to 512
[  512.142522][T22242] EXT4-fs (loop3): orphan cleanup on readonly fs
[  512.149583][T22242] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6047: bg 0: block 248: padding at end of block bitmap is not set
[  512.168388][T22242] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.6047: Failed to acquire dquot type 1
[  512.189107][T22242] EXT4-fs (loop3): 1 truncate cleaned up
[  512.195420][T22242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  512.210757][T22247] netlink: 'syz.1.6049': attribute type 3 has an invalid length.
[  512.244560][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  512.276004][T22257] loop3: detected capacity change from 0 to 512
[  512.300255][T22257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  512.315944][T22257] ext4 filesystem being mounted at /597/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  512.334460][T22257] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  512.436658][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  512.484479][T22240] chnl_net:caif_netlink_parms(): no params data found
[  512.582605][T22240] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.589603][T22289] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  512.589971][T22240] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.604204][T22240] bridge_slave_0: entered allmulticast mode
[  512.611739][T22240] bridge_slave_0: entered promiscuous mode
[  512.619084][T22240] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.626273][T22240] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.633795][T22240] bridge_slave_1: entered allmulticast mode
[  512.640388][T22240] bridge_slave_1: entered promiscuous mode
[  512.665813][T22240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  512.676890][T22240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  512.712330][T22240] team0: Port device team_slave_0 added
[  512.720671][T22240] team0: Port device team_slave_1 added
[  512.742073][T22240] batman_adv: batadv0: Adding interface: batadv_slave_0
[  512.749106][T22240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  512.775159][T22240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  512.787146][T22240] batman_adv: batadv0: Adding interface: batadv_slave_1
[  512.794252][T22240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  512.820237][T22240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  512.847909][T22296] loop3: detected capacity change from 0 to 512
[  512.856173][T22296] EXT4-fs (loop3): orphan cleanup on readonly fs
[  512.863208][T22296] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6061: bg 0: block 248: padding at end of block bitmap is not set
[  512.877900][T22296] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.6061: Failed to acquire dquot type 1
[  512.889716][T22296] EXT4-fs (loop3): 1 truncate cleaned up
[  512.897993][T22240] hsr_slave_0: entered promiscuous mode
[  512.907227][T22296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  512.920179][T22240] hsr_slave_1: entered promiscuous mode
[  512.926258][T22240] debugfs: 'hsr0' already exists in 'hsr'
[  512.932063][T22240] Cannot create hsr debugfs directory
[  512.939008][T12766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  513.144063][T22314] netlink: 'syz.4.6068': attribute type 1 has an invalid length.
[  513.158441][T22314] bond1: entered promiscuous mode
[  513.169586][T22314] 8021q: adding VLAN 0 to HW filter on device bond1
[  513.260208][T22340] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  513.468852][T22358] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  513.584775][T22365] netlink: 'syz.0.6084': attribute type 1 has an invalid length.
[  513.703786][T22387] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.798480][T22387] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.824666][T22240] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  513.846079][T22240] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  513.850817][T22240] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  513.853682][T22240] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  513.912571][T22387] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.953463][T22401] __nla_validate_parse: 6 callbacks suppressed
[  513.953484][T22401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6092'.
