last executing test programs:

29.644064262s ago: executing program 0 (id=1207):
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @remote, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @broadcast, @rand_addr=0x64010100, @multicast, @broadcast}}}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="8c00000010001fff00"/20, @ANYRES32=0x0, @ANYRES64=r0], 0x8c}}, 0x20000000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r1, &(0x7f0000000000)="fa", 0xfffffdef)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0xfffffffffffffd2a}], 0x1}, 0xc4531009e6a674e)
recvmmsg(r2, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000004c0)=""/4092, 0xffc}, {&(0x7f0000000300)=""/54, 0x36}], 0x2}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0x73a0}, {{&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private2}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000180)=""/125, 0x7d}], 0x1, &(0x7f00000014c0)=""/122, 0x7a}, 0x1}], 0x3, 0x42, 0x0)
memfd_create(&(0x7f0000000380)='#\x00', 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004801}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001600)=@newtfilter={0x4c0, 0x2c, 0xd27, 0xf0bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x5, 0xffff}, {}, {0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x490, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x9200}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_POLICE={0x46c, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0xbe}, @TCA_POLICE_RATE={0x404, 0x2, [0xfffffff0, 0x0, 0x1, 0xea, 0x2, 0x401, 0x8, 0x40, 0x0, 0x100, 0x78bb, 0xb, 0x1, 0x3, 0x8, 0x0, 0x3, 0x1, 0x8, 0x7, 0x80000000, 0x2, 0xc, 0x10001, 0xfffffff5, 0x61, 0x100, 0x3, 0x5, 0x6, 0x81, 0x80000000, 0x3, 0xca, 0xffff404e, 0x2, 0xe, 0x8, 0x248000, 0x6, 0xfce, 0x1ff, 0x60, 0x8, 0xffff8001, 0x2, 0xffff, 0x1, 0x8000, 0x7, 0x400, 0x81, 0x1, 0xfffffffb, 0x2, 0x3, 0x7f, 0x10000, 0x8, 0x5, 0x6, 0x755, 0x14, 0x8, 0x0, 0x101, 0x7f, 0x4, 0x10000, 0x9, 0x400, 0x0, 0x0, 0x4, 0xfffffffb, 0x4a0, 0x9, 0x11, 0x8, 0x1e2, 0x7f, 0xa, 0x800, 0x0, 0x40, 0x81, 0x96, 0x7, 0x6, 0x7, 0xffffffff, 0x4afb, 0x3, 0x4, 0x8, 0x5, 0x0, 0x7fff, 0x3, 0xffffffff, 0x101, 0x9, 0x3, 0x5, 0x5, 0xfff, 0x50, 0x7, 0x6, 0x0, 0x0, 0x31, 0x7, 0x8000, 0xcb, 0x7, 0x7, 0x10001, 0xfffffffc, 0x4, 0x4, 0xd66d, 0x1000, 0xa3, 0x4, 0xe4e9, 0x7, 0x0, 0x9, 0x5, 0x1a7, 0x2, 0xf, 0x3, 0x0, 0x7, 0x1, 0x0, 0x3a, 0xffff, 0x1, 0x3, 0x0, 0x2, 0x9, 0x7, 0x1, 0x9, 0x80000000, 0x3, 0xcd89, 0xf, 0x7f, 0xffffffff, 0x9, 0xd, 0x8000f9fa, 0x8001, 0xffff, 0x5, 0x3, 0x6, 0x4, 0x100, 0x4, 0x7, 0x6, 0xfc29, 0x40, 0x4, 0xaf, 0x2, 0x3b5, 0xff, 0x8, 0xc, 0x8, 0x3000, 0x2000, 0xd9, 0x6, 0x7, 0x9, 0x7, 0x7ff, 0xffffe9a0, 0x101, 0x9, 0x1000, 0x3, 0x19, 0x1, 0x1, 0x5, 0x4, 0xb98, 0x2, 0x1, 0x5, 0xa, 0x2b, 0x40, 0x200, 0x51, 0x9, 0x5, 0xdae, 0xfef, 0xbb, 0x4, 0xc63, 0xa98, 0x7, 0x6, 0x3, 0x80000001, 0x5f, 0x80, 0xfffffffb, 0x0, 0x1, 0x4a, 0x7, 0x80000000, 0xbf, 0x3ff, 0x6, 0x0, 0x10000, 0x6, 0x1, 0x9, 0x5, 0xfffffffd, 0xd9c, 0x0, 0xfffffffb, 0x0, 0x81, 0x0, 0x3, 0x2, 0xd, 0x200, 0xc, 0x0, 0xa, 0x80, 0x4, 0xffffffff, 0x80000001, 0x45, 0x8, 0x3ff, 0xb51, 0x10]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x80000000}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x89}, @TCA_POLICE_TBF={0x3c, 0x1, {0x1000, 0x20000000, 0x8, 0x1, 0x81, {0xc4, 0x2, 0x0, 0xa9, 0x2499, 0x6}, {0x4, 0x1, 0x3, 0x5, 0x10, 0x494}, 0x0, 0x6, 0x6}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}]}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0xe8cb}, @TCA_FLOW_MODE={0x8, 0x2, 0x16309806d7ae470a}]}}]}, 0x4c0}, 0x1, 0x0, 0x0, 0x10}, 0xc010)
socket$unix(0x1, 0x1, 0x0)

28.815347268s ago: executing program 0 (id=1225):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2(0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x34}}, 0x0)
mount$bind(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

27.362047286s ago: executing program 0 (id=1240):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r0, 0xffffffffffffffff, 0x0)

27.324339786s ago: executing program 0 (id=1241):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1008002, &(0x7f0000000140)={[{@noauto_da_alloc}, {@grpquota}, {@grpjquota}, {@barrier}, {@dioread_nolock}, {@nodiscard}, {@nomblk_io_submit}, {@nodiscard}]}, 0x81, 0x619, &(0x7f0000001800)="$eJzs3c9vVNUeAPDvnZmWlvJeC3l57+FCmhgDidLSAoYYF7A1pMEfcauVFkQKNLRGiyaUBDcmxo0xJq7c4H+hBLZs1JULN64MCVHC0sQxM51bpp0703bozG2YzycZe+89czzfy/Tbc+bOOXcC6Fmjlf8UIvZHxHwSMZwsr5aVolY4uvK8Rw8/OVt5JFEuv/FHEkntWPr8pPZzqFZ5ICJ+upPEvmJjuwtL1y5Oz83NXq3tjy9emh9fWLp2+MKl6fOz52cvT740eeL4seMnJo60dV7XM46dvvn+h8OfTZXim7+Sie9+nUriZLxae2L9eWyX0Rit/pskjUVDJ7a7sZwUa78n9S9xUsoxILYkff36IuJ/MRzFePziDcenr+UaHNBR5SSivDWlrVYAdqpEOkOPSscB6Xv79e+DC7mMSoBueHBq5QJAY/6XVq4NxkD12sDuR0nUX9ZJIqK9K3Nr7YmIe3enbp67O3UzOnQdDsi2fCMi/p+V/0k1/0diIEaq+V9Yk/+VccGZ2s/K8de3KZ6N8t94BLbPSv4PtMz/aJL/79Tl/7tttj/6ePO9wTX5P9juKQEAAAAAAEDPun0qIl7M+vy/sDr/JzLm/wxFxMltaH903X7j5/+F+9vQDJDhwamIVzLn/xbS2TYjxbq9kehLzl2Ymz0SEf+OiEPRt6uyP9GijcOf7/u6Wdlobf5f+qi0f682F7AWx/3SrrV1ZqYXp5/0vIGIBzcinsmc/5us9v9JRv9f+Vswv8k29j1/60yzso3zH+iU8rcRBzP7/8d3rUha359jvDoeGE9HBY2e/fiL75u1327+u8UEPLlK/7+7df6PJPX361nYehtHl0rlZmXtjv/7kzert5zprx37aHpx8epERH9yulg5uub45NZjhqdRmg9pvlTy/9Bzra//ZY3/ByNied3/O/lz7Zri1H//HvqtWTzG/5CfSv7PbKn/b9woRNOi6sbkrZEfmrWf5n/axWf3/8eqff2h2pGZjPsJQi/6Kk3T/rXHM9KxlFXU7XgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GlQiIg9kRTGVrcLhbGxiKGI+E/sLsxdWVh84dyVDy7PVMqq3/9fSL/pd3hlP0m//3+kbn9y3f7RiNgbEV8WB6v7Y2evzM3kffIAAAAAAAAAAAAAAAAAAACwQww1Wf9f8Xsx7+iAjivlHQCQm4z8/zmPOIDu0/9D72qZ/28/7F4gQNdtpv8f6EIcQPcZ/0Pvkv/Quxrzv9Un/w/L5XJHwwG6aGv9f3/H4gC6z/gfAAAAAACeKnsP3P4liYjllwerj6j7gK8v18iATivkHQCQG7f4gd5l6g/0Lu/xgWSD8szl/8lmarYyf/YJKgMAAAAAAAAAAABAzzm43/p/6FXW/0Pvsv4fele6/v9AznEA3ec9PhAbrORvWP9f3EwtAAAAAAAAAAAAAGA7LSxduzg9Nzd71cZbbVb/8V8RuQff3ka5XL5e+S3YKfHsgI1d9UfuDK1kySarp1Ph8z+LzI10rd/mauX0BwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjwTwAAAP//cFAcIA==")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="85000000af00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000280000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00'}, 0x94)
mkdir(&(0x7f0000000040)='./bus\x00', 0x6)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00')
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8042, 0x0)
ptrace(0x10, r0)
modify_ldt$write(0x1, &(0x7f0000000040)={0xd35, 0x1000, 0x4000}, 0x10)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
r6 = pidfd_getfd(r5, r5, 0x0)
setns(r6, 0x66020000)
syz_clone(0x50a60080, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0))

27.060243891s ago: executing program 0 (id=1245):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000ac0)=@newtaction={0x80, 0x30, 0x1, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_ct={0x68, 0x1, 0x0, 0x0, {{0x7}, {0x40, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x0, 0xffffffffffffffff}}, @TCA_CT_MARK={0x8, 0x10, 0x80000000}, @TCA_CT_LABELS={0x14, 0x7, "0118aae167fe4bb4d318e45cb16cfc7a"}, @TCA_CT_ACTION={0x6, 0x3, 0x3}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800)

26.0436249s ago: executing program 0 (id=1258):
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x4000)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000800)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001c04d3454a110e5ac5783ba110a07cc1dd855734b88b95e750c341132472ecbfddad536a075c0ea2df934242ce43d42defd2b9debd206667d829e2aafef717cdf6389c9df14c6836e7ac8e7700502bee33b3f7769ee"], 0x114}, {&(0x7f00000009c0)=ANY=[@ANYBLOB="cc0200003100000425bd7000fddbdf25d2004b8090e985c10e41bc16c3afdfa48f5504b1be674defb8e523ca931fc47fca0761f089f12dee7390f97c1afc9919b1fe48e849ff8dfba904c78d93262ae3d33f0064ebf13671c70daa79cc0fe13e298fd364e11960d535c26097d135265e7942c4c5db720b1846c07b77ed5d954b166fd8b48c9e0f6ca471ddfcbb5f163f777786f7a3fbfa7733802ee8c4a951358fe78e1ef7f4dbe179e9502c3354b1cebef86cef6a5c32967a223845ba9396fced3f604240981e8f247067e1349e286bc6c8269ebede928867184559936b04001380000072f367e932248bbb5f84927c213d001b02bcf2d2bd5b90abb49e35b671d5cc9e8646e4ecaf6db0c14b26d2c061e2895d84e85ee2272e330857cf5816d5761dcdb9cbd0815823a9e2e08d59f3a8cac38f824e82d6a380359c14f0b327fd5004cfcb9ba79164d762baff997f2fd16507defa04591b820f92c60d5c85e8eab1cc5c87f6a6027e19ea6adec8a708b47f58365690e1f34b33cc001933f43099cbdb9dc2e741283e1400b300fc0000000000000000000000000000008b004180040037800c001496532832", @ANYRES8=r1, @ANYRESDEC], 0x2cc}], 0x2, 0x0, 0x0, 0x20000001}, 0x54)

25.954616952s ago: executing program 32 (id=1258):
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x4000)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000800)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001c04d3454a110e5ac5783ba110a07cc1dd855734b88b95e750c341132472ecbfddad536a075c0ea2df934242ce43d42defd2b9debd206667d829e2aafef717cdf6389c9df14c6836e7ac8e7700502bee33b3f7769ee"], 0x114}, {&(0x7f00000009c0)=ANY=[@ANYBLOB="cc0200003100000425bd7000fddbdf25d2004b8090e985c10e41bc16c3afdfa48f5504b1be674defb8e523ca931fc47fca0761f089f12dee7390f97c1afc9919b1fe48e849ff8dfba904c78d93262ae3d33f0064ebf13671c70daa79cc0fe13e298fd364e11960d535c26097d135265e7942c4c5db720b1846c07b77ed5d954b166fd8b48c9e0f6ca471ddfcbb5f163f777786f7a3fbfa7733802ee8c4a951358fe78e1ef7f4dbe179e9502c3354b1cebef86cef6a5c32967a223845ba9396fced3f604240981e8f247067e1349e286bc6c8269ebede928867184559936b04001380000072f367e932248bbb5f84927c213d001b02bcf2d2bd5b90abb49e35b671d5cc9e8646e4ecaf6db0c14b26d2c061e2895d84e85ee2272e330857cf5816d5761dcdb9cbd0815823a9e2e08d59f3a8cac38f824e82d6a380359c14f0b327fd5004cfcb9ba79164d762baff997f2fd16507defa04591b820f92c60d5c85e8eab1cc5c87f6a6027e19ea6adec8a708b47f58365690e1f34b33cc001933f43099cbdb9dc2e741283e1400b300fc0000000000000000000000000000008b004180040037800c001496532832", @ANYRES8=r1, @ANYRESDEC], 0x2cc}], 0x2, 0x0, 0x0, 0x20000001}, 0x54)

3.450388274s ago: executing program 4 (id=1642):
syz_emit_ethernet(0x86, &(0x7f0000000500)={@random="a5ea4ef90008", @random="0000009000", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x17, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @local, {[@rr={0x7, 0x3, 0x40}, @rr={0x7, 0x7, 0x15, [@private=0xa010101]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa01012f}, {@multicast1}, {@dev={0xac, 0x14, 0x14, 0x1f}}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {}, {@dev}, {@private}]}]}}}}}}}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='netlink_extack\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001900010000000000000000001c140000fe00", @ANYRES64=r5], 0x24}}, 0x4000000)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r3)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r8=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000680))
sendmsg$NL80211_CMD_START_NAN(r3, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f0000000600)={0x5c, r7, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x65}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xb}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040810}, 0x40000)
setsockopt$MRT_TABLE(r3, 0x0, 0xcf, &(0x7f0000000180)=0xff, 0x4)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000016c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x8, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x181381)
ioctl$USBDEVFS_CLAIM_PORT(r9, 0x80045518, &(0x7f0000000000)=0x1)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r10, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
socket$inet6(0xa, 0xa, 0xa25)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r0, 0x0, 0x44, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c0000000000000c548dc7914cb11ad63bf3707164aac031971c4be105eb953f86fbc6b204e076aa7a493e796123bbbd8e3b7e62d8fd097cf21d6d431a069ebc0aefd5fce80cc99fb38c771fa46e2c32a95fe99", 0x0, 0x86, 0x0, 0xffffffffffffff80, 0x0, &(0x7f0000000000)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36eb77dd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x15)

3.250021348s ago: executing program 4 (id=1645):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x973, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000002d)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0)
r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r2, r3, 0x3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)

