last executing test programs:

2.676102855s ago: executing program 4 (id=516):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

2.596046408s ago: executing program 4 (id=519):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/80, 0x50}], 0x1}, 0x5}], 0x40000, 0x0, 0x0)
shutdown(r1, 0x0)

1.306411904s ago: executing program 4 (id=563):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\'5\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\xafON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000480))
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000000)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x10, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7623c435aff90493ddd7aae07ef35f0700000000000000ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d746900f91ef6b84819e7df4af14e1df82d", [0xc, 0x1000000000009]})

1.119672792s ago: executing program 1 (id=572):
r0 = socket$kcm(0x21, 0x2, 0x2)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r2, 0x0, 0x9}, 0x18)
dup2(r0, r1)

1.106802352s ago: executing program 1 (id=574):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==")
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x107b42, 0x32)
ftruncate(r0, 0x6000000)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, 0x0)

951.080629ms ago: executing program 4 (id=579):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00000095"], 0x0, 0x200, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x46)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r1}, 0x10)
creat(&(0x7f0000002040)='./file1\x00', 0x10)

889.567572ms ago: executing program 1 (id=583):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0xbfffff1f, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268)

838.614454ms ago: executing program 1 (id=585):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b9090000000b01000000e8fe55a1180015000600140000000012080004003e000000a80016000a00001c06000200036010fab94dcf5c0461c1a6ced67f6f94007134cf6ee08000a0e408e8d8ef52878516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d95322fe7c9ffeffffff16a4683f1aeb4edbb57a5025ccca9e02360db70100000040fad95667e006dcffff951f215ce3bb9ad809d5e1cace81c639df2d04c343eb7a9db9596bb727ed0bffece0b42a9ecbee5de6ccd4", 0xd8}], 0x1}, 0x20004880)

761.884187ms ago: executing program 1 (id=587):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x82e, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10)
io_setup(0x3, &(0x7f0000000340))

719.229099ms ago: executing program 1 (id=591):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

401.551333ms ago: executing program 2 (id=602):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000001f)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000001880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000200000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
fcntl$notify(r1, 0x402, 0x8000003d)
close_range(r0, r1, 0x0)

337.975355ms ago: executing program 3 (id=603):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000740)='kfree\x00', r2, 0x0, 0x40008003}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50)
sendmsg$nl_generic(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000002000090002000000ffdbdf250200000008000800", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

281.924288ms ago: executing program 2 (id=604):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001ec0)="1400000017001963d2", 0x9}], 0x1}, 0x20000000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='rxrpc_call\x00', r0}, 0x18)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000440)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

266.074338ms ago: executing program 3 (id=605):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x8f5, 0x100000000000008)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x121202, 0x0)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x15008, 0x0, 0xb86d}, 0x0, 0x0, 0xffffffffffffffff, 0x4)

228.66767ms ago: executing program 2 (id=606):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
r2 = memfd_secret(0x80000)
fchownat(r2, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)

228.0469ms ago: executing program 2 (id=607):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond0\x00', <r4=>0x0})
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x15c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in=@multicast1, @in6=@mcast2, 0x4, 0x0, 0x4e21, 0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0xee00}, {@in6=@private1, 0x4d6, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x0, 0x1}, {}, 0x70bd2c, 0x3500, 0x2, 0x0, 0x0, 0x50}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}, @offload={0xc, 0x1c, {r4, 0x3}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

225.93739ms ago: executing program 0 (id=608):
socket$nl_netfilter(0x10, 0x3, 0xc)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x6, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)

210.207241ms ago: executing program 2 (id=609):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x7, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r3=>0x0})
sendmsg$can_bcm(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)={0x1, 0x7ab0715dca68fed7, 0x0, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x20000600}}, 0x0)

208.174261ms ago: executing program 0 (id=610):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000003, 0x13, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r1, 0x0)

191.689252ms ago: executing program 0 (id=611):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, <r3=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r3}]}]}, 0x28}}, 0x0)

189.148122ms ago: executing program 3 (id=612):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000100)='stack\x00')
pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4)

173.835302ms ago: executing program 0 (id=613):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r1}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x3}, 0x1005, 0x2, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x789, &(0x7f0000000fc0)="$eJzs3c1rXFUbAPDnTpKmTfu+iSBo3RgQNFA6MTW2CgoVFyJYKOjadphMQ80kUzKT0oSALSK4EVRcCLrpyoUfdefWj63+Fy7EUjUtVlxI5E5m0kkzk07SZCaa3w9u5px77+ScZ879ODPncm8Ae9Zw+icTcTgi3ksiBmvzk4joq6Z6I06urHd7aTGfTkksL7/6W1Jd59bSYj4a3pM6WMs8HBHfvR1xJLO+3PL8wlSuWCzM1vKjlekLo+X5haPnp3OThcnCzPGx8fFjJ54+cXz7Yv3jx4VD199/6YkvT/711kPX3v0+iZNxqLasMY4te35tdjiGa59JX/oRrvHifRe2uyTdrgBbku6aPSt7eRyOweippgCA/7I3I2IZANhjEud/ANhj6r8D3FpazNen7v4i0Vk3XoiI/Svx18c3V5b01sbs9lfHQQduJWtGRpKIGNqG8ocj4pOvX/88nWK7xiEB2nD5SkScHRpef/xP1l2zsFlPbrBsX+11+K75aflGoKEzvkn7P8806/9lVvs/0aT/099k392KZvt/EnF5dcaBbShkAzc+jXiu4dq22w3x1wz11HL/q/b5+pJz54uF9Nj2/4gYib7+ND+2QRkjN/++2WpZY//v9w/e+CwtP329s0bml97+te+ZyFVy9xNzoxtXIh7pbRZ/str+SYv+7+k2y3j52Xc+brUsjT+Ntz6ti7/a/jt3Rli+GvF40/a/c0VbsuH1iaPVzWG0vlE08dVPHw20Kr+x/dMpLb/+XaAT0vYf2Dj+oaTxes3y5sv44ergt62W3Tv+5tv/vuS1arrej7iUq1RmxyL2Ja+sn3/sznsv5R6tpVbWT+Mfeaz5/r/R9p9+JzzbZvy913/9Yuvx76w0/olNtf/mE9duT/W0Kr+99h+vpkZqc9o5/rVbwfv57AAAAAAAAAAAAAAAAAAAAAAAAACgXZmIOBRJJruazmSy2ZVneD8YA5liqVw5cq40NzMR1WdlD0Vfpn6ry8GG+6GO1e6HX88fuyv/VEQ8EBEf9h9I6vdRnOhy7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQd7DF8/9TP/d3u3YAwI7Z3+0KAAAd5/wPAHuP8z8A7D3tnf97drweAEDn+P4PAHuP8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA77PSpU+m0/OfSYj7NT1ycn5sqXTw6UShPZafn8tl8afZCdrJUmiwWsvnS9L3+X7FUujAeM3OXRiuFcmW0PL9wZro0N1M5c346N1k4U+jrSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDnl+YWpXLFYmJXYQmJ5d1Sj+4me2ua0W+rT0USyO6qxzYkuH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA//8vWSHt")