[  514.001090][T22387] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.054902][ T9488] bridge_slave_1: left allmulticast mode
[  514.060997][ T9488] bridge_slave_1: left promiscuous mode
[  514.066906][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.198519][T22405] loop1: detected capacity change from 0 to 8192
[  514.233846][ T9488] bridge_slave_0: left allmulticast mode
[  514.239667][ T9488] bridge_slave_0: left promiscuous mode
[  514.245425][ T9488] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.414439][ T9488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  514.457210][ T9488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  514.492583][ T9488] bond0 (unregistering): Released all slaves
[  514.506450][ T9488] bond1 (unregistering): (slave batadv1): Releasing active interface
[  514.516384][ T9488] bond1 (unregistering): Released all slaves
[  514.529314][ T9488] bond2 (unregistering): Released all slaves
[  514.531424][   T29] kauditd_printk_skb: 591 callbacks suppressed
[  514.531443][   T29] audit: type=1326 audit(1754790491.056:58415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.566198][ T9488] bond3 (unregistering): (slave batadv2): Releasing active interface
[  514.599005][ T9488] bond3 (unregistering): Released all slaves
[  514.609358][   T29] audit: type=1326 audit(1754790491.096:58416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.633156][   T29] audit: type=1326 audit(1754790491.096:58417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.657204][   T29] audit: type=1326 audit(1754790491.106:58418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.680977][   T29] audit: type=1326 audit(1754790491.106:58419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.704667][   T29] audit: type=1326 audit(1754790491.106:58420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.728408][   T29] audit: type=1326 audit(1754790491.106:58421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.751975][   T29] audit: type=1326 audit(1754790491.106:58422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.775680][   T29] audit: type=1326 audit(1754790491.106:58423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.799605][   T29] audit: type=1326 audit(1754790491.106:58424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22411 comm="syz.3.6096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae837cebe9 code=0x7ffc0000
[  514.824014][ T9488] bond4 (unregistering): (slave batadv3): Releasing active interface
[  514.834893][ T9488] bond4 (unregistering): Released all slaves
[  514.844311][ T9488] bond5 (unregistering): (slave batadv4): Releasing active interface
[  514.854131][ T9488] bond5 (unregistering): Released all slaves
[  514.864845][ T9488] bond6 (unregistering): (slave batadv5): Releasing active interface
[  514.874009][ T9488] bond6 (unregistering): Released all slaves
[  514.887688][ T9488] bond7 (unregistering): (slave batadv6): Releasing active interface
[  514.896687][ T9488] bond7 (unregistering): Released all slaves
[  514.907971][ T9488] bond8 (unregistering): (slave batadv7): Releasing active interface
[  514.945208][ T9488] bond8 (unregistering): Released all slaves
[  514.956093][ T9488] bond9 (unregistering): (slave batadv8): Releasing active interface
[  514.965234][ T9488] bond9 (unregistering): Released all slaves
[  514.974625][ T9488] bond10 (unregistering): (slave batadv9): Releasing active interface
[  514.984616][ T9488] bond10 (unregistering): Released all slaves
[  514.994145][ T9488] bond11 (unregistering): (slave batadv10): Releasing active interface
[  515.003450][ T9488] bond11 (unregistering): Released all slaves
[  515.012711][ T9488] bond12 (unregistering): Released all slaves
[  515.023664][ T9488] bond13 (unregistering): Released all slaves
[  515.032860][ T9488] bond14 (unregistering): (slave batadv11): Releasing active interface
[  515.045983][ T9488] bond14 (unregistering): Released all slaves
[  515.060232][ T9488] bond15 (unregistering): Released all slaves
[  515.069271][ T9488] bond16 (unregistering): Released all slaves
[  515.077839][ T9488] bond17 (unregistering): Released all slaves
[  515.086793][ T9488] bond18 (unregistering): Released all slaves
[  515.096021][ T9488] bond19 (unregistering): Released all slaves
[  515.104702][ T9488] bond20 (unregistering): Released all slaves
[  515.114421][ T9488] bond21 (unregistering): Released all slaves
[  515.136360][T22240] 8021q: adding VLAN 0 to HW filter on device bond0
[  515.156618][ T3703] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  515.173807][T22240] 8021q: adding VLAN 0 to HW filter on device team0
[  515.202072][ T3703] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  515.213079][ T9533] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.220201][ T9533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  515.250249][ T9493] bridge0: port 2(bridge_slave_1) entered blocking state
[  515.257380][ T9493] bridge0: port 2(bridge_slave_1) entered forwarding state
[  515.298236][ T3703] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  515.306498][ T3703] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  515.327346][T22431] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6101'.