2.677529249s ago: executing program 4 (id=1653):
r0 = epoll_create1(0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
eventfd(0x4)
syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score\x00')
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e20, @private=0xa010100}, {0x2, 0x4a24, @remote}, {0x2, 0x4e25, @multicast2}, 0x184, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x8000000000000000, 0x0, 0xb4})
write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000002c0)=ANY=[@ANYRES8=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r4, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x541c, &(0x7f0000000000))
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x81800)
syncfs(r0)

2.477180033s ago: executing program 4 (id=1657):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_socket_connect_nvme_tcp()

2.430362544s ago: executing program 4 (id=1658):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r0, 0x0, 0x20000000001}, 0x18)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000a40)=ANY=[@ANYBLOB="020300030f0000002cbd7040fcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af030006000000000002004e22ac1414bb000000000000000002000100000000000000070c00000080030005000000000002004e22ac14140a00000000000000000200130002"], 0x78}, 0x1, 0x7}, 0x0)

2.364987905s ago: executing program 4 (id=1659):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r2, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000)
r4 = syz_open_dev$MSR(0x0, 0x8000002000000, 0x0)
read$msr(r4, 0x0, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff28, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}], 0x1, 0x0)
unshare(0x2c040000)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f00000001c0)={0x1c, r2, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x20040000)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r8 = openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x100000b, 0x2013, r8, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
syslog(0x2, &(0x7f00000000c0)=""/88, 0x58)

1.976517022s ago: executing program 2 (id=1667):
r0 = epoll_create1(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000003e7400850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_WANTACK(r2, 0x0, 0x0, &(0x7f0000000000)=0x1, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x8)
sendto$inet6(r4, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
shutdown(r4, 0x1)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r5)
poll(&(0x7f0000000040)=[{r0, 0x200}], 0x1, 0xdb3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r6, &(0x7f0000000100))
shutdown(r6, 0x0)
epoll_wait(r0, &(0x7f0000000000)=[{}], 0x1, 0x101)
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f0000000080)=[<r7=>0xee00])
setregid(r7, r7)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000140)=""/172, 0xac)

1.493097372s ago: executing program 1 (id=1674):
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x48)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f00000004c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000400000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, 0x0, 0x0)
timer_create(0x3, 0x0, 0x0)
timer_settime(0x0, 0x1, 0x0, 0x0)
timer_gettime(0x0, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="84000000000801040000000000000000050000080500030006000000140004800800838a83690eb9de830b40000000030900010073797a31000000000900010073797a310000000034000480080005400000180308000b40000004f908000340000000000800074004000002080006400000000e08000b4000000008060002"], 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x880)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180040008003950323030"], 0x15)
r6 = dup(r5)
write$P9_RLERRORu(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x20, &(0x7f00000003c0)={'trans=tcp,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@cache_loose}, {@noextend}, {@debug={'debug', 0x3d, 0x80}}, {@noxattr}, {@privport}, {@loose}, {@version_u}], [{@euid_gt}, {@measure}]}})
stat(&(0x7f0000002040)='./file0\x00', &(0x7f0000002080))

1.449446653s ago: executing program 1 (id=1676):
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fb, 0x101301)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0xfffffff8, 0x40, &(0x7f0000000000)={0x20, 0xc, 0xb, 0xfffd, 0xfffc}, 0x8, 0x3, 0x8, 0x0, 0x2, 0x20000, 0x0})

1.403594434s ago: executing program 1 (id=1677):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_socket_connect_nvme_tcp()

1.386901894s ago: executing program 1 (id=1678):
r0 = socket(0x8, 0x1, 0x800000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@dioread_lock}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000014c0)}], 0x1}}], 0x1, 0x4000)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pause()
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000040)={0x19, 0x5, 0xb, 0x6, 0xfffffff0, 0x9})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
socket$packet(0x11, 0x3, 0x300)
r6 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r0}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000100), &(0x7f0000000280)=r7}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0)
write$binfmt_script(r8, &(0x7f0000000680)={'#! ', './file0'}, 0xb)

1.191312468s ago: executing program 3 (id=1683):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0)
semctl$SEM_STAT(0x0, 0x1, 0x12, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000140)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12t\x02\x006\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x01\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x04.\x9aL\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX\xf73\xa1\xa2\'\x00\x00\x00\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\a\xf6\xfc\x1d\xd4\x893\xeb)\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O!\xd2q\xda}\xe2\xa2\xfe\xfd)\\\xdf\x9aN\\\xaeyc\xe4g\xc0\x8a\n\v{\xa9H\\\xd1\x9d')
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80)
socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000018"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

1.0682483s ago: executing program 3 (id=1685):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@noquota}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000280)=0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e20, @dev}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r5}, 0x9)
close(r3)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r6}, './bus\x00'})
r8 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r9, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @in=@multicast2, 0x4e22, 0x6e, 0x4e22, 0x8, 0xa, 0x40, 0x80, 0x89, 0x0, r9}, {0xa7a5, 0x2, 0x7f, 0xfffffffffffff001, 0x8, 0xfffffffffffffff8, 0x9, 0x3ff}, {0x5ed, 0x5, 0xfffffffffffffffc, 0x10001}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d6, 0x5a}, 0x2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3504, 0x2, 0x2, 0x93, 0x3, 0x5}}, 0xe8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'wg2\x00', 0x20})
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x62, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x2424, 0x0, 0x800000, 0x0, 0x2, 0x200, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r10, &(0x7f00000009c0)="3bf58d", 0x3)
sendfile(r10, r0, 0x0, 0x3ffff)
sendfile(r10, r0, 0x0, 0x7fffeffd)

1.029081451s ago: executing program 2 (id=1686):
socket$inet6(0xa, 0x3, 0x8000000003c)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

990.645852ms ago: executing program 2 (id=1687):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r1, r2, 0x3, 0x0)

963.436522ms ago: executing program 2 (id=1688):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_socket_connect_nvme_tcp()

949.930513ms ago: executing program 2 (id=1689):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1008002, &(0x7f0000000140)={[{@noauto_da_alloc}, {@grpquota}, {@grpjquota}, {@barrier}, {@dioread_nolock}, {@nodiscard}, {@nomblk_io_submit}, {@nodiscard}]}, 0x81, 0x619, &(0x7f0000001800)="$eJzs3c9vVNUeAPDvnZmWlvJeC3l57+FCmhgDidLSAoYYF7A1pMEfcauVFkQKNLRGiyaUBDcmxo0xJq7c4H+hBLZs1JULN64MCVHC0sQxM51bpp0703bozG2YzycZe+89czzfy/Tbc+bOOXcC6Fmjlf8UIvZHxHwSMZwsr5aVolY4uvK8Rw8/OVt5JFEuv/FHEkntWPr8pPZzqFZ5ICJ+upPEvmJjuwtL1y5Oz83NXq3tjy9emh9fWLp2+MKl6fOz52cvT740eeL4seMnJo60dV7XM46dvvn+h8OfTZXim7+Sie9+nUriZLxae2L9eWyX0Rit/pskjUVDJ7a7sZwUa78n9S9xUsoxILYkff36IuJ/MRzFePziDcenr+UaHNBR5SSivDWlrVYAdqpEOkOPSscB6Xv79e+DC7mMSoBueHBq5QJAY/6XVq4NxkD12sDuR0nUX9ZJIqK9K3Nr7YmIe3enbp67O3UzOnQdDsi2fCMi/p+V/0k1/0diIEaq+V9Yk/+VccGZ2s/K8de3KZ6N8t94BLbPSv4PtMz/aJL/79Tl/7tttj/6ePO9wTX5P9juKQEAAAAAAEDPun0qIl7M+vy/sDr/JzLm/wxFxMltaH903X7j5/+F+9vQDJDhwamIVzLn/xbS2TYjxbq9kehLzl2Ymz0SEf+OiEPRt6uyP9GijcOf7/u6Wdlobf5f+qi0f682F7AWx/3SrrV1ZqYXp5/0vIGIBzcinsmc/5us9v9JRv9f+Vswv8k29j1/60yzso3zH+iU8rcRBzP7/8d3rUha359jvDoeGE9HBY2e/fiL75u1327+u8UEPLlK/7+7df6PJPX361nYehtHl0rlZmXtjv/7kzert5zprx37aHpx8epERH9yulg5uub45NZjhqdRmg9pvlTy/9Bzra//ZY3/ByNied3/O/lz7Zri1H//HvqtWTzG/5CfSv7PbKn/b9woRNOi6sbkrZEfmrWf5n/axWf3/8eqff2h2pGZjPsJQi/6Kk3T/rXHM9KxlFXU7XgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GlQiIg9kRTGVrcLhbGxiKGI+E/sLsxdWVh84dyVDy7PVMqq3/9fSL/pd3hlP0m//3+kbn9y3f7RiNgbEV8WB6v7Y2evzM3kffIAAAAAAAAAAAAAAAAAAACwQww1Wf9f8Xsx7+iAjivlHQCQm4z8/zmPOIDu0/9D72qZ/28/7F4gQNdtpv8f6EIcQPcZ/0Pvkv/Quxrzv9Un/w/L5XJHwwG6aGv9f3/H4gC6z/gfAAAAAACeKnsP3P4liYjllwerj6j7gK8v18iATivkHQCQG7f4gd5l6g/0Lu/xgWSD8szl/8lmarYyf/YJKgMAAAAAAAAAAABAzzm43/p/6FXW/0Pvsv4fele6/v9AznEA3ec9PhAbrORvWP9f3EwtAAAAAAAAAAAAAGA7LSxduzg9Nzd71cZbbVb/8V8RuQff3ka5XL5e+S3YKfHsgI1d9UfuDK1kySarp1Ph8z+LzI10rd/mauX0BwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjwTwAAAP//cFAcIA==")
mkdir(0x0, 0x6)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00')

832.078574ms ago: executing program 2 (id=1690):
r0 = epoll_create1(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000003e7400850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_WANTACK(r2, 0x0, 0x0, &(0x7f0000000000)=0x1, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x8)
sendto$inet6(r4, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
shutdown(r4, 0x1)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r5)
poll(&(0x7f0000000040)=[{r0, 0x200}], 0x1, 0xdb3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r6, &(0x7f0000000100))
shutdown(r6, 0x0)
epoll_wait(r0, &(0x7f0000000000)=[{}], 0x1, 0x101)
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f0000000080)=[<r7=>0xee00])
setregid(r7, r7)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r8 = syz_open_procfs(0x0, &(0x7f0000000400)='ns\x00')
readlinkat(r8, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000140)=""/172, 0xac)

726.289947ms ago: executing program 5 (id=1691):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b000000000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fsetxattr$security_selinux(r2, &(0x7f00000000c0), &(0x7f0000000000)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x1)

684.374727ms ago: executing program 5 (id=1692):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r0, 0x0, 0x20000000001}, 0x18)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000a40)=ANY=[@ANYBLOB="020300030f0000002cbd7040fcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af030006000000000002004e22ac1414bb000000000000000002000100000000000000070c00000080030005000000000002004e22ac14140a00000000000000000200130002"], 0x78}, 0x1, 0x7}, 0x0)

630.109508ms ago: executing program 5 (id=1693):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})

530.659621ms ago: executing program 5 (id=1694):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0xa, 0x801, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

514.547991ms ago: executing program 1 (id=1695):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
timer_create(0x0, 0x0, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r5}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8)
unshare(0x62040200)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendto$inet6(r2, &(0x7f0000000080)="be", 0x1, 0x4008014, &(0x7f0000000000)={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, '\x00', 0x23}, 0x7}, 0x1c)
shutdown(r2, 0x1)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}, 0x1, 0x0, 0x0, 0x68840}, 0x4)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}}], 0x1, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000feffffff000000000000000071104b000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000015c0)=@IORING_OP_UNLINKAT={0x24, 0x76, 0x0, r7, 0x0, &(0x7f0000001580)='./file0\x00', 0x0, 0x200, 0x0, {0x0, r9}})

457.415942ms ago: executing program 5 (id=1696):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$msdos(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000380), 0x1, 0x2cb, &(0x7f00000003c0)="$eJzs3T1rm0cAB/Cr7NpFxS9ToV16tEu7PLjuF6goNpgKWlwrJBkCj/HjREiRjB5BJJPBe5bs+QYmY7ZAyBcw5ENk8xI8eYqCLcdvccgQ5Aej3w/E/eGP4I7jxC3i9m8/fdjYzJPNtBtKf8UwGUIoHYYwH0phIgx9czKWjvNUOG8n/F5+8+zJ/3fu/lOpVpdWY1yurP25GGOc/fnVo8fPf3nd/f7Wi9mX02Fv/t7+u8W3ez/s/bj/fu1BPY/1PLba3ZjG9Xa7m643s7hRzxtJjP81szTPYr2VZ50L/WazvbXVj2lrY6a81cnyPKatfmxk/dhtx26nH9P7ab0VkySJM+XAl9R2V1fTStGzYLQ6nUp6dIanP2lqu4VMCAAolPv/OHP/HwdH9/+pk/N7kfs/AAAAAAAAAAAAAADcBIeDwdxgMJj7OF7+FD0/Rsv+jzf7P97s/3g798fd70I42OnVerXhOOyXV6pLC/HY/Nm3Dnq92sRp/8ewjxf7b0P5pF+8sp8Kv/067I+6v/+tXuqnw8bolw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx5J46sr3/ZPkc/0wLa9UlxaufN9/Mvw0eW3LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICvkve3G2mzmXUEQRBOQ9G/TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD9zh79LnomAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCnvbzfSZjPrjDAUvUYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJvoQwAAAP//jsgAew==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000300)=r1}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af342e93c39d97e5d74d5a8e96c15fdcde7526b0af54b145e61b042c1e600390590a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0xffffffd2}, 0x42)
syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r6)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)

258.474975ms ago: executing program 1 (id=1697):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@noquota}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000280)=0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e20, @dev}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r5}, 0x9)
close(r3)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r6}, './bus\x00'})
r8 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r9, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @in=@multicast2, 0x4e22, 0x6e, 0x4e22, 0x8, 0xa, 0x40, 0x80, 0x89, 0x0, r9}, {0xa7a5, 0x2, 0x7f, 0xfffffffffffff001, 0x8, 0xfffffffffffffff8, 0x9, 0x3ff}, {0x5ed, 0x5, 0xfffffffffffffffc, 0x10001}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d6, 0x5a}, 0x2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3504, 0x2, 0x2, 0x93, 0x3, 0x5}}, 0xe8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'wg2\x00', 0x20})
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x62, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x2424, 0x0, 0x800000, 0x0, 0x2, 0x200, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r10, &(0x7f00000009c0)="3bf58d", 0x3)
sendfile(r10, r0, 0x0, 0x3ffff)
sendfile(r10, r0, 0x0, 0x7fffeffd)

180.517787ms ago: executing program 5 (id=1698):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x973, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000002d)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0)
r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r2, r3, 0x3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)

179.825727ms ago: executing program 3 (id=1699):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_socket_connect_nvme_tcp()

106.019178ms ago: executing program 3 (id=1700):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000000)="aa", 0xffe0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

44.84624ms ago: executing program 3 (id=1701):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000400850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

0s ago: executing program 3 (id=1702):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@noquota}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000280)=0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e20, @dev}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r5}, 0x9)
close(r3)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r6}, './bus\x00'})
r8 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r9, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @in=@multicast2, 0x4e22, 0x6e, 0x4e22, 0x8, 0xa, 0x40, 0x80, 0x89, 0x0, r9}, {0xa7a5, 0x2, 0x7f, 0xfffffffffffff001, 0x8, 0xfffffffffffffff8, 0x9, 0x3ff}, {0x5ed, 0x5, 0xfffffffffffffffc, 0x10001}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d6, 0x5a}, 0x2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3504, 0x2, 0x2, 0x93, 0x3, 0x5}}, 0xe8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'wg2\x00', 0x20})
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)

kernel console output (not intermixed with test programs):