152.686763ms ago: executing program 3 (id=614):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xd31, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000007000010010ab4be68e8da23507000000", @ANYRES32=r2, @ANYBLOB="10000180040004"], 0x28}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

139.815614ms ago: executing program 3 (id=624):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

139.385124ms ago: executing program 2 (id=615):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@resgid}, {@barrier}, {@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
fadvise64(r0, 0x7f, 0x0, 0x4)

101.168856ms ago: executing program 0 (id=616):
r0 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x2)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x48)
getdents(r2, &(0x7f0000000180)=""/49, 0x2d)
getdents(r2, 0xfffffffffffffffd, 0x58)

55.156468ms ago: executing program 4 (id=617):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0}, &(0x7f00000000c0), &(0x7f0000000100)='%-5lx  \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f00000005c0), r2)
sendmsg$FOU_CMD_ADD(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @private=0xa010102}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x8840)

47.538458ms ago: executing program 0 (id=618):
r0 = socket(0x10, 0x3, 0x9)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000"], 0x28}}, 0x0)

622.73µs ago: executing program 4 (id=619):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080), &(0x7f0000000180)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

0s ago: executing program 3 (id=620):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000180)={0x7a2a, 0x9, 0x5a}, 0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000640)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2804c044}, 0x0)
shutdown(r2, 0x1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.202' (ED25519) to the list of known hosts.
[   21.643769][   T29] audit: type=1400 audit(1764464218.808:62): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.666686][   T29] audit: type=1400 audit(1764464218.828:63): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.667405][ T3301] cgroup: Unknown subsys name 'net'
[   21.694272][   T29] audit: type=1400 audit(1764464218.858:64): avc:  denied  { unmount } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.810035][ T3301] cgroup: Unknown subsys name 'cpuset'
[   21.816095][ T3301] cgroup: Unknown subsys name 'rlimit'
[   21.924877][   T29] audit: type=1400 audit(1764464219.088:65): avc:  denied  { setattr } for  pid=3301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.948268][   T29] audit: type=1400 audit(1764464219.088:66): avc:  denied  { create } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   21.961752][ T3306] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.968751][   T29] audit: type=1400 audit(1764464219.088:67): avc:  denied  { write } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   21.968770][   T29] audit: type=1400 audit(1764464219.088:68): avc:  denied  { read } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   21.968807][   T29] audit: type=1400 audit(1764464219.098:69): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.991194][ T3301] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.997671][   T29] audit: type=1400 audit(1764464219.098:70): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.074576][   T29] audit: type=1400 audit(1764464219.148:71): avc:  denied  { relabelto } for  pid=3306 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.136411][ T3321] chnl_net:caif_netlink_parms(): no params data found
[   23.169759][ T3314] chnl_net:caif_netlink_parms(): no params data found
[   23.180046][ T3312] chnl_net:caif_netlink_parms(): no params data found
[   23.188601][ T3318] chnl_net:caif_netlink_parms(): no params data found
[   23.221250][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.228294][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.235439][ T3321] bridge_slave_0: entered allmulticast mode
[   23.241703][ T3321] bridge_slave_0: entered promiscuous mode
[   23.267639][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.274700][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.281812][ T3321] bridge_slave_1: entered allmulticast mode
[   23.288171][ T3321] bridge_slave_1: entered promiscuous mode
[   23.316695][ T3322] chnl_net:caif_netlink_parms(): no params data found
[   23.349448][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   23.371188][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.378241][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.385531][ T3314] bridge_slave_0: entered allmulticast mode
[   23.391971][ T3314] bridge_slave_0: entered promiscuous mode
[   23.399042][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   23.420522][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.427565][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.434789][ T3314] bridge_slave_1: entered allmulticast mode
[   23.441041][ T3314] bridge_slave_1: entered promiscuous mode
[   23.452809][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.459882][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.467005][ T3312] bridge_slave_0: entered allmulticast mode
[   23.473425][ T3312] bridge_slave_0: entered promiscuous mode
[   23.479917][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.487005][ T3318] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.494168][ T3318] bridge_slave_0: entered allmulticast mode
[   23.500367][ T3318] bridge_slave_0: entered promiscuous mode
[   23.517898][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.524954][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.532353][ T3312] bridge_slave_1: entered allmulticast mode
[   23.538700][ T3312] bridge_slave_1: entered promiscuous mode
[   23.549348][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.556447][ T3318] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.563610][ T3318] bridge_slave_1: entered allmulticast mode
[   23.570026][ T3318] bridge_slave_1: entered promiscuous mode
[   23.581275][ T3321] team0: Port device team_slave_0 added
[   23.598987][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   23.613229][ T3321] team0: Port device team_slave_1 added
[   23.619874][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   23.633907][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   23.644025][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   23.657627][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   23.676238][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   23.694859][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0
[   23.701812][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   23.727741][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   23.738435][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.745560][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.752807][ T3322] bridge_slave_0: entered allmulticast mode
[   23.759053][ T3322] bridge_slave_0: entered promiscuous mode
[   23.779008][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1
[   23.785970][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   23.811852][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   23.822554][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.829615][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.836723][ T3322] bridge_slave_1: entered allmulticast mode
[   23.843284][ T3322] bridge_slave_1: entered promiscuous mode
[   23.858667][ T3314] team0: Port device team_slave_0 added
[   23.864834][ T3312] team0: Port device team_slave_0 added
[   23.871275][ T3318] team0: Port device team_slave_0 added
[   23.879548][ T3318] team0: Port device team_slave_1 added
[   23.890299][ T3314] team0: Port device team_slave_1 added
[   23.896446][ T3312] team0: Port device team_slave_1 added
[   23.913111][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   23.935802][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0
[   23.942745][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   23.968682][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   23.980309][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   23.989714][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0