[  515.357333][T22240] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  515.367817][T22240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  515.407821][T22439] loop3: detected capacity change from 0 to 1024
[  515.442270][ T9488] hsr_slave_0: left promiscuous mode
[  515.449890][ T9488] hsr_slave_1: left promiscuous mode
[  515.453028][T22441] loop4: detected capacity change from 0 to 512
[  515.462297][T22439] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  515.473240][T22439] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  515.509247][T22441] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  515.537811][T22439] JBD2: no valid journal superblock found
[  515.543757][T22439] EXT4-fs (loop3): Could not load journal inode
[  515.568400][T22428] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  515.755967][T22240] 8021q: adding VLAN 0 to HW filter on device batadv0
[  515.795806][T22459] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6111'.
[  515.940251][T22240] veth0_vlan: entered promiscuous mode
[  515.977074][T22240] veth1_vlan: entered promiscuous mode
[  515.983088][T22472] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6114'.
[  516.060529][T22240] veth0_macvtap: entered promiscuous mode
[  516.091762][T22480] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.135566][T22240] veth1_macvtap: entered promiscuous mode
[  516.138826][T22487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6120'.
[  516.161135][T22240] batman_adv: batadv0: Interface activated: batadv_slave_0
[  516.174210][T22480] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.217300][T22240] batman_adv: batadv0: Interface activated: batadv_slave_1
[  516.243068][T22490] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6122'.
[  516.269963][T22480] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.325281][ T9509] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  516.340613][T22480] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.393848][ T9509] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  516.428301][ T9509] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  516.438703][ T9488] IPVS: stop unused estimator thread 0...
[  516.456725][ T9509] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  516.582013][T22517] netlink: 'syz.1.6133': attribute type 1 has an invalid length.
[  516.632393][T22520] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6133'.
[  516.654257][T22517] bond21: entered promiscuous mode
[  516.664941][T22517] 8021q: adding VLAN 0 to HW filter on device bond21
[  516.741435][ T9488] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.820158][ T9488] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.910208][ T9488] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.938613][T22531] loop1: detected capacity change from 0 to 8192
[  516.951712][T22542] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  516.995025][ T9488] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.090471][ T9488] bridge_slave_1: left allmulticast mode
[  517.096185][ T9488] bridge_slave_1: left promiscuous mode
[  517.102034][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.117481][ T9488] bridge_slave_0: left allmulticast mode
[  517.123260][ T9488] bridge_slave_0: left promiscuous mode
[  517.129002][ T9488] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.233154][T22552] loop2: detected capacity change from 0 to 1024
[  517.258298][ T9488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  517.289043][T22552] EXT4-fs: Ignoring removed orlov option
[  517.298680][ T9488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  517.321356][T22552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  517.328865][ T9488] bond0 (unregistering): Released all slaves
[  517.384698][ T9488] bond1 (unregistering): (slave batadv1): Releasing active interface
[  517.394206][ T9488] bond1 (unregistering): Released all slaves
[  517.403850][ T9488] bond2 (unregistering): (slave batadv2): Releasing active interface
[  517.413558][ T9488] bond2 (unregistering): Released all slaves
[  517.423109][ T9488] bond3 (unregistering): Released all slaves
[  517.432620][ T9488] bond4 (unregistering): (slave batadv4): Releasing active interface
[  517.442689][ T9488] bond4 (unregistering): Released all slaves
[  517.452138][ T9488] bond5 (unregistering): (slave batadv5): Releasing active interface
[  517.461476][ T9488] bond5 (unregistering): Released all slaves
[  517.471845][ T9488] bond6 (unregistering): (slave batadv6): Releasing active interface
[  517.485934][ T9488] bond6 (unregistering): Released all slaves
[  517.497004][ T9488] bond7 (unregistering): (slave batadv7): Releasing active interface
[  517.522848][ T9488] bond7 (unregistering): Released all slaves
[  517.539184][ T9488] bond8 (unregistering): (slave batadv8): Releasing active interface
[  517.548853][ T9488] bond8 (unregistering): Released all slaves
[  517.559836][ T9488] bond9 (unregistering): Released all slaves
[  517.576969][ T9488] bond10 (unregistering): Released all slaves
[  517.599613][ T9488] bond11 (unregistering): Released all slaves
[  517.613095][ T9488] bond12 (unregistering): Released all slaves
[  517.625420][ T9488] bond13 (unregistering): Released all slaves
[  517.638578][ T9488] bond14 (unregistering): Released all slaves
[  517.686817][T22521] chnl_net:caif_netlink_parms(): no params data found
[  517.766652][T22562] netlink: 'syz.1.6146': attribute type 1 has an invalid length.