0003][ T5794] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.887: corrupted inode contents
[   80.821063][ T5805] CPU: 1 UID: 0 PID: 5805 Comm: syz.4.891 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   80.821109][ T5805] Tainted: [W]=WARN
[   80.821138][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   80.821156][ T5805] Call Trace:
[   80.821165][ T5805]  <TASK>
[   80.821176][ T5805]  __dump_stack+0x1d/0x30
[   80.821205][ T5805]  dump_stack_lvl+0xe8/0x140
[   80.821232][ T5805]  dump_stack+0x15/0x1b
[   80.821261][ T5805]  should_fail_ex+0x265/0x280
[   80.821295][ T5805]  should_failslab+0x8c/0xb0
[   80.821323][ T5805]  kmem_cache_alloc_noprof+0x50/0x310
[   80.821370][ T5805]  ? audit_log_start+0x342/0x720
[   80.821496][ T5805]  audit_log_start+0x342/0x720
[   80.821618][ T5805]  ? kstrtouint+0x76/0xc0
[   80.821647][ T5805]  audit_seccomp+0x48/0x100
[   80.821688][ T5805]  ? __seccomp_filter+0x82d/0x1250
[   80.821806][ T5805]  __seccomp_filter+0x83e/0x1250
[   80.821844][ T5805]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   80.821878][ T5805]  ? vfs_write+0x7e8/0x960
[   80.821985][ T5805]  ? __rcu_read_unlock+0x4f/0x70
[   80.822018][ T5805]  ? __fget_files+0x184/0x1c0
[   80.822051][ T5805]  __secure_computing+0x82/0x150
[   80.822086][ T5805]  syscall_trace_enter+0xcf/0x1e0
[   80.822197][ T5805]  do_syscall_64+0xac/0x200
[   80.822241][ T5805]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   80.822278][ T5805]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   80.822321][ T5805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.822412][ T5805] RIP: 0033:0x7f6358dfeec9
[   80.822439][ T5805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.822466][ T5805] RSP: 002b:00007f6357867038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[   80.822503][ T5805] RAX: ffffffffffffffda RBX: 00007f6359055fa0 RCX: 00007f6358dfeec9
[   80.822522][ T5805] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   80.822539][ T5805] RBP: 00007f6357867090 R08: 0000000000000000 R09: 0000000000000000
[   80.822557][ T5805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   80.822573][ T5805] R13: 00007f6359056038 R14: 00007f6359055fa0 R15: 00007ffe86c142f8
[   80.822626][ T5805]  </TASK>
[   80.822636][ T5805] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[   80.844008][   T29] audit: type=1326 audit(1759390157.469:5391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5804 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[   80.851589][ T5798] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   80.858287][ T5794] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.887: mark_inode_dirty error
[   80.861396][ T5798] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   80.865723][ T5794] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.887: corrupted inode contents
[   81.126585][ T5794] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   81.141094][ T5794] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.887: corrupted inode contents
[   81.153368][ T5794] EXT4-fs error (device loop1): ext4_truncate:4666: inode #16: comm syz.1.887: mark_inode_dirty error
[   81.164777][ T5794] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   81.175414][ T5794] EXT4-fs (loop1): 1 truncate cleaned up
[   81.181355][   T37] EXT4-fs error (device loop1): ext4_release_dquot:6979: comm kworker/u8:2: Failed to release dquot type 1
[   81.195045][ T5794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   81.197920][ T5798] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   81.217490][ T5798] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   81.239074][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.274885][ T5816] netlink: 'syz.3.896': attribute type 1 has an invalid length.
[   81.300215][ T5816] 8021q: adding VLAN 0 to HW filter on device bond1
[   81.323069][ T5798] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   81.333064][ T5798] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   81.364821][ T5822] bond1 (unregistering): Released all slaves
[   81.429529][   T51] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   81.437859][   T51] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   81.456288][   T51] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   81.464653][   T51] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   81.509288][   T51] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   81.517679][   T51] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   81.548610][ T5826] lo speed is unknown, defaulting to 1000
[   81.551718][   T51] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   81.562760][   T51] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   81.784235][ T5835] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   81.794260][ T5835] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   81.850807][ T5835] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   81.860751][ T5835] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   81.922320][ T5835] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   81.932228][ T5835] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   82.011232][ T5835] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   82.021218][ T5835] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   82.075902][ T5840] IPVS: length: 24 != 696
[   82.291690][ T5846] __nla_validate_parse: 7 callbacks suppressed
[   82.291710][ T5846] netlink: 132 bytes leftover after parsing attributes in process `syz.4.907'.
[   82.552025][ T5866] loop4: detected capacity change from 0 to 1024
[   82.560505][ T5866] EXT4-fs: Ignoring removed bh option
[   82.566707][ T5866] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   82.591671][ T5866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.631105][ T5877] netlink: 128 bytes leftover after parsing attributes in process `syz.1.920'.
[   82.916875][ T5906] lo speed is unknown, defaulting to 1000
[   83.268377][ T5939] FAULT_INJECTION: forcing a failure.
[   83.268377][ T5939] name failslab, interval 1, probability 0, space 0, times 0
[   83.281134][ T5939] CPU: 0 UID: 0 PID: 5939 Comm: syz.1.937 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   83.281184][ T5939] Tainted: [W]=WARN
[   83.281193][ T5939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   83.281264][ T5939] Call Trace:
[   83.281270][ T5939]  <TASK>
[   83.281278][ T5939]  __dump_stack+0x1d/0x30
[   83.281299][ T5939]  dump_stack_lvl+0xe8/0x140
[   83.281319][ T5939]  dump_stack+0x15/0x1b
[   83.281392][ T5939]  should_fail_ex+0x265/0x280
[   83.281421][ T5939]  should_failslab+0x8c/0xb0
[   83.281444][ T5939]  kmem_cache_alloc_noprof+0x50/0x310
[   83.281470][ T5939]  ? skb_clone+0x151/0x1f0
[   83.281573][ T5939]  skb_clone+0x151/0x1f0
[   83.281606][ T5939]  __netlink_deliver_tap+0x2c9/0x500
[   83.281637][ T5939]  netlink_unicast+0x66b/0x690
[   83.281678][ T5939]  netlink_sendmsg+0x58b/0x6b0
[   83.281728][ T5939]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.281762][ T5939]  __sock_sendmsg+0x145/0x180
[   83.281804][ T5939]  ____sys_sendmsg+0x31e/0x4e0
[   83.281910][ T5939]  ___sys_sendmsg+0x17b/0x1d0
[   83.281961][ T5939]  __x64_sys_sendmsg+0xd4/0x160
[   83.281995][ T5939]  x64_sys_call+0x191e/0x3000
[   83.282017][ T5939]  do_syscall_64+0xd2/0x200
[   83.282120][ T5939]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   83.282152][ T5939]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   83.282244][ T5939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.282272][ T5939] RIP: 0033:0x7fe2fb0eeec9
[   83.282361][ T5939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.282378][ T5939] RSP: 002b:00007fe2f9b57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.282397][ T5939] RAX: ffffffffffffffda RBX: 00007fe2fb345fa0 RCX: 00007fe2fb0eeec9
[   83.282413][ T5939] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000008
[   83.282484][ T5939] RBP: 00007fe2f9b57090 R08: 0000000000000000 R09: 0000000000000000
[   83.282500][ T5939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   83.282516][ T5939] R13: 00007fe2fb346038 R14: 00007fe2fb345fa0 R15: 00007ffdb1a321d8
[   83.282536][ T5939]  </TASK>
[   83.519677][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.570085][ T5946] netlink: 'syz.2.941': attribute type 1 has an invalid length.
[   83.583839][ T5946] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.616668][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.941'.
[   83.629461][ T5946] bond1 (unregistering): Released all slaves
[   83.665800][ T5954] loop1: detected capacity change from 0 to 1024
[   83.678515][ T5954] EXT4-fs: Ignoring removed nobh option
[   83.695678][ T5954] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   83.733373][ T5954] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #11: comm syz.1.943: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   83.754538][ T5961] rdma_op ffff88811e5ae580 conn xmit_rdma 0000000000000000
[   83.774200][ T5954] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.943: couldn't read orphan inode 11 (err -117)
[   83.787466][ T5954] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.802598][ T5954] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.943: Invalid block bitmap block 0 in block_group 0
[   83.816460][ T5954] EXT4-fs error (device loop1): ext4_acquire_dquot:6943: comm syz.1.943: Failed to acquire dquot type 0
[   83.852703][ T5969] netlink: 24 bytes leftover after parsing attributes in process `syz.2.949'.
[   83.868397][ T5969] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.892128][ T5967] IPVS: length: 24 != 696
[   83.920650][ T5969] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.933579][ T5954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.943'.
[   83.949003][ T5954] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.956427][ T5954] batman_adv: batadv0: Removing interface: batadv_slave_0
[   83.970261][ T5954] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.977716][ T5954] batman_adv: batadv0: Removing interface: batadv_slave_1
[   83.996392][ T5969] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.011275][ T5979] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   84.017154][ T5979] ªªªªªª: renamed from vlan0 (while UP)
[   84.174863][ T5969] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.227865][ T5991] netlink: 8 bytes leftover after parsing attributes in process `syz.3.957'.
[   84.242149][  T406] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.261120][  T406] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.273893][  T406] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.285305][  T406] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.310684][ T5997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.960'.
[   84.375801][ T6003] IPVS: length: 24 != 696
[   84.525745][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.552184][ T6024] loop1: detected capacity change from 0 to 256
[   84.624611][ T6029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.975'.
[   84.700677][ T6037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.979'.
[   84.719560][ T6039] netlink: 96 bytes leftover after parsing attributes in process `syz.2.980'.
[   84.798900][ T6050] netlink: 'syz.1.986': attribute type 1 has an invalid length.
[   84.814650][ T6050] 8021q: adding VLAN 0 to HW filter on device bond1
[   84.828366][ T6050] bond1 (unregistering): Released all slaves
[   84.846041][   T29] kauditd_printk_skb: 261 callbacks suppressed
[   84.846068][   T29] audit: type=1400 audit(1759390161.509:5649): avc:  denied  { create } for  pid=6042 comm="syz.2.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   84.888348][ T6053] loop2: detected capacity change from 0 to 2048
[   84.900456][   T29] audit: type=1326 audit(1759390161.569:5650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   84.923867][   T29] audit: type=1326 audit(1759390161.569:5651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   84.947214][   T29] audit: type=1326 audit(1759390161.569:5652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   84.970639][   T29] audit: type=1326 audit(1759390161.569:5653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   84.993959][   T29] audit: type=1326 audit(1759390161.569:5654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   85.017389][   T29] audit: type=1326 audit(1759390161.569:5655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   85.040662][   T29] audit: type=1326 audit(1759390161.569:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   85.069377][   T29] audit: type=1326 audit(1759390161.679:5657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   85.085927][ T6056] syzkaller0: entered promiscuous mode
[   85.092798][   T29] audit: type=1326 audit(1759390161.709:5658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6055 comm="syz.3.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa29b1b0de7 code=0x7ffc0000
[   85.121741][ T6056] syzkaller0: entered allmulticast mode
[   85.142467][ T6053]  loop2: unable to read partition table
[   85.148203][ T6053] loop2: partition table beyond EOD, truncated
[   85.154557][ T6053] loop_reread_partitions: partition scan of loop2 () failed (rc=-5)
[   85.408524][ T6072] loop3: detected capacity change from 0 to 2048
[   85.425582][ T6061] loop1: detected capacity change from 0 to 8192
[   85.787919][ T6104] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.796778][ T6104] batadv_slave_0: entered promiscuous mode
[   85.826699][ T6108] loop4: detected capacity change from 0 to 1024
[   85.833559][ T6108] EXT4-fs: Ignoring removed bh option
[   85.839526][ T6108] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   85.861754][ T6108] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.116888][   T51] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   86.126507][   T51] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   86.141990][   T31] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   86.150360][   T31] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   86.162028][   T31] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   86.171696][   T31] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   86.185010][   T31] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   86.193433][   T31] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   86.513239][ T6149] loop3: detected capacity change from 0 to 1024
[   86.520139][ T6149] EXT4-fs: Ignoring removed bh option
[   86.526598][ T6149] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   86.543520][ T6147] IPVS: length: 24 != 696
[   86.545123][ T6149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.562928][ T6153] loop0: detected capacity change from 0 to 128
[   86.668267][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.771301][ T6173] futex_wake_op: syz.4.1031 tries to shift op by -1; fix this program
[   86.886466][ T6179] netlink: 'syz.1.1033': attribute type 5 has an invalid length.
[   86.967039][ T6186] IPVS: length: 24 != 696
[   87.061919][ T6187] lo speed is unknown, defaulting to 1000
[   87.578846][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.599378][ T6195] loop0: detected capacity change from 0 to 1024
[   87.606994][ T6195] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869)
[   87.618786][ T6195] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #4: comm syz.0.1039: pblk 98 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[   87.638007][ T6195] EXT4-fs (loop0): no journal found
[   87.643450][ T6195] EXT4-fs (loop0): can't get journal size
[   87.650591][ T6195] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a054e11c, mo2=0002]
[   87.658847][ T6195] EXT4-fs (loop0): failed to initialize system zone (-117)
[   87.676934][ T6195] EXT4-fs (loop0): mount failed
[   87.832555][ T6215] netlink: 'syz.0.1048': attribute type 6 has an invalid length.
[   87.856947][ T6219] IPVS: length: 24 != 696
[   87.864522][ T6215] loop0: detected capacity change from 0 to 512
[   87.877033][ T6215] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[   88.000871][ T6242] __nla_validate_parse: 11 callbacks suppressed
[   88.000887][ T6242] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1058'.
[   88.024521][ T6246] loop2: detected capacity change from 0 to 1024
[   88.042242][ T6246] EXT4-fs: inline encryption not supported
[   88.068669][ T6246] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.097626][ T6246] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.111341][ T6246] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz.2.1059: path /201/file1: bad entry in directory: rec_len is smaller than minimal - offset=876, inode=0, rec_len=0, size=1024 fake=0
[   88.144996][ T6246] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1059'.
[   88.196827][ T6266] IPVS: length: 24 != 696
[   88.215646][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   88.268726][ T6274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1070'.
[   88.335363][ T6278] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1072'.
[   88.488158][ T6293] netlink: 'syz.2.1078': attribute type 10 has an invalid length.
[   88.522488][ T6293] bond0: (slave dummy0): Releasing backup interface
[   88.548273][ T6293] team0: Port device dummy0 added
[   88.558571][ T6293] netlink: 'syz.2.1078': attribute type 10 has an invalid length.
[   88.577936][ T6293] team0: Port device dummy0 removed
[   88.588724][ T6293] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   88.686309][ T6301] sg_write: data in/out 124/137 bytes for SCSI command 0x67-- guessing data in;
[   88.686309][ T6301]    program Þuw‡žÒ×bŸ¸B|œž€ not setting count and/or reply_len properly
[   88.840986][ T6307] IPVS: length: 24 != 696
[   88.946199][ T6313] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   88.962224][ T6317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1088'.