[   23.996638][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.022539][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.042177][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.049154][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.075103][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.094730][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.101697][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.127619][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.138564][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.145515][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.171414][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.189600][ T3322] team0: Port device team_slave_0 added
[   24.202409][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.209380][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.235262][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.247942][ T3321] hsr_slave_0: entered promiscuous mode
[   24.253946][ T3321] hsr_slave_1: entered promiscuous mode
[   24.265996][ T3322] team0: Port device team_slave_1 added
[   24.303403][ T3312] hsr_slave_0: entered promiscuous mode
[   24.309293][ T3312] hsr_slave_1: entered promiscuous mode
[   24.315145][ T3312] debugfs: 'hsr0' already exists in 'hsr'
[   24.320913][ T3312] Cannot create hsr debugfs directory
[   24.331604][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.338538][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.364453][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.376944][ T3318] hsr_slave_0: entered promiscuous mode
[   24.383130][ T3318] hsr_slave_1: entered promiscuous mode
[   24.389062][ T3318] debugfs: 'hsr0' already exists in 'hsr'
[   24.394775][ T3318] Cannot create hsr debugfs directory
[   24.409600][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.416528][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   24.442477][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.467351][ T3314] hsr_slave_0: entered promiscuous mode
[   24.473290][ T3314] hsr_slave_1: entered promiscuous mode
[   24.479077][ T3314] debugfs: 'hsr0' already exists in 'hsr'
[   24.484805][ T3314] Cannot create hsr debugfs directory
[   24.539810][ T3322] hsr_slave_0: entered promiscuous mode
[   24.545808][ T3322] hsr_slave_1: entered promiscuous mode
[   24.551744][ T3322] debugfs: 'hsr0' already exists in 'hsr'
[   24.557465][ T3322] Cannot create hsr debugfs directory
[   24.688677][ T3321] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   24.697544][ T3321] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   24.708696][ T3321] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   24.717304][ T3321] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   24.737173][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   24.749842][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   24.761373][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   24.772991][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   24.794325][ T3314] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   24.806814][ T3314] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   24.815996][ T3314] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   24.829344][ T3314] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   24.850640][ T3322] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   24.862814][ T3322] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   24.871936][ T3322] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   24.888376][ T3322] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   24.912310][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   24.921017][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   24.936093][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   24.945497][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[   24.957069][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   24.976691][ T3321] 8021q: adding VLAN 0 to HW filter on device team0
[   24.996753][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.003812][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.018360][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.025417][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.040183][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.057174][ T3318] 8021q: adding VLAN 0 to HW filter on device team0
[   25.081009][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.090696][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.097709][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.115334][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.122365][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.150733][ T3314] 8021q: adding VLAN 0 to HW filter on device team0
[   25.163472][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.174857][ T1699] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.181906][ T1699] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.200413][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.210402][ T1699] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.217450][ T1699] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.242466][ T3322] 8021q: adding VLAN 0 to HW filter on device team0
[   25.260240][ T3312] 8021q: adding VLAN 0 to HW filter on device team0
[   25.269181][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0
[   25.287005][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.294052][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.303634][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.310713][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.319111][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.326137][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.344763][ T2597] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.351864][ T2597] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.423218][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   25.432677][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0
[   25.478896][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0
[   25.536462][ T3321] veth0_vlan: entered promiscuous mode
[   25.570640][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0
[   25.578323][ T3314] veth0_vlan: entered promiscuous mode
[   25.585430][ T3321] veth1_vlan: entered promiscuous mode
[   25.605481][ T3314] veth1_vlan: entered promiscuous mode
[   25.614333][ T3322] veth0_vlan: entered promiscuous mode
[   25.625121][ T3322] veth1_vlan: entered promiscuous mode
[   25.644938][ T3322] veth0_macvtap: entered promiscuous mode
[   25.652117][ T3321] veth0_macvtap: entered promiscuous mode
[   25.670546][ T3322] veth1_macvtap: entered promiscuous mode
[   25.684298][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0
[   25.692238][ T3314] veth0_macvtap: entered promiscuous mode
[   25.699363][ T3314] veth1_macvtap: entered promiscuous mode
[   25.706065][ T3321] veth1_macvtap: entered promiscuous mode
[   25.712366][ T3318] veth0_vlan: entered promiscuous mode
[   25.726788][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1
[   25.743969][ T3318] veth1_vlan: entered promiscuous mode
[   25.751732][   T42] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   25.761406][ T3312] veth0_vlan: entered promiscuous mode
[   25.771315][   T42] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   25.780955][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0
[   25.791405][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0
[   25.804819][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1
[   25.812151][   T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   25.822339][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1
[   25.829743][   T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   25.844322][   T42] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   25.844824][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   25.870346][ T3312] veth1_vlan: entered promiscuous mode
[   25.880615][   T57] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   25.895830][ T3318] veth0_macvtap: entered promiscuous mode