[  517.807965][T22562] bond22: entered promiscuous mode
[  517.821026][T22562] 8021q: adding VLAN 0 to HW filter on device bond22
[  517.841899][T22562] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6146'.
[  517.865994][ T9488] hsr_slave_0: left promiscuous mode
[  517.871938][ T9488] hsr_slave_1: left promiscuous mode
[  517.886060][ T9488] veth1_macvtap: left promiscuous mode
[  517.891692][ T9488] veth0_macvtap: left promiscuous mode
[  517.897335][ T9488] veth1_vlan: left promiscuous mode
[  517.907923][T22240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  517.923259][ T9488] veth0_vlan: left promiscuous mode
[  518.077367][T22572] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  518.104141][T22521] bridge0: port 1(bridge_slave_0) entered blocking state
[  518.111397][T22521] bridge0: port 1(bridge_slave_0) entered disabled state
[  518.120207][T22578] netlink: 'syz.1.6151': attribute type 3 has an invalid length.
[  518.128769][T22521] bridge_slave_0: entered allmulticast mode
[  518.135446][T22521] bridge_slave_0: entered promiscuous mode
[  518.146935][T22521] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.154053][T22521] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.161576][T22521] bridge_slave_1: entered allmulticast mode
[  518.168044][T22521] bridge_slave_1: entered promiscuous mode
[  518.200468][T22521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  518.218930][T22521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.252180][T22521] team0: Port device team_slave_0 added
[  518.255727][T22586] loop2: detected capacity change from 0 to 512
[  518.269708][T22521] team0: Port device team_slave_1 added
[  518.292460][T22521] batman_adv: batadv0: Adding interface: batadv_slave_0
[  518.292477][T22521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  518.292567][T22521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  518.293248][T22521] batman_adv: batadv0: Adding interface: batadv_slave_1
[  518.293263][T22521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  518.293332][T22521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  518.302627][T22586] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  518.302692][T22586] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  518.334306][T22586] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  518.437103][T22521] hsr_slave_0: entered promiscuous mode
[  518.451036][T22521] hsr_slave_1: entered promiscuous mode
[  518.463895][T22240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  518.529118][T22602] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.548940][T22598] netlink: 'syz.1.6159': attribute type 1 has an invalid length.
[  518.572262][T22598] bond23: entered promiscuous mode
[  518.577755][T22598] 8021q: adding VLAN 0 to HW filter on device bond23
[  518.599356][T22598] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6159'.
[  518.772353][T22602] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.809259][ T9509] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  518.841033][T22602] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.880926][ T9509] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  518.891177][ T9488] IPVS: stop unused estimator thread 0...
[  518.897127][ T9509] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  518.905599][ T9509] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  518.927341][T22618] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.949165][T22620] loop4: detected capacity change from 0 to 512
[  518.957079][T22620] EXT4-fs (loop4): orphan cleanup on readonly fs
[  518.964429][T22620] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6168: bg 0: block 248: padding at end of block bitmap is not set
[  518.977731][T22623] loop1: detected capacity change from 0 to 512
[  518.979640][T22620] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.6168: Failed to acquire dquot type 1
[  518.997415][T22620] EXT4-fs (loop4): 1 truncate cleaned up
[  519.003643][T22623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  519.004621][T22602] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.023296][T22620] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  519.026906][T22623] ext4 filesystem being mounted at /565/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  519.061548][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.080239][T22618] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.090986][T22623] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  519.134322][ T9488] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  519.149326][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.160230][T22618] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.182685][ T9488] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  519.218551][T22618] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.231179][ T9488] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  519.239748][T22521] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  519.265437][ T9488] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  519.265900][T22637] netlink: 76 bytes leftover after parsing attributes in process `syz.4.6175'.