[   89.260920][ T6346] IPVS: length: 24 != 696
[   89.284968][ T6352] loop3: detected capacity change from 0 to 512
[   89.298655][ T6354] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   89.318065][ T6352] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   89.330905][ T6354] hsr0: entered promiscuous mode
[   89.337001][ T6354] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1104'.
[   89.353969][ T6354] hsr_slave_0: left promiscuous mode
[   89.361935][ T6354] hsr_slave_1: left promiscuous mode
[   89.362104][ T6352] EXT4-fs (loop3): 1 truncate cleaned up
[   89.374298][ T6354] hsr0 (unregistering): left promiscuous mode
[   89.385830][ T6352] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.392866][ T6363] netlink: 'syz.0.1107': attribute type 1 has an invalid length.
[   89.414486][ T6352] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1102'.
[   89.423589][ T6363] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.435255][ T6352] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.442703][ T6352] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.457912][ T6353] delete_channel: no stack
[   89.465415][ T6363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1107'.
[   89.493949][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.505942][ T6368] loop4: detected capacity change from 0 to 512
[   89.523737][ T6368] EXT4-fs warning (device loop4): ext4_enable_quotas:7178: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   89.527349][ T6363] bond0 (unregistering): Released all slaves
[   89.543934][ T6368] EXT4-fs (loop4): mount failed
[   89.551450][ T6375] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[   89.558008][ T6375] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   89.567302][ T6375] vhci_hcd vhci_hcd.0: Device attached
[   89.581435][ T6368] FAULT_INJECTION: forcing a failure.
[   89.581435][ T6368] name failslab, interval 1, probability 0, space 0, times 0
[   89.593828][ T6380] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1113'.
[   89.594225][ T6368] CPU: 1 UID: 0 PID: 6368 Comm: syz.4.1110 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   89.594280][ T6368] Tainted: [W]=WARN
[   89.594289][ T6368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   89.594307][ T6368] Call Trace:
[   89.594316][ T6368]  <TASK>
[   89.594325][ T6368]  __dump_stack+0x1d/0x30
[   89.594369][ T6368]  dump_stack_lvl+0xe8/0x140
[   89.594397][ T6368]  dump_stack+0x15/0x1b
[   89.594421][ T6368]  should_fail_ex+0x265/0x280
[   89.594455][ T6368]  should_failslab+0x8c/0xb0
[   89.594483][ T6368]  kmem_cache_alloc_node_noprof+0x57/0x320
[   89.594585][ T6368]  ? __alloc_skb+0x101/0x320
[   89.594617][ T6368]  __alloc_skb+0x101/0x320
[   89.594685][ T6368]  ? audit_log_start+0x342/0x720
[   89.594734][ T6368]  audit_log_start+0x3a0/0x720
[   89.594792][ T6368]  ? filename_lookup+0x25d/0x340
[   89.594829][ T6368]  audit_seccomp+0x48/0x100
[   89.594885][ T6368]  ? __seccomp_filter+0x82d/0x1250
[   89.594922][ T6368]  __seccomp_filter+0x83e/0x1250
[   89.594962][ T6368]  ? do_linkat+0x4c2/0x600
[   89.595076][ T6368]  ? kmem_cache_free+0xdf/0x300
[   89.595118][ T6368]  __secure_computing+0x82/0x150
[   89.595153][ T6368]  syscall_trace_enter+0xcf/0x1e0
[   89.595235][ T6368]  do_syscall_64+0xac/0x200
[   89.595373][ T6368]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   89.595462][ T6368]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   89.595578][ T6368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.595610][ T6368] RIP: 0033:0x7f6358dfd8dc
[   89.595633][ T6368] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   89.595722][ T6368] RSP: 002b:00007f6357867030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   89.595750][ T6368] RAX: ffffffffffffffda RBX: 00007f6359055fa0 RCX: 00007f6358dfd8dc
[   89.595768][ T6368] RDX: 000000000000000f RSI: 00007f63578670a0 RDI: 0000000000000007
[   89.595805][ T6368] RBP: 00007f6357867090 R08: 0000000000000000 R09: 0000000000000000
[   89.595823][ T6368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   89.595841][ T6368] R13: 00007f6359056038 R14: 00007f6359055fa0 R15: 00007ffe86c142f8
[   89.595895][ T6368]  </TASK>
[   89.850878][ T6385] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.861186][   T29] kauditd_printk_skb: 857 callbacks suppressed
[   89.861207][   T29] audit: type=1326 audit(1759390166.529:6513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   89.902268][   T29] audit: type=1326 audit(1759390166.569:6514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   89.926781][   T29] audit: type=1326 audit(1759390166.599:6515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   89.952339][   T29] audit: type=1326 audit(1759390166.619:6516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   89.977793][   T29] audit: type=1326 audit(1759390166.649:6517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   90.002583][ T6392] SELinux: failed to load policy
[   90.002671][ T3380] usb 7-1: new low-speed USB device number 2 using vhci_hcd
[   90.008499][   T29] audit: type=1400 audit(1759390166.649:6518): avc:  denied  { load_policy } for  pid=6391 comm="syz.0.1117" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   90.017072][ T6392] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1117'.
[   90.038514][   T29] audit: type=1326 audit(1759390166.669:6519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   90.073117][ T6385] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.084345][   T29] audit: type=1326 audit(1759390166.719:6520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   90.107844][   T29] audit: type=1326 audit(1759390166.739:6521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   90.131299][   T29] audit: type=1326 audit(1759390166.739:6522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.3.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   90.202022][ T6385] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.262164][ T6385] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.298697][ T6412] smc: net device bond0 applied user defined pnetid SYZ0
[   90.308265][ T6412] smc: net device bond0 erased user defined pnetid SYZ0
[   90.346595][ T2264] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.370354][ T2264] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.379198][ T2264] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.387750][ T2264] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.420955][ T6418] loop2: detected capacity change from 0 to 128
[   90.562257][ T6427] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (8)
[   90.577237][ T6376] vhci_hcd: connection reset by peer
[   90.583322][  T406] vhci_hcd: stop threads
[   90.587632][  T406] vhci_hcd: release socket
[   90.592213][  T406] vhci_hcd: disconnect device
[   90.632980][ T6431] loop0: detected capacity change from 0 to 512
[   90.657859][ T6431] EXT4-fs warning (device loop0): ext4_enable_quotas:7178: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   90.677007][ T6431] EXT4-fs (loop0): mount failed
[   90.757386][ T6443] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.861418][ T6443] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.932477][ T6443] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.971247][ T6458] netlink: 'syz.0.1142': attribute type 1 has an invalid length.
[   90.993143][ T6458] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.003628][ T6443] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.025663][ T6458] bond0 (unregistering): Released all slaves
[   91.162345][ T6464] loop4: detected capacity change from 0 to 512
[   91.196002][ T6464] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.240850][ T6464] ext4 filesystem being mounted at /bus supports timestamps until 2038-01-19 (0x7fffffff)
[   91.259619][ T6464] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.304225][ T6473] loop3: detected capacity change from 0 to 512
[   91.356239][ T6473] ext4: Unknown parameter 'obj_type'
[   91.378020][ T6471] loop0: detected capacity change from 0 to 8192
[   91.418344][ T6475] loop3: detected capacity change from 0 to 512
[   91.445034][ T6470] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[   91.455312][ T6470] FAT-fs (loop0): Filesystem has been set read-only
[   91.463372][ T6470] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[   91.473807][ T6470] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[   91.484381][ T6470] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[   91.500479][ T6475] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.547649][ T6475] ext4 filesystem being mounted at /240/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   91.592126][ T6475] IPv6: NLM_F_CREATE should be specified when creating new route
[   91.610430][ T6475] netlink: 'syz.3.1148': attribute type 3 has an invalid length.
[   91.627961][ T6475] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1148: corrupted inode contents
[   91.647710][ T6475] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.1148: mark_inode_dirty error
[   91.670986][ T6475] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1148: corrupted inode contents
[   91.712874][ T6494] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1148: corrupted inode contents
[   91.756160][ T6496] loop0: detected capacity change from 0 to 1024
[   91.765729][ T6494] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.1148: mark_inode_dirty error
[   91.782006][ T6496] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   91.801424][ T6494] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1148: corrupted inode contents
[   91.825276][ T6496] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.855384][ T6494] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1148: mark_inode_dirty error
[   91.869076][ T6494] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1148: corrupted inode contents
[   91.869249][ T6494] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.1148: mark_inode_dirty error
[   91.885120][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.017504][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.051326][ T6509] FAULT_INJECTION: forcing a failure.
[   92.051326][ T6509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.064555][ T6509] CPU: 1 UID: 0 PID: 6509 Comm: syz.0.1161 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   92.064594][ T6509] Tainted: [W]=WARN
[   92.064602][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   92.064690][ T6509] Call Trace:
[   92.064697][ T6509]  <TASK>
[   92.064706][ T6509]  __dump_stack+0x1d/0x30
[   92.064734][ T6509]  dump_stack_lvl+0xe8/0x140
[   92.064755][ T6509]  dump_stack+0x15/0x1b
[   92.064833][ T6509]  should_fail_ex+0x265/0x280
[   92.064861][ T6509]  should_fail+0xb/0x20
[   92.064893][ T6509]  should_fail_usercopy+0x1a/0x20
[   92.064918][ T6509]  _copy_from_user+0x1c/0xb0
[   92.064962][ T6509]  ___sys_sendmsg+0xc1/0x1d0
[   92.065014][ T6509]  __x64_sys_sendmsg+0xd4/0x160
[   92.065051][ T6509]  x64_sys_call+0x191e/0x3000
[   92.065082][ T6509]  do_syscall_64+0xd2/0x200
[   92.065115][ T6509]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   92.065202][ T6509]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   92.065240][ T6509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.065265][ T6509] RIP: 0033:0x7fc636eaeec9
[   92.065279][ T6509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.065305][ T6509] RSP: 002b:00007fc63590f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.065324][ T6509] RAX: ffffffffffffffda RBX: 00007fc637105fa0 RCX: 00007fc636eaeec9
[   92.065367][ T6509] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[   92.065383][ T6509] RBP: 00007fc63590f090 R08: 0000000000000000 R09: 0000000000000000
[   92.065399][ T6509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.065413][ T6509] R13: 00007fc637106038 R14: 00007fc637105fa0 R15: 00007ffd78fae578
[   92.065437][ T6509]  </TASK>
[   92.371999][ T6523] netlink: '+}[@': attribute type 10 has an invalid length.
[   92.385651][ T6523] bond0: (slave dummy0): Releasing backup interface
[   92.401457][ T6523] team0: Port device dummy0 added
[   92.412185][ T6525] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   92.423474][ T6525] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   92.492540][ T6525] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   92.503876][ T6525] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   92.552569][ T6525] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   92.564037][ T6525] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   92.636715][ T6525] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   92.639900][ T6541] 9pnet: Could not find request transport: rdmj
[   92.648357][ T6525] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   92.743528][ T2264] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   92.751931][ T2264] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   92.797242][ T2264] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   92.805704][ T2264] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   92.819607][ T2264] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   92.827939][ T2264] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   92.841076][ T2264] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   92.849464][ T2264] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   92.861529][ T6556] netlink: 'syz.1.1181': attribute type 1 has an invalid length.
[   92.904293][ T6556] 8021q: adding VLAN 0 to HW filter on device bond1
[   92.934498][ T6561] bond1 (unregistering): Released all slaves
[   92.982463][ T6566] loop0: detected capacity change from 0 to 1024
[   92.991086][ T6566] EXT4-fs: Ignoring removed bh option
[   92.997795][ T6566] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   93.061001][ T6566] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.118367][ T6580] loop3: detected capacity change from 0 to 2048
[   93.263214][ T6590] __nla_validate_parse: 12 callbacks suppressed
[   93.263234][ T6590] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1193'.
[   93.454510][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1197'.
[   93.466556][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1197'.
[   93.656667][ T6613] loop3: detected capacity change from 0 to 2048
[   93.831519][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.910832][ T6629] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1207'.
[   94.087827][ T6642] netlink: 'syz.3.1213': attribute type 1 has an invalid length.
[   94.104636][ T6642] 8021q: adding VLAN 0 to HW filter on device bond1
[   94.116126][ T6642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1213'.
[   94.131062][ T6642] bond1 (unregistering): Released all slaves
[   94.587351][ T6660] loop4: detected capacity change from 0 to 1024
[   94.595650][ T6660] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   94.617971][   T31] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.650982][ T6660] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.652034][   T31] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.682206][   T31] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.682264][   T31] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.817436][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.854709][ T6680] netlink: '+}[@': attribute type 10 has an invalid length.
[   94.863084][ T6680] bond0: (slave dummy0): Releasing backup interface
[   94.874138][ T6680] team0: Port device dummy0 added
[   94.880523][   T29] kauditd_printk_skb: 759 callbacks suppressed
[   94.880538][   T29] audit: type=1400 audit(1759390171.549:7281): avc:  denied  { ioctl } for  pid=6684 comm="syz.2.1229" path="socket:[18012]" dev="sockfs" ino=18012 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   94.900184][ T6680] netlink: '+}[@': attribute type 1 has an invalid length.
[   94.919930][ T6680] netlink: 224 bytes leftover after parsing attributes in process `+}[@'.
[   94.934796][   T29] audit: type=1326 audit(1759390171.549:7282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   94.959192][   T29] audit: type=1326 audit(1759390171.549:7283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   94.983720][   T29] audit: type=1326 audit(1759390171.549:7284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.008206][   T29] audit: type=1326 audit(1759390171.549:7285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.032455][   T29] audit: type=1326 audit(1759390171.549:7286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.046111][ T6680] netlink: '+}[@': attribute type 1 has an invalid length.
[   95.057145][   T29] audit: type=1326 audit(1759390171.549:7287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.062708][ T6680] netlink: 224 bytes leftover after parsing attributes in process `+}[@'.
[   95.098717][   T29] audit: type=1326 audit(1759390171.549:7288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.123585][   T29] audit: type=1326 audit(1759390171.549:7289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.146557][   T29] audit: type=1326 audit(1759390171.549:7290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7fa29b1aeec9 code=0x7ffc0000
[   95.171226][ T3380] usb 7-1: enqueue for inactive port 0
[   95.176725][ T3380] usb 7-1: enqueue for inactive port 0
[   95.195922][ T6687] lo speed is unknown, defaulting to 1000
[   95.250456][ T3380] vhci_hcd: vhci_device speed not set
[   95.263102][ T6692] loop2: detected capacity change from 0 to 1024
[   95.271843][ T6692] EXT4-fs: Ignoring removed bh option
[   95.292506][ T6692] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   95.332963][ T6692] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.439400][ T6705] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1234'.