[   25.908952][   T57] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   25.924427][   T57] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   25.934573][ T3481] Driver unsupported XDP return value 0 on prog  (id 2) dev N/A, expect packet loss!
[   25.937621][ T3318] veth1_macvtap: entered promiscuous mode
[   25.954322][   T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   25.963153][   T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   25.975329][ T3312] veth0_macvtap: entered promiscuous mode
[   25.983153][   T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   25.996030][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.006619][ T3312] veth1_macvtap: entered promiscuous mode
[   26.028468][   T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.044701][ T3487] atomic_op ffff88811a0c8928 conn xmit_atomic 0000000000000000
[   26.054851][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.078452][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.089304][   T42] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.124910][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.132908][   T42] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.159920][   T42] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.184977][ T3501] capability: warning: `syz.4.11' uses 32-bit capabilities (legacy support in use)
[   26.196742][   T42] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.221705][ T3497] ip6t_rpfilter: unknown options
[   26.229957][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.246324][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.290961][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.316999][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.415606][ T3533] bridge1: entered promiscuous mode
[   26.450970][    C0] hrtimer: interrupt took 28007 ns
[   26.450999][ T3535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24'.
[   26.465172][ T3535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24'.
[   26.530201][ T3545] netlink: 'syz.1.30': attribute type 3 has an invalid length.
[   26.537777][ T3545] netlink: 'syz.1.30': attribute type 1 has an invalid length.
[   26.545495][ T3545] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.30'.
[   26.613319][ T3549] netlink: 'syz.2.33': attribute type 6 has an invalid length.
[   26.620989][ T3549] netlink: 32 bytes leftover after parsing attributes in process `syz.2.33'.
[   26.636491][ T3549] Zero length message leads to an empty skb
[   26.658578][   T29] kauditd_printk_skb: 65 callbacks suppressed
[   26.658625][   T29] audit: type=1400 audit(1764464223.818:137): avc:  denied  { create } for  pid=3563 comm="syz.2.39" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   26.685314][   T29] audit: type=1400 audit(1764464223.838:138): avc:  denied  { tracepoint } for  pid=3565 comm="syz.3.41" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   26.704843][   T29] audit: type=1400 audit(1764464223.838:139): avc:  denied  { create } for  pid=3566 comm="syz.0.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   26.724046][   T29] audit: type=1400 audit(1764464223.858:140): avc:  denied  { write } for  pid=3566 comm="syz.0.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   26.737402][ T3569] loop3: detected capacity change from 0 to 2048
[   26.743220][   T29] audit: type=1400 audit(1764464223.858:141): avc:  denied  { mounton } for  pid=3561 comm="syz.1.38" path="/7/bus" dev="tmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   26.771844][   T29] audit: type=1400 audit(1764464223.858:142): avc:  denied  { unmount } for  pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   26.792782][   T29] audit: type=1400 audit(1764464223.968:143): avc:  denied  { connect } for  pid=3563 comm="syz.2.39" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   26.829014][ T3569] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   26.859476][   T29] audit: type=1400 audit(1764464223.968:144): avc:  denied  { ioctl } for  pid=3563 comm="syz.2.39" path="socket:[5240]" dev="sockfs" ino=5240 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   26.884046][   T29] audit: type=1400 audit(1764464224.008:145): avc:  denied  { block_suspend } for  pid=3575 comm="syz.0.43" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   26.926763][   T29] audit: type=1400 audit(1764464224.028:146): avc:  denied  { mount } for  pid=3565 comm="syz.3.41" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   26.990187][ T3322] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[   26.996300][ T3594] xt_hashlimit: max too large, truncated to 1048576
[   27.013133][ T3322] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   27.040243][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.108617][ T3611] mmap: syz.3.61 (3611) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   27.193540][ T3621] syz.4.65 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   27.292517][ T3633] pimreg: entered allmulticast mode
[   27.302266][ T3633] pimreg: left allmulticast mode
[   27.367269][ T3641] IPv6: Can't replace route, no match found
[   27.426695][ T3651] netlink: 'syz.4.76': attribute type 3 has an invalid length.
[   27.517108][ T3665] loop4: detected capacity change from 0 to 4096
[   27.555058][ T3665] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   27.595474][ T3676] loop3: detected capacity change from 0 to 512
[   27.602401][ T3676] =======================================================
[   27.602401][ T3676] WARNING: The mand mount option has been deprecated and
[   27.602401][ T3676]          and is ignored by this kernel. Remove the mand
[   27.602401][ T3676]          option from the mount to silence this warning.
[   27.602401][ T3676] =======================================================
[   27.639237][ T3676] EXT4-fs: Ignoring removed orlov option
[   27.644931][ T3676] EXT4-fs: Ignoring removed i_version option
[   27.650993][ T3676] EXT4-fs: Ignoring removed nomblk_io_submit option
[   27.666638][ T3676] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   27.674590][ T3676] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e118, mo2=0002]
[   27.683461][ T3676] EXT4-fs (loop3): orphan cleanup on readonly fs
[   27.690998][ T3676] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   27.705621][ T3676] EXT4-fs (loop3): Cannot turn on quotas: error -22
[   27.718704][ T3676] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.86: bg 0: block 40: padding at end of block bitmap is not set
[   27.733190][ T3676] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   27.742801][ T3676] EXT4-fs (loop3): 1 truncate cleaned up
[   27.749107][ T3676] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   27.774768][ T3676] EXT4-fs (loop3): shut down requested (1)
[   27.786399][ T3676] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=16
[   27.795716][ T3676] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=16
[   27.815376][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.846148][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.899281][ T3694] loop2: detected capacity change from 0 to 256
[   27.994211][ T3710] IPv6: NLM_F_CREATE should be specified when creating new route
[   28.150420][ T3728] bridge0: port 3(vlan2) entered blocking state
[   28.156827][ T3728] bridge0: port 3(vlan2) entered disabled state
[   28.193019][ T3728] vlan2: entered allmulticast mode
[   28.198154][ T3728] bridge0: entered allmulticast mode
[   28.216776][ T3732] xt_connbytes: Forcing CT accounting to be enabled
[   28.227815][ T3728] vlan2: left allmulticast mode
[   28.232816][ T3728] bridge0: left allmulticast mode
[   28.245966][ T3732] Cannot find set identified by id 0 to match
[   28.253180][ T3736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'.
[   28.273527][ T3736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'.
[   28.287052][ T3736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'.
[   28.296332][ T3736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'.
[   28.310255][ T3736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'.
[   28.416455][ T3748] loop1: detected capacity change from 0 to 8192
[   28.755165][ T3776] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3776 comm=syz.4.131