[  519.282861][T22521] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  519.304738][ T9488] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  519.314721][T22521] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  519.330613][  T126] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  519.351132][T22642] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6176'.
[  519.360312][T22642] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  519.367726][T22642] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.382847][T22642] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  519.390530][T22642] batman_adv: batadv0: Removing interface: batadv_slave_1
[  519.397595][T22646] FAULT_INJECTION: forcing a failure.
[  519.397595][T22646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  519.410966][T22646] CPU: 0 UID: 0 PID: 22646 Comm: syz.1.6177 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  519.411008][T22646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  519.411144][T22646] Call Trace:
[  519.411154][T22646]  <TASK>
[  519.411165][T22646]  __dump_stack+0x1d/0x30
[  519.411194][T22646]  dump_stack_lvl+0xe8/0x140
[  519.411225][T22646]  dump_stack+0x15/0x1b
[  519.411249][T22646]  should_fail_ex+0x265/0x280
[  519.411278][T22646]  should_fail+0xb/0x20
[  519.411302][T22646]  should_fail_usercopy+0x1a/0x20
[  519.411334][T22646]  _copy_from_user+0x1c/0xb0
[  519.411400][T22646]  __sys_bpf+0x178/0x7b0
[  519.411447][T22646]  __x64_sys_bpf+0x41/0x50
[  519.411474][T22646]  x64_sys_call+0x2aea/0x2ff0
[  519.411504][T22646]  do_syscall_64+0xd2/0x200
[  519.411624][T22646]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  519.411659][T22646]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  519.411693][T22646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.411723][T22646] RIP: 0033:0x7fa7b881ebe9
[  519.411791][T22646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  519.411816][T22646] RSP: 002b:00007fa7b7287038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  519.411843][T22646] RAX: ffffffffffffffda RBX: 00007fa7b8a45fa0 RCX: 00007fa7b881ebe9
[  519.411861][T22646] RDX: 0000000000000020 RSI: 0000200000000140 RDI: 0000000000000002
[  519.411890][T22646] RBP: 00007fa7b7287090 R08: 0000000000000000 R09: 0000000000000000
[  519.411908][T22646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  519.411926][T22646] R13: 00007fa7b8a46038 R14: 00007fa7b8a45fa0 R15: 00007ffe967a5298
[  519.411952][T22646]  </TASK>
[  519.610039][T22521] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  519.630895][T22654] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  519.639224][ T9509] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  519.659602][ T9509] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  519.669543][T22651] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.721460][T22666] loop4: detected capacity change from 0 to 512
[  519.745377][T22521] 8021q: adding VLAN 0 to HW filter on device bond0
[  519.760945][T22521] 8021q: adding VLAN 0 to HW filter on device team0
[  519.771607][T22651] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.806520][T22521] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  519.817105][T22521] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  519.838504][ T9505] bridge0: port 1(bridge_slave_0) entered blocking state
[  519.845622][ T9505] bridge0: port 1(bridge_slave_0) entered forwarding state
[  519.857048][ T9505] bridge0: port 2(bridge_slave_1) entered blocking state
[  519.864266][ T9505] bridge0: port 2(bridge_slave_1) entered forwarding state
[  519.944279][T22651] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.988886][T22666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  520.020805][T22666] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  520.065088][T22651] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.100456][T22666] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  520.216994][T22521] 8021q: adding VLAN 0 to HW filter on device batadv0
[  520.226309][T20667] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  520.346886][T22681] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.436149][T22681] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.495226][   T29] kauditd_printk_skb: 152 callbacks suppressed
[  520.495244][   T29] audit: type=1400 audit(1754790497.016:58575): avc:  denied  { write } for  pid=22683 comm="syz.0.6186" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  520.553465][T22681] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.599507][T22681] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.609773][T22692] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6188'.
[  520.638772][T22521] veth0_vlan: entered promiscuous mode
[  520.649950][T22521] veth1_vlan: entered promiscuous mode
[  520.676102][T22697] netlink: 'syz.1.6189': attribute type 3 has an invalid length.