[   95.528226][ T6705] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.594000][ T6705] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.672668][ T6705] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.752768][ T6705] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.765219][ T6708] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1235'.
[   95.871889][ T2264] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.909027][ T2264] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.937547][ T2264] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.968746][ T6711] loop1: detected capacity change from 0 to 8192
[   95.974156][ T2264] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.076230][ T6715] loop3: detected capacity change from 0 to 512
[   96.095118][ T6715] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   96.122518][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.134027][ T6715] EXT4-fs (loop3): 1 truncate cleaned up
[   96.148648][ T6719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1239'.
[   96.163373][ T6715] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.202996][ T6715] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   96.254824][ T6725] loop0: detected capacity change from 0 to 1024
[   96.285514][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.304336][ T6725] EXT4-fs: Ignoring removed nomblk_io_submit option
[   96.313687][ T6725] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   96.327361][ T6725] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.383817][ T6725] lo speed is unknown, defaulting to 1000
[   96.427469][ T6737] loop3: detected capacity change from 0 to 512
[   96.441389][ T6737] EXT4-fs (loop3): too many log groups per flexible block group
[   96.449552][ T6737] EXT4-fs (loop3): failed to initialize mballoc (-12)
[   96.456720][ T6737] EXT4-fs (loop3): mount failed
[   96.472803][ T3302] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 408: padding at end of block bitmap is not set
[   96.490881][ T3302] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   96.507097][ T3302] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[   96.526803][ T3302] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[   96.568323][ T6739] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.653672][ T6749] loop3: detected capacity change from 0 to 1024
[   96.668223][ T6749] EXT4-fs: Ignoring removed bh option
[   96.676060][ T6749] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   96.692189][ T6749] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.920046][ T6762] lo speed is unknown, defaulting to 1000
[   97.511952][   T31] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   97.521912][   T31] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   97.550121][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.612843][   T31] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   97.622798][   T31] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   97.692697][   T31] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   97.702746][   T31] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   97.721531][ T6795] FAULT_INJECTION: forcing a failure.
[   97.721531][ T6795] name failslab, interval 1, probability 0, space 0, times 0
[   97.734333][ T6795] CPU: 1 UID: 0 PID: 6795 Comm: syz.3.1263 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   97.734412][ T6795] Tainted: [W]=WARN
[   97.734420][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.734437][ T6795] Call Trace:
[   97.734445][ T6795]  <TASK>
[   97.734452][ T6795]  __dump_stack+0x1d/0x30
[   97.734476][ T6795]  dump_stack_lvl+0xe8/0x140
[   97.734550][ T6795]  dump_stack+0x15/0x1b
[   97.734568][ T6795]  should_fail_ex+0x265/0x280
[   97.734592][ T6795]  should_failslab+0x8c/0xb0
[   97.734621][ T6795]  kmem_cache_alloc_noprof+0x50/0x310
[   97.734651][ T6795]  ? dst_alloc+0xbd/0x100
[   97.734708][ T6795]  dst_alloc+0xbd/0x100
[   97.734743][ T6795]  ip_route_output_key_hash_rcu+0xf29/0x1380
[   97.734787][ T6795]  ip_route_output_flow+0x7b/0x130
[   97.734822][ T6795]  udp_sendmsg+0x11b0/0x13c0
[   97.734860][ T6795]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   97.734894][ T6795]  ? avc_has_perm+0xf7/0x180
[   97.734926][ T6795]  ? __pfx_udp_sendmsg+0x10/0x10
[   97.734971][ T6795]  inet_sendmsg+0xac/0xd0
[   97.734997][ T6795]  __sock_sendmsg+0x102/0x180
[   97.735031][ T6795]  ____sys_sendmsg+0x345/0x4e0
[   97.735140][ T6795]  ___sys_sendmsg+0x17b/0x1d0
[   97.735179][ T6795]  __sys_sendmmsg+0x178/0x300
[   97.735296][ T6795]  __x64_sys_sendmmsg+0x57/0x70
[   97.735322][ T6795]  x64_sys_call+0x1c4a/0x3000
[   97.735344][ T6795]  do_syscall_64+0xd2/0x200
[   97.735435][ T6795]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   97.735463][ T6795]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   97.735508][ T6795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.735532][ T6795] RIP: 0033:0x7fa29b1aeec9
[   97.735547][ T6795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.735618][ T6795] RSP: 002b:00007fa299c17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   97.735642][ T6795] RAX: ffffffffffffffda RBX: 00007fa29b405fa0 RCX: 00007fa29b1aeec9
[   97.735659][ T6795] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005
[   97.735675][ T6795] RBP: 00007fa299c17090 R08: 0000000000000000 R09: 0000000000000000
[   97.735762][ T6795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.735779][ T6795] R13: 00007fa29b406038 R14: 00007fa29b405fa0 R15: 00007ffd61abee78
[   97.735798][ T6795]  </TASK>
[   97.834447][ T6790] lo speed is unknown, defaulting to 1000
[   97.992162][ T6807] IPVS: length: 24 != 696
[   98.015293][   T31] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   98.025314][   T31] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   98.086714][ T6790] chnl_net:caif_netlink_parms(): no params data found
[   98.170409][ T6790] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.177525][ T6790] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.187955][ T6790] bridge_slave_0: entered allmulticast mode
[   98.203642][ T6790] bridge_slave_0: entered promiscuous mode
[   98.211958][ T6790] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.220633][ T6790] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.227984][ T6790] bridge_slave_1: entered allmulticast mode
[   98.236568][ T6790] bridge_slave_1: entered promiscuous mode
[   98.244690][   T31] dummy0: left allmulticast mode
[   98.251216][   T31] dummy0: left promiscuous mode
[   98.256192][   T31] bridge0: port 3(dummy0) entered disabled state
[   98.268407][   T31] bridge_slave_1: left allmulticast mode
[   98.274224][   T31] bridge_slave_1: left promiscuous mode
[   98.279992][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.291032][   T31] bridge_slave_0: left allmulticast mode
[   98.296726][   T31] bridge_slave_0: left promiscuous mode
[   98.303777][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.463338][   T31] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[   98.474701][   T31] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.484720][   T31] 
 (unregistering): Released all slaves
[   98.523217][ T6790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.534993][   T31] tipc: Left network mode
[   98.540916][ T6790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.566422][   T31] hsr_slave_0: left promiscuous mode
[   98.573687][   T31] hsr_slave_1: left promiscuous mode
[   98.581072][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.588490][   T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.610704][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.618201][   T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.642388][   T31] veth1_macvtap: left promiscuous mode
[   98.648032][   T31] veth0_macvtap: left promiscuous mode
[   98.658233][   T31] veth1_vlan: left promiscuous mode
[   98.672728][   T31] veth0_vlan: left promiscuous mode
[   98.801735][   T31] team0 (unregistering): Port device team_slave_1 removed
[   98.834489][   T31] team0 (unregistering): Port device team_slave_0 removed
[   98.918779][ T6790] team0: Port device team_slave_0 added
[   98.927733][ T6790] team0: Port device team_slave_1 added
[   99.016126][ T6834] bond2: entered promiscuous mode
[   99.021251][ T6834] bond2: entered allmulticast mode
[   99.086907][ T6834] 8021q: adding VLAN 0 to HW filter on device bond2
[   99.118565][ T6844] 9pnet: Could not find request transport: rdmj
[   99.137738][ T6834] bond2 (unregistering): Released all slaves
[   99.183772][ T6835] __nla_validate_parse: 1 callbacks suppressed
[   99.183791][ T6835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1274'.
[   99.230567][ T6847] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[   99.245488][ T6790] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.252574][ T6790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.278598][ T6790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.293941][ T6790] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.302538][ T6790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.330117][ T6790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.396921][ T6838] lo speed is unknown, defaulting to 1000
[   99.458779][ T6790] hsr_slave_0: entered promiscuous mode
[   99.495708][ T6790] hsr_slave_1: entered promiscuous mode
[   99.508307][ T6790] debugfs: 'hsr0' already exists in 'hsr'
[   99.515519][ T6790] Cannot create hsr debugfs directory
[   99.531373][ T6864] IPVS: length: 24 != 696
[   99.545267][   T31] ------------[ cut here ]------------
[   99.550919][   T31] WARNING: CPU: 1 PID: 31 at net/ipv6/xfrm6_tunnel.c:341 xfrm6_tunnel_net_exit+0x91/0x100
[   99.561256][   T31] Modules linked in:
[   99.565185][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   99.576548][   T31] Tainted: [W]=WARN
[   99.580396][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   99.590521][   T31] Workqueue: netns cleanup_net
[   99.595314][   T31] RIP: 0010:xfrm6_tunnel_net_exit+0x91/0x100
[   99.601461][   T31] Code: f5 c4 a9 fc 4b 83 3c 3e 00 75 19 e8 39 62 8e fc 49 81 ff f8 07 00 00 74 1d e8 2b 62 8e fc 49 83 c7 08 eb d7 e8 20 62 8e fc 90 <0f> 0b 90 49 81 ff f8 07 00 00 75 e3 49 81 c6 00 08 00 00 31 db 49
[   99.621302][   T31] RSP: 0018:ffffc90000113c78 EFLAGS: 00010293
[   99.627394][   T31] RAX: ffffffff84c8dd50 RBX: ffff88810cdb6000 RCX: ffff8881002d0000
[   99.635510][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881193e03f0
[   99.643544][   T31] RBP: ffffffff86c94960 R08: 0001ffff8684802f R09: 0000000000000000
[   99.651561][   T31] R10: ffff8881002d0080 R11: ffffffff81407200 R12: ffffffff86c94980
[   99.659593][   T31] R13: ffff88810cdb6028 R14: ffff8881193e0000 R15: 00000000000003f0
[   99.667662][   T31] FS:  0000000000000000(0000) GS:ffff8882aef37000(0000) knlGS:0000000000000000
[   99.676653][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   99.683301][   T31] CR2: 0000000000000000 CR3: 000000011b86c000 CR4: 00000000003506f0
[   99.691380][   T31] Call Trace:
[   99.694674][   T31]  <TASK>
[   99.697603][   T31]  ops_undo_list+0x278/0x410
[   99.702307][   T31]  cleanup_net+0x2f4/0x4f0
[   99.706728][   T31]  process_scheduled_works+0x4cb/0x9d0
[   99.712326][   T31]  worker_thread+0x582/0x770
[   99.716976][   T31]  kthread+0x489/0x510
[   99.721168][   T31]  ? finish_task_switch+0xad/0x2b0
[   99.726333][   T31]  ? __pfx_worker_thread+0x10/0x10
[   99.731604][   T31]  ? __pfx_kthread+0x10/0x10
[   99.736228][   T31]  ret_from_fork+0x11f/0x1b0
[   99.740903][   T31]  ? __pfx_kthread+0x10/0x10
[   99.745515][   T31]  ret_from_fork_asm+0x1a/0x30
[   99.750344][   T31]  </TASK>
[   99.753431][   T31] ---[ end trace 0000000000000000 ]---
[   99.759855][   T31] ------------[ cut here ]------------
[   99.765358][   T31] WARNING: CPU: 1 PID: 31 at net/ipv6/xfrm6_tunnel.c:344 xfrm6_tunnel_net_exit+0xd5/0x100
[   99.775298][   T31] Modules linked in:
[   99.779265][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   99.790628][   T31] Tainted: [W]=WARN
[   99.794490][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   99.804755][   T31] Workqueue: netns cleanup_net
[   99.809568][   T31] RIP: 0010:xfrm6_tunnel_net_exit+0xd5/0x100
[   99.815637][   T31] Code: b1 c4 a9 fc 49 83 3c 1e 00 75 19 e8 f5 61 8e fc 48 81 fb f8 07 00 00 74 1d e8 e7 61 8e fc 48 83 c3 08 eb d7 e8 dc 61 8e fc 90 <0f> 0b 90 48 81 fb f8 07 00 00 75 e3 e8 ca 61 8e fc 5b 41 5e 41 5f
[   99.835411][   T31] RSP: 0018:ffffc90000113c78 EFLAGS: 00010293
[   99.841524][   T31] RAX: ffffffff84c8dd94 RBX: 0000000000000010 RCX: ffff8881002d0000
[   99.849543][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881193e0810
[   99.857554][   T31] RBP: ffffffff86c94960 R08: 0001ffff8684802f R09: 0000000000000000
[   99.865581][   T31] R10: ffff8881002d0080 R11: ffffffff81407200 R12: ffffffff86c94980
[   99.873597][   T31] R13: ffff88810cdb6028 R14: ffff8881193e0800 R15: 00000000000007f8
[   99.881614][   T31] FS:  0000000000000000(0000) GS:ffff8882aef37000(0000) knlGS:0000000000000000
[   99.890605][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   99.897269][   T31] CR2: 0000000000000000 CR3: 000000011b86c000 CR4: 00000000003506f0
[   99.905283][   T31] Call Trace:
[   99.908602][   T31]  <TASK>
[   99.911579][   T31]  ops_undo_list+0x278/0x410
[   99.916212][   T31]  cleanup_net+0x2f4/0x4f0
[   99.920776][   T31]  process_scheduled_works+0x4cb/0x9d0
[   99.926346][   T31]  worker_thread+0x582/0x770
[   99.931009][   T31]  kthread+0x489/0x510
[   99.935136][   T31]  ? finish_task_switch+0xad/0x2b0
[   99.940406][   T31]  ? __pfx_worker_thread+0x10/0x10
[   99.945567][   T31]  ? __pfx_kthread+0x10/0x10
[   99.950206][   T31]  ret_from_fork+0x11f/0x1b0
[   99.954875][   T31]  ? __pfx_kthread+0x10/0x10
[   99.959519][   T31]  ret_from_fork_asm+0x1a/0x30
[   99.964316][   T31]  </TASK>
[   99.967362][   T31] ---[ end trace 0000000000000000 ]---
[   99.986724][   T31] ------------[ cut here ]------------
[   99.992264][   T31] WARNING: CPU: 1 PID: 31 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x179/0x1f0
[  100.001772][   T31] Modules linked in:
[  100.005743][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  100.017096][   T31] Tainted: [W]=WARN
[  100.020967][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  100.031153][   T31] Workqueue: netns cleanup_net
[  100.035970][   T31] RIP: 0010:xfrm_state_fini+0x179/0x1f0
[  100.041573][   T31] Code: 48 8d bb 70 0e 00 00 e8 c5 73 bb fc 48 8b bb 70 0e 00 00 e8 e9 01 c8 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 a8 24 a0 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 9a 24 a0 fc 90 0f 0b 90 4c 89 f7 e8 8e
[  100.061231][   T31] RSP: 0018:ffffc90000113c60 EFLAGS: 00010293
[  100.067320][   T31] RAX: ffffffff84b71ac8 RBX: ffff88810cdb6000 RCX: ffff8881002d0000
[  100.075349][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810cdb6e40
[  100.083382][   T31] RBP: ffffffff86c8c7c0 R08: 0001ffff8684802f R09: 0000000000000000
[  100.091431][   T31] R10: ffffc90000113be8 R11: 0001c90000113be8 R12: ffffffff86c8c7e0
[  100.099519][   T31] R13: ffff88810cdb6028 R14: ffff88810cdb6e40 R15: ffff88810cdb6000
[  100.107589][   T31] FS:  0000000000000000(0000) GS:ffff8882aef37000(0000) knlGS:0000000000000000
[  100.116574][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.123205][   T31] CR2: 0000000000000000 CR3: 000000011a7f4000 CR4: 00000000003506f0
[  100.131282][   T31] Call Trace:
[  100.134654][   T31]  <TASK>
[  100.137584][   T31]  xfrm_net_exit+0x2d/0x60
[  100.142056][   T31]  ops_undo_list+0x278/0x410
[  100.146653][   T31]  cleanup_net+0x2f4/0x4f0
[  100.151239][   T31]  process_scheduled_works+0x4cb/0x9d0
[  100.156757][   T31]  worker_thread+0x582/0x770
[  100.161559][   T31]  kthread+0x489/0x510
[  100.165697][   T31]  ? finish_task_switch+0xad/0x2b0
[  100.170892][   T31]  ? __pfx_worker_thread+0x10/0x10
[  100.176047][   T31]  ? __pfx_kthread+0x10/0x10
[  100.180829][   T31]  ret_from_fork+0x11f/0x1b0
[  100.185425][   T31]  ? __pfx_kthread+0x10/0x10
[  100.190109][   T31]  ret_from_fork_asm+0x1a/0x30
[  100.194961][   T31]  </TASK>
[  100.197984][   T31] ---[ end trace 0000000000000000 ]---
[  100.221951][   T29] kauditd_printk_skb: 290 callbacks suppressed
[  100.221968][   T29] audit: type=1400 audit(1759390176.889:7581): avc:  denied  { bind } for  pid=6872 comm="syz.3.1287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  100.250503][   T29] audit: type=1400 audit(1759390176.889:7582): avc:  denied  { name_bind } for  pid=6872 comm="syz.3.1287" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  100.274427][   T29] audit: type=1400 audit(1759390176.889:7583): avc:  denied  { node_bind } for  pid=6872 comm="syz.3.1287" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  100.302705][   T29] audit: type=1326 audit(1759390176.969:7584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.327594][   T29] audit: type=1326 audit(1759390176.969:7585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.330540][ T6790] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  100.361026][   T29] audit: type=1326 audit(1759390177.019:7586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.384753][   T29] audit: type=1326 audit(1759390177.019:7587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.408365][   T29] audit: type=1326 audit(1759390177.019:7588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.433376][   T29] audit: type=1326 audit(1759390177.029:7589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.457080][   T29] audit: type=1326 audit(1759390177.029:7590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6874 comm="syz.4.1288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  100.493228][ T6790] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  100.506121][ T6790] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  100.521431][ T6879] netlink: 'syz.1.1289': attribute type 10 has an invalid length.