[   29.045336][ T3804] netlink: 660 bytes leftover after parsing attributes in process `syz.4.144'.
[   29.442686][ T3853] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   29.489194][ T3856] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3856 comm=syz.4.169
[   29.501653][ T3856] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3856 comm=syz.4.169
[   29.549078][ T3863] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) !
[   29.576176][ T3873] loop4: detected capacity change from 0 to 128
[   29.585597][ T3873] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   29.627248][ T3873] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   29.663731][ T3882] IPVS: Error connecting to the multicast addr
[   29.699908][   T57] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   29.777625][ T3884] ------------[ cut here ]------------
[   29.783258][ T3884] verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0xfffffffcffffd830, 0xfffffffd00000000] s64=[0xfffffffcffffd830, 0xfffffffd00000000] u32=[0x30, 0x6000050] s32=[0x30, 0x0] var_off=(0xfffffffc00000030, 0x107ffffc0)
[   29.807157][ T3884] WARNING: CPU: 0 PID: 3884 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x673/0x680
[   29.817555][ T3884] Modules linked in:
[   29.821528][ T3884] CPU: 0 UID: 0 PID: 3884 Comm: syz.1.183 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   29.831179][ T3884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   29.841330][ T3884] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[   29.847574][ T3884] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 f2 f6 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[   29.867375][ T3884] RSP: 0018:ffffc90010eef408 EFLAGS: 00010282
[   29.873486][ T3884] RAX: 1b3a3ce1c3bc9800 RBX: ffff88811a619990 RCX: 0000000000080000
[   29.881496][ T3884] RDX: ffffc9000235a000 RSI: 0000000000076f5d RDI: 0000000000076f5e
[   29.889548][ T3884] RBP: fffffffc00000030 R08: 0001c90010eef257 R09: 0000000000000000
[   29.897537][ T3884] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff88811a619950
[   29.905563][ T3884] R13: ffff888109ff8000 R14: ffff888109ff8000 R15: ffff88811a619988
[   29.913613][ T3884] FS:  00007f4071fa76c0(0000) GS:ffff8882aee10000(0000) knlGS:0000000000000000
[   29.922569][ T3884] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.929149][ T3884] CR2: 00007f64f2daef98 CR3: 000000011a198000 CR4: 00000000003506f0
[   29.937211][ T3884] Call Trace:
[   29.940574][ T3884]  <TASK>
[   29.943507][ T3884]  reg_set_min_max+0x215/0x260
[   29.948351][ T3884]  check_cond_jmp_op+0x1370/0x19e0
[   29.953498][ T3884]  do_check+0x3363/0x8460
[   29.957865][ T3884]  do_check_common+0xc5e/0x12b0
[   29.962746][ T3884]  bpf_check+0xaaae/0xd9d0
[   29.967179][ T3884]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   29.968411][ T3896] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[   29.973335][ T3884]  ? alloc_pages_bulk_noprof+0x4a6/0x530
[   29.973373][ T3884]  ? __vmap_pages_range_noflush+0xbc4/0xcf0
[   29.992349][ T3884]  ? _find_next_zero_bit+0x29/0xa0
[   29.997467][ T3884]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[   30.003611][ T3884]  ? css_rstat_updated+0xb7/0x240
[   30.008641][ T3884]  ? __rcu_read_unlock+0x4f/0x70
[   30.013621][ T3884]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[   30.019428][ T3884]  ? bpf_prog_alloc+0x5b/0x150
[   30.024424][ T3884]  ? pcpu_alloc_noprof+0xd29/0x1250
[   30.029673][ T3884]  ? should_fail_ex+0x30/0x280
[   30.034428][ T3884]  ? should_failslab+0x8c/0xb0
[   30.039193][ T3884]  ? __kmalloc_noprof+0x2a2/0x570
[   30.044248][ T3884]  ? security_bpf_prog_load+0x60/0x140
[   30.049734][ T3884]  ? selinux_bpf_prog_load+0xad/0xd0
[   30.055036][ T3884]  ? security_bpf_prog_load+0x9e/0x140
[   30.060596][ T3884]  bpf_prog_load+0xf6e/0x1100
[   30.065280][ T3884]  ? security_bpf+0x2b/0x90
[   30.069838][ T3884]  __sys_bpf+0x469/0x7c0
[   30.074105][ T3884]  __x64_sys_bpf+0x41/0x50
[   30.078579][ T3884]  x64_sys_call+0x2aee/0x3000
[   30.083274][ T3884]  do_syscall_64+0xd2/0x200
[   30.087852][ T3884]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   30.093944][ T3884]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   30.099744][ T3884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   30.105638][ T3884] RIP: 0033:0x7f407353f749
[   30.110097][ T3884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   30.129705][ T3884] RSP: 002b:00007f4071fa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   30.138149][ T3884] RAX: ffffffffffffffda RBX: 00007f4073795fa0 RCX: 00007f407353f749
[   30.146132][ T3884] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[   30.154094][ T3884] RBP: 00007f40735c3f91 R08: 0000000000000000 R09: 0000000000000000
[   30.162070][ T3884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.170033][ T3884] R13: 00007f4073796038 R14: 00007f4073795fa0 R15: 00007ffe423feaf8
[   30.178005][ T3884]  </TASK>
[   30.181221][ T3884] ---[ end trace 0000000000000000 ]---
[   30.352359][ T3915] capability: warning: `syz.2.195' uses deprecated v2 capabilities in a way that may be insecure
[   30.391909][ T3920] netlink: 'syz.3.197': attribute type 3 has an invalid length.
[   30.480889][ T3931] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   30.596560][ T3939] rdma_op ffff888119d29d80 conn xmit_rdma 0000000000000000
[   30.778230][ T3884] syz.1.183 (3884) used greatest stack depth: 10264 bytes left
[   30.876026][ T3965] loop4: detected capacity change from 0 to 1024
[   30.892165][ T3965] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   31.001302][ T3978] loop1: detected capacity change from 0 to 128
[   31.026441][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.036517][ T3978] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   31.060922][ T3978] ext4 filesystem being mounted at /28/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   31.204998][ T3318] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   31.252494][ T4001] loop0: detected capacity change from 0 to 1024
[   31.315803][ T4001] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   31.320526][ T4001] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   31.337173][ T1699] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 131587 with max blocks 1 with error 28
[   31.337196][ T1699] EXT4-fs (loop0): This should not happen!! Data will be lost
[   31.337196][ T1699] 
[   31.337213][ T1699] EXT4-fs (loop0): Total free blocks count 0
[   31.337225][ T1699] EXT4-fs (loop0): Free/Dirty block details
[   31.337236][ T1699] EXT4-fs (loop0): free_blocks=68451041280
[   31.337291][ T1699] EXT4-fs (loop0): dirty_blocks=16
[   31.337366][ T1699] EXT4-fs (loop0): Block reservation details
[   31.337422][ T1699] EXT4-fs (loop0): i_reserved_data_blocks=1
[   31.343762][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.616612][ T4041] loop1: detected capacity change from 0 to 128
[   31.632318][ T4041] syz.1.247: attempt to access beyond end of device
[   31.632318][ T4041] loop1: rw=2049, sector=138, nr_sectors = 8 limit=128
[   31.646127][ T4041] syz.1.247: attempt to access beyond end of device
[   31.646127][ T4041] loop1: rw=2049, sector=146, nr_sectors = 6 limit=128
[   31.660086][ T4041] syz.1.247: attempt to access beyond end of device
[   31.660086][ T4041] loop1: rw=2049, sector=150, nr_sectors = 2 limit=128
[   31.673488][ T4041] Buffer I/O error on dev loop1, logical block 75, lost async page write
[   31.700270][ T4041] syz.1.247: attempt to access beyond end of device
[   31.700270][ T4041] loop1: rw=2049, sector=152, nr_sectors = 2 limit=128
[   31.713613][ T4041] Buffer I/O error on dev loop1, logical block 76, lost async page write
[   31.725648][ T4049] __nla_validate_parse: 6 callbacks suppressed
[   31.725662][ T4049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'.
[   31.744292][ T4049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'.
[   31.753533][ T4049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'.
[   31.774573][ T4041] syz.1.247: attempt to access beyond end of device
[   31.774573][ T4041] loop1: rw=2049, sector=170, nr_sectors = 6 limit=128