[  520.676515][T22521] veth0_macvtap: entered promiscuous mode
[  520.698034][T22521] veth1_macvtap: entered promiscuous mode
[  520.712409][T22521] batman_adv: batadv0: Interface activated: batadv_slave_0
[  520.731972][T22521] batman_adv: batadv0: Interface activated: batadv_slave_1
[  520.753637][ T9486] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  520.769970][ T9486] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  520.782955][T22704] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.798308][ T9486] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  520.807315][ T9486] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  520.836732][T22704] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.866029][   T29] audit: type=1326 audit(1754790497.386:58576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  520.890917][   T29] audit: type=1326 audit(1754790497.396:58577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  520.916867][   T29] audit: type=1326 audit(1754790497.436:58578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  520.940740][   T29] audit: type=1326 audit(1754790497.436:58579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  520.965049][   T29] audit: type=1326 audit(1754790497.436:58580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  520.988748][   T29] audit: type=1326 audit(1754790497.436:58581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  521.012457][   T29] audit: type=1326 audit(1754790497.436:58582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  521.036226][   T29] audit: type=1326 audit(1754790497.436:58583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.3.6132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd4b94bebe9 code=0x7ffc0000
[  521.060043][   T29] audit: type=1326 audit(1754790497.476:58584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22712 comm="syz.0.6192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0397ebe9 code=0x7ffc0000
[  521.085949][T22704] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.139552][T22704] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.144970][T22718] FAULT_INJECTION: forcing a failure.
[  521.144970][T22718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  521.162475][T22718] CPU: 0 UID: 0 PID: 22718 Comm: syz.0.6194 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  521.162557][T22718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  521.162574][T22718] Call Trace:
[  521.162582][T22718]  <TASK>
[  521.162592][T22718]  __dump_stack+0x1d/0x30
[  521.162621][T22718]  dump_stack_lvl+0xe8/0x140
[  521.162654][T22718]  dump_stack+0x15/0x1b
[  521.162699][T22718]  should_fail_ex+0x265/0x280
[  521.162783][T22718]  should_fail+0xb/0x20
[  521.162806][T22718]  should_fail_usercopy+0x1a/0x20
[  521.162834][T22718]  _copy_from_user+0x1c/0xb0
[  521.162925][T22718]  ___sys_sendmsg+0xc1/0x1d0
[  521.162971][T22718]  __x64_sys_sendmsg+0xd4/0x160
[  521.163004][T22718]  x64_sys_call+0x191e/0x2ff0
[  521.163040][T22718]  do_syscall_64+0xd2/0x200
[  521.163073][T22718]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  521.163098][T22718]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  521.163122][T22718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.163201][T22718] RIP: 0033:0x7fba0397ebe9
[  521.163220][T22718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.163244][T22718] RSP: 002b:00007fba023e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  521.163269][T22718] RAX: ffffffffffffffda RBX: 00007fba03ba5fa0 RCX: 00007fba0397ebe9
[  521.163338][T22718] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  521.163356][T22718] RBP: 00007fba023e7090 R08: 0000000000000000 R09: 0000000000000000
[  521.163373][T22718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.163389][T22718] R13: 00007fba03ba6038 R14: 00007fba03ba5fa0 R15: 00007ffcd3ae3568
[  521.163412][T22718]  </TASK>
[  521.165457][ T3398] IPVS: starting estimator thread 0...
[  521.172730][T22711] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  521.268444][T22720] IPVS: using max 2016 ests per chain, 100800 per kthread
[  521.369702][ T9487] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  521.395919][ T9487] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  521.406259][ T9487] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  521.415732][ T9487] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  521.549066][T22732] netlink: 'syz.1.6199': attribute type 3 has an invalid length.
[  521.636449][T22738] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6200'.
[  521.716376][T22735] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  521.723884][T22735] batman_adv: batadv0: Removing interface: batadv_slave_0
[  521.749321][T22735] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  521.756745][T22735] batman_adv: batadv0: Removing interface: batadv_slave_1
[  521.837516][T22749] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  521.867055][T22750] netlink: 204 bytes leftover after parsing attributes in process `syz.1.6205'.
[  521.884057][T22752] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.940085][T22752] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.010718][T22752] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.034520][T22764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6211'.