[  100.532630][ T6790] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  100.544539][ T6879] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  100.622924][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1296'.
[  100.623728][ T6893] IPVS: length: 24 != 696
[  100.635625][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1296'.
[  100.656107][ T6790] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.677134][ T6790] 8021q: adding VLAN 0 to HW filter on device team0
[  100.688104][ T1833] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.695221][ T1833] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.707952][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.715063][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.796109][ T6790] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.927490][ T6790] veth0_vlan: entered promiscuous mode
[  100.942358][ T6790] veth1_vlan: entered promiscuous mode
[  100.980982][ T6790] veth0_macvtap: entered promiscuous mode
[  100.988143][ T6790] veth1_macvtap: entered promiscuous mode
[  101.006453][ T6790] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.017664][ T6790] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.038604][ T1884] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.086432][ T1884] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.098205][   T51] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.115975][   T51] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.140651][ T6933] loop5: detected capacity change from 0 to 1024
[  101.147473][ T6933] EXT4-fs: Ignoring removed bh option
[  101.153619][ T6933] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  101.173029][ T6933] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.174736][ T6935] random: crng reseeded on system resumption
[  101.340737][ T6942] loop3: detected capacity change from 0 to 512
[  101.353833][ T6942] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.366730][ T6942] ext4 filesystem being mounted at /294/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.381401][ T6942] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  101.497552][ T6949] FAULT_INJECTION: forcing a failure.
[  101.497552][ T6949] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.510710][ T6949] CPU: 1 UID: 0 PID: 6949 Comm: syz.1.1304 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  101.510752][ T6949] Tainted: [W]=WARN
[  101.510761][ T6949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  101.510778][ T6949] Call Trace:
[  101.510786][ T6949]  <TASK>
[  101.510793][ T6949]  __dump_stack+0x1d/0x30
[  101.510859][ T6949]  dump_stack_lvl+0xe8/0x140
[  101.510883][ T6949]  dump_stack+0x15/0x1b
[  101.510904][ T6949]  should_fail_ex+0x265/0x280
[  101.510933][ T6949]  should_fail+0xb/0x20
[  101.510957][ T6949]  should_fail_usercopy+0x1a/0x20
[  101.510989][ T6949]  _copy_to_user+0x20/0xa0
[  101.511029][ T6949]  pagemap_read+0x379/0x5e0
[  101.511062][ T6949]  ? __pfx_pagemap_read+0x10/0x10
[  101.511161][ T6949]  vfs_read+0x1a5/0x770
[  101.511205][ T6949]  ? __fget_files+0x184/0x1c0
[  101.511227][ T6949]  ? __rcu_read_unlock+0x4f/0x70
[  101.511333][ T6949]  ? __fget_files+0x184/0x1c0
[  101.511356][ T6949]  __x64_sys_pread64+0xfd/0x150
[  101.511387][ T6949]  x64_sys_call+0x29e6/0x3000
[  101.511426][ T6949]  do_syscall_64+0xd2/0x200
[  101.511458][ T6949]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  101.511504][ T6949]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  101.511585][ T6949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.511613][ T6949] RIP: 0033:0x7fe2fb0eeec9
[  101.511633][ T6949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.511656][ T6949] RSP: 002b:00007fe2f9b57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  101.511757][ T6949] RAX: ffffffffffffffda RBX: 00007fe2fb345fa0 RCX: 00007fe2fb0eeec9
[  101.511774][ T6949] RDX: 0000000000019000 RSI: 0000200000000200 RDI: 0000000000000005
[  101.511790][ T6949] RBP: 00007fe2f9b57090 R08: 0000000000000000 R09: 0000000000000000
[  101.511806][ T6949] R10: 0000001000000000 R11: 0000000000000246 R12: 0000000000000002
[  101.511822][ T6949] R13: 00007fe2fb346038 R14: 00007fe2fb345fa0 R15: 00007ffdb1a321d8
[  101.511847][ T6949]  </TASK>
[  101.792455][ T6961] 9pnet: Could not find request transport: rdmj
[  101.811717][ T6964] IPVS: length: 24 != 696
[  101.892025][ T6976] netlink: 'syz.2.1316': attribute type 1 has an invalid length.
[  101.908026][ T6976] 8021q: adding VLAN 0 to HW filter on device bond1
[  101.918131][ T6976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1316'.
[  101.933430][ T6976] bond1 (unregistering): Released all slaves
[  101.967076][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.023018][ T6983] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1317'.
[  102.107087][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.122698][ T6992] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1315'.
[  102.127499][ T6991] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1321'.
[  102.224578][ T7007] IPVS: length: 24 != 696
[  102.225649][ T7004] 9pnet: Could not find request transport: rdmj
[  102.306467][ T7015] netlink: 'syz.5.1329': attribute type 1 has an invalid length.
[  102.316557][ T7015] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1329'.
[  102.606164][ T7023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1332'.
[  102.615884][ T7023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1332'.
[  102.845879][ T7035] 9pnet: Could not find request transport: rdmj
[  102.930990][  T406] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  102.942489][  T406] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  102.970670][  T406] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  102.978965][  T406] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  103.105149][ T7058] netlink: 'syz.4.1347': attribute type 1 has an invalid length.
[  103.114312][ T7056] lo speed is unknown, defaulting to 1000
[  103.159010][ T7058] 8021q: adding VLAN 0 to HW filter on device bond2
[  103.240504][ T7058] bond2 (unregistering): Released all slaves
[  103.374056][ T7077] loop4: detected capacity change from 0 to 128
[  103.437776][ T7080] FAULT_INJECTION: forcing a failure.
[  103.437776][ T7080] name failslab, interval 1, probability 0, space 0, times 0
[  103.450858][ T7080] CPU: 1 UID: 0 PID: 7080 Comm: syz.4.1353 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  103.450980][ T7080] Tainted: [W]=WARN
[  103.450989][ T7080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  103.451005][ T7080] Call Trace:
[  103.451013][ T7080]  <TASK>
[  103.451021][ T7080]  __dump_stack+0x1d/0x30
[  103.451046][ T7080]  dump_stack_lvl+0xe8/0x140
[  103.451094][ T7080]  dump_stack+0x15/0x1b
[  103.451115][ T7080]  should_fail_ex+0x265/0x280
[  103.451141][ T7080]  should_failslab+0x8c/0xb0
[  103.451187][ T7080]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  103.451327][ T7080]  ? sidtab_sid2str_get+0xa0/0x130
[  103.451441][ T7080]  kmemdup_noprof+0x2b/0x70
[  103.451470][ T7080]  sidtab_sid2str_get+0xa0/0x130
[  103.451506][ T7080]  security_sid_to_context_core+0x1eb/0x2e0
[  103.451591][ T7080]  security_sid_to_context+0x27/0x40
[  103.451623][ T7080]  avc_audit_post_callback+0x9d/0x520
[  103.451646][ T7080]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  103.451813][ T7080]  common_lsm_audit+0x1bb/0x230
[  103.451857][ T7080]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  103.451890][ T7080]  slow_avc_audit+0x104/0x140
[  103.451918][ T7080]  audit_inode_permission+0x111/0x150
[  103.452027][ T7080]  selinux_inode_permission+0x69b/0x740
[  103.452068][ T7080]  security_inode_permission+0x6d/0xb0
[  103.452157][ T7080]  inode_permission+0x106/0x310
[  103.452210][ T7080]  ? may_open+0x1ee/0x350
[  103.452241][ T7080]  may_open+0x255/0x350
[  103.452275][ T7080]  path_openat+0x1b4a/0x2170
[  103.452327][ T7080]  do_filp_open+0x109/0x230
[  103.452414][ T7080]  do_sys_openat2+0xa6/0x110
[  103.452468][ T7080]  __x64_sys_openat+0xf2/0x120
[  103.452505][ T7080]  x64_sys_call+0x2eab/0x3000
[  103.452527][ T7080]  do_syscall_64+0xd2/0x200
[  103.452558][ T7080]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  103.452650][ T7080]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  103.452688][ T7080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.452716][ T7080] RIP: 0033:0x7f6358dfeec9
[  103.452732][ T7080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.452802][ T7080] RSP: 002b:00007f6357846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  103.452826][ T7080] RAX: ffffffffffffffda RBX: 00007f6359056090 RCX: 00007f6358dfeec9
[  103.452863][ T7080] RDX: 0000000000002042 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  103.452876][ T7080] RBP: 00007f6357846090 R08: 0000000000000000 R09: 0000000000000000
[  103.452888][ T7080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  103.452900][ T7080] R13: 00007f6359056128 R14: 00007f6359056090 R15: 00007ffe86c142f8
[  103.452923][ T7080]  </TASK>
[  103.774004][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.774004][  T406] loop4: rw=1, sector=145, nr_sectors = 16 limit=128
[  103.797653][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.797653][  T406] loop4: rw=1, sector=169, nr_sectors = 8 limit=128
[  103.820403][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.820403][  T406] loop4: rw=1, sector=185, nr_sectors = 8 limit=128
[  103.849003][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.849003][  T406] loop4: rw=1, sector=201, nr_sectors = 8 limit=128
[  103.878988][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.878988][  T406] loop4: rw=1, sector=217, nr_sectors = 8 limit=128
[  103.902911][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.902911][  T406] loop4: rw=1, sector=233, nr_sectors = 8 limit=128
[  103.936608][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.936608][  T406] loop4: rw=1, sector=249, nr_sectors = 8 limit=128
[  103.959003][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.959003][  T406] loop4: rw=1, sector=265, nr_sectors = 8 limit=128
[  103.973501][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.973501][  T406] loop4: rw=1, sector=281, nr_sectors = 8 limit=128
[  103.977235][ T7089] loop3: detected capacity change from 0 to 512
[  103.987006][  T406] kworker/u8:5: attempt to access beyond end of device
[  103.987006][  T406] loop4: rw=1, sector=297, nr_sectors = 8 limit=128
[  104.025442][ T7089] EXT4-fs: Ignoring removed nobh option
[  104.050868][ T7089] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #3: comm syz.3.1359: corrupted inode contents
[  104.064469][ T7089] EXT4-fs (loop3): Remounting filesystem read-only
[  104.071749][ T7089] EXT4-fs (loop3): 1 truncate cleaned up
[  104.078137][ T7089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.092987][ T7089] ext4 filesystem being mounted at /304/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.104001][ T7089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.153794][ T7100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.168723][ T7100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.226553][ T7089] serio: Serial port ptm0
[  104.552968][ T7110] __nla_validate_parse: 5 callbacks suppressed
[  104.553061][ T7110] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1364'.
[  104.578157][ T7110] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7110 comm=syz.5.1364
[  104.634699][ T7112] syzkaller1: tun_chr_ioctl cmd 2147767520
[  104.799822][ T7119] loop5: detected capacity change from 0 to 8192
[  104.831838][ T7123] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1369'.
[  104.982663][ T7130] openvswitch: netlink: Message has 6 unknown bytes.
[  104.994035][ T7128] loop2: detected capacity change from 0 to 512
[  105.054488][ T7132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1373'.
[  105.072087][ T7128] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.084886][ T7128] ext4 filesystem being mounted at /245/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.244584][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.248556][ T7139] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1375'.
[  105.280353][   T29] kauditd_printk_skb: 921 callbacks suppressed
[  105.280371][   T29] audit: type=1400 audit(1759390181.939:8510): avc:  denied  { mount } for  pid=7120 comm="syz.3.1370" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  105.323670][ T7135] loop3: detected capacity change from 0 to 128
[  105.342507][ T7135] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  105.348430][   T29] audit: type=1400 audit(1759390181.999:8511): avc:  denied  { mounton } for  pid=7120 comm="syz.3.1370" path="/file0" dev="bpf" ino=21015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  105.563309][ T7153] netlink: 'syz.1.1379': attribute type 21 has an invalid length.
[  105.594324][ T7150] syz.2.1377 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  105.619457][ T7153] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1379'.
[  105.767053][ T7164] loop5: detected capacity change from 0 to 512
[  105.775626][   T29] audit: type=1400 audit(1759390182.439:8512): avc:  denied  { mount } for  pid=7162 comm="syz.5.1383" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  105.798229][ T7166] loop2: detected capacity change from 0 to 1024
[  105.798889][ T7166] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  105.821860][ T7166] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.880487][   T29] audit: type=1326 audit(1759390182.539:8513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7161 comm="syz.1.1384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  105.905387][   T29] audit: type=1326 audit(1759390182.539:8514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7161 comm="syz.1.1384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  105.930897][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.975549][ T7173] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1386'.
[  106.012618][   T29] audit: type=1326 audit(1759390182.639:8515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7172 comm="syz.2.1386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb70deec9 code=0x7ffc0000
[  106.037592][   T29] audit: type=1326 audit(1759390182.639:8516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7172 comm="syz.2.1386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f3eb70deec9 code=0x7ffc0000
[  106.061109][   T29] audit: type=1326 audit(1759390182.639:8517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7172 comm="syz.2.1386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb70deec9 code=0x7ffc0000
[  106.086117][   T29] audit: type=1326 audit(1759390182.639:8518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7172 comm="syz.2.1386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3eb70deec9 code=0x7ffc0000
[  106.109820][   T29] audit: type=1326 audit(1759390182.639:8519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7172 comm="syz.2.1386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb70deec9 code=0x7ffc0000
[  106.134487][ T7179] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1387'.
[  106.162949][ T7179] netlink: 'syz.2.1387': attribute type 12 has an invalid length.
[  106.170944][ T7179] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1387'.
[  106.191216][ T7180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1384'.
[  106.274476][ T7184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1389'.
[  106.358791][ T7198] netlink: 'syz.2.1393': attribute type 1 has an invalid length.
[  106.384227][ T7198] 8021q: adding VLAN 0 to HW filter on device bond1
[  106.402175][ T7198] veth5: entered promiscuous mode
[  106.411473][ T7198] bond1: (slave veth5): Enslaving as an active interface with a down link
[  106.421578][ T7203] bridge_slave_1: left allmulticast mode
[  106.427372][ T7203] bridge_slave_1: left promiscuous mode
[  106.433333][ T7203] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.444131][ T7203] bridge_slave_0: left allmulticast mode
[  106.449960][ T7203] bridge_slave_0: left promiscuous mode
[  106.455673][ T7203] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.664369][ T7215] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  106.696620][ T7221] 9pnet_fd: Insufficient options for proto=fd
[  106.832051][ T7229] Driver unsupported XDP return value 0 on prog  (id 771) dev N/A, expect packet loss!
[  107.029781][ T7240] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  107.037149][ T7240] IPv6: NLM_F_CREATE should be set when creating new route
[  107.044409][ T7240] IPv6: NLM_F_CREATE should be set when creating new route
[  107.151825][ T7248] 8021q: VLANs not supported on vcan0
[  107.157911][ T7248] netlink: 'syz.4.1412': attribute type 1 has an invalid length.
[  107.189730][ T7248] syz.4.1412 (7248) used greatest stack depth: 9056 bytes left
[  107.261222][ T7256] FAULT_INJECTION: forcing a failure.
[  107.261222][ T7256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.275969][ T7256] CPU: 0 UID: 0 PID: 7256 Comm: syz.3.1415 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  107.276011][ T7256] Tainted: [W]=WARN
[  107.276020][ T7256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  107.276037][ T7256] Call Trace:
[  107.276044][ T7256]  <TASK>
[  107.276053][ T7256]  __dump_stack+0x1d/0x30
[  107.276079][ T7256]  dump_stack_lvl+0xe8/0x140
[  107.276110][ T7256]  dump_stack+0x15/0x1b
[  107.276128][ T7256]  should_fail_ex+0x265/0x280
[  107.276155][ T7256]  should_fail+0xb/0x20
[  107.276179][ T7256]  should_fail_usercopy+0x1a/0x20
[  107.276208][ T7256]  _copy_from_user+0x1c/0xb0
[  107.276309][ T7256]  ___sys_recvmsg+0xaa/0x370
[  107.276343][ T7256]  do_recvmmsg+0x1ef/0x540
[  107.276372][ T7256]  ? fput+0x8f/0xc0