[   31.798596][ T4049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'.
[   31.814280][ T4041] syz.1.247: attempt to access beyond end of device
[   31.814280][ T4041] loop1: rw=2049, sector=174, nr_sectors = 2 limit=128
[   31.827688][ T4041] Buffer I/O error on dev loop1, logical block 87, lost async page write
[   31.852589][ T4041] syz.1.247: attempt to access beyond end of device
[   31.852589][ T4041] loop1: rw=2049, sector=176, nr_sectors = 2 limit=128
[   31.865996][ T4041] Buffer I/O error on dev loop1, logical block 88, lost async page write
[   31.886978][ T4041] syz.1.247: attempt to access beyond end of device
[   31.886978][ T4041] loop1: rw=2049, sector=178, nr_sectors = 6 limit=128
[   31.921259][ T4056] netlink: 'syz.4.254': attribute type 10 has an invalid length.
[   31.929240][ T4056] netlink: 40 bytes leftover after parsing attributes in process `syz.4.254'.
[   31.935727][ T4041] syz.1.247: attempt to access beyond end of device
[   31.935727][ T4041] loop1: rw=2049, sector=182, nr_sectors = 2 limit=128
[   31.951698][ T4041] Buffer I/O error on dev loop1, logical block 91, lost async page write
[   31.960757][ T4041] syz.1.247: attempt to access beyond end of device
[   31.960757][ T4041] loop1: rw=2049, sector=184, nr_sectors = 2 limit=128
[   31.974092][ T4041] Buffer I/O error on dev loop1, logical block 92, lost async page write
[   31.983209][ T4041] Buffer I/O error on dev loop1, logical block 103, lost async page write
[   31.992335][ T4041] Buffer I/O error on dev loop1, logical block 104, lost async page write
[   32.002063][ T4041] Buffer I/O error on dev loop1, logical block 107, lost async page write
[   32.007963][ T4056] team0: Port device geneve1 added
[   32.026463][ T4041] Buffer I/O error on dev loop1, logical block 108, lost async page write
[   32.052134][ T4056] syz.4.254 (4056) used greatest stack depth: 10184 bytes left
[   32.067241][   T29] kauditd_printk_skb: 255 callbacks suppressed
[   32.067255][   T29] audit: type=1400 audit(1764464229.228:401): avc:  denied  { setattr } for  pid=4062 comm="syz.3.256" name="file0" dev="tmpfs" ino=277 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   32.128292][ T4065] netlink: 'syz.3.257': attribute type 3 has an invalid length.
[   32.156672][ T4070] loop0: detected capacity change from 0 to 1024
[   32.170768][   T29] audit: type=1400 audit(1764464229.338:402): avc:  denied  { read } for  pid=4071 comm="syz.4.270" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   32.193951][   T29] audit: type=1400 audit(1764464229.338:403): avc:  denied  { open } for  pid=4071 comm="syz.4.270" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   32.219468][ T4070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.257089][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.276819][   T29] audit: type=1326 audit(1764464229.438:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4083 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f434f749 code=0x7ffc0000
[   32.285521][ T4086] syz.1.266 uses obsolete (PF_INET,SOCK_PACKET)
[   32.330979][   T29] audit: type=1326 audit(1764464229.468:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4083 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f64f434f749 code=0x7ffc0000
[   32.354324][   T29] audit: type=1326 audit(1764464229.468:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4083 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f434f749 code=0x7ffc0000
[   32.369031][ T4090] loop0: detected capacity change from 0 to 4096
[   32.377990][   T29] audit: type=1326 audit(1764464229.468:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4083 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f434f749 code=0x7ffc0000
[   32.384578][ T4088] loop3: detected capacity change from 0 to 1024
[   32.417066][ T4090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.417051][ T4088] EXT4-fs: Ignoring removed bh option
[   32.450660][ T4088] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.471129][ T4088] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4193: comm syz.3.267: Allocating blocks 385-513 which overlap fs metadata
[   32.486638][ T4088] EXT4-fs (loop3): pa ffff888100566070: logic 16, phys. 129, len 24
[   32.494663][ T4088] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8
[   32.507203][   T29] audit: type=1400 audit(1764464229.648:408): avc:  denied  { map } for  pid=4087 comm="syz.3.267" path="/53/file1/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   32.530018][   T29] audit: type=1400 audit(1764464229.648:409): avc:  denied  { append } for  pid=4087 comm="syz.3.267" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   32.615753][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.662364][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.677508][   T29] audit: type=1326 audit(1764464229.848:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4104 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde869af749 code=0x7ffc0000
[   32.716079][ T4111] loop3: detected capacity change from 0 to 128
[   32.870350][ T4114] loop3: detected capacity change from 0 to 1024
[   32.881466][ T4114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.909025][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.926512][ T4122] loop3: detected capacity change from 0 to 164
[   32.932971][ T4120] loop1: detected capacity change from 0 to 2048
[   32.960282][ T4120] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.028818][ T3318] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[   33.043582][ T3318] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   33.056504][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.151173][ T4151] loop4: detected capacity change from 0 to 1024
[   33.190121][ T4151] EXT4-fs: Ignoring removed bh option
[   33.222675][ T4151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.346971][ T4151] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.293: Allocating blocks 385-513 which overlap fs metadata
[   33.367971][ T4151] EXT4-fs (loop4): pa ffff888104877070: logic 16, phys. 129, len 24
[   33.375985][ T4151] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8
[   33.430542][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.453354][ T4163] bridge0: entered promiscuous mode
[   33.458662][ T4163] macsec1: entered promiscuous mode
[   33.472302][ T4163] bridge0: port 3(macsec1) entered blocking state
[   33.478751][ T4163] bridge0: port 3(macsec1) entered disabled state
[   33.541519][ T4163] macsec1: entered allmulticast mode
[   33.546822][ T4163] bridge0: entered allmulticast mode
[   33.553025][ T4163] macsec1: left allmulticast mode
[   33.558180][ T4163] bridge0: left allmulticast mode
[   33.564117][ T4163] bridge0: left promiscuous mode
[   33.621262][ T4174] netlink: 104 bytes leftover after parsing attributes in process `syz.2.302'.
[   33.780964][ T4196] tipc: Started in network mode
[   33.785878][ T4196] tipc: Node identity ac14140f, cluster identity 4711
[   33.801695][ T4196] tipc: New replicast peer: 255.255.255.83
[   33.807564][ T4196] tipc: Enabled bearer <udp:£>, priority 10
[   33.892911][ T4207] netlink: 'syz.4.316': attribute type 1 has an invalid length.
[   33.903194][ T4209] loop0: detected capacity change from 0 to 1024
[   33.911605][ T4209] EXT4-fs: Ignoring removed bh option
[   33.926243][ T4214] netlink: 40 bytes leftover after parsing attributes in process `syz.4.319'.
[   33.941043][ T4209] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.957254][ T4209] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4193: comm syz.0.317: Allocating blocks 385-513 which overlap fs metadata
[   33.972592][ T4209] EXT4-fs (loop0): pa ffff888100566070: logic 16, phys. 129, len 24
[   33.980689][ T4209] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8
[   34.002120][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.067985][ T4230] netlink: 'syz.1.325': attribute type 10 has an invalid length.
[   34.076141][ T4230] netlink: 40 bytes leftover after parsing attributes in process `syz.1.325'.
[   34.108722][ T4230] team0: Port device geneve1 added
[   34.135609][ T4230] syz.1.325 (4230) used greatest stack depth: 9928 bytes left
[   34.137904][ T4233] Invalid ELF header magic: != ELF