[  522.069860][T22752] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.119071][T22766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6212'.
[  522.147519][T22768] netlink: 'syz.1.6213': attribute type 3 has an invalid length.
[  522.227100][T22774] loop1: detected capacity change from 0 to 4096
[  522.234216][T22774] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  522.266393][T22776] netlink: 76 bytes leftover after parsing attributes in process `syz.1.6217'.
[  522.364346][T22788] loop1: detected capacity change from 0 to 1024
[  522.375287][T22788] EXT4-fs: Ignoring removed orlov option
[  522.384230][T22788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  522.528897][T22788] ==================================================================
[  522.537118][T22788] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / writeback_single_inode
[  522.546538][T22788] 
[  522.548883][T22788] write to 0xffff8881073801a0 of 4 bytes by task 22791 on cpu 0:
[  522.556664][T22788]  writeback_single_inode+0x14a/0x3e0
[  522.562090][T22788]  sync_inode_metadata+0x5b/0x90
[  522.567073][T22788]  generic_buffers_fsync_noflush+0xd9/0x120
[  522.573000][T22788]  ext4_sync_file+0x1ab/0x690
[  522.577739][T22788]  vfs_fsync_range+0x10d/0x130
[  522.582540][T22788]  ext4_buffered_write_iter+0x34f/0x3c0
[  522.588134][T22788]  ext4_file_write_iter+0x383/0xf00
[  522.593589][T22788]  iter_file_splice_write+0x666/0x9e0
[  522.599049][T22788]  direct_splice_actor+0x153/0x2a0
[  522.604164][T22788]  splice_direct_to_actor+0x30f/0x680
[  522.609563][T22788]  do_splice_direct+0xda/0x150
[  522.614346][T22788]  do_sendfile+0x380/0x650
[  522.618779][T22788]  __x64_sys_sendfile64+0x105/0x150
[  522.624014][T22788]  x64_sys_call+0x2bb0/0x2ff0
[  522.628731][T22788]  do_syscall_64+0xd2/0x200
[  522.633261][T22788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.639166][T22788] 
[  522.641489][T22788] read to 0xffff8881073801a0 of 4 bytes by task 22788 on cpu 1:
[  522.649116][T22788]  generic_buffers_fsync_noflush+0x80/0x120
[  522.655015][T22788]  ext4_sync_file+0x1ab/0x690
[  522.659707][T22788]  vfs_fsync_range+0x10d/0x130
[  522.664482][T22788]  ext4_buffered_write_iter+0x34f/0x3c0
[  522.670053][T22788]  ext4_file_write_iter+0x383/0xf00
[  522.675306][T22788]  iter_file_splice_write+0x666/0x9e0
[  522.680782][T22788]  direct_splice_actor+0x153/0x2a0
[  522.685995][T22788]  splice_direct_to_actor+0x30f/0x680
[  522.691387][T22788]  do_splice_direct+0xda/0x150
[  522.696258][T22788]  do_sendfile+0x380/0x650
[  522.700704][T22788]  __x64_sys_sendfile64+0x105/0x150
[  522.705926][T22788]  x64_sys_call+0x2bb0/0x2ff0
[  522.710628][T22788]  do_syscall_64+0xd2/0x200
[  522.715164][T22788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.721100][T22788] 
[  522.723431][T22788] value changed: 0x00000038 -> 0x00000002
[  522.729154][T22788] 
[  522.731574][T22788] Reported by Kernel Concurrency Sanitizer on:
[  522.737735][T22788] CPU: 1 UID: 0 PID: 22788 Comm: syz.1.6219 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  522.749900][T22788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  522.759975][T22788] ==================================================================
[  522.860845][T13597] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  523.294745][ T9486] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  523.306058][ T9487] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  523.316952][ T9487] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  523.328076][ T9502] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  523.794717][ T9486] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  523.805656][ T9526] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  523.818765][ T9526] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  523.833444][ T9526] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  523.842311][ T9526] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  523.853768][ T9526] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  523.865742][ T9530] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  523.877971][ T9530] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0