[  107.276430][ T7256]  __x64_sys_recvmmsg+0xe5/0x170
[  107.276455][ T7256]  x64_sys_call+0x27aa/0x3000
[  107.276544][ T7256]  do_syscall_64+0xd2/0x200
[  107.276637][ T7256]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  107.276660][ T7256]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  107.276749][ T7256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.276769][ T7256] RIP: 0033:0x7fa29b1aeec9
[  107.276860][ T7256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.276876][ T7256] RSP: 002b:00007fa299c17038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  107.276893][ T7256] RAX: ffffffffffffffda RBX: 00007fa29b405fa0 RCX: 00007fa29b1aeec9
[  107.276904][ T7256] RDX: 000000000000074e RSI: 0000200000001140 RDI: 0000000000000005
[  107.276915][ T7256] RBP: 00007fa299c17090 R08: 0000000000000000 R09: 0000000000000000
[  107.276926][ T7256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.276937][ T7256] R13: 00007fa29b406038 R14: 00007fa29b405fa0 R15: 00007ffd61abee78
[  107.276955][ T7256]  </TASK>
[  107.585274][ T7270] loop3: detected capacity change from 0 to 512
[  107.851607][ T7307] loop3: detected capacity change from 0 to 1024
[  107.871791][ T7307] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.899243][ T7307] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  108.000772][ T7317] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003
[  108.063293][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.158593][ T7324] netlink: 'syz.1.1445': attribute type 1 has an invalid length.
[  108.174268][ T7327] netlink: 'syz.5.1447': attribute type 1 has an invalid length.
[  108.226759][ T7324] 8021q: adding VLAN 0 to HW filter on device bond1
[  108.249582][ T7327] 8021q: adding VLAN 0 to HW filter on device bond1
[  108.263384][ T7328] bond1 (unregistering): Released all slaves
[  108.281867][ T7332] bond1 (unregistering): Released all slaves
[  108.422258][ T7335] smc: net device bond0 applied user defined pnetid SYZ0
[  108.434348][ T7335] smc: net device bond0 erased user defined pnetid SYZ0
[  108.447309][ T7339] loop3: detected capacity change from 0 to 512
[  108.462592][ T7339] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  108.475973][ T7339] EXT4-fs (loop3): 1 truncate cleaned up
[  108.484350][ T7339] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.550931][ T7345] EXT4-fs warning (device loop3): ext4_group_add:1736: No reserved GDT blocks, can't resize
[  108.702061][ T7354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.712926][ T7354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.075685][ T7368] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.111793][ T7368] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.161918][ T7368] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.223124][ T7368] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.273953][ T1884] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.308510][ T1884] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.332555][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.345113][ T1884] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.364674][ T1884] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.449953][ T7373] loop4: detected capacity change from 0 to 512
[  109.458079][ T7373] EXT4-fs warning (device loop4): ext4_xattr_inode_get:542: inode #11: comm syz.4.1459: ea_inode file size=0 entry size=6
[  109.472491][ T7373] EXT4-fs (loop4): 1 orphan inode deleted
[  109.478730][ T7373] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.536689][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.686106][ T7394] loop1: detected capacity change from 0 to 164
[  109.693825][ T7396] loop5: detected capacity change from 0 to 1024
[  109.701253][ T7396] EXT4-fs (loop5): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  109.713030][ T7394] ISOFS: unable to read i-node block
[  109.718438][ T7394] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  109.718809][ T7400] loop3: detected capacity change from 0 to 512
[  109.734507][ T7400] EXT4-fs: Ignoring removed mblk_io_submit option
[  109.741540][ T7400] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  109.752448][ T7396] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.752672][ T7400] EXT4-fs (loop3): 1 truncate cleaned up
[  109.772128][ T7404] smc: net device bond0 applied user defined pnetid SYZ0
[  109.772193][ T7400] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.779591][ T7404] smc: net device bond0 erased user defined pnetid SYZ0
[  109.816390][ T7406] __nla_validate_parse: 21 callbacks suppressed
[  109.816408][ T7406] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1471'.
[  109.905443][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.920857][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1474'.
[  109.931576][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1474'.
[  110.077754][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.203005][ T7422] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1477'.
[  110.249272][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1473'.
[  110.704604][ T7432] 9pnet: Could not find request transport: rdmj
[  110.771178][   T29] kauditd_printk_skb: 520 callbacks suppressed
[  110.771204][   T29] audit: type=1400 audit(1759390187.439:9040): avc:  denied  { map } for  pid=7436 comm="syz.4.1483" path="socket:[21909]" dev="sockfs" ino=21909 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  110.825655][   T29] audit: type=1326 audit(1759390187.489:9041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.849154][   T29] audit: type=1326 audit(1759390187.489:9042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.876485][   T29] audit: type=1326 audit(1759390187.539:9043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.883063][ T7444] netlink: 'syz.4.1486': attribute type 1 has an invalid length.
[  110.899996][   T29] audit: type=1326 audit(1759390187.539:9044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.900056][   T29] audit: type=1326 audit(1759390187.539:9045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.919204][   T29] audit: type=1326 audit(1759390187.569:9046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.936690][ T7445] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1486'.
[  110.958050][   T29] audit: type=1326 audit(1759390187.569:9047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.958104][   T29] audit: type=1326 audit(1759390187.569:9048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  110.958205][   T29] audit: type=1326 audit(1759390187.569:9049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7441 comm="syz.1.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  111.081436][ T7444] 8021q: adding VLAN 0 to HW filter on device bond2
[  111.096743][ T7445] bond2 (unregistering): Released all slaves
[  111.161326][ T7456] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1490'.
[  111.246543][ T7465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1493'.
[  111.284740][ T7467] loop4: detected capacity change from 0 to 512
[  111.298652][ T7472] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1495'.
[  111.309615][ T7472] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1495'.
[  111.320953][ T7467] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.335164][ T7467] ext4 filesystem being mounted at /277/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.368291][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.155002][ T7495] loop1: detected capacity change from 0 to 1024
[  112.162591][ T7495] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  112.182912][ T7495] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.231892][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.314322][ T7503] loop4: detected capacity change from 0 to 128
[  112.759554][ T7516] loop5: detected capacity change from 0 to 1024
[  112.779803][ T7516] EXT4-fs (loop5): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  112.803126][ T7516] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.924206][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.993037][ T7524] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.049961][ T7524] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.107851][ T7528] netlink: 'syz.1.1511': attribute type 1 has an invalid length.
[  113.125855][ T7528] 8021q: adding VLAN 0 to HW filter on device bond1
[  113.134762][   T31] bio_check_eod: 101 callbacks suppressed
[  113.134779][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.134779][   T31] loop4: rw=1, sector=145, nr_sectors = 8 limit=128
[  113.156807][ T7528] bond1 (unregistering): Released all slaves
[  113.161786][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.161786][   T31] loop4: rw=1, sector=161, nr_sectors = 8 limit=128
[  113.176546][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.176546][   T31] loop4: rw=1, sector=177, nr_sectors = 8 limit=128
[  113.191791][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.191791][   T31] loop4: rw=1, sector=193, nr_sectors = 8 limit=128
[  113.206775][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.206775][   T31] loop4: rw=1, sector=209, nr_sectors = 8 limit=128
[  113.207889][ T7524] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.221689][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.221689][   T31] loop4: rw=1, sector=225, nr_sectors = 8 limit=128
[  113.246960][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.246960][   T31] loop4: rw=1, sector=241, nr_sectors = 8 limit=128
[  113.264215][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.264215][   T31] loop4: rw=1, sector=257, nr_sectors = 8 limit=128
[  113.282270][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.282270][   T31] loop4: rw=1, sector=273, nr_sectors = 8 limit=128
[  113.297316][   T31] kworker/u8:1: attempt to access beyond end of device
[  113.297316][   T31] loop4: rw=1, sector=289, nr_sectors = 8 limit=128
[  113.314932][ T7524] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.395805][   T31] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.415450][   T31] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.431917][   T31] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.440278][   T31] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.515634][ T7545] netlink: 'syz.5.1519': attribute type 1 has an invalid length.
[  113.534278][ T7545] 8021q: adding VLAN 0 to HW filter on device bond1
[  113.537425][ T7549] netlink: 'syz.4.1520': attribute type 1 has an invalid length.
[  113.552179][ T7545] bond1 (unregistering): Released all slaves
[  113.567413][ T7549] 8021q: adding VLAN 0 to HW filter on device bond2
[  113.594492][ T7549] bond2 (unregistering): Released all slaves
[  113.801622][ T7567] smc: net device bond0 applied user defined pnetid SYZ0
[  113.820370][ T7567] smc: net device bond0 erased user defined pnetid SYZ0
[  114.534519][ T7598] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.593780][ T7598] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.657600][ T7598] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.714380][ T7598] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.820507][ T1884] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.836123][ T1884] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.855769][ T1884] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.865724][ T1884] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.901058][ T7625] __nla_validate_parse: 12 callbacks suppressed
[  114.901076][ T7625] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1546'.
[  114.924426][ T7633] loop2: detected capacity change from 0 to 512
[  114.932774][ T7633] EXT4-fs: Ignoring removed mblk_io_submit option
[  114.942877][ T7633] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  114.955924][ T7633] EXT4-fs (loop2): 1 truncate cleaned up
[  114.964640][ T7633] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.016280][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.040649][ T7640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1543'.
[  115.050214][ T7639] loop2: detected capacity change from 0 to 1024
[  115.054357][ T7639] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  115.081722][ T7639] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.156121][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.568247][ T7656] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1557'.
[  115.687068][ T7666] loop4: detected capacity change from 0 to 512
[  115.694228][ T7666] EXT4-fs: Ignoring removed mblk_io_submit option
[  115.703128][ T7666] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  115.714522][ T7666] EXT4-fs (loop4): 1 truncate cleaned up
[  115.720877][ T7666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.757306][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.768357][ T7675] smc: net device bond0 applied user defined pnetid SYZ0
[  115.777420][ T7675] smc: net device bond0 erased user defined pnetid SYZ0
[  115.781926][ T7677] netlink: 'syz.4.1565': attribute type 1 has an invalid length.
[  115.792862][   T29] kauditd_printk_skb: 785 callbacks suppressed
[  115.792880][   T29] audit: type=1400 audit(1759390192.459:9835): avc:  denied  { open } for  pid=7668 comm="syz.1.1564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  115.824842][ T7677] 8021q: adding VLAN 0 to HW filter on device bond2
[  115.840714][ T7677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1565'.
[  115.849776][   T29] audit: type=1400 audit(1759390192.459:9836): avc:  denied  { kernel } for  pid=7668 comm="syz.1.1564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  115.874828][ T7677] bond2 (unregistering): Released all slaves
[  116.072072][   T29] audit: type=1400 audit(1759390192.739:9837): avc:  denied  { compute_member } for  pid=7680 comm="syz.2.1566" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  116.105676][   T29] audit: type=1400 audit(1759390192.759:9838): avc:  denied  { relabelfrom } for  pid=7682 comm="syz.3.1567" name="" dev="pipefs" ino=22437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  116.129841][   T29] audit: type=1400 audit(1759390192.759:9839): avc:  denied  { mac_admin } for  pid=7682 comm="syz.3.1567" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  116.153057][   T29] audit: type=1400 audit(1759390192.759:9840): avc:  denied  { relabelto } for  pid=7682 comm="syz.3.1567" name="" dev="pipefs" ino=22437 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:dhcp_state_t:s0"
[  116.163949][ T7687] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1569'.
[  116.181549][   T29] audit: type=1326 audit(1759390192.819:9841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.4.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  116.213738][   T29] audit: type=1326 audit(1759390192.819:9842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.4.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  116.238729][   T29] audit: type=1400 audit(1759390192.819:9843): avc:  denied  { create } for  pid=7686 comm="syz.4.1569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  116.260128][   T29] audit: type=1326 audit(1759390192.819:9844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.4.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6358dfeec9 code=0x7ffc0000
[  116.288090][ T7697] loop2: detected capacity change from 0 to 512
[  116.314029][ T7697] netlink: 'syz.2.1572': attribute type 7 has an invalid length.
[  116.323288][ T7697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'.
[  116.348087][ T7697] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1572'.
[  116.510706][ T7713] loop2: detected capacity change from 0 to 512
[  116.524326][ T7713] EXT4-fs: Ignoring removed mblk_io_submit option
[  116.550449][ T7713] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  116.571603][ T7713] EXT4-fs (loop2): 1 truncate cleaned up
[  116.587744][ T7715] loop4: detected capacity change from 0 to 512
[  116.587955][ T7713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.612381][ T7715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.640917][ T7724] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1583'.
[  116.657052][ T7715] ext4 filesystem being mounted at /303/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.768376][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.823560][ T7732] team_slave_0: entered promiscuous mode
[  116.829284][ T7732] team_slave_1: entered promiscuous mode
[  116.837341][ T7732] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  116.866631][ T7732] FAULT_INJECTION: forcing a failure.
[  116.866631][ T7732] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.879825][ T7732] CPU: 1 UID: 0 PID: 7732 Comm: syz.5.1585 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  116.879895][ T7732] Tainted: [W]=WARN
[  116.879904][ T7732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  116.879920][ T7732] Call Trace:
[  116.879927][ T7732]  <TASK>
[  116.879935][ T7732]  __dump_stack+0x1d/0x30
[  116.879960][ T7732]  dump_stack_lvl+0xe8/0x140
[  116.880005][ T7732]  dump_stack+0x15/0x1b
[  116.880038][ T7732]  should_fail_ex+0x265/0x280
[  116.880065][ T7732]  should_fail+0xb/0x20
[  116.880089][ T7732]  should_fail_usercopy+0x1a/0x20
[  116.880169][ T7732]  _copy_to_user+0x20/0xa0
[  116.880203][ T7732]  simple_read_from_buffer+0xb5/0x130
[  116.880240][ T7732]  proc_fail_nth_read+0x10e/0x150
[  116.880272][ T7732]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.880301][ T7732]  vfs_read+0x1a5/0x770
[  116.880400][ T7732]  ? __rcu_read_unlock+0x4f/0x70
[  116.880430][ T7732]  ? __fget_files+0x184/0x1c0
[  116.880459][ T7732]  ksys_read+0xda/0x1a0
[  116.880630][ T7732]  __x64_sys_read+0x40/0x50
[  116.880670][ T7732]  x64_sys_call+0x27c0/0x3000
[  116.880697][ T7732]  do_syscall_64+0xd2/0x200