[   34.165179][ T4237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.328'.
[   34.175845][ T4237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.328'.
[   34.208202][ T4242] IPVS: Error connecting to the multicast addr
[   34.240015][ T4246] loop4: detected capacity change from 0 to 1024
[   34.246664][ T4246] EXT4-fs: Ignoring removed orlov option
[   34.249196][ T4248] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   34.272261][ T4246] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.307837][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.391926][ T4272] loop4: detected capacity change from 0 to 512
[   34.401054][ T4272] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.413627][ T4272] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.449182][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.512229][ T4284] loop0: detected capacity change from 0 to 1024
[   34.519513][ T4284] EXT4-fs: Ignoring removed orlov option
[   34.548345][ T4284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.603923][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.829678][ T3003] tipc: Node number set to 2886997007
[   34.936071][ T4351] loop1: detected capacity change from 0 to 512
[   34.951210][ T4351] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.952426][ T4357] loop4: detected capacity change from 0 to 128
[   34.970479][ T4351] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.980605][ T4357] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   34.993095][ T4357] ext4 filesystem being mounted at /74/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   35.041884][ T3321] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   35.053362][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.067044][ T4364] loop3: detected capacity change from 0 to 1024
[   35.079225][ T4364] EXT4-fs: Ignoring removed orlov option
[   35.091116][ T4364] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.166742][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.237416][ T4387] netlink: 'syz.3.382': attribute type 10 has an invalid length.
[   35.305890][ T4387] team0: Port device geneve1 added
[   35.439727][ T4399] loop3: detected capacity change from 0 to 1024
[   35.449696][ T4399] EXT4-fs: Ignoring removed orlov option
[   35.466338][ T4399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.539403][ T4413] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   35.554782][ T4417] loop1: detected capacity change from 0 to 128
[   35.591948][ T4421] pim6reg1: entered allmulticast mode
[   35.610009][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.766355][ T4435] netlink: 'syz.2.404': attribute type 1 has an invalid length.
[   35.809817][ T4435] 8021q: adding VLAN 0 to HW filter on device batadv1
[   35.817941][ T4435] bond1: (slave batadv1): making interface the new active one
[   35.830563][ T4435] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   35.872974][ T4435] bond1 (unregistering): (slave batadv1): Releasing active interface
[   35.888659][ T4435] bond1 (unregistering): Released all slaves
[   35.917508][ T4447] smc: net device bond0 applied user defined pnetid SYZ0
[   35.924892][ T4455] smc: net device bond0 erased user defined pnetid SYZ0
[   36.342892][ T4509] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   36.576141][ T4538] hsr_slave_0: left promiscuous mode
[   36.583082][ T4538] hsr_slave_1: left promiscuous mode
[   36.735493][ T4553] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   36.788747][ T4557] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[   37.392521][   T29] kauditd_printk_skb: 242 callbacks suppressed
[   37.392534][   T29] audit: type=1400 audit(1764464234.558:653): avc:  denied  { setopt } for  pid=4568 comm="syz.3.465" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   37.452005][ T4571] loop3: detected capacity change from 0 to 512
[   37.472534][ T4571] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000)
[   37.482966][ T4571] FAT-fs (loop3): Filesystem has been set read-only
[   37.509641][ T4571] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000)
[   37.524811][ T4571] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000)
[   37.640265][ T4577] __nla_validate_parse: 12 callbacks suppressed
[   37.640278][ T4577] netlink: 44 bytes leftover after parsing attributes in process `syz.2.469'.
[   37.672117][ T4577] netlink: 9 bytes leftover after parsing attributes in process `syz.2.469'.
[   37.773851][ T4600] sch_tbf: burst 19360 is lower than device lo mtu (65550) !
[   37.869244][   T29] audit: type=1400 audit(1764464235.028:654): avc:  denied  { create } for  pid=4615 comm="syz.0.485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   37.888862][   T29] audit: type=1400 audit(1764464235.028:655): avc:  denied  { sys_admin } for  pid=4615 comm="syz.0.485" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   37.979638][   T29] audit: type=1326 audit(1764464235.088:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.002919][   T29] audit: type=1326 audit(1764464235.088:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.014451][ T4625] netlink: 12 bytes leftover after parsing attributes in process `syz.0.488'.
[   38.027034][   T29] audit: type=1326 audit(1764464235.088:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.041649][ T4625] 8021q: adding VLAN 0 to HW filter on device bond1
[   38.058562][   T29] audit: type=1326 audit(1764464235.088:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.088399][   T29] audit: type=1326 audit(1764464235.088:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.111724][   T29] audit: type=1326 audit(1764464235.088:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.135019][   T29] audit: type=1326 audit(1764464235.088:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4618 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407353f749 code=0x7ffc0000
[   38.253849][ T4642] netlink: 'syz.4.495': attribute type 12 has an invalid length.
[   38.261687][ T4642] netlink: 'syz.4.495': attribute type 29 has an invalid length.
[   38.269423][ T4642] netlink: 148 bytes leftover after parsing attributes in process `syz.4.495'.
[   38.278438][ T4642] netlink: 'syz.4.495': attribute type 2 has an invalid length.
[   38.286183][ T4642] netlink: 'syz.4.495': attribute type 3 has an invalid length.
[   38.360779][ T4649] netlink: 9 bytes leftover after parsing attributes in process `syz.0.497'.
[   38.376829][ T4649] netlink: 9 bytes leftover after parsing attributes in process `syz.0.497'.
[   38.418434][ T4653] netlink: 'syz.2.501': attribute type 1 has an invalid length.
[   38.426204][ T4653] netlink: 'syz.2.501': attribute type 4 has an invalid length.
[   38.433908][ T4653] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.501'.
[   38.485586][ T4658] process 'syz.2.503' launched './file1' with NULL argv: empty string added
[   38.586737][ T4671] bond1 (unregistering): Released all slaves
[   38.593781][ T4674] uprobe: syz.0.510:4674 failed to unregister, leaking uprobe
[   38.702031][ T4672] uprobe: syz.0.510:4672 failed to unregister, leaking uprobe
[   38.765852][ T4688] netlink: 332 bytes leftover after parsing attributes in process `syz.1.517'.
[   38.836881][ T4696] veth0: entered promiscuous mode
[   38.842554][ T4696] veth0: left promiscuous mode
[   38.862260][ T4702] loop0: detected capacity change from 0 to 512
[   38.871713][ T4702] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   38.884713][ T4702] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.088676][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   39.189453][ T4731] loop3: detected capacity change from 0 to 2048
[   39.197270][ T4733] SELinux:  Context system_u:object_r:logrotate_exec_t:s0 is not valid (left unmapped).