[  116.880793][ T7732]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  116.880827][ T7732]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  116.880865][ T7732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.880915][ T7732] RIP: 0033:0x7fd9e2e1d8dc
[  116.880935][ T7732] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  116.880955][ T7732] RSP: 002b:00007fd9e1887030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.880974][ T7732] RAX: ffffffffffffffda RBX: 00007fd9e3075fa0 RCX: 00007fd9e2e1d8dc
[  116.880987][ T7732] RDX: 000000000000000f RSI: 00007fd9e18870a0 RDI: 000000000000000a
[  116.880999][ T7732] RBP: 00007fd9e1887090 R08: 0000000000000000 R09: 0000000000000000
[  116.881011][ T7732] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  116.881055][ T7732] R13: 00007fd9e3076038 R14: 00007fd9e3075fa0 R15: 00007ffd98dc86a8
[  116.881081][ T7732]  </TASK>
[  116.886579][ T7738] loop4: detected capacity change from 0 to 512
[  117.111113][ T7738] EXT4-fs: Ignoring removed mblk_io_submit option
[  117.118871][ T7738] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  117.192634][ T7738] EXT4-fs (loop4): 1 truncate cleaned up
[  117.198874][ T7738] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.224226][ T7759] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1595'.
[  117.234839][ T7757] loop5: detected capacity change from 0 to 512
[  117.254961][ T7757] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.271356][ T7757] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  117.310518][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.347442][ T7770] loop3: detected capacity change from 0 to 512
[  117.356339][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.380876][ T7773] loop5: detected capacity change from 0 to 1024
[  117.388138][ T7773] EXT4-fs (loop5): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  117.412090][ T7770] EXT4-fs warning (device loop3): ext4_xattr_inode_get:556: inode #11: comm syz.3.1602: EA inode hash validation failed
[  117.428670][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.441006][ T7770] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #15: comm syz.3.1602: corrupted inode contents
[  117.484611][ T7773] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.504773][ T7770] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #15: comm syz.3.1602: mark_inode_dirty error
[  117.550854][ T7770] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #15: comm syz.3.1602: corrupted inode contents
[  117.552230][ T7770] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #15: comm syz.3.1602: mark_inode_dirty error
[  117.564382][ T7789] smc: net device bond0 applied user defined pnetid SYZ0
[  117.586982][ T7789] smc: net device bond0 erased user defined pnetid SYZ0
[  117.598182][ T7788] loop1: detected capacity change from 0 to 1024
[  117.611196][ T7788] EXT4-fs: Ignoring removed bh option
[  117.625112][ T7788] EXT4-fs: inline encryption not supported
[  117.633087][ T7770] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #15: comm syz.3.1602: mark inode dirty (error -117)
[  117.668684][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.670336][ T7788] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  117.698645][ T7770] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[  117.720635][ T7770] EXT4-fs (loop3): 1 orphan inode deleted
[  117.726906][ T7770] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.791598][ T7788] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.1606: lblock 2 mapped to illegal pblock 2 (length 1)
[  117.852807][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.873770][ T7788] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.1606: lblock 0 mapped to illegal pblock 48 (length 1)
[  117.957872][ T7788] EXT4-fs error (device loop1): ext4_acquire_dquot:6943: comm syz.1.1606: Failed to acquire dquot type 0
[  117.990447][ T7788] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  118.011247][ T7788] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.1606: mark_inode_dirty error
[  118.048004][ T7788] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  118.061609][ T7806] loop5: detected capacity change from 0 to 128
[  118.079218][ T7788] EXT4-fs (loop1): 1 orphan inode deleted
[  118.085351][ T7788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.113877][  T406] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  118.129957][  T406] EXT4-fs error (device loop1): ext4_release_dquot:6979: comm kworker/u8:5: Failed to release dquot type 0
[  118.143947][ T7788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.173975][ T7788] EXT4-fs error (device loop1): __ext4_get_inode_loc:4861: comm syz.1.1606: Invalid inode table block 1 in block_group 0
[  118.210664][ T7788] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  118.241152][ T7788] EXT4-fs error (device loop1): ext4_quota_off:7227: inode #3: comm syz.1.1606: mark_inode_dirty error
[  118.271805][ T7806] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1611'.
[  118.886382][  T406] bio_check_eod: 102 callbacks suppressed
[  118.886401][  T406] kworker/u8:5: attempt to access beyond end of device
[  118.886401][  T406] loop5: rw=1, sector=145, nr_sectors = 8 limit=128
[  118.907076][  T406] kworker/u8:5: attempt to access beyond end of device
[  118.907076][  T406] loop5: rw=1, sector=161, nr_sectors = 8 limit=128
[  118.941239][  T406] kworker/u8:5: attempt to access beyond end of device
[  118.941239][  T406] loop5: rw=1, sector=177, nr_sectors = 8 limit=128
[  118.964860][  T406] kworker/u8:5: attempt to access beyond end of device
[  118.964860][  T406] loop5: rw=1, sector=193, nr_sectors = 8 limit=128
[  119.000487][  T406] kworker/u8:5: attempt to access beyond end of device
[  119.000487][  T406] loop5: rw=1, sector=209, nr_sectors = 8 limit=128
[  119.028483][  T406] kworker/u8:5: attempt to access beyond end of device
[  119.028483][  T406] loop5: rw=1, sector=225, nr_sectors = 8 limit=128
[  119.060033][  T406] kworker/u8:5: attempt to access beyond end of device
[  119.060033][  T406] loop5: rw=1, sector=241, nr_sectors = 8 limit=128
[  119.089005][  T406] kworker/u8:5: attempt to access beyond end of device
[  119.089005][  T406] loop5: rw=1, sector=257, nr_sectors = 8 limit=128
[  119.129265][  T406] kworker/u8:5: attempt to access beyond end of device
[  119.129265][  T406] loop5: rw=1, sector=273, nr_sectors = 8 limit=128
[  119.159141][  T406] kworker/u8:5: attempt to access beyond end of device
[  119.159141][  T406] loop5: rw=1, sector=289, nr_sectors = 8 limit=128
[  119.272630][ T7849] smc: net device bond0 applied user defined pnetid SYZ0
[  119.284815][ T7849] smc: net device bond0 erased user defined pnetid SYZ0
[  119.387515][ T7852] loop3: detected capacity change from 0 to 1024
[  119.415089][ T7852] EXT4-fs: Ignoring removed bh option
[  119.434855][ T7852] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  119.539670][ T7852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.901782][ T7875] loop4: detected capacity change from 0 to 512
[  119.920876][ T7875] netlink: 'syz.4.1638': attribute type 7 has an invalid length.
[  119.928686][ T7875] __nla_validate_parse: 3 callbacks suppressed
[  119.928702][ T7875] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1638'.
[  120.042470][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1640'.
[  120.154802][ T7883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1642'.
[  120.183076][ T7883] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1642'.
[  120.228463][ T7883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7883 comm=syz.4.1642
[  120.243395][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.268523][ T7883] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1642'.
[  120.306486][ T7889] loop3: detected capacity change from 0 to 512
[  120.327311][ T7889] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.345260][ T7889] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  120.379725][ T7889] EXT4-fs (loop3): 1 truncate cleaned up
[  120.403573][ T7889] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.487572][ T7895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1646'.
[  120.651497][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.696752][ T7903] pim6reg: entered allmulticast mode
[  120.731832][ T7903] pim6reg: left allmulticast mode
[  120.737800][ T7908] loop5: detected capacity change from 0 to 512
[  120.746170][ T7908] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.760891][ T7908] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  120.767822][ T7909] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1649'.
[  120.794929][ T7908] EXT4-fs (loop5): 1 truncate cleaned up
[  120.815547][ T7908] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.834413][   T29] kauditd_printk_skb: 552 callbacks suppressed
[  120.834428][   T29] audit: type=1400 audit(1759390197.499:10394): avc:  denied  { ioctl } for  pid=7913 comm="syz.4.1653" path="socket:[23752]" dev="sockfs" ino=23752 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  120.867735][ T7914] syzkaller1: entered promiscuous mode
[  120.873293][ T7914] syzkaller1: entered allmulticast mode
[  120.930633][ T7916] loop3: detected capacity change from 0 to 1024
[  120.932297][   T29] audit: type=1326 audit(1759390197.599:10395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  120.962263][   T29] audit: type=1326 audit(1759390197.599:10396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  120.986034][   T29] audit: type=1326 audit(1759390197.629:10397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.009506][   T29] audit: type=1326 audit(1759390197.629:10398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.019522][ T7916] EXT4-fs: Ignoring removed bh option
[  121.033188][   T29] audit: type=1326 audit(1759390197.629:10399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.033352][   T29] audit: type=1326 audit(1759390197.629:10400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.033386][   T29] audit: type=1326 audit(1759390197.629:10401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.033422][   T29] audit: type=1326 audit(1759390197.629:10402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.033453][   T29] audit: type=1326 audit(1759390197.629:10403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.1.1656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fb0eeec9 code=0x7ffc0000
[  121.166684][ T7916] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  121.194063][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.207289][ T7916] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.232461][ T7932] loop2: detected capacity change from 0 to 512
[  121.237176][ T7933] loop1: detected capacity change from 0 to 1024
[  121.245714][ T7932] EXT4-fs: Ignoring removed mblk_io_submit option
[  121.245998][ T7932] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  121.246937][ T7932] EXT4-fs (loop2): 1 truncate cleaned up
[  121.255061][ T7933] EXT4-fs: Ignoring removed nomblk_io_submit option
[  121.270615][ T7932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.282415][ T7936] smc: net device bond0 applied user defined pnetid SYZ0
[  121.297702][ T7933] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  121.306493][ T7936] smc: net device bond0 erased user defined pnetid SYZ0
[  121.317041][ T7933] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.393228][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.422498][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.750778][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.838103][ T7965] loop3: detected capacity change from 0 to 512
[  121.844872][ T7965] EXT4-fs: Ignoring removed mblk_io_submit option
[  121.851791][ T7965] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  121.892123][ T7965] EXT4-fs (loop3): 1 truncate cleaned up
[  121.898392][ T7965] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.007407][ T7971] netlink: 'syz.1.1673': attribute type 7 has an invalid length.
[  122.015431][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1673'.
[  122.074080][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.154699][ T7981] loop1: detected capacity change from 0 to 512
[  122.163913][ T7981] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  122.191499][ T7981] EXT4-fs (loop1): 1 truncate cleaned up
[  122.212611][ T7981] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.316973][ T7993] loop5: detected capacity change from 0 to 512
[  122.325107][ T7994] EXT4-fs warning (device loop1): ext4_group_add:1736: No reserved GDT blocks, can't resize
[  122.370360][ T7993] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.384246][ T7993] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.454517][ T8000] loop3: detected capacity change from 0 to 512
[  122.461400][ T8000] EXT4-fs: Ignoring removed mblk_io_submit option
[  122.468209][ T8000] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  122.481047][ T8000] EXT4-fs (loop3): 1 truncate cleaned up
[  122.487245][ T8000] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.512403][ T6790] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.575213][ T8008] loop5: detected capacity change from 0 to 512
[  122.606099][ T8012] loop2: detected capacity change from 0 to 1024
[  122.613038][ T8012] EXT4-fs: Ignoring removed nomblk_io_submit option
[  122.620378][ T8008] EXT4-fs: Ignoring removed mblk_io_submit option
[  122.627316][ T8012] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.635984][ T8008] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  122.724363][ T8008] EXT4-fs (loop5): 1 truncate cleaned up
[  123.117458][ T8033] loop5: detected capacity change from 0 to 512
[  123.254809][ T8033] netlink: 'syz.5.1696': attribute type 7 has an invalid length.
[  123.264250][ T8033] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1696'.
[  123.314423][ T8035] loop1: detected capacity change from 0 to 512
[  123.322946][ T8035] EXT4-fs: Ignoring removed mblk_io_submit option
[  123.333318][ T8035] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  123.345292][ T8035] EXT4-fs (loop1): 1 truncate cleaned up
[  123.562384][ T8044] ==================================================================
[  123.570560][ T8044] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark
[  123.577799][ T8044] 
[  123.580134][ T8044] write to 0xffff888106b5e54c of 4 bytes by task 8041 on cpu 0:
[  123.587775][ T8044]  xas_set_mark+0x12b/0x140
[  123.592304][ T8044]  __folio_start_writeback+0x1dd/0x440
[  123.597947][ T8044]  ext4_bio_write_folio+0x5ad/0x9f0
[  123.603157][ T8044]  mpage_process_page_bufs+0x4a1/0x620
[  123.608635][ T8044]  mpage_prepare_extent_to_map+0x786/0xc00
[  123.614460][ T8044]  ext4_do_writepages+0xa05/0x2750
[  123.619594][ T8044]  ext4_writepages+0x176/0x300
[  123.624385][ T8044]  do_writepages+0x1c6/0x310
[  123.628979][ T8044]  file_write_and_wait_range+0x156/0x2c0
[  123.634668][ T8044]  generic_buffers_fsync_noflush+0x45/0x120
[  123.640597][ T8044]  ext4_sync_file+0x1ab/0x690
[  123.645293][ T8044]  vfs_fsync_range+0x10d/0x130
[  123.650091][ T8044]  ext4_buffered_write_iter+0x34f/0x3c0
[  123.655693][ T8044]  ext4_file_write_iter+0xdbf/0xf00
[  123.660909][ T8044]  iter_file_splice_write+0x663/0xa60
[  123.666475][ T8044]  direct_splice_actor+0x153/0x2a0
[  123.671603][ T8044]  splice_direct_to_actor+0x30f/0x680
[  123.676995][ T8044]  do_splice_direct+0xda/0x150
[  123.681776][ T8044]  do_sendfile+0x380/0x650
[  123.686205][ T8044]  __x64_sys_sendfile64+0x105/0x150
[  123.691426][ T8044]  x64_sys_call+0x2bb4/0x3000
[  123.696118][ T8044]  do_syscall_64+0xd2/0x200
[  123.700694][ T8044]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.706607][ T8044] 
[  123.708941][ T8044] read to 0xffff888106b5e54c of 4 bytes by task 8044 on cpu 1:
[  123.716502][ T8044]  xas_find_marked+0x5dc/0x620
[  123.721303][ T8044]  find_get_entry+0x5d/0x380
[  123.725912][ T8044]  filemap_get_folios_tag+0x92/0x210
[  123.731225][ T8044]  mpage_prepare_extent_to_map+0x320/0xc00
[  123.737090][ T8044]  ext4_do_writepages+0x708/0x2750
[  123.742242][ T8044]  ext4_writepages+0x176/0x300
[  123.747044][ T8044]  do_writepages+0x1c6/0x310
[  123.752231][ T8044]  filemap_write_and_wait_range+0x144/0x340
[  123.758151][ T8044]  filemap_invalidate_pages+0xa4/0x1a0
[  123.763641][ T8044]  kiocb_invalidate_pages+0x6e/0x80
[  123.768875][ T8044]  __iomap_dio_rw+0x5d1/0x1240
[  123.773673][ T8044]  iomap_dio_rw+0x40/0x90
[  123.778036][ T8044]  ext4_file_write_iter+0xad9/0xf00
[  123.783256][ T8044]  iter_file_splice_write+0x663/0xa60
[  123.788663][ T8044]  direct_splice_actor+0x153/0x2a0
[  123.793809][ T8044]  splice_direct_to_actor+0x30f/0x680
[  123.799218][ T8044]  do_splice_direct+0xda/0x150
[  123.804054][ T8044]  do_sendfile+0x380/0x650
[  123.808490][ T8044]  __x64_sys_sendfile64+0x105/0x150
[  123.813707][ T8044]  x64_sys_call+0x2bb4/0x3000
[  123.818407][ T8044]  do_syscall_64+0xd2/0x200
[  123.822939][ T8044]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.828842][ T8044] 
[  123.831259][ T8044] value changed: 0x0a000021 -> 0x04000021
[  123.836990][ T8044] 
[  123.839325][ T8044] Reported by Kernel Concurrency Sanitizer on:
[  123.845497][ T8044] CPU: 1 UID: 0 PID: 8044 Comm: syz.1.1697 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  123.856807][ T8044] Tainted: [W]=WARN
[  123.860614][ T8044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  123.870971][ T8044] ==================================================================
[  123.885401][ T8048] loop3: detected capacity change from 0 to 512
[  123.894227][ T8048] EXT4-fs: Ignoring removed mblk_io_submit option
[  123.902570][ T8048] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  123.940894][ T8048] EXT4-fs (loop3): 1 truncate cleaned up
[  124.180379][ T8044] syz.1.1697 (8044) used greatest stack depth: 8632 bytes left