[   39.230260][ T4731] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.246461][ T4731] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.263786][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.271264][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.278747][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.286145][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.293559][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.302656][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.310918][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.318427][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.325881][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.333277][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   39.343888][ T3398] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[   39.447204][ T4750] loop0: detected capacity change from 0 to 128
[   39.455208][ T4750] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   39.477686][ T4750] ext4 filesystem being mounted at /107/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   39.631877][ T3312] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   39.643086][ T4752] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.535: bg 0: block 345: padding at end of block bitmap is not set
[   39.681413][ T4752] EXT4-fs (loop3): Remounting filesystem read-only
[   39.688200][   T31] EXT4-fs warning (device loop3): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[   39.732485][ T4758] xt_CT: You must specify a L4 protocol and not use inversions on it
[   39.773099][ T4766] loop2: detected capacity change from 0 to 1024
[   39.784886][ T4766] EXT4-fs: Ignoring removed nomblk_io_submit option
[   39.818797][ T4766] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.846378][ T4772] program syz.0.551 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   39.910141][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.928945][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.084009][ T4797] loop7: detected capacity change from 0 to 16384
[   40.094639][ T4795] loop2: detected capacity change from 0 to 164
[   40.107521][ T4795] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   40.134591][ T4795] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   40.143118][ T4795] Symlink component flag not implemented
[   40.148798][ T4795] Symlink component flag not implemented
[   40.172263][ T4795] Symlink component flag not implemented (7)
[   40.178313][ T4795] Symlink component flag not implemented (116)
[   40.251063][ T4804] loop7: detected capacity change from 16384 to 0
[   40.264719][    C1] I/O error, dev loop7, sector 11016 op 0x0:(READ) flags 0x80700 phys_seg 7 prio class 2
[   40.265059][ T4815] option changes via remount are deprecated (pid=4814 comm=syz.0.571)
[   40.309201][ T4823] loop1: detected capacity change from 0 to 512
[   40.315895][ T4823] EXT4-fs: Ignoring removed i_version option
[   40.321945][ T4823] EXT4-fs: Ignoring removed bh option
[   40.333041][ T4823] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.364887][ T4823] ext4 filesystem being mounted at /110/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   40.501906][ T4836] serio: Serial port ttyS3
[   40.520024][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.577685][ T4853] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   40.657713][ T4860] netlink: 24 bytes leftover after parsing attributes in process `syz.3.588'.
[   40.704115][ T2597] Bluetooth: hci0: Frame reassembly failed (-84)
[   40.872103][ T4884] loop0: detected capacity change from 0 to 128
[   40.976018][ T4884] bio_check_eod: 70 callbacks suppressed
[   40.976063][ T4884] syz.0.598: attempt to access beyond end of device
[   40.976063][ T4884] loop0: rw=2049, sector=185, nr_sectors = 16 limit=128
[   40.998089][ T4884] syz.0.598: attempt to access beyond end of device
[   40.998089][ T4884] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128
[   41.011907][ T4884] syz.0.598: attempt to access beyond end of device
[   41.011907][ T4884] loop0: rw=2049, sector=225, nr_sectors = 16 limit=128
[   41.025544][ T4884] syz.0.598: attempt to access beyond end of device
[   41.025544][ T4884] loop0: rw=2049, sector=249, nr_sectors = 8 limit=128
[   41.039040][ T4884] syz.0.598: attempt to access beyond end of device
[   41.039040][ T4884] loop0: rw=2049, sector=265, nr_sectors = 8 limit=128
[   41.052477][ T4884] syz.0.598: attempt to access beyond end of device
[   41.052477][ T4884] loop0: rw=2049, sector=281, nr_sectors = 8 limit=128
[   41.072618][ T4884] syz.0.598: attempt to access beyond end of device
[   41.072618][ T4884] loop0: rw=2049, sector=297, nr_sectors = 8 limit=128
[   41.086213][ T4884] syz.0.598: attempt to access beyond end of device
[   41.086213][ T4884] loop0: rw=2049, sector=313, nr_sectors = 8 limit=128
[   41.102883][ T4884] syz.0.598: attempt to access beyond end of device
[   41.102883][ T4884] loop0: rw=2049, sector=329, nr_sectors = 8 limit=128
[   41.116933][ T4884] syz.0.598: attempt to access beyond end of device
[   41.116933][ T4884] loop0: rw=2049, sector=345, nr_sectors = 8 limit=128
[   41.251965][ T4917] loop0: detected capacity change from 0 to 2048
[   41.269306][ T4917] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.288676][ T4925] loop2: detected capacity change from 0 to 2048
[   41.306860][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.317201][ T4925] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.330583][ T4925] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.370201][ T4933] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4933 comm=syz.0.618
[   41.417553][ T4936] ==================================================================
[   41.425638][ T4936] BUG: KCSAN: data-race in __xa_set_mark / xas_find_marked
[   41.432823][ T4936] 
[   41.435126][ T4936] read-write to 0xffff88811952f6b0 of 8 bytes by task 4925 on cpu 1:
[   41.443167][ T4936]  __xa_set_mark+0xd2/0x1a0
[   41.447652][ T4936]  __folio_mark_dirty+0x384/0x4a0
[   41.452662][ T4936]  mark_buffer_dirty+0x11e/0x210
[   41.457583][ T4936]  folio_zero_new_buffers+0x28c/0x2e0
[   41.462943][ T4936]  block_write_end+0x200/0x210
[   41.467693][ T4936]  ext4_da_write_end+0x1d3/0x800
[   41.472615][ T4936]  generic_perform_write+0x312/0x490
[   41.477882][ T4936]  ext4_buffered_write_iter+0x1ee/0x3c0
[   41.483409][ T4936]  ext4_file_write_iter+0x387/0xf60
[   41.488588][ T4936]  vfs_write+0x52a/0x960
[   41.492813][ T4936]  ksys_write+0xda/0x1a0
[   41.497044][ T4936]  __x64_sys_write+0x40/0x50
[   41.501618][ T4936]  x64_sys_call+0x2802/0x3000
[   41.506278][ T4936]  do_syscall_64+0xd2/0x200
[   41.510767][ T4936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.516640][ T4936] 
[   41.518941][ T4936] read to 0xffff88811952f6b0 of 8 bytes by task 4936 on cpu 0:
[   41.526464][ T4936]  xas_find_marked+0x218/0x620
[   41.531219][ T4936]  find_get_entry+0x5d/0x380
[   41.535801][ T4936]  filemap_get_folios_tag+0x13b/0x210
[   41.541163][ T4936]  mpage_prepare_extent_to_map+0x320/0xc00
[   41.546957][ T4936]  ext4_do_writepages+0xa05/0x2750
[   41.552056][ T4936]  ext4_writepages+0x176/0x300
[   41.556811][ T4936]  do_writepages+0x1c6/0x310
[   41.561386][ T4936]  __filemap_fdatawrite_range+0xfb/0x140
[   41.567003][ T4936]  generic_fadvise+0x312/0x430
[   41.571757][ T4936]  __x64_sys_fadvise64+0xcb/0x110
[   41.576763][ T4936]  x64_sys_call+0x29c5/0x3000
[   41.581422][ T4936]  do_syscall_64+0xd2/0x200
[   41.585909][ T4936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.591784][ T4936] 
[   41.594084][ T4936] value changed: 0x1fffffffffffffff -> 0x7fffffffffffffff
[   41.601167][ T4936] 
[   41.603466][ T4936] Reported by Kernel Concurrency Sanitizer on:
[   41.609593][ T4936] CPU: 0 UID: 0 PID: 4936 Comm: syz.2.615 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   41.620772][ T4936] Tainted: [W]=WARN
[   41.624549][ T4936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   41.634592][ T4936] ==================================================================
[   41.646621][ T4936] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.615: bg 0: block 345: padding at end of block bitmap is not set
[   41.661314][ T4936] EXT4-fs (loop2): Remounting filesystem read-only
[   41.667975][ T2597] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[   41.686300][ T4935] xt_hashlimit: max too large, truncated to 1048576
[   41.765672][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.749555][ T3792] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   42.750026][ T4868] Bluetooth: hci0: command 0x1003 tx timeout